首页 文章

使用AWS Java SDK链接到私有S3存储桶的Amazon CloudFront安全签名URL所服务的映像的访问被拒绝

提问于
浏览
0

我使用AWS Java SDK创建签名URL并尝试通过链接到私有S3存储桶的 Cloud 前端提供图像 - 采取的步骤 -

  • 创建私有S3存储桶 .

  • 将S3存储桶链接到cloudFront,只能访问安全已签名的URL .

  • 从CloudFrontConsole创建CloudFront密钥 .

  • 将ket转换为.der以支持Java .

  • 使用AWS Java SDK将图像上载到专用S3存储桶 - 工作正常

  • 使用下面的代码通过签名获得的.der密钥来创建URL .

{String distributionDomain =“distributionDomain”;

String keyPairId="keyPairId";       
String s3ObjectKey=picName;
Date dateLessThan = DateUtils.parseISO8601Date("2014-01-12T21:20:00.000Z");


InputStream inputStream = ImageServiceImpl.class.getResourceAsStream("/cloudFront.der");
byte[] privateKeyBytes=IOUtils.toByteArray(inputStream);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes);

KeyFactory keyFactory;
PrivateKey myPrivKey=null;
try {
    keyFactory = KeyFactory.getInstance("RSA");
    myPrivKey = keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}

System.out.println(myPrivKey);

String domainUrl= "https://" + distributionDomain + "/" + s3ObjectKey;
String url1 = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(domainUrl, keyPairId, myPrivKey, dateLessThan);
System.out.println(url1);

}

当我点击URL安全签名的URL获得我被拒绝访问,不知道我在这里缺少什么 . 如果需要任何其他信息,也请告诉我 .

java amazon-web-services amazon-s3 cloud amazon-cloudfront

1 回答

  • 0

    我按照本指南(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html)和我一样使用Java,因此我必须将CloudFront密钥转换为 der 格式(Java可以读取) . 我使用以下 openssl 命令执行此操作: -

    openssl pkcs8 -topk8 -nocrypt -in MyKey.pem -inform PEM -out MyKey.der -outform DER

    转换密钥后,您可以运行以下命令: -

    public class AwsSignUrlCreator {

    public static void main(String[] args) throws InvalidKeySpecException, IOException {

        // The DNS name of your CloudFront distribution, or a registered alias
        String distributionDomainName = "xxxx.cloudfront.net";

        // the private key you created in the AWS Management Console 
        File cloudFrontPrivateKeyFile = new File ("C:/mykeys/MyKey.der");

        // The unique ID assigned to your CloudFront key pair in the console
        String cloudFrontKeyPairId = "xxxx";
        Date expirationDate = new Date(System.currentTimeMillis() + 60 * 1000);
        String s3ObjectKey = "my-file.txt";
        String signedUrl = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(
            Protocol.https,
            distributionDomainName,
            cloudFrontPrivateKeyFile,
            s3ObjectKey,
            cloudFrontKeyPairId,
            expirationDate);

        System.out.println(signedUrl);
    }

}
    回复于

相关问题