我在使用谷歌存储时遇到了困难。
所以我正在尝试做一个签名网址 https://cloud.google.com/storage/docs/access-control#Signed-URLs,已经有客户端 ID(这是一封电子邮件)和私钥(如所述here https://cloud.google.com/storage/docs/authentication#service_accounts) so:
STEP 1: 构造字符串 https://cloud.google.com/storage/docs/access-control#Construct-the-String
function googleBuildConfigurationString($method, $expiration, $file, array $options = []) {
$allowedMethods = ['GET', 'HEAD', 'PUT', 'DELETE'];
// initialize
$method = strtoupper($method);
$contentType = $options['Content_Type'];
$contentMd5 = $options['Content_MD5'] ? base64_encode($options['Content_MD5']) : '';
$headers = $options['Canonicalized_Extension_Headers'] ? $options['Canonicalized_Extension_Headers'] . PHP_EOL : '';
$file = $file ? $file : $options['Canonicalized_Resource'];
// validate
if(array_search($method, $allowedMethods) === false) {
throw new RuntimeException("Method '{$method}' is not allowed");
}
if(!$expiration) {
throw new RuntimeException("An expiration date should be provided.");
}
return <<<TXT
{$method}
{$contentMd5}
{$contentType}
{$expiration}
{$headers}{$file}
TXT;
}
到目前为止一切顺利(我认为),回显输出,它看起来与示例类似,所以现在对字符串进行签名
STEP 2: 对字符串进行签名 https://cloud.google.com/storage/docs/access-control#Signing-Strings最初我使用的是openssl_public_加密,搜索后发现 google-api-php-client 有 Google_Signer_P12 (实际上使用openssl_sign),所以该方法如下所示:
function googleSignString($certificatePath, $stringToSign) {
return (new Google_Signer_P12(
file_get_contents($certificatePath),
'notasecret'
))->sign($stringToSign);
}
在这里我不确定这是否正确签名,最终构建最终的网址
STEP 3: 构建 URL https://cloud.google.com/storage/docs/access-control#Assembling-the-URL
function googleBuildSignedUrl($serviceEmail, $file, $expiration, $signature) {
return "http://storage.googleapis.com{$file}"
. "?GoogleAccessId={$serviceEmail}"
. "&Expires={$expiration}"
. "&Signature=" . urlencode($signature);
}
但在浏览器中打开 URL 将检索:
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.
</Message>
<StringToSign>GET 1437470250 /example/video.mp4</StringToSign>
</Error>
我添加了一个gist https://gist.github.com/MLoureiro/14503293c3cb2191e2f6最终脚本更容易阅读
那么知道我做错了什么吗?