gCloud 上的签名不匹配

问题描述 投票:0回答:1

我无法通过 Google Cloud 签名 URL 进行上传。我收到相同的 SignatureDoesNotMatch 错误。

我尝试了很多事情,包括:

  • 为 v2 停用 v4
  • 添加或删除内容类型
  • 使用 axios 更改 fetch
  • 使用邮递员
  • 尝试成为一个使用 POST 然后 PUT 的向导 
    x-goog-resumable:start
  • 更改我的存储桶的 CORS
  • 增加超时时间

我就是一直无法上传。

代币创建代码:

public static String generateV4PutObjectSignedUrl(String objectName) throws StorageException {
    // String projectId = "my-project-id";
    // String bucketName = "my-bucket";
    // String objectName = "my-object";

    Storage storage = StorageOptions.getDefaultInstance().getService();

    // Define Resource
    BlobInfo blobInfo = BlobInfo.newBuilder(BlobId.of("mybucket", objectName)).build();

    // Generate Signed URL
    Map<String, String> extensionHeaders = new HashMap<>();
    extensionHeaders.put("Content-Type", "application/octet-stream");

    URL url = storage.signUrl(
            blobInfo,
            15,
            TimeUnit.HOURS,
            Storage.SignUrlOption.httpMethod(HttpMethod.PUT),
            Storage.SignUrlOption.withExtHeaders(extensionHeaders),
            Storage.SignUrlOption.withV4Signature()
    );

    String urlS = url.toString();
    System.out.println("Generated PUT signed URL:"+urlS);
    return urlS;
}

然后是桶的CORS:

[{"maxAgeSeconds": 3600000, "method": ["GET", "PUT", "OPTIONS", "POST"], "origin": ["LIVE", "http://localhost:8080", "http://0.0.0.0:8080"], "responseHeader": ["Content-Type", "x-goog-resumable"]}]

然后我尝试:

const signedUrl = await fetch("$STORAGE_FUN/" + apkFile.name.replace(" ", "_")).then((res) => res.text());
await axios.put(signedUrl, apkFile);

以及:

const put = await fetch(signedUrl, {
  method: 'PUT',
  headers: {'Content-Type': 'application/octet-stream'},
  body: apkFile
})

以及:

curl --location --request PUT 'https://storage.googleapis.com/mybucket/no-heroes-here.apk?GoogleAccessId=autodeploy@company.iam.gserviceaccount.com&Expires=1676643070&Signature=ZYU7CjzWRcKaqjOufUZ%2BkOJA%2FsB1vVpWBZAfpeUKIrmQRHJ6ZgXE7bwmqtaIWwBCbZv%2Fa1naYV3xC2OMqhpZ7ene46ZWS4JH%2FIvVn2U5SMBjYG38SrKqICLfj3l4sN%2BR39ijTxPwP4nWCpvMm39CxtCZAC6n5FovsNterZ7NqByXHP7YXgzOXeiBALabDv%2B%2BnclpVtoJ4K6h%2ByFKyQ6odzT0PTDIvpED4ph%2BIrdptwxraFFpLNL8k0ocAsd1zn9U4cxRrTTFCMzzMaXdhXRfVAtkSl5NW7BosdkRmgGtB%2FA1TEifea%2BnfXyXtbRaW7QG5TA9WxrA3VmHNMWz3At29A%3D%3D' \
-H 'Content-Type:' \
--data-binary '@/somepath/original/noheroeshere/no-heroes-here.apk'

我们得到了类似的错误:

<?xml version='1.0' encoding='UTF-8'?>
<Error>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
    <StringToSign>GOOG4-RSA-SHA256
20230216T232500Z
20230216/auto/storage/goog4_request
338a1267c21129d5a991a59881cf42c0112f6cfd5cc067c162e0716adc059d5e</StringToSign>
    <CanonicalRequest>PUT
/mybucket/no-heroes-here.apk
X-Goog-Algorithm=GOOG4-RSA-SHA256&amp;X-Goog-Credential=autodeploy%40company.iam.gserviceaccount.com%2F20230216%2Fauto%2Fstorage%2Fgoog4_request&amp;X-Goog-Date=20230216T232500Z&amp;X-Goog-Expires=54000&amp;X-Goog-SignedHeaders=content-type%3Bhost
content-type:application/octet-stream
host:storage.googleapis.com

content-type;host
UNSIGNED-PAYLOAD</CanonicalRequest>
</Error>

很多问题:

  • 您在我的代码中看到明显的错误吗?
  • 有没有办法调试签名错误,例如存储桶中的一些日志,我们可以在其中看到实际上不匹配的内容?
  • 是否是我使用的服务帐户的权限问题?
  • 如果服务帐户不起作用,会生成 URL 吗?
java google-cloud-storage gcloud
1个回答
0
投票

该错误是由于“&”被编码为&,导致签名的URL无效。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.