java - 总是得到签名不匹配。使用的签名字符串用于 Azure SAS token 生成

Question

以下是我的代码。但它总是抛出签名不匹配的错误。不确定有什么问题吗？如果签名是从 Azure 门户生成的，则使用相同的 URL，资源加载正常。

          String accessKey = "<API KEy from azure portal>";`your text`
          String accountName = "<My account name>";
          String signedPermissions = "rwdlacupiy"; 
      String signedService = "bfqt";  
      String signedResType = "o";  
     
      String signedIp = "";
      String protocol = "https";
      String  AZURE_API_VERSION = "2021-12-02";
      
      SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd'T'hh:mm:ss'Z'");
        fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
        Calendar cal = Calendar.getInstance();
        cal.setTime(new Date());
        cal.add(Calendar.DATE, -2);
        String start = fmt.format(cal.getTime());
        cal.add(Calendar.DATE, 4);
        String expiry1 =  fmt.format(cal.getTime());
      
     String stringToSign = ACCOUNT_NAME + "\n" +  
                  signedPermissions + "\n" +
                          signedService + "\n" +  
                          signedResType + "\n" +
                          start + "\n" +  
                          expiry1 + "\n" +  
                          signedIp + "\n" +  
                          protocol + "\n" +  
                           AZURE_API_VERSION+"\n";
          
     //System.out.println("string to sign "+ stringToSign);
     SecretKeySpec secretKey = new SecretKeySpec(Base64.getDecoder().decode(accessKey),    "HmacSHA256");
        Mac sha256HMAC = Mac.getInstance("HmacSHA256");
        sha256HMAC.init(secretKey);
        String  signature =  
                      Base64.getEncoder().encodeToString(sha256HMAC.doFinal(stringToSign.getBytes("UTF-8")));
        //System.out.println("signature "+URLEncoder.encode(signature, "UTF-8"));
      String sasToken = "sv=" + AZURE_API_VERSION +
                "&ss=" + signedService +
                "&srt=" + signedResType +
                "&sp=" + signedPermissions +
                "&se=" + URLEncoder.encode(expiry1, "UTF-8")  +
                "&st=" + URLEncoder.encode(start, "UTF-8") +
                "&spr=" + protocol +
                "&sig=" + URLEncoder.encode(signature, "UTF-8") ;
      
      //System.out.println("sasToken1 "+sasToken);
      
      String resourceUrl="https://<accountName >.file.core.windows.net/<My resource path>";  // this is file resource
        URL url;
        try {
            url = new URL(resourceUrl+"?"+sasToken);
        
            InputStream in =url.openStream();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }`

资源 URL 上的错误始终为 403，如果我将 URL 放入浏览器中，它始终为 签名不匹配。使用的签名字符串是 鲁德拉库皮伊 巴菲特 哦 2023-03-08T02:23:43Z 2023-03-12T01:23:43Z

https 2021-12-02

我尝试了上述步骤，但不知道出了什么问题。 ACCESS key 是从 azure 门户复制的。 如果我从 azure 门户签名生成 SAS token 有效，但不适用于该程序。

Answer 1

考虑到您使用的是 REST API 版本 2021-12-02，您的 stringToSign 应使用以下逻辑构建:

StringToSign = accountname + "\n" +  
    signedpermissions + "\n" +  
    signedservice + "\n" +  
    signedresourcetype + "\n" +  
    signedstart + "\n" +  
    signedexpiry + "\n" +  
    signedIP + "\n" +  
    signedProtocol + "\n" +  
    signedversion + "\n" +
    signedEncryptionScope + "\n"

请注意要签名的字符串中的signedEncryptionScope。

引用:https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas#construct-the-signature-string