SignatureDoesNotMatch REST接口 在任何时间、任何地点、任何互联网设备上 在Header中包含签名
2024-08-25 04:04:51
PutObject_关于Object操作_API 参考_对象存储 OSS-阿里云 https://help.aliyun.com/document_detail/31978.html
OSS API 文档简介_API 参考_对象存储 OSS-阿里云 https://help.aliyun.com/document_detail/31947.html?spm=a2c4g.11186623.6.897.0e87Ue
阿里云对象存储服务(Object Storage Service,简称OSS),是阿里云对外提供的海量、安全、低成本、高可靠的云存储服务。您可以通过本文档提供的简单的REST接口,在任何时间、任何地点、任何互联网设备上进行上传和下载数据。基于OSS,您可以搭建出各种多媒体分享网站、网盘、个人和企业数据备份等基于大规模数据的服务。
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<RequestId>5B5421A9F3999E8E590FAAAE</RequestId>
<HostId>myBucket.oss-cn-hangzhou.aliyuncs.com</HostId>
<OSSAccessKeyId>LTAIP7myOQnOabc</OSSAccessKeyId>
<SignatureProvided>JQjm1FNFwAjalykg1I33bOp0bYo=</SignatureProvided>
<StringToSign>PUT video/mpeg4
Sun, Jul :: GMT
/myBucket/uploads/video//testVqhua.mp4</StringToSign>
<StringToSignBytes> 0A 0A 6F 2F 6D 0A 6E 2C 4A 6C 3A 3A 4D 0A 2F 6D 2D 2F 6C 6F 2F 6F 2F 2F 2E 6D </StringToSignBytes>
</Error>
from oss2 import utils # 阿里云主账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM账号进行API访问或日常运维,请登录 https://ram.console.aliyun.com 创建RAM账号。
kid, ks = 'kid', 'ks'
url = 'https://myBucket.oss-cn-hangzhou.aliyuncs.com'
bucket_name = 'myBucket' from oss2.http import Request method, url = 'PUT', url
req = Request(method, url)
req.headers['Date'],req.headers['Content-Type'] =utils.http_date(), 'video/mpeg4' res_d = {}
res_d['Host'],res_d['method'], res_d['Date'], res_d['Content-Type'] =url.split('/')[-1], method, req.headers['date'], 'video/mpeg4' '''
前端提交文件名
key是oss中bucket_name下的文件通用资源标志符(Universal Resource Identifier)
例如:
https://myBucket.oss-cn-hangzhou.aliyuncs.com/uploads/video/26/test10sBM.mp4
则此处key=uploads/video/26/test10sBM.mp4,注意/
该key字符串参与加密计算,utf-8字符串
'''
key = 'uploads/video/26/testVqhua.mp4'
key = 'uploads/video/26/123.mp4'
res_d['OSS-Key']=key
from oss2.auth import *
import urllib '''
直接调用官方类的签名计算方法
''' class myAuthV2(object):
"""签名版本2,与版本1的区别在:
1. 使用SHA256算法,具有更高的安全性
2. 参数计算包含所有的HTTP查询参数
""" def __init__(self, access_key_id, access_key_secret):
self.id = access_key_id.strip()
self.secret = access_key_secret.strip() def my__make_signature(self, req, bucket_name, key, additional_headers=[]):
'''
核心代码
:param req:
:param bucket_name:
:param key:
:param additional_headers:
:return:
'''
print(req, bucket_name, key)
string_to_sign = self.__get_string_to_sign(req, bucket_name, key, additional_headers)
h = hmac.new(to_bytes(self.secret), to_bytes(string_to_sign), hashlib.sha1)
return utils.b64encode_as_string(h.digest()) def __get_additional_headers(self, req, in_additional_headers):
# we add a header into additional_headers only if it is already in req's headers. additional_headers = set(h.lower() for h in in_additional_headers)
keys_in_header = set(k.lower() for k in req.headers.keys()) return additional_headers & keys_in_header def __get_string_to_sign(self, req, bucket_name, key, additional_header_list):
verb = req.method
content_md5 = req.headers.get('content-md5', '')
content_type = req.headers.get('content-type', '')
date = req.headers.get('date', '')
canonicalized_oss_headers = self.__get_canonicalized_oss_headers(req, additional_header_list)
additional_headers = ';'.join(sorted(additional_header_list))
canonicalized_resource = self.__get_resource_string(req, bucket_name, key)
canonicalized_resource = urllib.parse.unquote(canonicalized_resource) print(date)
print('---->')
print(verb + '\n' + \
content_md5 + '\n' + \
content_type + '\n' + \
date + '\n' + \
canonicalized_oss_headers + \
additional_headers + '\n' + \
canonicalized_resource)
print('<----')
print(canonicalized_resource)
# return verb + '\n' +\
# content_md5 + '\n' +\
# content_type + '\n' +\
# date + '\n' +\
# canonicalized_oss_headers +\
# additional_headers + '\n' +\
# canonicalized_resource
print('---->加密字符串,与阿里后台的加密字符串比对,一致,则加密成功')
print('此处对加密参数个数相对原官方包做了删减')
print(verb + '\n' + \
content_md5 + '\n' + \
content_type + '\n' + \
date + '\n' + canonicalized_resource)
print('<----')
return verb + '\n' + \
content_md5 + '\n' + \
content_type + '\n' + \
date + '\n' + canonicalized_resource def __get_resource_string(self, req, bucket_name, key):
if bucket_name:
encoded_uri = v2_uri_encode('/' + bucket_name + '/' + key)
else:
encoded_uri = v2_uri_encode('/') logging.info('encoded_uri={0} key={1}'.format(encoded_uri, key)) return encoded_uri + self.__get_canonalized_query_string(req) def __get_canonalized_query_string(self, req):
encoded_params = {}
for param, value in req.params.items():
encoded_params[v2_uri_encode(param)] = v2_uri_encode(value) if not encoded_params:
return '' sorted_params = sorted(encoded_params.items(), key=lambda e: e[0])
return '?' + '&'.join(self.__param_to_query(k, v) for k, v in sorted_params) def __param_to_query(self, k, v):
if v:
return k + '=' + v
else:
return k def __get_canonicalized_oss_headers(self, req, additional_headers):
"""
:param additional_headers: 小写的headers列表, 并且这些headers都不以'x-oss-'为前缀.
"""
canon_headers = [] for k, v in req.headers.items():
lower_key = k.lower()
if lower_key.startswith('x-oss-') or lower_key in additional_headers:
canon_headers.append((lower_key, v)) canon_headers.sort(key=lambda x: x[0]) return ''.join(v[0] + ':' + v[1] + '\n' for v in canon_headers) res = myAuthV2(kid, ks).my__make_signature(req, bucket_name, key)
print(res)
print('OSS ' + kid + ':' + res)
res_d['Authorization'] = 'OSS ' + kid + ':' + res
res_d['Content-MD5']=''
'''
对前端返回res_d,前端严格按照res_d发起构造header,发起http请求
'''
print(res_d)
前端提供 系统文件系统中的文件名 123.mp4
调用官方包的目的是直接引用官方包中已有的独立的加密库
和官方加密算法中的辅助函数
在Header中包含签名
更新时间:2018-06-08 18:10:25
用户可以在HTTP请求中增加 Authorization 的Header来包含签名(Signature)信息,表明这个消息已被授权。
Authorization字段计算的方法
Authorization = "OSS " + AccessKeyId + ":" + Signature
Signature = base64(hmac-sha1(AccessKeySecret,
VERB + "\n"
+ Content-MD5 + "\n"
+ Content-Type + "\n"
+ Date + "\n"
+ CanonicalizedOSSHeaders
+ CanonicalizedResource))AccessKeySecret表示签名所需的密钥VERB表示HTTP 请求的Method,主要有PUT,GET,POST,HEAD,DELETE等\n表示换行符Content-MD5表示请求内容数据的MD5值,对消息内容(不包括头部)计算MD5值获得128比特位数字,对该数字进行base64编码而得到。该请求头可用于消息合法性的检查(消息内容是否与发送时一致),如”eB5eJF1ptWaXm4bijSPyxw==”,也可以为空。详情参看RFC2616 Content-MD5Content-Type表示请求内容的类型,如”application/octet-stream”,也可以为空Date表示此次操作的时间,且必须为GMT格式,如”Sun, 22 Nov 2015 08:16:38 GMT”CanonicalizedOSSHeaders表示以 x-oss- 为前缀的http header的字典序排列CanonicalizedResource表示用户想要访问的OSS资源
其中,Date和CanonicalizedResource不能为空;如果请求中的Date时间和OSS服务器的时间差15分钟以上,OSS服务器将拒绝该服务,并返回HTTP 403错误。
最新文章
- Mysql完全手册(笔记一,底层与内置函数)
- Uri.AbsoluteUri 与 Uri.ToString() 的区别
- HT图形组件设计之道(四)
- xcode快捷键的使用
- (三)spark集群DHCP IP变化后的处理
- 设置Android程序的默认安装位置
- d3可视化实战04:事件绑定机制
- Webserver管理系列:1、安装Windows Server 2008
- 抛弃jQuery,拥抱原生JavaScript
- offset获取位置
- 八数码问题+路径寻找问题+bfs(隐式图的判重操作)
- IdentityServer4 禁用 Consent screen page(权限确认页面)
- 希尔排序(Go语言)
- 实验-使用VisualVM或JConsole进行对程序进行性能分析
- Swift基础之PickerView(时间)选择器
- AIM Tech Round 5 (rated, Div. 1 + Div. 2) (A, B, E)
- vue学习笔记——篇3
- 73.纯 CSS 创作一只卡通狐狸
- 如何入门vue之二
- 反射的所有api