【发布时间】:2019-07-01 15:12:35
【问题描述】:
我有一段 PHP 代码创建一个 Blob 存储 PUT 请求到我的 Azure 存储帐户中的容器。经过重大的修补,我终于得到了正确的标题,一切都很好。不幸的是,我想在其中使用它的应用程序是用 Perl 编写的。所以我认为移植它是一项相对容易的任务。事实证明这比我预期的要困难。
我已经比较了 PHP 代码和 Perl 代码之间的所有内容(嗯,显然不是所有内容,否则它会工作),但仍然收到与标头相关的身份验证错误。
PHP 脚本使用 Curl 发出用户代理请求。在我的 Perl 安装中,我无法直接替换它。如果没有 Net::Curl 的本地安装和 C 编译器,我不确定我能做些什么。 (也许我在那里遗漏了一些东西?)因为两个版本(PHP和Perl)之间的所有内容似乎都匹配,即消息、密钥、字符串的编码/解码版本、散列签名(我硬编码了两个实现之间的验证日期) ,我不知道还能尝试什么。这是第 3 天,我觉得我可能正在为这个小组已经解决的问题旋转我的车轮。
运行良好的 PHP 代码:
<?php
date_default_timezone_set ( 'GMT' );
$date = date ( "D, d M Y H:i:s T" );
$version = "2009-09-19";
$account_name = 'emiliolizardo';
$account_key = "uXwt+WJ14kkV6zDALOuiDCsJtqrGDMK7W5xtNhuXXUcsfP1HIC1s7IJ+PZS7dgyXPBufad46ncBSQQK5rNs6Qw==";
$container_name = 'containertest';
$blobname = "foobar.txt";
$fdata = file_get_contents('testfile.txt');
$utfStr = "PUT"
. "\n\n\n"
. strlen($fdata)
. "\n\n"
. "text/plain; charset=UTF-8"
. "\n\n\n\n\n\n\n"
. "x-ms-blob-type:BlockBlob"
. "\n"
. "x-ms-date:$date"
. "\n"
. "x-ms-version:$version"
. "\n"
. "/$account_name/$container_name/$blobname";
$utf8_encode_str = utf8_encode ( $utfStr );
echo "utfStr : " . $utfStr . "\n";
echo "utf8_encode_str:" . $utf8_encode_str . "\n";
$signature_str = base64_encode(hash_hmac('sha256', $utf8_encode_str, base64_decode($account_key), true));
echo "signature_str:" . $signature_str . "\n";
$header = array (
"x-ms-blob-type: BlockBlob",
"x-ms-date: " . $date,
"x-ms-version: " . $version,
"Authorization: SharedKey " . $account_name . ":" . $signature_str,
"Content-Type: text/plain; charset=UTF-8",
"Content-Length: " . strlen($fdata),
);
print_r($header);
$url="https://$account_name.blob.core.windows.net/$container_name/$blobname";
echo "url:" . $url . "\n";
# Check our variables
#echo "account_name: " . $account_name . "\n";
#echo "account_key : " . $account_key . "\n";
#echo "signature : " . $signature_str . "\n";
#echo "url : " . $url . "\n";
#var_dump($header);
# Execute curl commands to create container
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt ($ch, CURLOPT_CUSTOMREQUEST, 'PUT' );
curl_setopt ($ch, CURLOPT_URL, $url );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt ($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $fdata);
curl_setopt ($ch, CURLOPT_HEADER, True );
$result = curl_exec ( $ch );
Perl 代码很接近,但缺少一些东西:
#!/usr/bin/perl
use strict;
use DateTime;
use DateTime::TimeZone;
use Data::Dumper;
use Encode qw(decode encode);
use MIME::Base64 qw( encode_base64 decode_base64 );
use Digest::SHA qw(hmac_sha256 hmac_sha256_base64);
use HTTP::Request;
use LWP::UserAgent;
my $account_name = "emiliolizardo";
my $account_key = "uXwt+WJ14kkV6zDALOuiDCsJtqrGDMK7W5xtNhuXXUcsfP1HIC1s7IJ+PZS7dgyXPBufad46ncBSQQK5rNs6Qw==";
my $container = 'containertest';
#my $file = 'YhJCUjrcEi0q.mp3';
my $file = 'testfile.txt';
# -----------------------------------------------------------
# --
# -----------------------------------------------------------
sub uploadblob {
my ($fname, $accname, $acckey, $cont) = @_;
my $date = `/bin/date -u +"%a, %d %b %Y %T GMT"`; chomp $date;
# my $date = 'Mon, 01 Jul 2019 13:14:43 GMT'; # -- JUST FOR TESTING
# my $version = "2018-03-28";
my $version = "2009-09-19"; # -- JUST FOR TESTING TO MIMIC PHP CODE
my ($blobname, $ctype);
for ($fname) {
/\.mp3$/i and do { $ctype = 'audio/mpeg'; last; };
/\.wav$/i and do { $ctype = 'audio/wav'; last; };
/\.txt$/i and do { $ctype = 'text/plain'; last; };
die "Failed to match an acceptable extension";
}
my $blobname = $fname;
open FILE, "< $fname" or die "Can't open file $fname for read: $!";
my $fdata = <FILE>;
close FILE;
my $fsize = -s $fname;
my $str = qq{PUT\n\n\n$fsize\n\n$ctype; charset=UTF-8\n\n\n\n\n\n\nx-ms-blob-type:BlockBlob\nx-ms-date:$date\nx-ms-version:$version\n/$accname/$cont/$blobname};
print "utfStr : $str\n";
my $message = encode("UTF-8", $str);
print "utf8_encode_str:$message\n";
my $secret = decode_base64($acckey);
my $signature_str = encode_base64( hmac_sha256($message, $secret) );
chomp $signature_str;
print "signature_str:$signature_str\n";
# while(length($digest) %4) { $digest .= '='; } # -- Is this necessary for the hmac_sha256 digest?
my $header = [
'x-ms-blob-type' => "BlockBlob",
'x-ms-date' => $date,
'x-ms-version' => $version,
'Authorization' => "SharedKey $accname:$signature_str",
'Content-Type' => "$ctype; charset=UTF-8",
'Content-Length' => $fsize
];
my $url = "https://$accname.blob.core.windows.net/$cont/$blobname";
print "url:$url\n";
sendPut($header,$url,$fdata);
}
# -----------------------------------------------------------
# --
# -----------------------------------------------------------
sub sendPut {
my ($header,$url,$data) = @_;
print "\n\nIn sendPut()\n\n\n==============================================\n\n\n";
my $r = HTTP::Request->new('POST', $url, $header, $data);
my $ua = LWP::UserAgent->new();
my $res = $ua->request($r);
print "res: ", Dumper $res, "\n";
}
uploadblob($file, $account_name, $account_key, $container);
错误消息提示我可能是什么问题,但我不确定如何纠正它:内容长度标头错误,已修复。这似乎是 LWP 的一个现有问题(或者是在 2006 年,这是我找到的参考资料)。
在我使用 LWP 发送 HTTP::Request 对象之前,使用 Data::Dumper 查看它,这对我来说看起来不错。就像 PHP 请求对象一样。在某个时候,我会用 PHP 或 Node.js 或其他最新的东西重写老式的 Perl 代码,但目前,我真的很想在 Perl 中使用它。
提前感谢您的任何建议。如果我违反了任何 SO 礼节,我深表歉意 - 这里还是很新。
谢谢 - 安迪
这是来自 UserAgent->request 的完整响应:
Content-Length header value was wrong, fixed at /usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 189.
res: $VAR1 = bless( {
'_protocol' => 'HTTP/1.1',
'_content' => '<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:62589eac-301e-00bd-3e1e-30c15e000000
Time:2019-07-01T15:04:08.0485043Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request \'PUUgk2meSoiB9o+inlYomIq96Bf13IdAQoIZ4BSu4sE=\' is not the same as any computed signature. Server used following string to sign: \'POST
26
text/plain; charset=UTF-8
x-ms-blob-type:BlockBlob
x-ms-date:Mon, 01 Jul 2019 15:04:07 GMT
x-ms-version:2009-09-19
/emiliolizardo/containertest/testfile.txt\'.</AuthenticationErrorDetail></Error>',
'_rc' => '403',
'_headers' => bless( {
'client-response-num' => 1,
'date' => 'Mon, 01 Jul 2019 15:04:07 GMT',
'client-ssl-cert-issuer' => '/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 4',
'client-ssl-cipher' => 'ECDHE-RSA-AES256-GCM-SHA384',
'client-peer' => '52.239.177.68:443',
'content-length' => '723',
'client-date' => 'Mon, 01 Jul 2019 15:04:08 GMT',
'client-ssl-warning' => 'Peer certificate not verified',
'content-type' => 'application/xml',
'x-ms-request-id' => '62589eac-301e-00bd-3e1e-30c15e000000',
'client-ssl-cert-subject' => '/CN=*.blob.core.windows.net',
'server' => 'Microsoft-HTTPAPI/2.0',
'client-ssl-socket-class' => 'IO::Socket::SSL'
}, 'HTTP::Headers' ),
'_msg' => 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.',
'_request' => bless( {
'_content' => 'Test file for blob upload
',
'_uri' => bless( do{\(my $o = 'https://emiliolizardo.blob.core.windows.net/containertest/testfile.txt')}, 'URI::https' ),
'_headers' => bless( {
'user-agent' => 'libwww-perl/5.833',
'x-ms-date' => 'Mon, 01 Jul 2019 15:04:07 GMT',
'content-type' => 'text/plain; charset=UTF-8',
'x-ms-version' => '2009-09-19',
'x-ms-blob-type' => 'BlockBlob',
'content-length' => 28,
'authorization' => 'SharedKey emiliolizardo:PUUgk2meSoiB9o+inlYomIq96Bf13IdAQoIZ4BSu4sE='
}, 'HTTP::Headers' ),
'_method' => 'POST',
'_uri_canonical' => $VAR1->{'_request'}{'_uri'}
}, 'HTTP::Request' )
}, 'HTTP::Response' );
$VAR2 = '
';
【问题讨论】:
-
my $fdata = <FILE>;只会读取文件的第一行。my $fdata = do { local $/; <FILE> };会阅读全文。您可能还想binmode 句柄,这样就没有可能的二进制数据的层转换(例如 Windows 上的行尾)。 -
您不需要手动指定 Content-Length,因为 LWP 应该根据您提供的内容进行设置。
-
小代码风格问题:你应该
use warnings;,你应该使用三参数打开,你应该使用词法文件句柄而不是全局裸词:open my $fh, '<:raw', $fname or die ...; my $fdata = do { local $/; <$fh> };(:raw层相当于调用binmode 以后没有层) -
或者使用来自File::Slurper的
read_binary()。 -
@Grinnz - 谢谢。这是一个快速破解,看看我是否只能让它工作。我使用“严格”来防止最严重的错误。这显然不是最干净的代码。 :-) 感谢 cmets:我知道
只是一行文本。 CContent-length 是签名哈希的一部分,因此它必须与 LWP 从标头计算的结果匹配(Perl 代码的第 47 行)。但是...这确实导致我出了什么问题...