在 Salesforce 中创建 Azure 文件存储 SAS 不起作用

Creating Azure File Storage SAS in Salesforce does not work

我正在尝试为 Salesforce Apex 中的 Azure 文件存储创建共享访问签名 (SAS),但没有成功。这是我的代码:

String link = 'https://<accountName>.file.core.windows.net/<folderName>/test.txt';
String key = '...' // key of the account

String spe = 'r'; //read
String st = '2018-06-07T08:49:00Z';
String se = '2018-06-09T08:49:00Z';
String res = '/file/<accountName>/<folderName>/test.txt';
String sv = '2017-11-09';
String sr = 'f'; // file
String spr = 'https';

String sts = spe + '\n'  +
    st + '\n' +
    se + '\n' +
    res + '\n' +
    spr + '\n'+
    sv + '\n';  

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), Blob.valueOf(key));
String sas = EncodingUtil.base64Encode(data);
sas = EncodingUtil.urlEncode(sas, 'UTF-8');
link += '?sv=' + sv + '&st=' + st + '&se=' + se + '&sr=' + sr + '&sp=' + spe 
               + '&spr=' + spr + '&sig=' + sas;
System.debug(link);

当我在浏览器中复制粘贴 link 时,响应是:

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>
    Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:... Time:2018-06-07T21:56:01.7374549Z
  </Message>
  <AuthenticationErrorDetail>
    Signature did not match. String to sign used was r 2018-06-07T08:49:00Z 2018-06-09T08:49:00Z /file/<accountName>/<folderName>/test.txt https 2017-11-09
  </AuthenticationErrorDetail>
</Error>

我做错了什么?

如错误消息中所述,这似乎与身份验证问题有关,我建议访问以下两个链接:https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas

https://zimmergren.net/azure-storage-rest-api-authenticate-with-c/ 检查您的身份验证的有效性 header:

an example of an account SAS:

https://storagesample.blob.core.windows.net/sample-container?restype=container&comp=metadata&sv=2015-04-05ss=bfqt&srt=sco&sp=rl&se=2015-09-20T08:49Z&sip=168.1.5.60-168.1.5.70&sig=a39%2BYozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ%3d

正如@superfell 在评论中提到的,问题在于以下代码行:

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), Blob.valueOf(key));

请将这行代码改为:

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), EncodingUtil.base64Decode(key));

你不应该得到这个错误。本质上,密钥是一个 base64 编码的字符串,您需要使用适当的解码方法来获取字节数组。

谢谢@Gaurav。您的解决方案有效,但是不完整。它仍然给我错误。这是我为使它起作用所做的工作:

String spe = 'r';
String st = '';
String se = '2018-06-10T07:00:00Z';
String res = '/file/<accountName>/<folderName>/test.txt';
String si = '';
String sip = '';
String spr = '';
String sr = 'f';
String sv = '2017-11-09';
String rscc = '';
String rscd = '';
String rsce = '';
String rscl = '';
String rsct = '';

String sts = spe + '\n'  +
    st + '\n' +
    se + '\n' +
    res + '\n' +
    si + '\n' +
    sip + '\n' +
    spr + '\n'+
    sv + '\n' +
    rscc + '\n' +
    rscd + '\n' +
    rsce + '\n' +
    rscl + '\n' +
    rsct;

Blob data = crypto.generateMac('HmacSHA256', Blob.valueOf(sts), EncodingUtil.base64Decode(key));
String sas = EncodingUtil.base64Encode(data);
sas = EncodingUtil.urlEncode(sas, 'UTF-8');
link += '?sv=' + sv + '&se=' + se + '&sr=' + sr + '&sp=' + spe + '&sig=' + sas;
System.debug(link);