Amazon S3: Strange Error -' Sometimes' SignatureDoesNotMatch, sometimes it does
Asked Answered
E

2

7

I am developing code for salesforce. We are using 'Force.com for Amazon Web Services' App from Appexchange. The app is provided by Amazon.

I am downloading files from Amazon S3 on a machine.

Sometimes I am getting the below mentioned error. Interesting thing is, only sometimes I get this error, rest of the times it works, even for the same file.

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>

I tried using both URL patterns provided by Amazon. Expires is set for 1hr after link generation, hence may not be an issue.

URL1:- http://adminportal.s3.amazonaws.com/sample.pdf?AWSAccessKeyId=AKIAIRUZSRRCVSLXZCIA&Expires=1372653478&Signature=RvMJ1gJL+qNKmnRkqzuytmlUTGQ=
URL2:- http://s3.amazonaws.com/adminportal/sample.pdf?AWSAccessKeyId=AKIAIRUZSRRCVSLXZCIA&Expires=1372658253&Signature=%2FmI0m0PTlHJpJ%2FP5d%2FX3OApqzcI%3D

The signature is generated by class provided by Amazon, I guess it must work well all of the times.

Can someone elaborate why would S3 give this error only sometimes?

Eyebolt answered 1/7, 2013 at 5:28 Comment(0)
E
10

Finally I was able to solve this problem, here is how?

Sample URL for file on Amazon S3 is-

http://adminportal.s3.amazonaws.com/sample.pdf?AWSAccessKeyId=AKIAIRUZSRRCVSLXZCIA&Expires=1372653478&Signature=RvMJ1gJL+qNKmnRkqzuytmlUTGQ=

Here the Signature is generated by classes provided by Amazon.

For unknown reasons, 'Force.com for Amazon Web Services' app was generating signature which contain SPACES.

E.g. In the given URL, space is replaced by '+'.

To get rid of the problem, just URL encode the signature. Encoding will replace spaces with special character and problem will be resolved.

Eyebolt answered 2/7, 2013 at 4:41 Comment(4)
Do you mean the '+' would get replaced by some special chars. I have this code: var signature = crypto.createHmac('sha1',AWS_SECRET_KEY).update(put_request).digest( 'base64'); signature = encodeURIComponent(signature.trim()); signature = signature.replace('%2B','+'); should the last line be signature = signature.replace('+', '%2B'); or should it be removed?Clisthenes
I am asking you because its very hard to recreate the test case, so wanted to make sure from you.Clisthenes
@Clisthenes signature generated may contain spaces. The signature is URL parameter, & browser was replacing spaces in URL with '+' sign. URL encoding converts spaces to '%2B'. If you want to reproduce scenario, hard code above signature as 'RvMJ1gJL qNKmnRkqzuytmlUTGQ=' & check if code handles this & converts it to 'RvMJ1gJL%2BqNKmnRkqzuytmlUTGQ='Eyebolt
Heroku suggests using the + symbol to encode spaces (devcenter.heroku.com/articles/…), and using %2B (.quote() instead of .quote_plus() in python) isn't working for me either.Ahoy
M
0

Are you using the Java SDK? Which version?

A bug was introduced in version 1.4.4 I think, and has been fixed in the most recent releases. Once I upgraded to the buggy version, I had intermittent signature problems when using SQS, and I've seen a post on AWS Forums of some people reporting the exact same issue with DynamoDB. Now I upgraded to version 1.4.7 and the bug disappeared.

Maybe you are seeing the same bug!

Montgomery answered 1/7, 2013 at 17:17 Comment(2)
I am developing this on Salesforce Platform. So this not related to Java thing as such.Eyebolt
I am having the same issue wight eh java driver. I can set up two almost identical tests and one works, while the other doesn't at the same time on the same server.Herbst

© 2022 - 2024 — McMap. All rights reserved.