小贝子编程

当使用HTTPPUT上传到S3时,我应该提供哪个PEM文件



我正试图使用Java web服务器提供的预签名将文件放入S3http://docs.amazonwebservices.com/AmazonS3/latest/dev/PresignedUrlUploadObjectDotNetSDK.html

我需要我的上传客户端(目前我的Windows7使用C++)与亚马逊服务器握手,但我不知道如何做到。

当我尝试用"默认上下文"(天真地)发送请求时,它打印了一个"证书链中的自签名证书"错误,并要求我接受或不接受证书。然后我试图弄清楚如何添加证书,发现了以下代码:POCO C++-NET SSL-如何POST HTTPS请求

问题是我不确定这里需要哪个pem文件。我尝试在Amazon Web Services控制台中提供从x.509下载的pem文件,但它引发了SSL异常:SSL3_GET_SERVER_CERTIFICATE

我的代码:

URI uri("https://BUCKET.s3.amazonaws.com/nosigfile?Expires=1959682330&AWSAccessKeyId=ACCESSKEY&Signature=DgOifWPmQi%2BASAIDaIOGXla10%2Fw%3D");
const Poco::Net::Context::Ptr context( new Poco::Net::Context( Poco::Net::Context::CLIENT_USE, "", "", "cert(x509).pem") );
Poco::Net::HTTPSClientSession session(uri.getHost(), uri.getPort(), context );
HTTPRequest req(HTTPRequest::HTTP_PUT, uri.getPathAndQuery(), HTTPMessage::HTTP_1_1);
req.setContentLength(contentLength);
session.sendRequest(req) << streamToSend;

感谢

Poco在项目中包含证书。

您将需要any.pem、rootcert.pem、yourappname.xml,这些文件可以在SSL端的poco测试套件中找到。

./poco-1.4.1p1-all/NetSSL_OpenSSL/testsuite/{any.pem,rootcert.pem,testsuite.xml}

一旦包含了两个pem文件,即在initializeSSL阶段使用的xml,就不会收到自签名证书的警告。

class MySSLApp: public Poco::Util::Application
{
public:
    MySSLApp()
    {
        Poco::Net::initializeSSL();
        Poco::Net::HTTPStreamFactory::registerFactory();
        Poco::Net::HTTPSStreamFactory::registerFactory();
    }
    ~MySSLApp()
    {
        Poco::Net::uninitializeSSL();
    }
protected:
    void initialize(Poco::Util::Application& self)
    {
        loadConfiguration(); // load default configuration files, if present
        Poco::Util::Application::initialize(self);
    }
    void myUpload(...) {
        ...
        FilePartSource* pFPS = new FilePartSource(szFilename);
        std::string szHost = "BUCKET.s3.amazonaws.com";
        std::string szPath = "/";
        int nRespCode = 201;
        try{
            HTTPClientSession s(szHost);
            HTTPRequest request(HTTPRequest::HTTP_POST, szPath, HTTPMessage::HTTP_1_1);
            HTMLForm pocoForm(HTMLForm::ENCODING_MULTIPART);
            pocoForm.set("AWSAccessKeyId",        ACCESSKEY);
            pocoForm.set("acl",                   "public-read");
            pocoForm.set("success_action_status", toString(nRespCode));
            pocoForm.set("Content-Type",          m_szContentType);
            pocoForm.set("key",                   m_szPath + "/" + m_szDestFileName);
            pocoForm.set("policy",                m_szPolicy);
            pocoForm.set("signature",             m_szSignature);
            pocoForm.addPart("file",              pFPS);
            pocoForm.prepareSubmit(request);
            std::ostringstream oszMessage;
            pocoForm.write(oszMessage);
            std::string szMessage = oszMessage.str();
            //AWS requires a ContentLength set EVEN though it is chunked!
            request.setContentLength((int) szMessage.length());
            s.sendRequest(request) << szMessage;
            //or:
            //pocoForm.write(s.sendRequest(request));
            HTTPResponse response;
            std::istream& rs = s.receiveResponse(response);
            int code = response.getStatus();
            if (code != nRespCode) {
                stringstream s;
                s << "HTTP Error " << code;
                throw Poco::IOException(s.str());
            }
        } catch (Exception& exc) {
            std::cout << exc.displayText() << endl;
            return;
        }
        return;   
    }
 }

xml文件看起来像这样:

<AppConfig>
<openSSL>
    <server>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>none</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </server>
    <client>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>relaxed</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </client>
</openSSL>
</AppConfig>

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium