我正在尝试使用PHP中的API v1.0(互操作模式)在GCS上创建一个存储桶,但我得到了"签名不匹配"错误响应。
我在做什么:
$access_id = "GOOGxxxxxx";
$secret_key = "xyxyxyxyx/xyxyxyxyx";
$bucket = "random_bucket_name";
$url = 'https://'.$bucket.'commondatastorage.googleapis.com';
$timestamp = date("r");
$canonicalizedResources = "/ HTTP 1.1";
$stringToSign = utf8_encode("PUT "."'n"."'n"."'n".$canonicalizedResources);
$signature = base64_encode(hash_hmac("sha1",$stringToSign,$secret_key,true));
$authSignature = $access_id.":".$signature;
$headers = array('Host: '.$bucket.'.commondatastorage.googleapis.com',
'Date: '.$timestamp, 'x-goog-api-version: 1',
'x-goog-project-id: xxxyyyxy','Content-Length: 0',
'Authorization: GOOG1 '.$authSignature);
$c = curl_init($url);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c,CURLOPT_HTTPHEADER,$headers);
$xml = curl_exec($c);
我得到的回应是:
<?xml version='1.0' encoding='UTF-8'?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you
provided. Check your Google secret key and signing method.</Message>
<StringToSign>
GET
Sat, 03 Mar 2012 14:56:53 -0800
x-goog-api-version:1
x-goog-project-id:xxxyyyxy
/random_bucket_name/
</StringToSign>
</Error>
你知道我哪里错了吗?
以下是谷歌的相关文档:https://developers.google.com/storage/docs/reference-methods#putbucket
我注意到的一件事是,即使我在"stringToSign"变量中指定了"PUT"。。。回复说我用了"GET"?
如有任何帮助,我们将不胜感激。
这里有几个问题:
- 您的规范化资源应该是"/bbucket/",而不是"/HTTP 1.1"
- 您需要在字符串中包含两个自定义标头(x-goog-version和x-goog-project-id)进行签名
- 要签名的字符串必须包括在Date:标头中发送的时间戳
- 您需要设置CURLOPT_PUT,以便curl知道发送PUT请求,而不是默认的GET请求(这就是为什么您的错误响应暗示了GET请求)
以下是您代码的更正版本,我对其进行了测试并用于创建一个新的bucket:
<?php
$access_id = "REDACTED";
$secret_key = "REDACTED";
$bucket = "your-bucket";
$url = 'https://'.$bucket.'commondatastorage.googleapis.com';
$timestamp = date("r");
$version_header = "x-goog-api-version:1";
$project_header = "x-goog-project-id:REDACTED";
$canonicalizedResources = "/".$bucket."/";
$stringToSign = utf8_encode("PUT'n'n'n".$timestamp."'n".$version_header."'n".$project_header."'n".$canonicalizedResources);
$signature = base64_encode(hash_hmac("sha1",$stringToSign,$secret_key,true));
$authSignature = $access_id.":".$signature;
$headers = array('Host: '.$bucket.'.commondatastorage.googleapis.com',
'Date: '.$timestamp, $version_header,
$project_header,'Content-Length: 0',
'Authorization: GOOG1 '.$authSignature);
$c = curl_init($url);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c,CURLOPT_HTTPHEADER,$headers);
curl_setopt($c, CURLOPT_PUT, TRUE);
$xml = curl_exec($c);
print($xml);
?>
附言:谷歌云存储HMAC身份验证的所有详细信息都在这里提供:https://developers.google.com/storage/docs/reference/v1/developer-guidev1#authentication