Php 复制blob操作问题的Azure SAS令牌
我正在尝试将blob从一个存储帐户复制到另一个存储帐户,根据帖子,我能够为Php 复制blob操作问题的Azure SAS令牌,php,azure,authentication,azure-storage-blobs,Php,Azure,Authentication,Azure Storage Blobs,我正在尝试将blob从一个存储帐户复制到另一个存储帐户,根据帖子,我能够为x-ms-copy-source生成共享访问签名(SAS)。现在我的问题是我无法通过复制blob操作的身份验证,它显示“AuthenticationFailedServer未能对请求进行身份验证” 我使用下面的代码为复制blob生成SAS令牌和身份验证签名。有人能帮我解决这个问题吗 $date = gmdate('D, d M Y H:i:s \G\M\T'); $account_name = "souraccount";
x-ms-copy-source
生成共享访问签名(SAS)
。现在我的问题是我无法通过复制blob操作的身份验证,它显示“AuthenticationFailedServer未能对请求进行身份验证”
我使用下面的代码为复制blob生成SAS令牌和身份验证签名。有人能帮我解决这个问题吗
$date = gmdate('D, d M Y H:i:s \G\M\T');
$account_name = "souraccount";
$desaccname = "desaccount";
$destcontainername = "descontainer";
$blobname = "abc.png";
$sourcecontainer = "sourcecontainer";
$source_account_key = "asdfghjkl";
$destination_account_key = "poiuytr";
$expiry = gmdate("Y-m-d\TH:i:s\Z", time() + 30000);
$sig = getSASForBlob($account_name,$sourcecontainer, $blobname, "b", "r", $expiry, $source_account_key );
$url = getBlobUrl($account_name,$account_name,$blobname,"b","r",$expiry,$sig);
$canonicalizedHeaders = "x-ms-copy-source:".$url."\nx-ms-date:$date\nx-ms-version:2015-04-05";
$canonicalizedResource = "/$account_name/$sourcecontainer/$blobname";
$arraysign = array();
$arraysign[] = 'PUT'; /*HTTP Verb*/
$arraysign[] = ''; /*Content-Encoding*/
$arraysign[] = ''; /*Content-Language*/
$arraysign[] = ''; /*Content-Length (include value when zero)*/
$arraysign[] = ''; /*Content-MD5*/
$arraysign[] = ''; /*Content-Type*/
$arraysign[] = ''; /*Date*/
$arraysign[] = ''; /*If-Modified-Since */
$arraysign[] = ''; /*If-Match*/
$arraysign[] = ''; /*If-None-Match*/
$arraysign[] = ''; /*If-Unmodified-Since*/
$arraysign[] = ''; /*Range*/
$arraysign[] = $canonicalizedHeaders; /*CanonicalizedHeaders*/
$arraysign[] = $canonicalizedResource; /*CanonicalizedResource*/
$stringtosign = implode("\n", $arraysign);
$signature = 'SharedKey'.' '.$desaccname.':'.base64_encode(hash_hmac('sha256', $stringtosign, base64_decode($destination_account_key ), true));
$endpoint = 'https://'.$desaccname.'.blob.core.windows.net';
echo $url = $endpoint.'/'.$destcontainername.'/'.$blobname;
$headers = [
"x-ms-copy-source:$url",
"x-ms-date:{$date}",
"x-ms-version:2015-04-05",
"Accept:application/json;odata=nometadata",
"Accept-Charset:UTF-8",
"Content-Length:0",
"Authorization:{$signature}"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
echo curl_error($ch);
curl_close($ch);
echo '<pre>';print_r($response);
function getSASForBlob($accountName,$container, $blob, $resourceType, $permissions, $expiry,$source_account_key ){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($source_account_key ), true)
);
}
function getBlobUrl($accountName,$container,$blob,$resourceType,$permissions,$expiry,$_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = 'sv=2015-04-05';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
$date=gmdate('D,dm Y H:i:s\G\M\T');
$account\u name=“souraccount”;
$desaccname=“desaccount”;
$destcontainername=“desccontainer”;
$blobname=“abc.png”;
$sourcecontainer=“sourcecontainer”;
$source\u account\u key=“asdfghjkl”;
$destination\u account\u key=“poiuytr”;
$expiry=gmdate(“Y-m-d\TH:i:s\Z”,time()+30000);
$sig=getSASForBlob($account\u name,$sourcecontainer,$blobname,“b”,“r”,“$expiry,$source\u account\u key);
$url=getBlobUrl($account\u name,$account\u name,$blobname,“b”,“r”,“$expiry,$sig);
$canonicalizedHeaders=“x-ms-copy-source:”.$url.\nx-ms-date:$date\nx-ms版本:2015-04-05”;
$canonicalizedResource=“/$account\u name/$sourcecontainer/$blobname”;
$arraysign=array();
$arraysign[]='PUT'/*HTTP动词*/
$arraysign[]=''/*内容编码*/
$arraysign[]=''/*内容语言*/
$arraysign[]=''/*内容长度(包括零时的值)*/
$arraysign[]=''/*Content-MD5*/
$arraysign[]=''/*内容类型*/
$arraysign[]=''/*日期*/
$arraysign[]=''/*如果自*/
$arraysign[]=''/*如果匹配*/
$arraysign[]=''/*如果没有匹配项*/
$arraysign[]=''/*如果自*/
$arraysign[]=''/*范围*/
$arraysign[]=$canonicalizedHeaders/*标准化领导者*/
$arraysign[]=$canonicalizedResource/*标准化数据源*/
$stringtosign=内爆(“\n”,$arraysign);
$signature='SharedKey'.'.$desaccname'.:'.base64_编码(hash_hmac('sha256',$stringtosign,base64_解码($destination_account_key),true));
$endpoint='https://'.$desaccname..blob.core.windows.net';
echo$url=$endpoint.'/'.$destcontainername.'/'.$blobname;
$headers=[
“x-ms-copy-source:$url”,
“x-ms-date:{$date}”,
“x-ms-version:2015-04-05”,
“接受:application/json;odata=nometadata”,
“接受字符集:UTF-8”,
“内容长度:0”,
“授权:{$signature}”
];
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$URL);
curl_setopt($ch,CURLOPT_HTTPHEADER,$headers);
curl_setopt($ch,CURLOPT_CUSTOMREQUEST,'PUT');
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$response=curl\u exec($ch);
回波旋度误差($ch);
卷曲关闭($ch);
回声';打印(回复);
$_arraysign[] = '/' . $accountName . '/' . $container . '/' . $blob;
函数getSASForBlob($accountName、$container、$blob、$resourceType、$permissions、$expiry、$source\u account\u key){
/*创建签名*/
$\u arraysign=array();
$\u arraysign[]=$权限;
$\u arraysign[]='';
$\u arraysign[]=$expiry;
$\u arraysign[]='/'.$accountName'/'.$container'/'.$blob;
$\u arraysign[]='';
$\u arraysign[]=“2015-04-05”;//现在需要API版本
$\u arraysign[]='';
$\u arraysign[]='';
$\u arraysign[]='';
$\u arraysign[]='';
$\u arraysign[]='';
$\u str2sign=内爆(“\n”,$\u arraysign);
返回base64_编码(
hash_hmac('sha256',urldecode(utf8_编码($_str2sign)),base64_解码($source_account_key),true)
);
}
函数getBlobUrl($accountName、$container、$blob、$resourceType、$permissions、$expiry、$\u签名){
/*创建签名查询部件*/
$_parts=array();
$_零件[]=“sv=2015-04-05”;
$\u parts[]='sr='。$resourceType;
$\u parts[]='sig='.urlencode($\u签名);
$_parts[]=(!empty($expiry))?“se=”。urlencode($expiry):“”;
$\u parts[]=(!empty($permissions))?“sp=”。$permissions:“”;
/*创建已签名的blob URL*/
$\u url='https://'
.$accountName.'.blob.core.windows.net/'
.$container.'/'
.$blob.“?”
.内爆(“&”、$_部分);
返回$\uURL;
}
@Gaurav Mantri在评论中写道:
我们肯定取得了一些进展:)。现在我相信你的SAS URL有问题。请尝试更改以下行
$_arraysign[] = '/blob/' . $accountName . '/' . $container . '/' . $blob;
到
$date = gmdate('D, d M Y H:i:s \G\M\T');
$account_name = "saccname"; // Source Storage acoount name
$desaccname = "daccname"; // destination Storage acoount name
$destcontainername = "vhd"; // destination Container name
$blobname = "sblob.vhd"; // source blob name
$sourcecontainer = "vhd"; // source container name
$source_account_key = "sdfsdfdsf";
$destination_account_key = "safdsf";
$expiry = gmdate("Y-m-d\TH:i:s\Z", time() + 30000);
$sig = getSASForBlob($account_name,$sourcecontainer, $blobname, "b", "r", $expiry, $source_account_key);
$xms_copy_source_url = getBlobUrl($account_name,$sourcecontainer,$blobname,"b","r",$expiry,$sig);
$canonicalizedHeaders = "x-ms-copy-source:".$xms_copy_source_url."\nx-ms-date:$date\nx-ms-version:2015-04-05";
$canonicalizedResource = "/$desaccname/$destcontainername/$blobname";
$arraysign = array();
$arraysign[] = 'PUT'; /*HTTP Verb*/
$arraysign[] = ''; /*Content-Encoding*/
$arraysign[] = ''; /*Content-Language*/
$arraysign[] = ''; /*Content-Length (include value when zero)*/
$arraysign[] = ''; /*Content-MD5*/
$arraysign[] = ''; /*Content-Type*/
$arraysign[] = ''; /*Date*/
$arraysign[] = ''; /*If-Modified-Since */
$arraysign[] = ''; /*If-Match*/
$arraysign[] = ''; /*If-None-Match*/
$arraysign[] = ''; /*If-Unmodified-Since*/
$arraysign[] = ''; /*Range*/
$arraysign[] = $canonicalizedHeaders; /*CanonicalizedHeaders*/
$arraysign[] = $canonicalizedResource; /*CanonicalizedResource*/
$stringtosign = implode("\n", $arraysign);
$signature = 'SharedKey'.' '.$desaccname.':'.base64_encode(hash_hmac('sha256', $stringtosign, base64_decode($destination_account_key), true));
$endpoint = 'https://'.$desaccname.'.blob.core.windows.net';
$url = $endpoint.'/'.$destcontainername.'/'.$blobname;
$headers = [
"x-ms-copy-source:$xms_copy_source_url",
"x-ms-date:{$date}",
"x-ms-version:2015-04-05",
"Accept:application/json;odata=nometadata",
"Accept-Charset:UTF-8",
'Content-Length:0'
"Authorization:{$signature}"
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
echo curl_error($ch);
curl_close($ch);
echo '<pre>';print_r($response);
function getSASForBlob($accountName,$container, $blob, $resourceType, $permissions, $expiry,$source_account_key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($source_account_key), true));
}
function getBlobUrl($accountName,$container,$blob,$resourceType,$permissions,$expiry,$_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($expiry)) ? 'se=' . urlencode($expiry) : '';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions)) ? 'sp=' . $permissions : '';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2015-04-05';
$_parts[] = 'rscd=';
/* Create the signed blob URL */
$_url = 'https://'.$accountName.'.blob.core.windows.net/'. $container . '/'. $blob . '?'. implode('&', $_parts);
return $_url;
}
在getSASForBlob函数中
在下面找到将blob从源存储帐户复制到目标存储帐户的完整工作代码。Gaurav Mantri在评论部分给出的解决方案修复了我的问题
$date=gmdate('D,dm Y H:i:s\G\M\T');
$account\u name=“saccname”;//源存储帐户名称
$desaccname=“daccname”;//目标存储帐户名称
$destcontainername=“vhd”//目标容器名称
$blobname=“sblob.vhd”;//源blob名称
$sourcecontainer=“vhd”;//源容器名称
$source\u account\u key=“sdfsdfdsf”;
$destination\u account\u key=“safdsf”;
$expiry=gmdate(“Y-m-d\TH:i:s\Z”,time()+30000);
$sig=getSASForBlob($account\u name,$sourcecontainer,$blobname,“b”,“r”,“$expiry,$source\u account\u key);
$xms\u copy\u source\u url=getBlobUrl($account\u name,$sourcecontainer,$blobname,“b”,“r”,“$expiry,$sig);
$canonicalizedHeaders=“x-ms-copy-source:”.$xms\u copy\u source\u url。“\nx-ms-date:$date\nx-ms版本:2015-04-05”;
$canonicalizedResource=“/$desaccname/$destcontainername/$blobname”;
$arraysign=array();
$arraysign[]='PUT'/*HTTP动词*/
$arraysign[]=''/*内容编码*/
$arraysign[]=''/*内容语言*/
$arraysign[]=''/*内容长度(包括零时的值)*/
$arraysign[