PutObject 上的 SignatureDoesNotMatch – 处理 GetObject

PHP中文网 • 2025年3月1日 16:11:32 • 编程技术 • 阅读 3

php小编草莓在本文中将为您介绍如何处理“PutObject上的SignatureDoesNotMatch – 处理GetObject”的问题。在进行对象上传和获取操作时，有时会遇到此错误提示，这可能是由于请求的签名不匹配导致的。本文将为您详细解释该问题的原因，并提供解决方案，帮助您顺利处理这一错误，确保您的对象上传和获取操作能够正常进行。

问题内容

我正在尝试为 s3 中的 putobject 创建签名 url。我为 getobject 执行此操作的方法运行良好，因此我的凭据有效。

我已经关闭了所有公共访问块，因此它应该是公开的。

存储桶策略：

{    "version": "2012-10-17",    "statement": [        {            "sid": "allowputobject",            "effect": "allow",            "principal": "*",            "action": "s3:putobject",            "resource": "arn:aws:s3:::adobe-sign-test/*"        }    ]}

登录后复制

存储桶 cors：

[    {        "allowedheaders": [            "*"        ],        "allowedmethods": [            "get",            "head",            "put"        ],        "allowedorigins": [            "*"        ],        "exposeheaders": []    }]

登录后复制

我尝试过使用 s3 库，现在在本例中使用 s3manager。但是，当我尝试使用签名 url 放置对象时，我收到一条 xml 错误，告诉我 signaturedoesnotmatch。

下面是有效的 get 和失败的 put 的代码。

func getpresignedurl(bucket, key, operation string, expiresin int64, region string, s3accesskeyid string, s3secretaccesskey string) string {    sess := session.must(session.newsession(&aws.config{        region: aws.string(region),        credentials: credentials.newstaticcredentials(            s3accesskeyid,            s3secretaccesskey,            "",        ),    }))    uploader := s3manager.newuploader(sess)    if operation == "putobject" {        // generate a pre-signed url for a putobject operation        uploadurl, _ := uploader.upload(&s3manager.uploadinput{            bucket: aws.string(bucket),            key:    aws.string(key),            acl:    aws.string("bucket-owner-full-control"),        })        return uploadurl.location    }    // generate a pre-signed url for a getobject operation    req, _ := uploader.s3.getobjectrequest(&s3.getobjectinput{        bucket: aws.string(bucket),        key:    aws.string(key),    })    geturl, err := req.presign(time.duration(expiresin) * time.second)    if err != nil {        fmt.println(err)        return ""    }    return geturl}

登录后复制

以下是我尝试使用curl put 文件的方法：curl -x put -t some-file.jpg “https://adobe-sign-test.s3.eu-north-1.amazonaws.com/hejsan.jpg?x-amz-algorithm=aws4-hmac-sha256&x- amz-credential=akiaqjglaaktl3qqfz73%2f20230706%2feu-north-1%2fs3%2faws4_request&x-amz-date=20230706t074846z&x-amz-expires=3600&x-amz-signedheaders=host&x-amz-signature=5eb429ee8efc 1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac7“

这是 put 操作的错误消息：

SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.AKIAQJGLAAKTL3QQFZ73AWS4-HMAC-SHA25620230706T074846Z20230706/eu-north-1/s3/aws4_request7666f6675cc3fe3a3aa20f98928aeccd4b9bc851666fcf03fb425d5819d7e72d5eb429ee8efc1c8ffcae64d77a588119cfde81512bc5c4516a1120b20e26cac741 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 0a 32 30 32 33 30 37 30 36 2f 65 75 2d 6e 6f 72 74 68 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 37 36 36 36 66 36 36 37 35 63 63 33 66 65 33 61 33 61 61 32 30 66 39 38 39 32 38 61 65 63 63 64 34 62 39 62 63 38 35 31 36 36 36 66 63 66 30 33 66 62 34 32 35 64 35 38 31 39 64 37 65 37 32 64PUT/hejsan.jpgX-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAQJGLAAKTL3QQFZ73%2F20230706%2Feu-north-1%2Fs3%2Faws4_request&X-Amz-Date=20230706T074846Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=hosthost:adobe-sign-test.s3.eu-north-1.amazonaws.comhostUNSIGNED-PAYLOAD50 55 54 0a 2f 68 65 6a 73 61 6e 2e 6a 70 67 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 51 4a 47 4c 41 41 4b 54 4c 33 51 51 46 5a 37 33 25 32 46 32 30 32 33 30 37 30 36 25 32 46 65 75 2d 6e 6f 72 74 68 2d 31 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 33 30 37 30 36 54 30 37 34 38 34 36 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 36 30 30 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 61 64 6f 62 65 2d 73 69 67 6e 2d 74 65 73 74 2e 73 33 2e 65 75 2d 6e 6f 72 74 68 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44SMFDTR996NQE9DDVVehdLPGdnoVZclkNKs2+lTjFpAssA1Xe+HZSj5ZCCVK2QnumQHqzsePFg3TWWaai3+vqGgnwxpjMd3b8526I7Q==

登录后复制

解决方法

aws 开发工具包代码库中有一个示例go 具有 get 和 put 以及 s3 的预签名 url，也许会有帮助。您可以克隆存储库并按照自述文件中的说明自行运行这些示例。该示例具有方法，然后有一个控制台应用程序演示如何运行它们。

// GetObject makes a presigned request that can be used to get an object from a bucket.// The presigned request is valid for the specified number of seconds.func (presigner Presigner) GetObject(    bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {    request, err := presigner.PresignClient.PresignGetObject(context.TODO(), &s3.GetObjectInput{        Bucket: aws.String(bucketName),        Key:    aws.String(objectKey),    }, func(opts *s3.PresignOptions) {        opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))    })    if err != nil {        log.Printf("Couldn't get a presigned request to get %v:%v. Here's why: %v",            bucketName, objectKey, err)    }    return request, err}// PutObject makes a presigned request that can be used to put an object in a bucket.// The presigned request is valid for the specified number of seconds.func (presigner Presigner) PutObject(    bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) {    request, err := presigner.PresignClient.PresignPutObject(context.TODO(), &s3.PutObjectInput{        Bucket: aws.String(bucketName),        Key:    aws.String(objectKey),    }, func(opts *s3.PresignOptions) {        opts.Expires = time.Duration(lifetimeSecs * int64(time.Second))    })    if err != nil {        log.Printf("Couldn't get a presigned request to put %v:%v. Here's why: %v",            bucketName, objectKey, err)    }    return request, err}// DeleteObject makes a presigned request that can be used to delete an object from a bucket.func (presigner Presigner) DeleteObject(bucketName string, objectKey string) (*v4.PresignedHTTPRequest, error) {    request, err := presigner.PresignClient.PresignDeleteObject(context.TODO(), &s3.DeleteObjectInput{        Bucket: aws.String(bucketName),        Key:    aws.String(objectKey),    })    if err != nil {        log.Printf("Couldn't get a presigned request to delete object %v. Here's why: %v", objectKey, err)    }    return request, err}

登录后复制

以上就是PutObject 上的 SignatureDoesNotMatch – 处理 GetObject的详细内容，更多请关注【创想鸟】其它相关文章！

发布者：PHP中文网，转转请注明出处：https://www.chuangxiangniao.com/p/2357063.html