谷歌云存储的互操作访问授权请求失败，'；签名不匹配'；错误 - Interoperable access authorization request for google cloud storage fails with 'signature does not match' error

Interoperable access authorization request for google cloud storage fails with 'signature does not match' error

我正在尝试使用PHP中的API v1.0（互操作模式）在GCS上创建一个存储桶，但我得到了"签名不匹配"错误响应。

我在做什么：

$access_id = "GOOGxxxxxx";
$secret_key = "xyxyxyxyx/xyxyxyxyx";
$bucket = "random_bucket_name";
$url = 'https://'.$bucket.'commondatastorage.googleapis.com';
$timestamp  = date("r");
$canonicalizedResources = "/ HTTP 1.1";
$stringToSign = utf8_encode("PUT "."'n"."'n"."'n".$canonicalizedResources);
$signature  = base64_encode(hash_hmac("sha1",$stringToSign,$secret_key,true));
$authSignature = $access_id.":".$signature;
$headers = array('Host: '.$bucket.'.commondatastorage.googleapis.com',
           'Date: '.$timestamp, 'x-goog-api-version: 1', 
           'x-goog-project-id: xxxyyyxy','Content-Length: 0',
           'Authorization: GOOG1 '.$authSignature);
$c   = curl_init($url);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c,CURLOPT_HTTPHEADER,$headers);
$xml = curl_exec($c);

我得到的回应是：

<?xml version='1.0' encoding='UTF-8'?>
 <Error>
  <Code>SignatureDoesNotMatch</Code>
  <Message>The request signature we calculated does not match the signature you 
   provided. Check your Google secret key and signing method.</Message>
  <StringToSign>
   GET

   Sat, 03 Mar 2012 14:56:53 -0800
   x-goog-api-version:1
   x-goog-project-id:xxxyyyxy
   /random_bucket_name/
  </StringToSign>
 </Error>

你知道我哪里错了吗？

以下是谷歌的相关文档：https://developers.google.com/storage/docs/reference-methods#putbucket

我注意到的一件事是，即使我在"stringToSign"变量中指定了"PUT"。。。回复说我用了"GET"？

如有任何帮助，我们将不胜感激。

这里有几个问题：

您的规范化资源应该是"/bbucket/"，而不是"/HTTP 1.1"
您需要在字符串中包含两个自定义标头（x-goog-version和x-goog-project-id）进行签名
要签名的字符串必须包括在Date:标头中发送的时间戳
您需要设置CURLOPT_PUT，以便curl知道发送PUT请求，而不是默认的GET请求（这就是为什么您的错误响应暗示了GET请求）

以下是您代码的更正版本，我对其进行了测试并用于创建一个新的bucket:

<?php
  $access_id = "REDACTED";
  $secret_key = "REDACTED";
  $bucket = "your-bucket";
  $url = 'https://'.$bucket.'commondatastorage.googleapis.com';
  $timestamp  = date("r");
  $version_header = "x-goog-api-version:1";
  $project_header = "x-goog-project-id:REDACTED";
  $canonicalizedResources = "/".$bucket."/";
  $stringToSign = utf8_encode("PUT'n'n'n".$timestamp."'n".$version_header."'n".$project_header."'n".$canonicalizedResources);
  $signature  = base64_encode(hash_hmac("sha1",$stringToSign,$secret_key,true));
  $authSignature = $access_id.":".$signature;
  $headers = array('Host: '.$bucket.'.commondatastorage.googleapis.com',
                   'Date: '.$timestamp, $version_header,
                   $project_header,'Content-Length: 0',
                   'Authorization: GOOG1 '.$authSignature);
  $c   = curl_init($url);
  curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($c,CURLOPT_HTTPHEADER,$headers);
  curl_setopt($c, CURLOPT_PUT, TRUE);
  $xml = curl_exec($c);
  print($xml);
?>

附言：谷歌云存储HMAC身份验证的所有详细信息都在这里提供：https://developers.google.com/storage/docs/reference/v1/developer-guidev1#authentication