Unable to download a document from google cloud storage

Question

I am able to upload a document and download the document from google cloud storage for signed url using httpclient in java.But,when i put the same signed url in browser i am unable to download document for the link.I am getting following error

The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.`

But when i mark check shared publicly check box in storage browser i am able to download from the generated signed url.But i want to allow a user to download a document from the browser without marking it as shared publicly. . I want to get confirm on some confusing part like

For document to get accessible by user who does not have google account after creating a signed url also i have to check shared publicly check box in storage browser?

But i think if the url is signed then it should not be check for shared publicly checkbox and user who does not have google account can access the document?But in my case it is not happening .According to link https://developers.google.com/storage/docs/accesscontrol#About-CanonicalExtensionHeaders it talks about Canonicalized_Extension_Headers .So i put in my request header request.addHeader("x-goog-acl","public-read");

This is my code

 // construct URL
        String url = "https://storage.googleapis.com/" + bucket + filename +
                "?GoogleAccessId=" + GOOGLE_ACCESS_ID +
                "&Expires=" + expiration +
                "&Signature=" + URLEncoder.encode(signature, "UTF-8");
        System.out.println(url);
        HttpClient client = new DefaultHttpClient();
        HttpPut request = new HttpPut(url);
        request.addHeader("Content-Type", contentType);
        request.addHeader("x-goog-acl","public-read");// when i put this i get error 
        request.addHeader("Authorization","OAuth 1/zVNpoQNsOSxZKqOZgckhpQ");




        request.setEntity(new ByteArrayEntity(data));

        HttpResponse response = client.execute(request); 

When i put request.addHeader("x-goog-acl","public-read");i get error HTTP/1.1 403 Forbidden error . .But when i remove this line it is uploaded successfully .It seems like i need to set request.addHeader("x-goog-acl","public-read") to make it publicly accessible but on putting this on my code i am getting error.

.Any suggestion Please?

Answer 1

this works for me:

    set_include_path("../src/" . PATH_SEPARATOR . get_include_path());
    require_once 'Google/Client.php';

    function signed_storageURL($filename, $bucket, $p12_certificate_path, $access_id,         $method = 'GET', $duration = 3600 ) 
    { 
        $expires = time( ) + $duration*60; 
        $content_type = ($method == 'PUT') ? 'application/x-www-form-urlencoded' : ''; 
        $to_sign = ($method."\n"."\n".$content_type."\n".$expires."\n".'/'.$bucket.'/'.$filename); 
        $signature = '';

                $signer = new Google_Signer_P12(file_get_contents($p12_certificate_path), 'notasecret');
        $signature = $signer->sign($to_sign);
        $signature = urlencode( base64_encode( $signature ) );

        return ('https://'.$bucket.'.commondatastorage.googleapis.com/'.$filename.'?GoogleAccessId='.$access_id.'&Expires='.$expires.'&Signature='.$signature); 
    }

    $url = signed_storageURL(rawurlencode("áéíóú espaço & test - =.jpg"),'mybucket', 'mykey.p12','myaccount@developer.gserviceaccount.com');
    echo '<a href="'.$url.'">'.$url.'</a>';

Answer 2

Finally Solved it.

To run singed url from browser you have to set HTTP header . In https://developers.google.com/storage/docs/accesscontrol#Construct-the-String

Content_Type Optional. If you provide this value the client (browser) must provide this HTTP header set to the same value.There is a word most.

So if you are providing Content_Type for sign string you must provide same Content_Type in browser http header.When i set Content_Type in browser header this error finally solved