Azure SDK PHP SAS用于容器

时间:2017-03-01 10:25:20

标签: php azure azure-storage azure-storage-blobs

我使用这些方法获取sas容器访问权限。如何更新它们以正确访问容器?我收到以下错误:"签名不匹配"。我可以访问单个blob但我无法找到允许访问容器的修复程序。

URL:https://storage.blob.core.windows.net/container?se=2017-03-01T11%3A30%3A25.0000000Z&st=2017-03-01T10%3A07%3A05.0000000Z&sr=c&sp=rwdl&sig=SIGNATURE&sv=2015-04-05&spr=https

错误:

<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:7dd5dba8-0001-0035-5278-926fe6000000 Time:2017-03-01T10:40:41.6498650Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rwdl 2017-03-01T10:07:05.0000000Z 2017-03-01T11:30:25.0000000Z /blob/storage/$root https 2015-04-05
</AuthenticationErrorDetail>
</Error>

代码:

public function generateContainerSAS() {
       if(!$this->existsContainer()){
             $this->blobClient->createContainer($this->container);
       }    
       $start =  $this->isoDate(time() - 2000);
       $expiry = $this->isoDate(time() + 3000);
       $signature = $this->getSASForContainer(AZURE_STORAGE_ACCOUNT_NAME,$this->container,
               'rwdl',$start, $expiry,AZURE_STORAGE_PRIMARY_KEY);

       $sharedAccessUrl = $this->getContainerUrl(AZURE_STORAGE_ACCOUNT_NAME,$this->container,
               'c','rwdl',$start, $expiry,$signature);

       return $sharedAccessUrl;
    }


function getContainerUrl($accountName,$container,$resourceType,$permissions,$start, $expiry,$_signature){
        /* Create the signed query part */
        $_parts = array();
        $_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
        $_parts[] = (!empty($start))?'st=' . urlencode($start):'';
        $_parts[] = 'sr=' . $resourceType;
        $_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
        $_parts[] = 'sig=' . urlencode($_signature);
        $_parts[] = 'sv=2015-04-05';
        $_parts[] = 'spr=https';

        /* Create the signed blob URL */
        $_url = 'https://'
        . $accountName.'.blob.core.windows.net/'
        . $container . '?'
        . implode('&', $_parts);

        return $_url;
    }


  function getSASForContainer($accountName,$container, $permissions, $start, $expiry,$key){

        $_arraysign = array();
        $_arraysign[] = $permissions;
        $_arraysign[] = $start;
        $_arraysign[] = $expiry;
        $_arraysign[] = "/blob/" . $accountName . '/' . $container;
        $_arraysign[] = '';
        $_arraysign[] = '';
        $_arraysign[] = 'https';
        $_arraysign[] = "2015-04-05"; //the API version is now required
        $_arraysign[] = '';
        $_arraysign[] = '';
        $_arraysign[] = '';
        $_arraysign[] = '';
        $_arraysign[] = '';
        $_str2sign = implode("\n", $_arraysign);

        return base64_encode(
        hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true)
        );
    }

0 个答案:

没有答案
相关问题
最新问题