Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php AWS签名的Cookie身份验证不起作用(AccessDeniedAccess被拒绝)_Php_Amazon Web Services_Amazon S3_Amazon Cloudfront_Amazon Signed Cookie - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php AWS签名的Cookie身份验证不起作用(AccessDeniedAccess被拒绝)

Php AWS签名的Cookie身份验证不起作用(AccessDeniedAccess被拒绝)

php amazon-web-services amazon-s3

Php AWS签名的Cookie身份验证不起作用(AccessDeniedAccess被拒绝),php,amazon-web-services,amazon-s3,amazon-cloudfront,amazon-signed-cookie,Php,Amazon Web Services,Amazon S3,Amazon Cloudfront,Amazon Signed Cookie,我正在尝试使用AWS CloudFront从s3存储桶访问静态内容。我可以使用签名URL访问该内容,但当我尝试使用AWS签名Cookie身份验证时,它会给我AccessDeniedAccess denied错误。 我已经仔细检查了CloudFront和S3存储桶的配置。但它似乎很完美。 我使用自定义SSL证书作为CloudFront和罐装策略来访问内容 <?php getSignature("http://cdn.******.ca", 300000); echo '<html>

我正在尝试使用AWS CloudFront从s3存储桶访问静态内容。我可以使用签名URL访问该内容,但当我尝试使用AWS签名Cookie身份验证时,它会给我AccessDeniedAccess denied错误。 我已经仔细检查了CloudFront和S3存储桶的配置。但它似乎很完美。 我使用自定义SSL证书作为CloudFront和罐装策略来访问内容

<?php
getSignature("http://cdn.******.ca", 300000);
echo '<html>
      <head></head>
      <body>
        <iframe src="https://cdn.****/file.pdf">
      </body>
      </html>';

function getSignature($resource = null, $expires = null, $policy = null)
    {

        $keyPairId = 'AP*****';

        $signatureHash = array();
         if ($policy) {
            $policy = preg_replace('/\s/s', '', $policy);
            $signatureHash['Policy'] = encode($policy);
            header ( "Set-Cookie: CloudFront-Policy=".$signatureHash['Policy']."; path=/; domain=***.ca; httpOnly", false );
            } 
         elseif ($resource && $expires) {
            $policy = createCannedPolicy($resource, $expires);
            $signatureHash['Expires'] = $expires;
            header ( "Set-Cookie: CloudFront-Expires=".$signatureHash['Expires']."; path=/; domain=***.ca; httpOnly", false );
            }
         else {
           return false;
        }

        $signatureHash['Signature'] = encode(sign($policy));
        header ( "Set-Cookie: CloudFront-Signature=".$signatureHash['Signature']."; path=/; domain=***.ca; httpOnly", false );
        $signatureHash['Key-Pair-Id'] = $keyPairId;
        header ( "Set-Cookie: CloudFront-Key-Pair-Id=".$signatureHash['Key-Pair-Id']."; path=/; domain=***.ca; httpOnly", false );

        return $signatureHash;
    }

    function createCannedPolicy($resource, $expiration)
    {
        $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expiration.'}}}]}';
        return $json;
    }

    function sign($policy)
    {
    $signature = '';
        $privateKey = 'path/pk-APK***.pem';
        $fp=fopen($privateKey,"r");
        $priv_key=fread($fp,8192);
        fclose($fp);

        $key = openssl_get_privatekey($priv_key);
    openssl_sign($policy, $signature, $key);
        return $signature;
    }

    function encode($policy)
    {
        return strtr(base64_encode($policy), '+=/', '-_~');
    }
?>

当您发送请求时,您的浏览器是否真的发送了cookies?是的,确实如此。我可以在我的浏览器上看到Cookie,它正在发送Cookie。你说你使用的是固定策略?这对于签名cookie通常没有意义。我也尝试过自定义策略,但错误仍然是一样的