【问题标题】:Understanding what's wrong with my authorization header using Perl, HTTP, LWP使用 Perl、HTTP、LWP 了解我的授权标头有什么问题
【发布时间】:2019-07-01 15:12:35
【问题描述】:

我有一段 PHP 代码创建一个 Blob 存储 PUT 请求到我的 Azure 存储帐户中的容器。经过重大的修补,我终于得到了正确的标题,一切都很好。不幸的是,我想在其中使用它的应用程序是用 Perl 编写的。所以我认为移植它是一项相对容易的任务。事实证明这比我预期的要困难。

我已经比较了 PHP 代码和 Perl 代码之间的所有内容(嗯,显然不是所有内容,否则它会工作),但仍然收到与标头相关的身份验证错误。

PHP 脚本使用 Curl 发出用户代理请求。在我的 Perl 安装中,我无法直接替换它。如果没有 Net::Curl 的本地安装和 C 编译器,我不确定我能做些什么。 (也许我在那里遗漏了一些东西?)因为两个版本(PHP和Perl)之间的所有内容似乎都匹配,即消息、密钥、字符串的编码/解码版本、散列签名(我硬编码了两个实现之间的验证日期) ,我不知道还能尝试什么。这是第 3 天,我觉得我可能正在为这个小组已经解决的问题旋转我的车轮。

运行良好的 PHP 代码:

<?php

date_default_timezone_set ( 'GMT' );
$date = date ( "D, d M Y H:i:s T" );

$version = "2009-09-19";

$account_name = 'emiliolizardo';
$account_key = "uXwt+WJ14kkV6zDALOuiDCsJtqrGDMK7W5xtNhuXXUcsfP1HIC1s7IJ+PZS7dgyXPBufad46ncBSQQK5rNs6Qw==";
$container_name = 'containertest';

$blobname = "foobar.txt";
$fdata    = file_get_contents('testfile.txt');

$utfStr = "PUT"
        . "\n\n\n"
        . strlen($fdata)
        . "\n\n"
        . "text/plain; charset=UTF-8"
        . "\n\n\n\n\n\n\n"
        . "x-ms-blob-type:BlockBlob"
        . "\n"
        . "x-ms-date:$date"
        . "\n"
        . "x-ms-version:$version"
        . "\n"
        . "/$account_name/$container_name/$blobname";

$utf8_encode_str = utf8_encode ( $utfStr );

echo "utfStr : " . $utfStr . "\n";
echo "utf8_encode_str:" . $utf8_encode_str . "\n";

$signature_str = base64_encode(hash_hmac('sha256',    $utf8_encode_str, base64_decode($account_key), true));

echo "signature_str:" . $signature_str . "\n";

  $header = array (
   "x-ms-blob-type: BlockBlob",
   "x-ms-date: " . $date,
   "x-ms-version: " . $version,
   "Authorization: SharedKey " . $account_name . ":" . $signature_str,
   "Content-Type: text/plain; charset=UTF-8",
   "Content-Length: " . strlen($fdata),
   );

print_r($header);

$url="https://$account_name.blob.core.windows.net/$container_name/$blobname";
echo "url:" . $url . "\n";

# Check our variables
#echo "account_name: " . $account_name . "\n";
#echo "account_key : " . $account_key . "\n";
#echo "signature   : " . $signature_str . "\n";
#echo "url         : " . $url . "\n";
#var_dump($header);

# Execute curl commands to create container
$ch = curl_init ();

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt ($ch, CURLOPT_CUSTOMREQUEST, 'PUT' );
curl_setopt ($ch, CURLOPT_URL, $url );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt ($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $fdata);
curl_setopt ($ch, CURLOPT_HEADER, True );

$result = curl_exec ( $ch );

Perl 代码很接近,但缺少一些东西:

#!/usr/bin/perl

use strict;
use DateTime;
use DateTime::TimeZone;
use Data::Dumper;
use Encode qw(decode encode);
use MIME::Base64 qw( encode_base64 decode_base64 );
use Digest::SHA qw(hmac_sha256 hmac_sha256_base64);
use HTTP::Request;
use LWP::UserAgent;

my $account_name = "emiliolizardo";
my $account_key  = "uXwt+WJ14kkV6zDALOuiDCsJtqrGDMK7W5xtNhuXXUcsfP1HIC1s7IJ+PZS7dgyXPBufad46ncBSQQK5rNs6Qw==";
my $container    = 'containertest';

#my $file = 'YhJCUjrcEi0q.mp3';
my $file = 'testfile.txt';

# -----------------------------------------------------------
# --
# -----------------------------------------------------------
sub uploadblob {
        my ($fname, $accname, $acckey, $cont) = @_;

        my $date = `/bin/date -u +"%a, %d %b %Y %T GMT"`; chomp $date;
#       my $date = 'Mon, 01 Jul 2019 13:14:43 GMT';     # -- JUST FOR TESTING

#       my $version = "2018-03-28";
        my $version = "2009-09-19";                     # -- JUST FOR TESTING TO MIMIC PHP CODE

        my ($blobname, $ctype);
        for ($fname) {
                /\.mp3$/i and do { $ctype = 'audio/mpeg'; last; };
                /\.wav$/i and do { $ctype = 'audio/wav'; last; };
                /\.txt$/i and do { $ctype = 'text/plain'; last; };
                die "Failed to match an acceptable extension";
        }
        my $blobname = $fname;

        open FILE, "< $fname" or die "Can't open file $fname for read: $!";
        my $fdata = <FILE>;
        close FILE;

        my $fsize = -s $fname;

        my $str = qq{PUT\n\n\n$fsize\n\n$ctype; charset=UTF-8\n\n\n\n\n\n\nx-ms-blob-type:BlockBlob\nx-ms-date:$date\nx-ms-version:$version\n/$accname/$cont/$blobname};
print "utfStr : $str\n";

        my $message = encode("UTF-8", $str);
print "utf8_encode_str:$message\n";

        my $secret  = decode_base64($acckey);

        my $signature_str = encode_base64( hmac_sha256($message, $secret) );
        chomp $signature_str;
print "signature_str:$signature_str\n";

#       while(length($digest) %4) { $digest .= '='; }   # -- Is this necessary for the hmac_sha256 digest?

        my $header = [
                'x-ms-blob-type' => "BlockBlob",
                'x-ms-date' => $date,
                'x-ms-version' => $version,
                'Authorization' => "SharedKey $accname:$signature_str",
                'Content-Type' => "$ctype; charset=UTF-8",
                'Content-Length' => $fsize
        ];
        my $url = "https://$accname.blob.core.windows.net/$cont/$blobname";
print "url:$url\n";

        sendPut($header,$url,$fdata);
}


# -----------------------------------------------------------
# --
# -----------------------------------------------------------
sub sendPut {
        my ($header,$url,$data) = @_;
print "\n\nIn sendPut()\n\n\n==============================================\n\n\n";

        my $r = HTTP::Request->new('POST', $url, $header, $data);

        my $ua = LWP::UserAgent->new();
        my $res = $ua->request($r);

        print "res: ", Dumper $res, "\n";
}

uploadblob($file, $account_name, $account_key, $container);

错误消息提示我可能是什么问题,但我不确定如何纠正它:内容长度标头错误,已修复。这似乎是 LWP 的一个现有问题(或者是在 2006 年,这是我找到的参考资料)。

在我使用 LWP 发送 HTTP::Request 对象之前,使用 Data::Dumper 查看它,这对我来说看起来不错。就像 PHP 请求对象一样。在某个时候,我会用 PHP 或 Node.js 或其他最新的东西重写老式的 Perl 代码,但目前,我真的很想在 Perl 中使用它。

提前感谢您的任何建议。如果我违反了任何 SO 礼节,我深表歉意 - 这里还是很新。

谢谢 - 安迪

这是来自 UserAgent->request 的完整响应:

Content-Length header value was wrong, fixed at /usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 189.
res: $VAR1 = bless( {
                 '_protocol' => 'HTTP/1.1',
                 '_content' => '<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:62589eac-301e-00bd-3e1e-30c15e000000
Time:2019-07-01T15:04:08.0485043Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request \'PUUgk2meSoiB9o+inlYomIq96Bf13IdAQoIZ4BSu4sE=\' is not the same as any computed signature. Server used following string to sign: \'POST


26

text/plain; charset=UTF-8






x-ms-blob-type:BlockBlob
x-ms-date:Mon, 01 Jul 2019 15:04:07 GMT
x-ms-version:2009-09-19
/emiliolizardo/containertest/testfile.txt\'.</AuthenticationErrorDetail></Error>',
                 '_rc' => '403',
                 '_headers' => bless( {
                                        'client-response-num' => 1,
                                        'date' => 'Mon, 01 Jul 2019 15:04:07 GMT',
                                        'client-ssl-cert-issuer' => '/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 4',
                                        'client-ssl-cipher' => 'ECDHE-RSA-AES256-GCM-SHA384',
                                        'client-peer' => '52.239.177.68:443',
                                        'content-length' => '723',
                                        'client-date' => 'Mon, 01 Jul 2019 15:04:08 GMT',
                                        'client-ssl-warning' => 'Peer certificate not verified',
                                        'content-type' => 'application/xml',
                                        'x-ms-request-id' => '62589eac-301e-00bd-3e1e-30c15e000000',
                                        'client-ssl-cert-subject' => '/CN=*.blob.core.windows.net',
                                        'server' => 'Microsoft-HTTPAPI/2.0',
                                        'client-ssl-socket-class' => 'IO::Socket::SSL'
                                      }, 'HTTP::Headers' ),
                 '_msg' => 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.',
                 '_request' => bless( {
                                        '_content' => 'Test file for blob upload
',
                                        '_uri' => bless( do{\(my $o = 'https://emiliolizardo.blob.core.windows.net/containertest/testfile.txt')}, 'URI::https' ),
                                        '_headers' => bless( {
                                                               'user-agent' => 'libwww-perl/5.833',
                                                               'x-ms-date' => 'Mon, 01 Jul 2019 15:04:07 GMT',
                                                               'content-type' => 'text/plain; charset=UTF-8',
                                                               'x-ms-version' => '2009-09-19',
                                                               'x-ms-blob-type' => 'BlockBlob',
                                                               'content-length' => 28,
                                                               'authorization' => 'SharedKey emiliolizardo:PUUgk2meSoiB9o+inlYomIq96Bf13IdAQoIZ4BSu4sE='
                                                             }, 'HTTP::Headers' ),
                                        '_method' => 'POST',
                                        '_uri_canonical' => $VAR1->{'_request'}{'_uri'}
                                      }, 'HTTP::Request' )
               }, 'HTTP::Response' );
$VAR2 = '
';

【问题讨论】:

  • my $fdata = &lt;FILE&gt;; 只会读取文件的第一行。 my $fdata = do { local $/; &lt;FILE&gt; }; 会阅读全文。您可能还想binmode 句柄,这样就没有可能的二进制数据的层转换(例如 Windows 上的行尾)。
  • 您不需要手动指定 Content-Length,因为 LWP 应该根据您提供的内容进行设置。
  • 小代码风格问题:你应该use warnings;,你应该使用三参数打开,你应该使用词法文件句柄而不是全局裸词:open my $fh, '&lt;:raw', $fname or die ...; my $fdata = do { local $/; &lt;$fh&gt; };:raw 层相当于调用binmode 以后没有层)
  • 或者使用来自File::Slurperread_binary()
  • @Grinnz - 谢谢。这是一个快速破解,看看我是否只能让它工作。我使用“严格”来防止最严重的错误。这显然不是最干净的代码。 :-) 感谢 cmets:我知道 只是一行文本。 CContent-length 是签名哈希的一部分,因此它必须与 LWP 从标头计算的结果匹配(Perl 代码的第 47 行)。但是...这确实导致我出了什么问题...

标签: azure rest perl storage


【解决方案1】:

在 cmets 中解决。 @Grinnz 和@Guarav Mantri - 你们做对了。

  1. 我的测试文件中有第二行(一个我没有看到的点)。因此,从文件中读取一行,但使用 -s 计算整个文件大小将提供不匹配。现在内容长度正在正确计算。

  2. 当在签名哈希中使用 PUT 时,我在 HTTP::Request-new() 调用中盲目地键入“POST”。糟糕。

谢谢各位。不确定如何对两个回复进行投票,因为两者都有部分答案。

【讨论】:

  • 没关系,这里没有明确的问答,只是调试过程。这就是我没有提交答案的原因。
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 2010-11-23
  • 2021-01-05
  • 2011-06-08
  • 2016-09-06
  • 1970-01-01
  • 2013-09-04
  • 1970-01-01
相关资源
最近更新 更多