using google-api-php-client not able to create proper signedurl

问题

bucketIn my project, I am uploading user's files to cloud storage, so when user wants to download that file I want to generate signedurl from google cloud, to limit access to the files to that specific user only, So I have tried following php code to do that

`

function storageURL( $id, $method = 'GET', $duration = 10 ) { 
        $expires = time( ) + $duration*60; 
        $content_type = ($method == 'PUT') ? 'application/x-www-form-urlencoded' : ''; 
    $to_sign = ($method . "\n" .
            /* Content-MD5 */ "\n" . 
            $content_type . "\n" . 
            $expires . "\n" . s
            '/bucket/' . $id); 
    $signature = '';

    $signer = new Google_Signer_P12(file_get_contents(__DIR__.'/'."key.p12"), "notasecret");
    $signature = $signer->sign($to_sign);
    $signature = Google_Utils::urlSafeB64Encode($signature);

    return ('https://bucket.storage.googleapis.com/' . $id . 
            '?GoogleAccessId=' . 'MyServiceAccount@developer.gserviceaccount.com' . 
            '&Expires=' . $expires . '&Signature=' . $signature); 
}
echo storageURL("object_file.docx");
?>`

When I copy this url into browser's addressbar it shows me SignatureDoesNotMatch error, I get this XML as output

<Error>
    <Code>SignatureDoesNotMatch</Code>
    <Message>
        The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.
    </Message>
    <StringToSign>
        GET 1409582445 /bucket/object_file.docx
    </StringToSign>
</Error>

I am not able to understand what is wrong with my code...

P.S. I am able to download the file when i paste this in browser addressbar "https://bucket.storage.googleapis.com/object_file.docx"

回答1:

Check out this section:

<StringToSign>
    GET 1409582445 /bucket/object_file.docx
</StringToSign>

This is the String that GCS decided you would have signed, based on the incoming request. The newlines are getting stripped somewhere along the way, but there are three things there: the word GET, a timestamp, and the path to the object.

Your code has one thing that this string doesn't have: a Content_Type. The user is downloading an object, so they aren't supplying a content type. Leave that line blank.

回答2:

The file I was trying to access has spaces in its name due to some bugs with urlencoding I wasn't able to create proper url for it ...

So for files without spaces works fine with me

Reference -> Using google cloud storage and gsutil not able to generate valid signedurl

来源：https://stackoverflow.com/questions/25608150/using-google-api-php-client-not-able-to-create-proper-signedurl