Internet Access Considered Human R Multi-stakeholder Governance Of Online World Favoured: CIGI-Ipsos Global Survey Photo by PRWeb_11_2011 | Photobucket
A survey of Internet users in 24 countries has found that 83% believe affordable access to the Internet should be a basic human right, according to the
1CCIGI-Ipsos Global Survey on Internet Security and Trust. 1D
SHARE THIS PHOTO
Email & IM
Get Deals, Giveaways & More
"Great experience!! Loved the canvas prints."数字营销云
智能多媒体服务
物联网服务
安全和管理
大数据分析
海量空间、安全、高可靠，支撑了国内最大网盘的云存储
灵活稳定、方便扩展的万量级IOPS块存储服务
高性能、低成本、可扩展的共享文件存储服务
百度自建高质量CDN节点，让您的网站/服务像百度搜索一样快
混合云存储方案，无缝衔接本地和云端环境
海量优质共享带宽，稳定安全的PCDN服务
私有部署的高可用、可扩展、强安全的海量非结构化数据存储产品
支持MySQL、SQL Server、PostgreSQL，可靠易用、免维护
提供高性能、高可用的分布式缓存服务，兼容Memcache/Redis协议
海量数据分布式数据库存储服务
简单可靠的数据库数据传输服务
存储时间序列数据的高性能数据库
一站式直播云服务，引领智能直播新时代
一站式点播云服务，让视频技术零门槛
提供高质量的音视频转码计算服务
提供百度文库一样的文档在线浏览服务
对视频内容多维度智能分析，输出视频的泛标签
六大维度视频内容审核，大大降低视频平台风险
对视频内容理解，自动截取精彩画面作为视频的封面
快速建立设备与云端双向连接的、全托管的云服务
简单快速完成各种设备数据协议解析，如Modbus、OPC等
智能、强大的设备管理平台
存储时间序列数据的高性能数据库
灵活定义各种联动规则，与云端服务无缝连接
轻松设计基于物联网海量数据流的可视化应用
提供边缘计算本地运行框架和云端管理套件
为物联网而生的一站式安全框架
一站式智能家居设备管理平台
提供车辆数据接入、存储、分析，地图服务，AI等服务的车联网平台
提供简单、可靠的短消息验证码、通知服务
对Web、Mobile APP的应用性能监测、分析和优化服务
基于海量样本用户的问卷调研服务
自动化测试、人工测试、用户评测等多维度测试服务
提供AR开发框架(SDK)、内容创作、管理、分发一站式解决方案
云虚拟主机 BCH
高可靠、易推广的容器云虚机，企业建站首选
提供百余种后缀域名注册及免费智能解析服务
自研DNS设备，单机千万级解析性能，权威DNS解析专家
安全、高效、精准的移动域名解析服务
行业解决方案
专项解决方案
可快速部署的典型应用服务框架，如Docker
集成各类常见开源／商业源码、CMS等环境
预装主机管理面板或其他业务管理系统
预装经配置优化加固的数据库系统环境
提供模版化或快速开发模式的建站服务
提供各类网站的定制化设计、开发服务
荟萃开源、商业Web/App源码，一键使用
移动端H5、Native/HybridApp设计开发
针对企业个性软件需求开发定制
提供基于百度云底层架构的网站主机服务
为您部署安装配置相应的软件运行环境架构
帮您把原有业务运行环境及数据迁移上云
代理维护服务器，数据库等各类系统架构
排查故障、定位原因、协助恢复正常运营
上云配置、架构、技术方案等问题解答
系统环境调优加固服务、保障业务稳定运行
针对主机运行环境的安全处理与优化工具
专业安全检测、漏洞扫描、渗透测试等
代理维护服务器，数据库等各类系统架构
堡垒机、准入网关等安全认证准入产品
网络安全防护产品如VPN、DD0S防护等
堡垒机、安全认证、认证审计等服务
应用层安全服务、如WAF、木马检测等
公司注册、代理记账、商标／著作权等
垂直行业或领域专用的系统平台软件
客户关系管理（CRM）、在线客服系统等
OA自动化、工作流等企业高效协作软件
企业进销存、销售跟踪、业务管理等软件
企业邮箱、即时通讯、呼叫中心、融合通信等
开发者资源
服务与支持
帮助文档 &
接口规范请求响应格式标准 HTTP请求，Querystring中参数的Key，为首字母小写的驼峰方式。如 upLoadId，partNumber等。
所有用户自定义Meta，以x-bce-meta-*的形式放Header中，自定义Meta总大小不得超过2K。x-bce-meta-*的Key会被Server端统一按照小写进行处理。
例如：用户使用PutObject接口上传了x-bce-meta-DeMo:value，Server端会统一按照小写x-bce-meta-demo:value进行处理，用户在使用GetObject接口时，Sever端的返回值为x-bce-meta-demo:value。
除RFC2616规定的标准Header外，其他Header以x-bce-*的形式定义。
BOS的RESTful API支持仅支持JSON形式。
所有JSON中，Key均为首字母小写的驼峰方式。
每个请求响应中均带有x-bce-request-id和x-bce-debug-id这两个Header。
Header中Date、Content-MD5、Content-Type、Content-Length等相关字段遵守RFC 2616约束。
依据HTTP协议的规定，Content-MD5既要做MD5也要进行Base64编码，其计算方法如下： Content-MD5&=&&Content-MD5&&&:&&md5-digest
md5-digest&&&=&&base64&of&128&bit&MD5&digest&as&per&RFC&1864&
公共请求头
名字 类型 描述
Authorization String 用于验证请求合法性的认证信息。更多参见
Content-Length String RFC2616中定义的HTTP请求内容的长度
Content-Type String RFC2616中定义的HTTP请求内容的类型
Content-MD5 String RFC2616定义的HTTP请求内容的MD5摘要，可以通过携带该字段来验证保存在BOS侧的文件和用户预期的文件是否一致。
Date String HTTP 1.1协议中规定的GMT时间，如Wed, 06 Apr :40 GMT
Host String 访问Host值，取值为BucketName.bj.baidubce.com
x-bce-date String 当前时间，遵循ISO8601规范，格式如T08:23:49Z
公共返回头
名字 类型 描述
Content-Length String RFC2616中定义的HTTP请求内容长度。
Content-Type String RFC2616中定义的HTTP请求内容的类型。
Connection String 服务器是否断开连接，取值为close或者keep-alive。
Date String HTTP 1.1协议中规定的GMT时间，如Wed, 06 Apr :40 GMT。
ETag String Object的HTTP协议实体标签。ETag (entity tag) 在每个Object生成的时候被创建，用于标识一个Object的内容，ETag值可以用于检查Object内容是否发生变化。
Server String 服务器的名字，取值为BceBos。
x-bce-request-id String 由BCE BOS创建，是请求BceBos的唯一标识，
x-bce-debug-id String 由BCE BOS创建，用于帮助排除故障的标识ID，如果在使用BOS过程中遇到问题，可以在工单中提供该字段便于快速定位问题。
低频/冷存储和标准存储API接口的差异文件的存储类型是基于object实现的，低频存储和冷存储API实现时通过给object增加一个storage class属性来实现。storage class属性值为STANDARD、STANDARD_IA (infrequent access)和COLD，分别代表标准存储、低频存储和冷存储。 以下低频/冷存储API接口增加storage class属性：
PutObject、InitiateMultipartUpload、CopyObject、AppendObject、PostObject接口在请求头域中设置storage class属性参数x-bce-storage-class。 请求头域
名称 类型 描述 是否必需
x-bce-storage-class String 指定BOS的对象的存储类型，目前支持STANDARD、STANDARD_IA和COLD。 否，默认为STANDARD
GetObject和GetObjectMeta在响应头域中返回x-bce-storage-class。 响应头域
名称 类型 描述
x-bce-storage-class String BOS的对象的存储类型，目前支持STANDARD、STANDARD_IA和COLD。
ListObjects、ListMultipartUploads和ListParts在响应元素中返回storageClass。 响应元素
名称 类型 描述
storageClass String BOS的对象的存储类型，目前支持STANDARD、STANDARD_IA和COLD。
错误信息格式当用户访问BOS出现错误时，BOS会返回给用户相应的错误码和错误信息，便于用户定位问题，并做出适当的处理。 系统返回错误信息格式如下： {
&&&&&code&:&NoSuchKey&,
&&&&&message&:&The&resource&you&requested&does&not&exist&,
&&&&&requestId&:&&4db2b34d-654d-4d8a-b49b-&
其中Code字段定义如下：
错误码（code） 消息（message) 描述 HTTP状态码
AccessDenied Access denied. 拒绝访问 403 Forbidden
AccountOverdue Your request is denied because there is an overdue bill of your account. 用户欠费 403 Forbidden
BadDigest The Content-MD5 you specified did not match what we received. 错误的Content-MD5字段，与实际上传的数据MD5不符 400 Bad Request
BucketAlreadyExists The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again. Bucket已经存在 409 Conflict
BucketNotEmpty The bucket you tried to delete is not empty. 试图删除一个不为空的bucket 409 Conflict
EntityTooLarge Your proposed upload exceeds the maximum allowed object size. 上传的数据大于限制 400 Bad Request
EntityTooSmall Your proposed upload is smaller than the minimum allowed object size. 上传的数据小于限制 400 Bad Request
InappropriateJSON The JSON you provided was well-formed and valid, but not appropriate for this operation. 请求中的JSON格式正确，但语义上不符合要求。如缺少某个必需项，或者值类型不匹配等。出于兼容性考虑，对于所有无法识别的项应直接忽略，不应该返回这个错误。 400 Bad Request
InappropriateXML The XML you provided was well-formed and valid, but not appropriate for this operation. 适用场景同InappropriateJSON 400 Bad Request
InternalError We encountered an internal error. Please try again. 所有未定义的其他错误。在有明确对应的其他类型的错误时（包括通用的和服务自定义的）不应该使用。 500 Internal Server Error
InvalidAccessKeyId The Access Key ID you provided does not exist in our records. Access Key ID不存在 403 Forbidden
InvalidArgument Invalid Argument. 无效参数 400 Bad Request
InvalidBucketName The specified bucket is not valid. BucketName不合法 400 Bad Request
InvalidEncryptionAlgorithm The specified encryption algorithm is invalid. 指定的加密算法无效。 400 Bad Request
InvalidHTTPAuthHeader The HTTP authorization header is invalid. Consult the service documentation for details. Authorization头域格式错误 400 Bad Request
InvalidHTTPRequest There was an error in the body of your HTTP request. HTTP body格式错误。例如不符合指定的Encoding等 400 Bad Request
InvalidObjectName Your object key is too long. Object Key过长 400 Bad Request
InvalidPart One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag. 无效的Part，在三步上传的第三步，发现有一些part不存在，或者part ETag不匹配 400 Bad Request
InvalidPartOrder The list of parts was not in ascending order.Parts list must specified in order by part number. 上传的Part必须按照PartNumber升序排列进行上传的第三步 400 Bad Request
InvalidPolicyDocument The content of the form does not meet the conditions specified in the policy document. Policy格式错误 400 Bad Request
InvalidRange The requested range cannot be satisfied. 请求的Range不合法 416 Requested Range Not Satisfiable
InvalidURI Could not parse the specified URI. URI形式不正确 400 Bad Request
MalformedJSON The JSON you provided was not well-formed. JSON格式不合法 400 Bad Request
MalformedXML The XML you provided was not well-formed or did not validate against our published schema. XML格式不合法 400 Bad Request
MaxMessageLengthExceeded Your request was too big. 超出消息长度的限制 400 Bad Request
MetadataTooLarge Your metadata headers exceed the maximum allowed metadata size. Meta数据超过限制 400 Bad Request
MethodNotAllowed he specified method is not allowed against this resource. 请求的方法不允许 405 Method Not Allowed
MissingContentLength You must provide the Content-Length HTTP header. 缺少Content-Length字段 411 Length Required
MissingDateHeader Request must have a &date& or &x-bce-date& header. 请求中找不到Date和x-bce-date两者之一 400 Bad Request
NoReplicationConfiguration The Replication configuration does not exist. 未配置跨区域复制 404 Not Found
NoSuchBucket The specified bucket does not exist. 不存在该Bucket 404 Not Found
NoSuchBucketEncryption The bucket is not encrypted. 该Bucket未加密。 404 Not Found
NoSuchKey The specified key does not exist. 不存在该Object 404 Not Found
NoSuchUpload The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed. 该uploadId所对应的三步上传不存在 404 Not Found
NotImplemented A header you provided implies functionality that is not implemented. 系统未实现 501 Not Implemented
ObjectUnappendable The object can not be append 对非Appendable的Object做AppendObject操作 403 Forbidden
OffsetIncorrect Offset not equal to current object length 追加Appendable Object时，&OffsetSize&值不等于已上传的Object的大小或者&OffsetSize&值不为0但Object不存在 409 Conflict
PreconditionFailed The specified If-Match header doesn't match the ETag header. 预处理错误 412 Precondition Failed
ReplicationNotEnabled The Bucket Replication is not enabled. 跨区域同步未开启错误 404 Not Found
ReplicationStatusError The Bucket Replication Status is not correct. Please make sure both the source and dest bucket have no enabled replication conf and both are not the dest replication bucket of other bucket. 跨区域复制源Bucket或目标Bucket已经在另一条跨区域复制规则中被指定。 409 Conflict
ReplicationStatusNotEmpty The bucket you tried to delete has an enabled replication conf or is a dest replication bucket of other bucket. 待删除的Bucket开启了跨区域复制功能。 409 Conflict
RequestExpired Request has expired. Timestamp date is XXX. 请求的时间戳过期。请求超时，XXX要改成x-bce-date的值。如果请求中只有Date，则需要将Date转换为本规范指定的格式。 403 Forbidden
RequestTimeout Your socket connection to the server was not read from or written to within the timeout period. 请求超时。 408 Request Timeout
ServiceUnavailable Please reduce your request rate. 服务不可用 503 Service Unavailable
SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. Consult the service documentation for details. Authorization头域中附带的签名和服务端验证不一致 403 Forbidden
SlowDown Please reduce your request rate. 请求过于频繁 503 Slow Down
TooManyBuckets You have attempted to create more buckets than allowed. 创建的Bucket数目超过了限制 400 Bad Request
InvalidStaticWebSiteFormat The format of index file or 404 file are not allowed. 不允许的index或者404文件名或格式。 比如：文件格式不允许，或者index与404文件同名。 400
NoSuchBucketStaticWebSiteConfig The static web site configuration does not exist. Bucket 没有开启静态托管。 404
StaticWebSiteIsDisable Static web site is disabled or not implemented. 静态网站托管功能被禁止。 如：即BOS不允许此region的bucket 开启静态网站托管功能，或者静态网站托管功能未上线。 501
转1 24小时售前咨询
cloud.baidu.comjson - AWS S3 permissions - error with put-bucket-acl - Stack Overflow
to customize your list.
This site uses cookies to deliver our services and to show you relevant ads and job listings.
By using our site, you acknowledge that you have read and understand our , , and our .
Your use of Stack Overflow’s Products and Services, including the Stack Overflow Network, is subject to these policies and terms.
Join Stack Overflow to learn, share knowledge, and build your career.
or sign in with
I am trying to move an S3 bucket from one account (A) to another (B).
I have succeeded with that operation and remove the bucket from account A.
I am trying to move the new
bucket from account B to another bucket on account B, but learning that beside the bucket itself I have no access to the files.
After much fighting with s3 cli and its permissions I checked s3api commands and found out that the files (surprise surprise) still holds the old ownership.
I am trying now to change it, but came to a stand still with the put-bucket-acl, the JSON file isn't working for s3api command.
I tried running the command in debug , but didn't make too much out of it.
Anybody knows what to do ?
Maybe a better way to solve this issue ?
what I did so far:
the command:
aws s3api put-bucket-acl --bucket my-bucket
--cli-input-json file://1.json
(Same with put-object-acl)
1.json file:
"Grantee": {
"DisplayName": "account_B",
"EmailAddress": "",
"ID": "111111hughalphnumericnumber22222",
"Type": "CanonicalUser",
"Permission": "FULL_CONTROL"
The errors I get :
Unknown parameter in input: "Grantee", must be one of: ACL,
AccessControlPolicy, Bucket, ContentMD5, GrantFullControl, GrantRead,
GrantReadACP, GrantWrite, GrantWriteACP Unknown parameter in input:
"Permission", must be one of: ACL, AccessControlPolicy, Bucket,
ContentMD5, GrantFullControl, GrantRead, GrantReadACP, GrantWrite,
GrantWriteACP
AssumeRole between the 2 accounts doesn't work in my case.
cli (s3cmd,s3api) GUI (MCSTools,bucketexplorer), ACL using headers,body (Postman) did not help as well..
I'm connecting AWS support and hoping for the best.
I'll update when I have a solution.
Your JSON is wrong. According
for the put-bucket-acl option you can generate valid JSON template ('skeleton') using --generate-cli-skeleton. For example:
aws s3api put-bucket-acl --bucket BUCKETNAME --generate-cli-skeleton
And here is the output:
"ACL": "",
"AccessControlPolicy": {
"Grants": [
"Grantee": {
"DisplayName": "",
"EmailAddress": "",
"Type": "",
"Permission": ""
"Owner": {
"DisplayName": "",
"Bucket": "",
"ContentMD5": "",
"GrantFullControl": "",
"GrantRead": "",
"GrantReadACP": "",
"GrantWrite": "",
"GrantWriteACP": ""
So, AWS support came to the rescue... I'm leaving this for others to see, so they won't have to waste 2 days like I did trying to figure what the hell went wrong...
aws s3api get-object-acl --bucket &bucket_on_B& --key &Key_on_B_Owned_by_A&
--profile IAM_User_A & A_to_B.json
apply the outcome of:
aws s3api get-bucket-acl --bucket &Bucket_on_B& --profile IAM_User_B
onto the json file that was created, and then run
aws s3api put-object-acl --bucket &Bucket_on_B& --key &Key_on_B_Owned_by_A& --access-control-policy file://A_to_B.json --profile IAM_User_A
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Post as a guest
Post as a guest
Post Your Answer
By clicking &Post Your Answer&, you acknowledge that you have read our updated ,
and , and that your continued use of the website is subject to these policies.
Not the answer you're looking for?
Browse other questions tagged
Stack Overflow works best with JavaScript enabled利用Wireshark和OSS的API文档简单实现上传和下载
利用Wireshark和OSS的API文档简单实现上传和下载
背景及目的
由于各个开发者使用的开发语言可能在官方SDK找不到相应的语言版本，就必须自主开发SDK。本文根据wireshark和API文档，来简单实现上传和下载的请求，给需要自主开发的开发者提供一个简单的示例。
背景及目的
由于各个开发者使用的开发语言可能在官方SDK找不到相应的语言版本，就必须自主开发SDK。本文根据wireshark和API文档，来简单实现上传和下载的请求，给需要自主开发的开发者提供一个简单的示例。
安装wireshark
官网地址：找到合适的平台及版本，下载并安装。
找到OSS的API文档
官网地址：
准备开发环境
1. 这里使用的是python 2.7, 并且使用requests库。
2. 需要开通OSS，并且拥有一个bucket，同时需要获取AccessKeyId和AccessKeySecret
基于OSS API文档，用python实现一个简单的上传和下载操作
1. 先看Put Object的API文档
PUT /ObjectName HTTP/1.1
Content-Length：ContentLength
Content-Type: ContentType
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue
2. 构建类似的HTTP请求
BucketName是ali-beijingEndpoint是oss-cn-beijing.aliyuncs.comObjectName是test.txt将如下的代码保持文件后运行
import requests
bucket = "ali-beijing"
objectname = "test.txt"
endpoint = "oss-cn-beijing.aliyuncs.com"
url = "http://%s.%s/%s" % (bucket, endpoint, objectname)
headers = {}
r = requests.put(url, data="hello", headers=headers)
print r.text
print r.status_code
print r.headers
3. 运行的同时，打开wireshark来抓包，查看请求
运行完毕后，停止抓包，查看请求。如图所示：
停止抓包后点击图中红框的"Protocol"，找到发送的HTTP请求，然后点击“Analyze"-&"Follow TCP Stream"，即可看到整个HTTP请求的内容。
可以看到最终的HTTP请求如下所示
PUT /test.txt HTTP/1.1
Host: ali-beijing.oss-cn-beijing.aliyuncs.com
Content-Length: 5
User-Agent: python-requests/2.5.1 CPython/2.7.10 Darwin/15.0.0
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip, deflate
HTTP/1.1 403 Forbidden
Server: AliyunOSS
Date: Tue, 26 Apr :20 GMT
Content-Type: application/xml
Content-Length: 279
Connection: keep-alive
x-oss-request-id: 571F3C704FF4F07A6A0080A6
&?xml version="1.0" encoding="UTF-8"?&
&Code&AccessDenied&/Code&
&Message&You have no right to access this object because of bucket acl.&/Message&
&RequestId&571F3C704FF4F07A6A0080A6&/RequestId&
&HostId&ali-beijing.oss-cn-beijing.aliyuncs.com&/HostId&
经过和Put Object的协议对比，我们可以看到，请求的header中没有加入Authorization，以及Date，也没有Content-Type。由于bucket是私有权限，没有Authorization的认证信息是无法对bucket进行写入操作。所以需要加入签名信息。
4. 根据API文档描述的，加入签名的信息
签名相关的文档见：
#coding=utf-8
import requests, datetime, hmac, httplib, hashlib
from email.utils import formatdate
from urllib import quote
from base64 import b64encode
class OssRequest():
def __init__(self,
endpoint, AccessKeyId, AccessKeySecret, bucket):
self.endpoint = endpoint
self.AccessKeyId = AccessKeyId
self.AccessKeySecret = AccessKeySecret
self.bucket = bucket
self.objectname = ""
self.subresource = ""
self.VERB = ""
def format_oss_headers(self, headers=None):
for header, value in headers.iteritems():
header = header.lower()
if header.startswith("x-oss-"):
map.setdefault(header, []).append(value)
parts = []
for key in sorted(map):
parts.append("%s:%s\n" % (key, ",".join(map[key])))
return "".join(parts)
def canonical_resource(self):
resource = "/"
if self.bucket:
resource += self.bucket + "/"
if self.objectname:
resource += "%s" % self.objectname
if self.subresource:
resource += "?%s" % quote(self.subresource, "/")
return resource
def sign(self, headers=None):
if not headers:
headers = {}
AuthString = "\n".join(str(item_) for item_ in items) + "\n"
CanonicalizedOSSHeaders = self.format_oss_headers(headers)
CanonicalizedResource = self.canonical_resource()
AuthString = "".join((AuthString, CanonicalizedOSSHeaders, CanonicalizedResource))
Signature = '%s' % (b64encode(hmac.new(AccessKeySecret, AuthString.encode("utf-8"), hashlib.sha1).digest()))
return Signature
def put(self, objectname):
self.VERB = 'PUT'
self.objectname = objectname
url = "http://%s.%s/%s" % (self.bucket, self.endpoint, self.objectname)
headers = {'Date' : formatdate(None, usegmt=True)}
Signature = self.sign(headers)
headers['Authorization'] = 'OSS %s:%s' % (self.AccessKeyId, Signature)
r = requests.put(url, data = "hello", headers=headers)
print r.text
print r.status_code
print r.headers
if __name__ == "__main__":
AccessKeyId = "替换成自己的AccessKeyId"
AccessKeySecret = "替换成自己的AccessKeySecret"
bucket = "ali-beijing"
objectname = "test.txt"
endpoint = "oss-cn-beijing.aliyuncs.com"
a = OssRequest(endpoint, AccessKeyId, AccessKeySecret, bucket)
a.put(objectname)
5. 再次在运行后，通过wireshark抓包观察
同之前的抓包和观察方法，可以看到，上传成功了。
PUT /test.txt HTTP/1.1
Host: ali-beijing.oss-cn-beijing.aliyuncs.com
Content-Length: 5
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.5.1 CPython/2.7.10 Darwin/15.0.0
Connection: keep-alive
Date: Tue, 26 Apr :42 GMT
Content-Type: plain/text
Authorization: OSS testaliyun:1aUnxjJ4V/0+pTwzd7t9An3d10c=
helloHTTP/1.1 200 OK
Server: AliyunOSS
Date: Tue, 26 Apr :42 GMT
Content-Length: 0
Connection: keep-alive
x-oss-request-id: 571F70CA4FF4F07A6A022212
ETag: "5D41402ABC4B2A76BC592"
x-oss-hash-crc64ecma:
1. 查看Get Object的API文档
GET /ObjectName HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue
Range: bytes=ByteRange(可选)
2. 在上传成功的基础上实现下载
由于之前上传Object已经成功，这里只需要添加如下代码
省略和上传一样的代码
在def put(self, objectname):
函数下添加
def get(self, objectname):
self.VERB = 'GET'
self.objectname = objectname
url = "http://%s.%s/%s" % (self.bucket, self.endpoint, self.objectname)
headers = {'Date' : formatdate(None, usegmt=True)}
Signature = self.sign(headers)
headers['Authorization'] = 'OSS %s:%s' % (self.AccessKeyId, Signature)
r = requests.get(url, headers=headers)
print r.text
print r.status_code
print r.headers
调用的时候在a.put(objectname)下添加a.get(objectname)
3. 抓包观察
GET /test.txt HTTP/1.1
Host: ali-beijing.oss-cn-beijing.aliyuncs.com
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.5.1 CPython/2.7.10 Darwin/15.0.0
Connection: keep-alive
Date: Tue, 26 Apr :32 GMT
Authorization: OSS testaliyun:ARRfi3zGoiGdrAjmM5lJ0o4LEBA=
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Tue, 26 Apr :32 GMT
Content-Type: plain/text
Content-Length: 5
Connection: keep-alive
x-oss-request-id: 571F7A6A023023
Accept-Ranges: bytes
ETag: "5D41402ABC4B2A76BC592"
Last-Modified: Tue, 26 Apr :42 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma:
Cache-Control: max-age=86400
以上是根据API文档，简单实现的上传和下载操作。代码都是很简单的，没有异常的重试，也没有考虑大文件的上传和下载。主要目的是演示如何通过wireshark和API文档来构建HTTP 请求来实现OSS的相关接口。
1. Content-MD5计算错误
以消息内容为""来说，计算这个字符串的Content-MD5
正确的计算方式：
标准中定义的算法简单点说就是：
1. 先计算MD5加密的二进制数组（128位）。
2. 再对这个二进制进行base64编码（而不是对32位字符串编码）。
以Python为例子：
正确计算的代码为：
&&& import base64,hashlib
&&& hash = hashlib.md5()
&&& hash.update("")
&&& base64.b64encode(hash.digest())
'eB5eJF1ptWaXm4bijSPyxw=='
正确的是：hash.digest()，计算出进制数组（128位）
&&& hash.digest()
'x\x1e^$]i\xb5f\x97\x9b\x86\xe2\x8d#\xf2\xc7'
常见错误是直接对计算出的32位字符串编码进行base64编码。
例如，错误的是：hash.hexdigest()，计算得到可见的32位字符串编码
&&& hash.hexdigest()
'781e5e245d69be28d23f2c7'
错误的MD5值进行base64编码后的结果：
&&& base64.b64encode(hash.hexdigest())
'NzgxZTVlMjQ1ZDY5YjU2Njk3OWI4NmUyOGQyM2YyYzc='
2. 某些头部没有加入到签名的计算中
例如x-oss-开头的header没有加入到签名的计算中。
3. Content-Type设置不对
上传Objec的时候没有设置正确的Content-Type，导致浏览器等无法根据Content-Type进行预览等处理。
用云栖社区APP，舒服~
【云栖快讯】Apache旗下顶级开源盛会 HBasecon Asia 2018将于8月17日在京举行，现场仅600席，免费赠票领取入口&&
程序没问题么
有。。上传文件中有个items变量找不到
提供海量、安全和高可靠的云存储服务。RESTful API的平台无关性，容量和处理能力的弹性...
API 网关（API Gateway），提供高性能、高可用的 API 托管服务，帮助用户对外...
为您提供简单高效、处理能力可弹性伸缩的计算服务，帮助您快速构建更稳定、安全的应用，提升运维效...
阿里云总监课正式启航