Здравствуйте, я пытаюсь создать SAS для блоба на azure хранилище в java. Я пишу следующий код:
public static String GSAS(String url, String signedstart, String signedexpiry) throws
Exception {
String accountName = "taelearninguat2";
String accountKey = "xxxx"; // Here I hide the passsword
String signedpermissions = "r";
signedstart = "2020-02-18T08:49Z";
signedexpiry = "2020-02-28T08:49Z";
String canonicalizedResource = "/blob/" + accountName + "/resource/8a5dcc036edbba6a016ede49fec30000.jpg";
String signedIP = "";
String signedProtocol = "";
String signedidentifier = "";
String signedversion = "2015-04-05";
String rscc = "";
String responsecontent = "file; attachment";
String rsce = "";
String rscl = "";
String rsct = "binary";
String stringToSign =
signedpermissions + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
canonicalizedResource + "\n" +
signedidentifier + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
rscc + "\n" +
responsecontent + "\n" +
rsce + "\n" +
rscl + "\n" +
rsct;
String sig = computeHmac256(stringToSign,Base64.getDecoder().decode(accountKey));
StringBuffer param = new StringBuffer();
param.append("?")
.append("sv=").append(URLEncoder.encode(signedversion, "UTF-8")).append("&")
.append("sr=").append(URLEncoder.encode("b", "UTF-8")).append("&")
.append("sig=").append(URLEncoder.encode(sig, "UTF-8")).append("&")
.append("st=").append(URLEncoder.encode(signedstart, "UTF-8")).append("&")
.append("se=").append(URLEncoder.encode(signedexpiry, "UTF-8")).append("&")
.append("sp=").append(URLEncoder.encode(signedpermissions, "UTF-8")).append("&")
.append("rscd=").append(URLEncoder.encode(responsecontent, "UTF-8")).append("&")
.append("rsct=").append(URLEncoder.encode(rsct, "UTF-8"));
String sasURL = url + param.toString();
return sasURL;
}
static String computeHmac256(String stringToSign, byte[] accountKey) throws Exception {
try {
/*
We must get a new instance of the Mac calculator for each signature calculated because the instances are
not threadsafe and there is some suggestion online that they may not even be safe for reuse, so we use a
new one each time to be sure.
*/
Mac hmacSha256 = Mac.getInstance("HmacSHA256");
hmacSha256.init(new SecretKeySpec(accountKey, "HmacSHA256"));
byte[] utf8Bytes = stringToSign.getBytes("UTF-8");
return Base64.getEncoder().encodeToString(hmacSha256.doFinal(utf8Bytes));
} catch (Exception e) {
throw new Error(e);
}
}
Предположим, у меня есть изображение с таким URL: https://taelearninguat2.blob.core.chinacloudapi.cn/resource/8a5dcc036edbba6a016ede49fec30000.jpg
, поэтому stringToSign:
r
2020-02-18T08:49Z
2020-02-28T08:49Z
/blob/taelearninguat2/resource/8a5dcc036edbba6a016ede49fec30000.jpg
2015-04-05
file; attachment
binary
SAS url: https://taelearninguat2.blob.core.chinacloudapi.cn/resource/8a5dcc036edbba6a016ede49fec30000.jpg?sv=2015-04-05&sr=b&sig=IbBspyUvIyOoxq7XRs7nQ3zHK%2BrlZzoen9jwSN%2B1Yfw%3D&st=2020-02-18T08%3A49Z&se=2020-02-28T08%3A49Z&sp=r&rscd=file%3B+attachment&rsct=binary
<AuthenticationErrorDetail>Signature did not match. String to sign used was r 2020-02-18T08:49Z 2020-02-28T08:49Z /blob/taelearninguat2/resource/8a5dcc036edbba6a016ede49fec30000.jpg 2015-04-05 file; attachment</AuthenticationErrorDetail>
новое обновление: измените параметры времени: signstart = 2019-11-27 signedexpiry = 2019-12-04, тогда результат будет : Подпись недействительна в указанный период времени: Начало [ср., 27 ноября 2019 г. 00:00:00 по Гринвичу] - истечение срока [ср., 04 дек. c 2019 00:00:00 по Гринвичу] - текущий [чт, 20 февраля 2020 г. 14:45:57 GMT]
но подписанный старт = 2020-02-19 signedexpiry = 2020-02-25 подпись все еще не совпадает