提供的密钥参数不能通过 Google API 强制转换为私钥
我正在尝试测试我发现的这个示例 这里 这样我就可以在客户端直接上传,而无需用户使用 Google Cloud Storage 登录.
I'm trying to test this example that I found here so that I can do a direct upload on the client side without having the user login using Google Cloud Storage.
所有表达的常量都有正确的值,路径正确且内容不为空.
All of the constants expressed have their correct values, and the path is correct and does not have an empty contents.
我得到的错误:
openssl_sign(): supplied key param cannot be coerced into a private key
我实现的功能是:
public static function storageURL( $id, $method = 'GET', $duration = 10 ) {
$key = file_get_contents(self::KEY_FILE);
$pkey = openssl_get_privatekey($key, 'notasecret');
$expires = time( ) + $duration;
$content_type = ($method == 'PUT') ? 'application/x-www-form-urlencoded' : '';
$to_sign = ($method . "
" .
/* Content-MD5 */ "
" .
$content_type . "
" .
$expires . "
" .
'/'.self::BUCKET_NAME.'/' . $id);
$signature = '*Signature will go here*';
if (!openssl_sign( $to_sign, $signature, $pkey, 'sha256' ))
{
error_log( 'openssl_sign failed!' );
$signature = '<failed>';
} else {
$signature = urlencode( base64_encode( $signature ) );
}
return ('https://'.self::BUCKET_NAME.'.commondatastorage.googleapis.com/' .
$id .
'?GoogleAccessId=' . self::SERVICE_ACCOUNT_NAME .
'&Expires=' . $expires . '&Signature=' . $signature);
}
推荐答案
首先需要使用openssl_pkcs12_read来读取密钥文件,而不是file_get_contents.其次,我相信你想把第二个参数留给 openssl_get_privatekey.
First, you need to use openssl_pkcs12_read to read the key file, not file_get_contents. Second, I believe you want to leave off the second parameter to openssl_get_privatekey.
我强烈建议您使用 google-api-php-client 为此,它具有 Google_P12Signer.php
I highly recommend you use google-api-php-client for this, which has Google_P12Signer.php
相关文章