作为noticed here,Azure SDK for PHP不支持共享访问签名。所以我开发了自己的函数来使用Miscrosoft Azure文档(here)和PHPAzure Codeplex项目和源代码(here)生成signed-url
我想生成一个signed-url,可以使用开发的软件客户端直接在Web浏览器中调用。
我生成的signed-url总是返回“AuthenticationFailed”,其详细信息“签名不匹配。签名不匹配。使用的字符串是r 2013-11-03 2013-11-05 / ntgstblog / netgemvno netgemvno_default_policy”
这里是我的源代码,用于生成共享访问签名和我签名的URL。你能帮我调试一下吗?
$config = array(
'blob_account' => <mystroage_accountname>,
'blob_key' => <mystroage_accesskey>,
'blob_protocol' => 'http'
);
$_id = 'netgemvno_default_policy';
...
/* Define the policy of the container */
$_data = array(
'SignedIdentifier' => array (
'Id' => $_id,
'AccessPolicy' => array(
'Start' => date("Y-m-d", strtotime('-1 years')),
'Expiry' => date("Y-m-d", strtotime('+1 year')),
'Permission' => 'r'
)
)
);
$_containerAcl = ContainerAcl::create(PublicAccessType::NONE, $_data);
$rest->blob_service->setContainerAcl($oem, $_containerAcl);
...
/* get shared access url to my private blob */
$_start = date('Y-m-d', strtotime('-1 day'));
//$_start = '';
$_expiry = date('Y-m-d', strtotime('+1 day'));
//$_expiry = '';
$_permission = 'r';
$_container = 'netgemvno';
$_blob = strtolower(
"netgemvno/backup/2013/10/29/20131029_ack.log"
);
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $_permission;
$_arraysign[] = $_start;
$_arraysign[] = $_expiry;
$_arraysign[] = '/' . $config['blob_account'] . '/' . $_container;
$_arraysign[] = $_id;
$_str2sign = implode("\n", $_arraysign);
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
);
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($_start))?'st=' . urlencode($_start):'';
$_parts[] = (!empty($_expiry))?'se=' . urlencode($_expiry):'';
$_parts[] = (!empty($_permission))?'sp=' . $_permission:'';
$_parts[] = 'sr=' . 'c';
$_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
$_parts[] = 'sig=' . urlencode($_signature);
/* Create the signed blob URL */
$_url = $config['blob_protocol'] . '://'
. $config['blob_account'] . '.blob.core.windows.net/'
. $_blob . '?'
. implode('&', $_parts);
return $_url;
答案 0 :(得分:0)
假设您将帐户密钥存储为base64编码(类似AmSacgtnBFBvyqPHTNfpThcBCFWqzE3PIl09Pr1IQBGNjln1a8fZeUTs0+fehSmGt6ujf/7DQ51ef+DEXEZziA==),请尝试更改以下代码行:
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
);
要
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, base64_decode($config['blob_key']), true)
);
答案 1 :(得分:0)
我想为此帖子提供一些其他信息,以反映自发布此帖子以来对Azure REST API所做的更改以访问容器/ blob。根据{{3}},截至2014年9月,我必须做更多的工作。
以下是SAS生成代码,可以帮助我将blob上传到PHP中的私有容器:
private function testSASGeneration($container, $blob, $resourceType, $permissions, $start, $expiry){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = $start;
$_arraysign[] = $expiry;
$_arraysign[] = '/' . $this->blobServiceAccountName . '/' . $container;
$_arraysign[] = '';
$_arraysign[] = "2013-08-15"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = "file; attachment";
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = 'binary';
$_str2sign = implode("\n", $_arraysign);
//signature requires url decode and utf-8 encode, as illustrated in docs linked in this post.
$_signature = base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($this->blobServicePrimaryKey), true)
);
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($start))?'st=' . urlencode($start):'';
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = (!empty($permissions))?'rscd=' . urlencode("file; attachment"):'';
$_parts[] = (!empty($permissions))?'rsct=' . urlencode("binary"):'';
//$_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2013-08-15'; //addition of API version in query
/* Create the signed blob URL */
$_url = 'https://'
. $this->blobServiceAccountName . '.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
希望这可以帮助任何被迫使用PHP与Azure通信的人,因为与C#对应物相比,API严重缺乏。