PHP - 使用REST API从AWS S3删除对象

时间:2018-04-02 09:50:07

标签: php amazon-web-services amazon-s3

我正在尝试使用REST API从amazon s3中删除对象。 我创建了一个curl命令,但是我收到403错误:" SignatureDoesNotMatch我们计算的请求签名与您提供的签名不匹配"。

我在AWS文档中使用过: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

这是我的代码:

$host = 's3.amazonaws.com';
$url = "https://" . $bucket . '.' . $host . '/' . $file;
$date_full = date('D, d M Y H:i:s \G\M\T');
$date = date('Ymd');
$longDate = gmdate('Ymd\THis\Z');
$shortDate = gmdate('Ymd');
$credential = $accessKeyId . '/' . $shortDate . '/' . $region . '/s3/aws4_request';
$hashed_payload = strtolower(hash("sha256", ""));

$headers = [
    'X-Amz-Algorithm' => 'AWS4-HMAC-SHA256',
    'X-Amz-Credential' => $credential,
    'X-Amz-Date' => $longDate,
    'X-Amz-Expires' => 86400,
    'X-Amz-SignedHeaders' => 'host',
    'x-amz-content-sha256' => $hashed_payload,
    'Host' => $bucket . '.' . $host,
];
ksort($headers);
$signed_headers_string = strtolower(implode(';', array_keys($headers)));

// Build canonical request
$canonical_request = "DELETE\n"; // HTTPRequestMethod
$canonical_request .= '/' . urlencode("http://s3.amazonaws.com/" . $bucket . "/" . $file) . "\n"; // CanonicalURI
$canonical_request .= "\n"; // CanonicalQueryString

foreach ($headers as $header => $value) {
    $canonical_request .= strtolower($header) . ':' . trim($value) . "\n"; //CanonicalHeaders
}

$canonical_request .= $signed_headers_string . "\n"; // SignedHeaders
$canonical_request .= $hashed_payload; // HashedPayload

// Build string to sign
$string_to_sign = "AWS4-HMAC-SHA256\n";
$string_to_sign .= $date_full . "\n";
$string_to_sign .= $date . '/' . $region. "/s3/aws4_request\n";
$string_to_sign .= hash('sha256', $canonical_request);

// Calculate signature
$signature_date = hash_hmac('sha256', $date, 'AWS4' . $secretKey, true);
$signature_region = hash_hmac('sha256', $region, $signature_date, true);
$signature_service = hash_hmac('sha256', 's3', $signature_region, true);
$signature_request = hash_hmac('sha256', 'aws4_request', $signature_service, true);

// Build Signature
$signature = hash_hmac('sha256', $string_to_sign, $signature_request);

// Calculate final Authorization header
$headers['Authorization'] = 'AWS4-HMAC-SHA256 Credential=' . $credential . ', ';
$headers['Authorization'] .= 'SignedHeaders=' . $signed_headers_string . ', ';
$headers['Authorization'] .= 'Signature=' . $signature;

// Convert headers to key:value strings
$curl_headers = array();

foreach ($headers as $header => $value) {
    $curl_headers[] = "{$header}:{$value}";
}

// Init curl
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($curl, CURLINFO_HEADER_OUT, true);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $curl_headers);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE");

$result = curl_exec($curl);

有人可以帮我解释一下是什么问题吗?

0 个答案:

没有答案