search

arnemolland / sigv4

Dart library for signing AWS requests with Signature Version 4
MIT License
17 stars 23 forks source link

Canonical String for POST request is invalid #17

Closed BartusZak closed 3 years ago

BartusZak commented 4 years ago

Expected Behavior

AWS v4 Signature should be a valid signature for a request. Request should return endpoint response.

Current Behavior

Constructed AWS v4 Signature is not valid for POST request.

Request payload:

curl -X POST -H "user-agent:Dart/2.9 (dart:io)" -H "x-amz-date:20200625T093042Z" -H "accept:application/json" -H "accept-encoding:gzip" -H "content-length:94" -H "authorization:AWS4-HMAC-SHA256 Credential=XXXXXXXXXXXXXXX/20200625/eu-west-1/execute-api/aws4_request,SignedHeaders=accept;content-type;content-type;host;x-amz-content-sha256;x-amz-date,Signature=1af5884f8487dad4658732a81b35726896fd75751031e6fdfab537fdde3284dd" -H "host:86p5r60c20.execute-api.eu-west-1.amazonaws.com" -H "x-amz-content-sha256:3690a8d58c3e8b44e93d5005d2396d6bed33945c0686efa687d9da52ac76cd63" -H "content-type:application/json; charset=utf-8" -d "{"code":"a0664290-b6ba-11ea-8894-2b79cabe615c","resourceId":"1","deviceId":"861433855c118a85"}" "https://XXXXXXXXXXXXX.execute-api.eu-west-1.amazonaws.com/dev/activationCodes/verify"

Response:

{
"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/dev/activationCodes/verify

accept:application/json
content-type:application/json; charset=utf-8
host: xxxxxx.execute-api.eu-west-1.amazonaws.com
x-amz-content-sha256: 5a8e95d678b8206c93d4b9025c69b29176fa22b55b9796c4bdec499d2d553e8d
x-amz-date: 20200625T081350Z

accept;content-type;host;x-amz-content-sha256;x-amz-date
05acf8a062a22a8c2cb790f4527bada1912768d0d43b0e4b5b8e5e54b17c3530'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20200625T081350Z
20200625/eu-west-1/execute-api/aws4_request
8b81e404e8e7d428b337394f555d957ca58ab5d123ae896d318d4b3d76d41c50'
"}

Possible Solution

Steps to Reproduce

  1. Fullyfill all needed properties
  2. Send POST request with payload (payload content described above)
  3. Receive 403 Response Code with message (described above)

Context (Environment)

Can't access POST API Gateway endpoint, secured with aws_iam authorizer. Signature is correct for GET request.

Detailed Description

Possible Implementation

arnemolland commented 4 years ago

Hi, @BartusZak 👋

I'll take a look when I find the time. If you're willing to investigate yourself, feel free to open a PR!

FirdousNath commented 3 years ago

owner isn't getting time... lolzzz its being more than 5 months and same issue...

arnemolland commented 3 years ago

@FirdousNath Please take a look at the README:

This is not actively maintained. If you're looking for alternatives, check out aws_client. If you'd like to continue using this library and have a fix for an issue, I'll be happy to review PRs.

edlea commented 3 years ago

Possible it’s the same issue I faced https://github.com/arnemolland/sigv4/pull/18

Without needing that PR, you can fix it with (assuming it is the same problem):

client.request(url,
      method: "PUT",
      headers: {"Content-Type": "application/json; charset=utf-8"},
      body: jsonBody,
    );