[英]Access denied to images served by secure signed URLs of Amazon CloudFront linked to private S3 bucket using AWS Java SDK
I have used AWS Java SDK to create signed URLs and trying to serve images through cloud front linked to private S3 bucket- Steps taken- 我已使用AWS Java SDK创建签名的URL,并尝试通过链接到私有S3存储桶的云前端提供图像-
Use code below to create URL by signing through .der key obtained. 通过获得的.der键签名,使用下面的代码创建URL。
{ String distributionDomain= "distributionDomain"; {字符串distributionDomain =“ distributionDomain”;
String keyPairId="keyPairId"; String s3ObjectKey=picName; Date dateLessThan = DateUtils.parseISO8601Date("2014-01-12T21:20:00.000Z"); InputStream inputStream = ImageServiceImpl.class.getResourceAsStream("/cloudFront.der"); byte[] privateKeyBytes=IOUtils.toByteArray(inputStream); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes); KeyFactory keyFactory; PrivateKey myPrivKey=null; try { keyFactory = KeyFactory.getInstance("RSA"); myPrivKey = keyFactory.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } System.out.println(myPrivKey); String domainUrl= "https://" + distributionDomain + "/" + s3ObjectKey; String url1 = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(domainUrl, keyPairId, myPrivKey, dateLessThan); System.out.println(url1);
} }
When I hit URL secure signed URL obtained I am getting access denied, not sure what I am missing here. 当我点击获得安全签名URL的URL时,我被拒绝访问,不确定我在这里缺少什么。 Please also let me know if any other info is required. 如果需要其他信息,也请告知我。
I followed this guide ( https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html ) and like yourself I was using Java so I had to convert the CloudFront key to a der
format (which Java can read). 我按照本指南( https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html )进行操作,就像您自己一样,我在使用Java,因此必须将CloudFront密钥转换为der
格式(Java可以读取)。 I did this using the following openssl
command: - 我使用以下openssl
命令执行了此操作:-
openssl pkcs8 -topk8 -nocrypt -in MyKey.pem -inform PEM -out MyKey.der -outform DER
Once you have the key converted you can run the following: - 转换密钥后,可以运行以下命令:-
public class AwsSignUrlCreator {
public static void main(String[] args) throws InvalidKeySpecException, IOException {
// The DNS name of your CloudFront distribution, or a registered alias
String distributionDomainName = "xxxx.cloudfront.net";
// the private key you created in the AWS Management Console
File cloudFrontPrivateKeyFile = new File ("C:/mykeys/MyKey.der");
// The unique ID assigned to your CloudFront key pair in the console
String cloudFrontKeyPairId = "xxxx";
Date expirationDate = new Date(System.currentTimeMillis() + 60 * 1000);
String s3ObjectKey = "my-file.txt";
String signedUrl = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(
Protocol.https,
distributionDomainName,
cloudFrontPrivateKeyFile,
s3ObjectKey,
cloudFrontKeyPairId,
expirationDate);
System.out.println(signedUrl);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.