当前位置: 文江博客话题详情

使用 HTTP PUT 上传到 S3 时我应该提供哪个 PEM 文件

发布于 2025-01-02 18:02:18 字数 1255 浏览 1 评论 0原文

我正在尝试使用我的 Java Web 服务器提供的预签名签名将文件放入 S3 http://docs.amazonwebservices.com/AmazonS3/latest/dev/PresignedUrlUploadObjectDotNetSDK。 html

我需要我的上传客户端(目前我的 Windows 7 使用 C++)与亚马逊服务器握手并且我不知道该怎么做。

当我尝试使用“默认上下文”(天真地)发送请求时,它打印了“证书链中的自签名证书”错误,并要求我接受或不接受该证书。 然后我尝试弄清楚如何添加证书并找到了以下代码: POCO C++ - NET SSL - 如何发布 HTTPS 请求

问题是我不确定这里需要哪个 pem 文件。 我尝试在 Amazon Web Services 控制台中提供从 x.509 下载的 pem 文件,但它引发了 SSL 异常:SSL3_GET_SERVER_CERTIFICATE

我的代码:

URI uri("https://BUCKET.s3.amazonaws.com/nosigfile?Expires=1959682330&AWSAccessKeyId=ACCESSKEY&Signature=DgOifWPmQi%2BASAIDaIOGXla10%2Fw%3D");
const Poco::Net::Context::Ptr context( new Poco::Net::Context( Poco::Net::Context::CLIENT_USE, "", "", "cert(x509).pem") );
Poco::Net::HTTPSClientSession session(uri.getHost(), uri.getPort(), context );
HTTPRequest req(HTTPRequest::HTTP_PUT, uri.getPathAndQuery(), HTTPMessage::HTTP_1_1);
req.setContentLength(contentLength);
session.sendRequest(req) << streamToSend;

谢谢

原文

I'm trying to put a file in S3 using a presigned signature my Java web server provides
http://docs.amazonwebservices.com/AmazonS3/latest/dev/PresignedUrlUploadObjectDotNetSDK.html

I need my uploading client (currently my windows 7 using C++) to have a handshake with amazon servers and I don't know how to do it.

When I tried to send the request with a "default context" (naively) it printed a "self signed certificate in certificate chain" error and asked me to accept or not the certificate.
Then I tried to figure out how to add a certificate and found this code:
POCO C++ - NET SSL - how to POST HTTPS request

The problem is that I'm not sure which pem file is needed here.
I tried providing the pem files I've downloaded from x.509 in Amazon Web Services Console but it raised an SSL exception: SSL3_GET_SERVER_CERTIFICATE

My Code:

URI uri("https://BUCKET.s3.amazonaws.com/nosigfile?Expires=1959682330&AWSAccessKeyId=ACCESSKEY&Signature=DgOifWPmQi%2BASAIDaIOGXla10%2Fw%3D");
const Poco::Net::Context::Ptr context( new Poco::Net::Context( Poco::Net::Context::CLIENT_USE, "", "", "cert(x509).pem") );
Poco::Net::HTTPSClientSession session(uri.getHost(), uri.getPort(), context );
HTTPRequest req(HTTPRequest::HTTP_PUT, uri.getPathAndQuery(), HTTPMessage::HTTP_1_1);
req.setContentLength(contentLength);
session.sendRequest(req) << streamToSend;

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

幽梦紫曦~ 2025-01-09 18:02:18

Poco 在项目中包含证书。

您将需要 any.pem、rootcert.pem、yourappname.xml,您可以在 SSL 端的 poco 测试套件中找到它们。

./poco-1.4.1p1-all/NetSSL_OpenSSL/testsuite/{any.pem,rootcert.pem,testsuite.xml}

一旦包含两个 pem 文件和您的 xml(在初始化 SSL 阶段使用),您将不会收到有关自签名证书的警告。

class MySSLApp: public Poco::Util::Application
{
public:
    MySSLApp()
    {
        Poco::Net::initializeSSL();
        Poco::Net::HTTPStreamFactory::registerFactory();
        Poco::Net::HTTPSStreamFactory::registerFactory();
    }

    ~MySSLApp()
    {
        Poco::Net::uninitializeSSL();
    }
protected:
    void initialize(Poco::Util::Application& self)
    {
        loadConfiguration(); // load default configuration files, if present
        Poco::Util::Application::initialize(self);
    }

    void myUpload(...) {
        ...
        FilePartSource* pFPS = new FilePartSource(szFilename);
        std::string szHost = "BUCKET.s3.amazonaws.com";
        std::string szPath = "/";
        int nRespCode = 201;
        try{
            HTTPClientSession s(szHost);
            HTTPRequest request(HTTPRequest::HTTP_POST, szPath, HTTPMessage::HTTP_1_1);
            HTMLForm pocoForm(HTMLForm::ENCODING_MULTIPART);
            pocoForm.set("AWSAccessKeyId",        ACCESSKEY);
            pocoForm.set("acl",                   "public-read");
            pocoForm.set("success_action_status", toString(nRespCode));
            pocoForm.set("Content-Type",          m_szContentType);
            pocoForm.set("key",                   m_szPath + "/" + m_szDestFileName);
            pocoForm.set("policy",                m_szPolicy);
            pocoForm.set("signature",             m_szSignature);
            pocoForm.addPart("file",              pFPS);

            pocoForm.prepareSubmit(request);

            std::ostringstream oszMessage;
            pocoForm.write(oszMessage);
            std::string szMessage = oszMessage.str();

            //AWS requires a ContentLength set EVEN though it is chunked!
            request.setContentLength((int) szMessage.length());

            s.sendRequest(request) << szMessage;
            //or:
            //pocoForm.write(s.sendRequest(request));

            HTTPResponse response;
            std::istream& rs = s.receiveResponse(response);
            int code = response.getStatus();
            if (code != nRespCode) {
                stringstream s;
                s << "HTTP Error " << code;
                throw Poco::IOException(s.str());
            }
        } catch (Exception& exc) {
            std::cout << exc.displayText() << endl;
            return;
        }
        return;   
    }
 }

xml 文件将如下所示:

<AppConfig>
<openSSL>
    <server>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>none</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </server>
    <client>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>relaxed</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </client>
</openSSL>
</AppConfig>

Poco includes certificates in the project.

You will need any.pem, rootcert.pem, yourappname.xml which you can find in the poco test suite for the SSL side.

./poco-1.4.1p1-all/NetSSL_OpenSSL/testsuite/{any.pem,rootcert.pem,testsuite.xml}

Once you include the two pem files, your xml, which is used during the initializeSSL phase you will not get the warning for self-signed certificates.

class MySSLApp: public Poco::Util::Application
{
public:
    MySSLApp()
    {
        Poco::Net::initializeSSL();
        Poco::Net::HTTPStreamFactory::registerFactory();
        Poco::Net::HTTPSStreamFactory::registerFactory();
    }

    ~MySSLApp()
    {
        Poco::Net::uninitializeSSL();
    }
protected:
    void initialize(Poco::Util::Application& self)
    {
        loadConfiguration(); // load default configuration files, if present
        Poco::Util::Application::initialize(self);
    }

    void myUpload(...) {
        ...
        FilePartSource* pFPS = new FilePartSource(szFilename);
        std::string szHost = "BUCKET.s3.amazonaws.com";
        std::string szPath = "/";
        int nRespCode = 201;
        try{
            HTTPClientSession s(szHost);
            HTTPRequest request(HTTPRequest::HTTP_POST, szPath, HTTPMessage::HTTP_1_1);
            HTMLForm pocoForm(HTMLForm::ENCODING_MULTIPART);
            pocoForm.set("AWSAccessKeyId",        ACCESSKEY);
            pocoForm.set("acl",                   "public-read");
            pocoForm.set("success_action_status", toString(nRespCode));
            pocoForm.set("Content-Type",          m_szContentType);
            pocoForm.set("key",                   m_szPath + "/" + m_szDestFileName);
            pocoForm.set("policy",                m_szPolicy);
            pocoForm.set("signature",             m_szSignature);
            pocoForm.addPart("file",              pFPS);

            pocoForm.prepareSubmit(request);

            std::ostringstream oszMessage;
            pocoForm.write(oszMessage);
            std::string szMessage = oszMessage.str();

            //AWS requires a ContentLength set EVEN though it is chunked!
            request.setContentLength((int) szMessage.length());

            s.sendRequest(request) << szMessage;
            //or:
            //pocoForm.write(s.sendRequest(request));

            HTTPResponse response;
            std::istream& rs = s.receiveResponse(response);
            int code = response.getStatus();
            if (code != nRespCode) {
                stringstream s;
                s << "HTTP Error " << code;
                throw Poco::IOException(s.str());
            }
        } catch (Exception& exc) {
            std::cout << exc.displayText() << endl;
            return;
        }
        return;   
    }
 }

The xml file will look something like this:

<AppConfig>
<openSSL>
    <server>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>none</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </server>
    <client>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>relaxed</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </client>
</openSSL>
</AppConfig>
回复 原文
~没有更多了~

关于作者

逐鹿

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文