发表新帖
发表新帖

How to Create Google Cloud Storage Signed Urls on App Engine Python

前端 未结
关注
3 948
南方客
南方客 2021-01-05 12:54

I couldn\'t find a simple example on how to implement Google Cloud Storage Signed Urls on Google App Engine with Python. Please write a step by step guide. :)

3条回答
  • 清歌不尽
    清歌不尽 (楼主)
    2021-01-05 13:23

    Here's how we made it work:

    Step 1: Get p12 file/certificate

    Download p12 file from https://console.developers.google.com/ “APIs & auth / Credentials” tab.

    Step 2: Convert p12 file to DER format

    Find a Linux computer open and connect using Terminal Command: openssl pkcs12 -in -nodes -nocerts > # The current Google password for the p12 file is notasecret

    Command: openssl rsa -in -inform PEM -out -outform DER

    Step 3: Convert DER file to base64 encoded string

    Python console:

    private_key = open(‘’, 'rb').read()
print private_key.encode('base64')

    Copy and paste into App engine script.

    Step 4: Enable PyCrypto in AppEngine

    app.yaml must have a line to enable PyCrypto:

    - name: pycrypto
  version: latest

    Step 5: Python code to create Signed URL

    import Crypto.Hash.SHA256 as SHA256
import Crypto.PublicKey.RSA as RSA
import Crypto.Signature.PKCS1_v1_5 as PKCS1_v1_5

der_key = “”””””.decode('base64')

bucket = 
filename = 

valid_seconds = 5
expiration = int(time.time() + valid_seconds)

signature_string = 'GET\n\n\n%s\n' % expiration
signature_string += bucket + filename



# Sign the string with the RSA key.
signature = ''
try:
  start_key_time = datetime.datetime.utcnow()
  rsa_key = RSA.importKey(der_key, passphrase='notasecret')
  #objects['rsa_key'] = rsa_key.exportKey('PEM').encode('base64')
  signer = PKCS1_v1_5.new(rsa_key)
  signature_hash = SHA256.new(signature_string)
  signature_bytes = signer.sign(signature_hash)
  signature = signature_bytes.encode('base64')

  objects['sig'] = signature
except:
  objects['PEM_error'] = traceback.format_exc()

try:
  # Storage
  STORAGE_CLIENT_EMAIL = 
  STORAGE_API_ENDPOINT = 'https://storage.googleapis.com'

  # Set the query parameters.
  query_params = {'GoogleAccessId': STORAGE_CLIENT_EMAIL,
                'Expires': str(expiration),
                'Signature': signature}


  # This is the signed URL:
  download_href = STORAGE_API_ENDPOINT + bucket + filename + '?' + urllib.urlencode(query_params)

except:
  pass

    Sources

    How to get the p12 file.

    Signing instructions.

    Inspiration for how to sign the url.

    0 讨论(0)
 看不清?
提交回复
热议问题