[英]Access denied to images served by secure signed URLs of Amazon CloudFront linked to private S3 bucket using AWS Java SDK
我已使用AWS Java SDK創建簽名的URL,並嘗試通過鏈接到私有S3存儲桶的雲前端提供圖像-
通過獲得的.der鍵簽名,使用下面的代碼創建URL。
{字符串distributionDomain =“ distributionDomain”;
String keyPairId="keyPairId"; String s3ObjectKey=picName; Date dateLessThan = DateUtils.parseISO8601Date("2014-01-12T21:20:00.000Z"); InputStream inputStream = ImageServiceImpl.class.getResourceAsStream("/cloudFront.der"); byte[] privateKeyBytes=IOUtils.toByteArray(inputStream); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes); KeyFactory keyFactory; PrivateKey myPrivKey=null; try { keyFactory = KeyFactory.getInstance("RSA"); myPrivKey = keyFactory.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } System.out.println(myPrivKey); String domainUrl= "https://" + distributionDomain + "/" + s3ObjectKey; String url1 = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(domainUrl, keyPairId, myPrivKey, dateLessThan); System.out.println(url1);
}
當我點擊獲得安全簽名URL的URL時,我被拒絕訪問,不確定我在這里缺少什么。 如果需要其他信息,也請告知我。
我按照本指南( https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html )進行操作,就像您自己一樣,我在使用Java,因此必須將CloudFront密鑰轉換為der
格式(Java可以讀取)。 我使用以下openssl
命令執行了此操作:-
openssl pkcs8 -topk8 -nocrypt -in MyKey.pem -inform PEM -out MyKey.der -outform DER
轉換密鑰后,可以運行以下命令:-
public class AwsSignUrlCreator {
public static void main(String[] args) throws InvalidKeySpecException, IOException {
// The DNS name of your CloudFront distribution, or a registered alias
String distributionDomainName = "xxxx.cloudfront.net";
// the private key you created in the AWS Management Console
File cloudFrontPrivateKeyFile = new File ("C:/mykeys/MyKey.der");
// The unique ID assigned to your CloudFront key pair in the console
String cloudFrontKeyPairId = "xxxx";
Date expirationDate = new Date(System.currentTimeMillis() + 60 * 1000);
String s3ObjectKey = "my-file.txt";
String signedUrl = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(
Protocol.https,
distributionDomainName,
cloudFrontPrivateKeyFile,
s3ObjectKey,
cloudFrontKeyPairId,
expirationDate);
System.out.println(signedUrl);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.