<p>我们是如何做到的:</p>
<p><strong>第1步:获取p12文件/证书</strong></p>
<p>从<a href="https://console.developers.google.com/" rel="nofollow">https://console.developers.google.com/</a>下载p12文件
“API和身份验证/凭据”选项卡。在</p>
<p><strong>第2步:将p12文件转换为DER格式</strong></p>
<p>找到一台打开的Linux计算机并使用终端连接
命令:</p>
<pre><code>openssl pkcs12 -in <filename.p12> -nodes -nocerts > <filename.pem>
# The current Google password for the p12 file is `notasecret`
openssl rsa -in <filename.pem> -inform PEM -out <filename.der> -outform DER
</code></pre>
<p><strong>第3步:将DER文件转换为base64编码字符串</strong></p>
<p>Python控制台:</p>
^{pr2}$
<p>复制并粘贴到应用程序引擎脚本中。在</p>
<p><strong>第4步:在AppEngine中启用PyCrypto</strong></p>
<p>在应用程序yaml必须有一行才能启用PyCrypto:</p>
<pre><code>- name: pycrypto
version: latest
</code></pre>
<p><strong>第5步:创建签名URL的Python代码</strong></p>
<pre><code>import Crypto.Hash.SHA256 as SHA256
import Crypto.PublicKey.RSA as RSA
import Crypto.Signature.PKCS1_v1_5 as PKCS1_v1_5
der_key = “””<copy-paste-the-base64-converted-key>”””.decode('base64')
bucket = <your cloud storage bucket name (default is same as app id)>
filename = <path + filename>
valid_seconds = 5
expiration = int(time.time() + valid_seconds)
signature_string = 'GET\n\n\n%s\n' % expiration
signature_string += bucket + filename
# Sign the string with the RSA key.
signature = ''
try:
start_key_time = datetime.datetime.utcnow()
rsa_key = RSA.importKey(der_key, passphrase='notasecret')
#objects['rsa_key'] = rsa_key.exportKey('PEM').encode('base64')
signer = PKCS1_v1_5.new(rsa_key)
signature_hash = SHA256.new(signature_string)
signature_bytes = signer.sign(signature_hash)
signature = signature_bytes.encode('base64')
objects['sig'] = signature
except:
objects['PEM_error'] = traceback.format_exc()
try:
# Storage
STORAGE_CLIENT_EMAIL = <Client Email from Credentials console: Service Account Email Address>
STORAGE_API_ENDPOINT = 'https://storage.googleapis.com'
# Set the query parameters.
query_params = {'GoogleAccessId': STORAGE_CLIENT_EMAIL,
'Expires': str(expiration),
'Signature': signature}
# This is the signed URL:
download_href = STORAGE_API_ENDPOINT + bucket + filename + '?' + urllib.urlencode(query_params)
except:
pass
</code></pre>
<p><strong>来源</strong></p>
<p><a href="http://cloud.google.com/storage/docs/authentication" rel="nofollow">How to get the p12 file.</a></p>
<p><a href="http://cloud.google.com/storage/docs/access-control#Signed-URLs" rel="nofollow">Signing instructions.</a></p>
<p><a href="http://github.com/GoogleCloudPlatform/storage-signedurls-python" rel="nofollow">Inspiration for how to sign the url.</a></p>