aws presigned URL 用于 SSE-C 特定加密
aws presigned URL for SSE-C specific encryption
我正在尝试使用客户提供的密钥将文件上传到 Amazon S3。我在这里遵循了本教程:
http://java.awsblog.com/post/TxDQ18N7AAB31J/Generating-Amazon-S3-Pre-signed-URLs-with-SSE-C-Part-5-Finale
我的代码:
AWSCredentials credentials = new BasicAWSCredentials("myKey", "mySecretKey");
AmazonS3 s3 = new AmazonS3Client();
try (CloseableHttpClient httpClient = HttpClientFactory.createUploadClient()) {
GeneratePresignedUrlRequest genreq = new GeneratePresignedUrlRequest("bucketName", "test7.pdf", HttpMethod.PUT);
SecretKey secretKey = generateSecretKey();
SSECustomerKey sseKey = new SSECustomerKey(secretKey);
genreq.setSSECustomerKey(sseKey);
URL puturl = s3.generatePresignedUrl(genreq);
HttpPut putreq = new HttpPut(URI.create(puturl.toExternalForm()));
putreq.addHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, sseKey.getKey());
putreq.addHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM, SSEAlgorithm.AES256.getAlgorithm());
putreq.addHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, sseKey.getMd5());
putreq.setEntity(new FileEntity(new File("filePath")));
HttpResponse resp = httpClient.execute(putreq);
Assert.assertTrue(resp.getStatusLine().getStatusCode() == 200);
} catch (IOException e) {
Assert.fail();
}
生成了 URL,然后当我尝试使用时,我提供了所需的 headers,但问题是响应是 403 Forbidden。
我错过了什么?
为了使用预签名 URL 的 SSE-Client 特定加密上传工作,您需要启用 SigV4(默认情况下,SigV2 已为我启用)有几种方法可以启用此功能 -系统 属性、存储桶策略等,但对我来说这很有效:
AWSCredentials credentials = new BasicAWSCredentials("accessKey", "secretKey");
s3 = new AmazonS3Client(credentials, new ClientConfiguration().withSignerOverride("AWSS3V4SignerType"));
我正在尝试使用客户提供的密钥将文件上传到 Amazon S3。我在这里遵循了本教程: http://java.awsblog.com/post/TxDQ18N7AAB31J/Generating-Amazon-S3-Pre-signed-URLs-with-SSE-C-Part-5-Finale
我的代码:
AWSCredentials credentials = new BasicAWSCredentials("myKey", "mySecretKey");
AmazonS3 s3 = new AmazonS3Client();
try (CloseableHttpClient httpClient = HttpClientFactory.createUploadClient()) {
GeneratePresignedUrlRequest genreq = new GeneratePresignedUrlRequest("bucketName", "test7.pdf", HttpMethod.PUT);
SecretKey secretKey = generateSecretKey();
SSECustomerKey sseKey = new SSECustomerKey(secretKey);
genreq.setSSECustomerKey(sseKey);
URL puturl = s3.generatePresignedUrl(genreq);
HttpPut putreq = new HttpPut(URI.create(puturl.toExternalForm()));
putreq.addHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, sseKey.getKey());
putreq.addHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM, SSEAlgorithm.AES256.getAlgorithm());
putreq.addHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, sseKey.getMd5());
putreq.setEntity(new FileEntity(new File("filePath")));
HttpResponse resp = httpClient.execute(putreq);
Assert.assertTrue(resp.getStatusLine().getStatusCode() == 200);
} catch (IOException e) {
Assert.fail();
}
生成了 URL,然后当我尝试使用时,我提供了所需的 headers,但问题是响应是 403 Forbidden。
我错过了什么?
为了使用预签名 URL 的 SSE-Client 特定加密上传工作,您需要启用 SigV4(默认情况下,SigV2 已为我启用)有几种方法可以启用此功能 -系统 属性、存储桶策略等,但对我来说这很有效:
AWSCredentials credentials = new BasicAWSCredentials("accessKey", "secretKey");
s3 = new AmazonS3Client(credentials, new ClientConfiguration().withSignerOverride("AWSS3V4SignerType"));