GCloud 签名不匹配

huangapple go评论90阅读模式
英文:

GCloud SignatureDoesNotMatch

问题

我正在尝试从Google Cloud获取一个已签名的URL,以便我们可以上传文档。

根据https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers#storage-signed-url-object-go,我使用私钥对请求进行签名,得到一个类似于以下的URL:

https://storage.googleapis.com/yyy-vv-upload-xxx/aa41dcaed3a24f65b8d5a9ac94b4c0a6?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=xxx-assets-gcs-yyy-devops%40yyy-devops.iam.gserviceaccount.com%2F20226667%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20221227T183246Z&X-Goog-Expires=899&X-Goog-Signature=260b2e695999ccdea5d5d5e46f0f83d204609dbfc0efcdf1fa8381b9ec748eacad36b525e695c6fc2fb02277a56e3c10674a75de2ba83c668c2052a89192345ddbdd0fe841ea28dc7df01648f2ca420b43d6fa162540e1c34865847d34c832ded157f2ec58bd8d57c47eef32d632ff02dc1927dc94f7509795e78c357dc556e2c96ea8e86dfb5015c796627f327caf04f45560bad4d5cdb714c5bc97d442cbc87639f44b2a102ce9d9a3fc83e81bcaf9fde38ce56efd02decd3fe8a1cf5fc823e46c85b39d7ada41618993e80b5c2e61a0380d403d0d6763310350ab1cf22d539c80fdaafc2320cbdeb3f1e7c21b4c40e3dc8889b348f67573852d5e7986167e&X-Goog-SignedHeaders=host

但是,当我在浏览器中加载它时,我得到以下错误:

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>GOOG4-RSA-SHA256 20221227T183246Z 20221227/auto/storage/goog4_request 78f5677e7572233dc56657f7b055601eee26e7913bb6426194c888367c521990</StringToSign>
<CanonicalRequest>GET /yyy-vv-upload-xxx/aa41dcaed3a24f65b8d5a9ac94b4c0a6 X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=xxx-assets-gcs-yyy-devops%40yyy-devops.iam.gserviceaccount.com%2F20221227%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20221227T183246Z&X-Goog-Expires=899&X-Goog-SignedHeaders=host host:storage.googleapis.com host UNSIGNED-PAYLOAD</CanonicalRequest>
</Error>

你有什么建议吗?

英文:

I am attempting to get a signed url from Google cloud where we can upload a document.

func GetSignedURL(bucketName string, objectName string) string {
	ctx := context.Background()
	// Get a connection to gcloud
	client, err := storage.NewClient(ctx, option.WithCredentialsFile(config.GetSettings().GoogleCloudKey))
	if err != nil {
		msg := err.Error() + &quot; @ &quot; + whereami.WhereAmI() + &quot; on &quot; + helpers.GetTimeInTimezone()
		panic(msg)
	}
	defer client.Close()

	opts := &amp;storage.SignedURLOptions{
		Scheme:     storage.SigningSchemeV4,
		Method:     &quot;PUT&quot;,
		PrivateKey: []byte(getPrivateKey()), //&lt;- a Google service account private key, obtainable from the Google Developers Console
		Expires:    time.Now().Add(15 * time.Minute),
		Insecure:   false,
	}
	//Use connection to get url
	url, err := client.Bucket(bucketName).SignedURL(objectName, opts)
	if err != nil {
		msg := err.Error() + &quot; @ &quot; + whereami.WhereAmI() + &quot; on &quot; + helpers.GetTimeInTimezone()
		panic(msg)
	}

	return url
}

Per https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers#storage-signed-url-object-go
I do sign the request with my Private key, I get a url similar to this:

https://storage.googleapis.com/yyy-vv-upload-xxx/aa41dcaed3a24f65b8d5a9ac94b4c0a6?X-Goog-Algorithm=GOOG4-RSA-SHA256&amp;X-Goog-Credential=xxx-assets-gcs-yyy-devops%40yyy-devops.iam.gserviceaccount.com%2F20226667%2Fauto%2Fstorage%2Fgoog4_request&amp;X-Goog-Date=20221227T183246Z&amp;X-Goog-Expires=899&amp;X-Goog-Signature=260b2e695999ccdea5d5d5e46f0f83d204609dbfc0efcdf1fa8381b9ec748eacad36b525e695c6fc2fb02277a56e3c10674a75de2ba83c668c2052a89192345ddbdd0fe841ea28dc7df01648f2ca420b43d6fa162540e1c34865847d34c832ded157f2ec58bd8d57c47eef32d632ff02dc1927dc94f7509795e78c357dc556e2c96ea8e86dfb5015c796627f327caf04f45560bad4d5cdb714c5bc97d442cbc87639f44b2a102ce9d9a3fc83e81bcaf9fde38ce56efd02decd3fe8a1cf5fc823e46c85b39d7ada41618993e80b5c2e61a0380d403d0d6763310350ab1cf22d539c80fdaafc2320cbdeb3f1e7c21b4c40e3dc8889b348f67573852d5e7986167e&amp;X-Goog-SignedHeaders=host

When I load it in a browser I get the following:

&lt;Error&gt;
&lt;Code&gt;SignatureDoesNotMatch&lt;/Code&gt;
&lt;Message&gt;The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.&lt;/Message&gt;
&lt;StringToSign&gt;GOOG4-RSA-SHA256 20221227T183246Z 20221227/auto/storage/goog4_request 78f5677e7572233dc56657f7b055601eee26e7913bb6426194c888367c521990&lt;/StringToSign&gt;
&lt;CanonicalRequest&gt;GET /yyy-vv-upload-xxx/aa41dcaed3a24f65b8d5a9ac94b4c0a6 X-Goog-Algorithm=GOOG4-RSA-SHA256&amp;X-Goog-Credential=xxx-assets-gcs-yyy-devops%40yyy-devops.iam.gserviceaccount.com%2F20221227%2Fauto%2Fstorage%2Fgoog4_request&amp;X-Goog-Date=20221227T183246Z&amp;X-Goog-Expires=899&amp;X-Goog-SignedHeaders=host host:storage.googleapis.com host UNSIGNED-PAYLOAD&lt;/CanonicalRequest&gt;
&lt;/Error&gt;

Any advice?

答案1

得分: 1

错误信息完全误导人,它应该抱怨HTTP方法。一旦我将生成的URL放入Postman并进行PUT请求,它就可以工作了。我可以上传一张金鱼的图片。上面的错误是由GET请求生成的。

英文:

The error is completely misleading, it should have complained about the http method. Once I put the generated url in Postman and made a PUT request it worked. I could upload an image of a goldfish. The error above is generated for a GET request.

huangapple
  • 本文由 发表于 2022年12月28日 02:48:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/74933088.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定