0
我想複製blob形式一個存儲帳戶到另一個,根據職位here我能夠生成shared access signature (SAS)爲x-ms-copy-source。現在我的問題是我無法通過身份驗證副本blob操作它說「AuthenticationFailedServer failed to authenticate the request」。Azure SAS令牌複製blob操作問題
我使用下面的代碼來生成SAS令牌以及複製blob的身份驗證簽名。有人可以幫助我在修復的問題
$date = gmdate('D, d M Y H:i:s \G\M\T');
$account_name = "souraccount";
$desaccname = "desaccount";
$destcontainername = "descontainer";
$blobname = "abc.png";
$sourcecontainer = "sourcecontainer";
$source_account_key = "asdfghjkl";
$destination_account_key = "poiuytr";
$expiry = gmdate("Y-m-d\TH:i:s\Z", time() + 30000);
$sig = getSASForBlob($account_name,$sourcecontainer, $blobname, "b", "r", $expiry, $source_account_key);
$url = getBlobUrl($account_name,$account_name,$blobname,"b","r",$expiry,$sig);
$canonicalizedHeaders = "x-ms-copy-source:".$url."\nx-ms-date:$date\nx-ms-version:2015-04-05";
$canonicalizedResource = "/$account_name/$sourcecontainer/$blobname";
$arraysign = array();
$arraysign[] = 'PUT'; /*HTTP Verb*/
$arraysign[] = ''; /*Content-Encoding*/
$arraysign[] = ''; /*Content-Language*/
$arraysign[] = ''; /*Content-Length (include value when zero)*/
$arraysign[] = ''; /*Content-MD5*/
$arraysign[] = ''; /*Content-Type*/
$arraysign[] = ''; /*Date*/
$arraysign[] = ''; /*If-Modified-Since */
$arraysign[] = ''; /*If-Match*/
$arraysign[] = ''; /*If-None-Match*/
$arraysign[] = ''; /*If-Unmodified-Since*/
$arraysign[] = ''; /*Range*/
$arraysign[] = $canonicalizedHeaders; /*CanonicalizedHeaders*/
$arraysign[] = $canonicalizedResource; /*CanonicalizedResource*/
$stringtosign = implode("\n", $arraysign);
$signature = 'SharedKey'.' '.$desaccname.':'.base64_encode(hash_hmac('sha256', $stringtosign, base64_decode($destination_account_key), true));
$endpoint = 'https://'.$desaccname.'.blob.core.windows.net';
echo $url = $endpoint.'/'.$destcontainername.'/'.$blobname;
$headers = [
"x-ms-copy-source:$url",
"x-ms-date:{$date}",
"x-ms-version:2015-04-05",
"Accept:application/json;odata=nometadata",
"Accept-Charset:UTF-8",
"Content-Length:0",
"Authorization:{$signature}"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
echo curl_error($ch);
curl_close($ch);
echo '<pre>';print_r($response);
function getSASForBlob($accountName,$container, $blob, $resourceType, $permissions, $expiry,$source_account_key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($source_account_key), true)
);
}
function getBlobUrl($accountName,$container,$blob,$resourceType,$permissions,$expiry,$_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = 'sv=2015-04-05';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
一個問題我在你的代碼中看到的是,您使用的是這兩個源和目標帳戶相同的密鑰('$ account_key')。 –
@GauravMantri我用'$ source_account_key'和'$ destination_account_key'修改了帖子中的代碼。它仍然無法驗證 – MSA
還有一件事我注意到了。在你的請求標題中,你將'Content-Length'標題的值設置爲'0'(這是正確的),但是你不會在'$ arraysign []'中將這個值保留爲空。你可以試着把這裏的值設置爲'0',然後重試你的請求嗎? –