例外:我想通过AWS CloudFront网址获取已签名的网址。AWS无法签署CloudFront网址
我做了什么:我创建了一个AWS CloudFront的instence并启用限制浏览器访问功能,信任的签名是自。
下面是PHP代码我想登录的网址
function getSignedURL()
{
$resource = 'http://d2qui8qg6d31zk.cloudfront.net/richardcuicks3sample/140-140.bmp';
$timeout = 300;
//This comes from key pair you generated for cloudfront
$keyPairId = "YOUR_CLOUDFRONT_KEY_PAIR_ID";
$expires = time() + $timeout; //Time out in seconds
$json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';
//Read Cloudfront Private Key Pair
$fp=fopen("private_key.pem","r");
$priv_key=fread($fp,8192);
fclose($fp);
//Create the private key
$key = openssl_get_privatekey($priv_key);
if(!$key)
{
echo "<p>Failed to load private key!</p>";
return;
}
//Sign the policy with the private key
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))
{
echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';
return;
}
//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);
//Construct the URL
$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;
return $url;
}
为$keyPairId
和private_key.pem
,我登录我的根帐户,并在安全Credentials-> CloudFront的密钥对部分生成此两个变量。
如果我直接在浏览器上访问http://d2qui8qg6d31zk.cloudfront.net/richardcuicks3sample/140-140.bmp
。它会回应像
<Error>
<Code>MissingKey</Code>
<Message>
Missing Key-Pair-Id query parameter or cookie value
</Message>
</Error>
后,我运行的功能,我还有很长签署的网址,解析其中的chrome浏览器的URL,它会回应像
<Error>
<Code>InvalidKey</Code>
<Message>Unknown Key</Message>
</Error>
问题:我有搜索AWS文件和谷歌很多时间关于此,谁能告诉我为什么发生这种情况,或者如果我错过了什么?提前致谢!