dongyan5641 2017-08-08 14:53
浏览 80
已采纳

CloudFront签名URL访问被拒绝

I am trying to add signed URLs to my videos on CloudFront everything set to be fine but when I open my URL it shows me the Access Denied error every time when I generate the URL code here is the following error 

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>081DED49D4E126A6</RequestId>
<HostId>Lx+3mwxdCGo1vWAGM5RzPHDKrwEkvQwi8XiH2hBgj51XWsxu4gqY3Zr+w1x4ZoZQAYWEHV9u1wA=</HostId>
</Error>

Here is my code I don't know what I am doing wrong in it

<?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", 500);
function getSignedURL($resource, $timeout)
{
    //This comes from key pair you generated for cloudfront
    $keyPairId = "APKAIJP3H7LLN44FL2OQ";

    $expires = time() + $timeout; //Time out in seconds
    $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';     

    //Read Cloudfront Private Key Pair
    $fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
    $priv_key=fread($fp,8192); 
    fclose($fp); 

    //Create the private key
    $key = openssl_get_privatekey($priv_key);
    if(!$key)
    {
        echo "<p>Failed to load private key!</p>";
        return;
    }

    //Sign the policy with the private key
    if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
    {
        echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
        return;
    }

    //Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

    //Construct the URL
    $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;

    return $url;
}

echo $urlShow;
?>
  • 写回答

1条回答 默认 最新

  • doushao1087 2017-08-10 17:53
    关注

    You're getting this because the time duration for expiry you have used in your code isn't proper. To resolve the issue, First we need to update the Bucket policy and use the proper Key-Pair-ID and Private Key then in line two of the code use proper Unix time-stamp like this time() + 600 instead of 500 PHP, time - Manual

    Here is the full code that will resolve the issue 

    <?php
$urlShow = getSignedURL("http://d22bw8b4o37yyl.cloudfront.net/test/love1.mp4", time() + 600);
function getSignedURL($resource, $timeout) {
//This comes from key pair you generated for cloudfront
$keyPairId = "APKAIJP3H7LLN44FL2OQ";

$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}'; 

//Read Cloudfront Private Key Pair
$fp=fopen("pk-APKAIJP3H7LLN44FL2OQ.pem","r"); 
$priv_key=fread($fp,8192); 
fclose($fp); 

//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key) {
echo "<p>Failed to load private key!</p>";
return;
}

//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
return;
}

//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);

//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
return $url;
}

echo $urlShow;
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?