Question

我正在尝试为Salesforce Apex中的Azure文件存储创建共享访问签名（SAS），但却无法到达任何地方。这是我的代码：

String link = 'https://<accountName>.file.core.windows.net/<folderName>/test.txt';
String key = '...' // key of the account

String spe = 'r'; //read
String st = '2018-06-07T08:49:00Z';
String se = '2018-06-09T08:49:00Z';
String res = '/file/<accountName>/<folderName>/test.txt';
String sv = '2017-11-09';
String sr = 'f'; // file
String spr = 'https';

String sts = spe + '\n'  +
    st + '\n' +
    se + '\n' +
    res + '\n' +
    spr + '\n'+
    sv + '\n';  

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), Blob.valueOf(key));
String sas = EncodingUtil.base64Encode(data);
sas = EncodingUtil.urlEncode(sas, 'UTF-8');
link += '?sv=' + sv + '&st=' + st + '&se=' + se + '&sr=' + sr + '&sp=' + spe 
               + '&spr=' + spr + '&sig=' + sas;
System.debug(link);

当我在浏览器中复制粘贴链接时，响应是：

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>
    Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:... Time:2018-06-07T21:56:01.7374549Z
  </Message>
  <AuthenticationErrorDetail>
    Signature did not match. String to sign used was r 2018-06-07T08:49:00Z 2018-06-09T08:49:00Z /file/<accountName>/<folderName>/test.txt https 2017-11-09
  </AuthenticationErrorDetail>
</Error>

我在这里做错了什么？

Answer 1

正如错误消息中提到的，这似乎与身份验证问题有关，我建议您访问以下两个链接：https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas

和https://zimmergren.net/azure-storage-rest-api-authenticate-with-c/检查您的身份验证标头的有效性：

an example of an account SAS:

https://storagesample.blob.core.windows.net/sample-container?restype=container&comp=metadata&sv=2015-04-05ss=bfqt&srt=sco&sp=rl&se=2015-09-20T08:49Z&sip=168.1.5.60-168.1.5.70&sig=a39%2BYozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ%3d

Answer 2

正如@superfell在评论中所提到的，问题在于以下代码行：

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), Blob.valueOf(key));

请将此行代码更改为：

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), EncodingUtil.base64Decode(key));

你不应该得到这个错误。本质上，密钥是base64编码的字符串，您需要使用正确的解码方法来获取字节数组。

Answer 3

谢谢@Gaurav。但是，您的解决方案有效，但不完整。它仍然给我错误。以下是我的工作：

String spe = 'r';
String st = '';
String se = '2018-06-10T07:00:00Z';
String res = '/file/<accountName>/<folderName>/test.txt';
String si = '';
String sip = '';
String spr = '';
String sr = 'f';
String sv = '2017-11-09';
String rscc = '';
String rscd = '';
String rsce = '';
String rscl = '';
String rsct = '';

String sts = spe + '\n'  +
    st + '\n' +
    se + '\n' +
    res + '\n' +
    si + '\n' +
    sip + '\n' +
    spr + '\n'+
    sv + '\n' +
    rscc + '\n' +
    rscd + '\n' +
    rsce + '\n' +
    rscl + '\n' +
    rsct;

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), EncodingUtil.base64Decode(key));
String sas = EncodingUtil.base64Encode(data);
sas = EncodingUtil.urlEncode(sas, 'UTF-8');
link += '?sv=' + sv + '&se=' + se + '&sr=' + sr + '&sp=' + spe + '&sig=' + sas;
System.debug(link);

在Salesforce中创建Azure文件存储SAS不起作用

3 个答案: