OSS上传文件后,服务器签名验证失败-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

OSS上传文件后,服务器签名验证失败

王一王五 2017-03-31 18:51:02 7668

使用官方提供的签名验证示例代码,在web.xml中配置了servlet

    <servlet>
        <servlet-name>CallbackServer</servlet-name>
        <servlet-class>com.test.cc.key.oss.CallbackServer</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>CallbackServer</servlet-name>
        <url-pattern>/oss/callback</url-pattern>
    </servlet-mapping>

如果回调中不加入签名验证,回调正常,结果返回也正常,但加入签名验证逻辑后,总是验证不通过。

采用的是 服务端签名直传并设置上传回调 方式。

官方提供的原代码:

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
///import com.aliyun.oss.OSSClient;
//import com.aliyun.oss.common.utils.BinaryUtil;
import java.net.URI;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

//import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;

import com.aliyun.oss.common.utils.BinaryUtil;


//import com.aliyun.oss.common.utils.BinaryUtil;

@SuppressWarnings("deprecation")
public class CallbackServer extends HttpServlet {
    /**
     * 
     */
    private static final long serialVersionUID = 5522372203700422672L;

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        System.out.println("用户输入url:" + request.getRequestURI());
        response(request, response, "input get ", 200);

    }

    @SuppressWarnings({ "finally" })
    public String executeGet(String url) {
        BufferedReader in = null;

        String content = null;
        try {
            // 定义HttpClient
            @SuppressWarnings("resource")
            DefaultHttpClient client = new DefaultHttpClient();
            // 实例化HTTP方法
            HttpGet request = new HttpGet();
            request.setURI(new URI(url));
            HttpResponse response = client.execute(request);

            in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
            StringBuffer sb = new StringBuffer("");
            String line = "";
            String NL = System.getProperty("line.separator");
            while ((line = in.readLine()) != null) {
                sb.append(line + NL);
            }
            in.close();
            content = sb.toString();
        } catch (Exception e) {
        } finally {
            if (in != null) {
                try {
                    in.close();// 最后要关闭BufferedReader
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            return content;
        }
    }

    public String GetPostBody(InputStream is, int contentLen) {
        if (contentLen > 0) {
            int readLen = 0;
            int readLengthThisTime = 0;
            byte[] message = new byte[contentLen];
            try {
                while (readLen != contentLen) {
                    readLengthThisTime = is.read(message, readLen, contentLen - readLen);
                    if (readLengthThisTime == -1) {// Should not happen.
                        break;
                    }
                    readLen += readLengthThisTime;
                }
                return new String(message);
            } catch (IOException e) {
            }
        }
        return "";
    }


    protected boolean VerifyOSSCallbackRequest(HttpServletRequest request, String ossCallbackBody) throws NumberFormatException, IOException
    {
        boolean ret = false;    
        String autorizationInput = new String(request.getHeader("Authorization"));
        String pubKeyInput = request.getHeader("x-oss-pub-key-url");
        byte[] authorization = BinaryUtil.fromBase64String(autorizationInput);
        byte[] pubKey = BinaryUtil.fromBase64String(pubKeyInput);
        String pubKeyAddr = new String(pubKey);
        if (!pubKeyAddr.startsWith("http://gosspublic.alicdn.com/") && !pubKeyAddr.startsWith("https://gosspublic.alicdn.com/"))
        {
            System.out.println("pub key addr must be oss addrss");
            return false;
        }
        String retString = executeGet(pubKeyAddr);
        retString = retString.replace("-----BEGIN PUBLIC KEY-----", "");
        retString = retString.replace("-----END PUBLIC KEY-----", "");
        String queryString = request.getQueryString();
        String uri = request.getRequestURI();
        String decodeUri = java.net.URLDecoder.decode(uri, "UTF-8");
        String authStr = decodeUri;
        if (queryString != null && !queryString.equals("")) {
            authStr += "?" + queryString;
        }
        authStr += "\n" + ossCallbackBody;
        ret = doCheck(authStr, authorization, retString);
        return ret;
    }
    
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String ossCallbackBody = GetPostBody(request.getInputStream(), Integer.parseInt(request.getHeader("content-length")));
        boolean ret = VerifyOSSCallbackRequest(request, ossCallbackBody);
        System.out.println("verify result:" + ret);
        System.out.println("OSS Callback Body:" + ossCallbackBody);
        if (ret)
        {
            response(request, response, "{\"Status\":\"OK\"}", HttpServletResponse.SC_OK);
        }
        else
        {
            response(request, response, "{\"Status\":\"verdify not ok\"}", HttpServletResponse.SC_BAD_REQUEST);
        }
    }
    
    public static boolean doCheck(String content, byte[] sign, String publicKey) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            byte[] encodedKey = BinaryUtil.fromBase64String(publicKey);
            PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
            java.security.Signature signature = java.security.Signature.getInstance("MD5withRSA");
            signature.initVerify(pubKey);
            signature.update(content.getBytes());
            boolean bverify = signature.verify(sign);
            return bverify;

        } catch (Exception e) {
            e.printStackTrace();
        }

        return false;
    }

    private void response(HttpServletRequest request, HttpServletResponse response, String results, int status) throws IOException {
        String callbackFunName = request.getParameter("callback");
        response.addHeader("Content-Length", String.valueOf(results.length()));
        if (callbackFunName == null || callbackFunName.equalsIgnoreCase(""))
            response.getWriter().println(results);
        else
            response.getWriter().println(callbackFunName + "( " + results + " )");
        response.setStatus(status);
        response.flushBuffer();
    }
}
oss失败 签名文件上传 oss上传文件验证失败 文件服务器失败 服务器签名
分享到
取消 提交回答
全部回答(6)
  • 呆萌哥哥
    2019-11-05 17:39:05

    求解决方案,一样的问题啊,PHP的回调验证能通过

    0 0
  • 张志鑫
    2019-07-17 21:00:04

    原因:

    oss1

    callbackBodyType的值 为application/json

    同时 oss 要开启跨域

    3 0
  • 阿jay
    2019-07-17 21:00:04

    请问有解决方案吗

    0 0
  • one2one
    2019-07-17 21:00:04

    我也遇到这个问题,请问如何解决

    0 0
  • lsjr
    2019-07-17 21:00:03

    LZ,问题解决没有,我也遇到和你一样的问题,求分享

    1 0
  • 千鸟
    2019-07-17 21:00:03

    这么复杂呢,看得眼花缭乱

    0 0
滑动查看更多
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

相似问题
最新问题