search

aws / aws-sdk-java

The official AWS SDK for Java 1.x (In Maintenance Mode, End-of-Life on 12/31/2025). The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/
https://aws.amazon.com/sdkforjava
Apache License 2.0
4.13k stars 2.83k forks source link

Error while publishing the image using the pre-signed url generated. (SignatureDoesNotMatch) #3085

Closed Anuragh6911 closed 10 months ago

Anuragh6911 commented 10 months ago

SignatureDoesNotMatch issues while uploading image with pre-signedurl

public UploadObject getPreSignedUploadUrl(String appId, String folder) { try { // Generate the pre-signed URL. String keyName = String.valueOf(UUID.randomUUID()); Date expiration = generateOneDayExpirationTime(); String bucketFullPath = generateFullBucketPath(appId, folder); GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketFullPath, keyName); generatePresignedUrlRequest.withExpiration(expiration) .withMethod(HttpMethod.PUT); URL url = s3Client.generatePresignedUrl(generatePresignedUrlRequest); log.debug("PreSigned upload url : {} ", url); return new UploadObject(keyName, url.toString()); } catch (SdkClientException e) { log.error("Exception while generating pre-signed upload url", e); return null; } }

This is the code I used for generating the pre-signed url. I am currently using the micronaut version 4.2.1. While trying to post an image using the pre-signed url generated I get an error SignatureDoesNotMatch. This is the pre-signed url I used to post an image which was generated from the above code:

https://s3.us-east-2.amazonaws.com/healthusbucket%2Fhealth%2Fprescriptions-nepals/bfcdab42-74ff-4548-82ae-fcc795c71947?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240125T103508Z&X-Amz-SignedHeaders=host&X-Amz-Expires=35999&X-Amz-Credential=AKIAUW6YCO3PMEL2R5ZM%2F20240125%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Signature=19ffb016336162977910159d021f02ae250983a30a22ed732af423544b00976b

I also tired to run the same code in Micronaut version 3.7.9 , and I posted an Image with the pre-signed url. I didn't get any issue this time. This was the pre-signed url generated:

https://s3.us-east-2.amazonaws.com/healthusbucket/health/prescriptions-nepals/c606370a-c8e5-4312-b668-832434880df7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240125T104212Z&X-Amz-SignedHeaders=host&X-Amz-Expires=35999&X-Amz-Credential=AKIAUW6YCO3PMEL2R5ZM%2F20240125%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Signature=43aa27e4f5ed330f3c2356114ac9721e6ec280f9acea5917862be576a314cf0b

You need to use this pre-signed URL with PUT request

What could be the issue here ?

Expected Behavior

https://s3.us-east-2.amazonaws.com/healthusbucket%2Fhealth%2Fprescriptions-nepals/bfcdab42-74ff-4548-82ae-fcc795c71947?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240125T103508Z&X-Amz-SignedHeaders=host&X-Amz-Expires=35999&X-Amz-Credential=AKIAUW6YCO3PMEL2R5ZM%2F20240125%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Signature=19ffb016336162977910159d021f02ae250983a30a22ed732af423544b00976b

While posting the image using the pre-signed given above url the image should be uploaded in the AWS s3 bucket.

Current Behavior

I am getting an error called SignatureDoesNotMatch. The more detail to this error is given below:

`<?xml version="1.0" encoding="UTF-8"?>

SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your key and signing method. AKIAUW6YCO3PMEL2R5ZM AWS4-HMAC-SHA256 20240125T104610Z 20240125/us-east-2/s3/aws4_request 86ba4a7c9c4f7d66afb61b27485c654ffa01f7e360432de5360b1d5ab6d941e2 51f6a3ca713a1be4bb4a3673c26283665c1b47dab44e9e0cf4d4785ccb60a269 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 34 30 31 32 35 54 31 30 34 36 31 30 5a 0a 32 30 32 34 30 31 32 35 2f 75 73 2d 65 61 73 74 2d 32 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 38 36 62 61 34 61 37 63 39 63 34 66 37 64 36 36 61 66 62 36 31 62 32 37 34 38 35 63 36 35 34 66 66 61 30 31 66 37 65 33 36 30 34 33 32 64 65 35 33 36 30 62 31 64 35 61 62 36 64 39 34 31 65 32 PUT /healthusbucket/health/prescriptions-nepals/28abf064-e494-4977-a956-5dc2d5a526e3 X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAUW6YCO3PMEL2R5ZM%2F20240125%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20240125T104610Z&X-Amz-Expires=35999&X-Amz-SignedHeaders=host host:s3.us-east-2.amazonaws.com host UNSIGNED-PAYLOAD 50 55 54 0a 2f 68 65 61 6c 74 68 75 73 62 75 63 6b 65 74 2f 68 65 61 6c 74 68 2f 70 72 65 73 63 72 69 70 74 69 6f 6e 73 2d 6e 65 70 61 6c 73 2f 32 38 61 62 66 30 36 34 2d 65 34 39 34 2d 34 39 37 37 2d 61 39 35 36 2d 35 64 63 32 64 35 61 35 32 36 65 33 0a 58 2d 41 6d 7a 2d 41 6c 67 6f 72 69 74 68 6d 3d 41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 26 58 2d 41 6d 7a 2d 43 72 65 64 65 6e 74 69 61 6c 3d 41 4b 49 41 55 57 36 59 43 4f 33 50 4d 45 4c 32 52 35 5a 4d 25 32 46 32 30 32 34 30 31 32 35 25 32 46 75 73 2d 65 61 73 74 2d 32 25 32 46 73 33 25 32 46 61 77 73 34 5f 72 65 71 75 65 73 74 26 58 2d 41 6d 7a 2d 44 61 74 65 3d 32 30 32 34 30 31 32 35 54 31 30 34 36 31 30 5a 26 58 2d 41 6d 7a 2d 45 78 70 69 72 65 73 3d 33 35 39 39 39 26 58 2d 41 6d 7a 2d 53 69 67 6e 65 64 48 65 61 64 65 72 73 3d 68 6f 73 74 0a 68 6f 73 74 3a 73 33 2e 75 73 2d 65 61 73 74 2d 32 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 0a 68 6f 73 74 0a 55 4e 53 49 47 4e 45 44 2d 50 41 59 4c 4f 41 44 RJXRDKP333DSQSWG SaYUwUc5L4PL5GsZeAohDGZRx5jDWBg2yjh5oSJbz83HeSDCciSYaCZ61hiF8RYsVI2oKfUAl4g= ` ### Reproduction Steps Use the pre-signed url given for micronaut version 4.2.1 to reproduce the issue. ### Possible Solution I find some differences in the pre-signed url generated using different micronaut version where "/" was replaced by "%2F" in case of higher micronaut version. ### Additional Information/Context _No response_ ### AWS Java SDK version used com.amazonaws:aws-java-sdk-s3:1.12.248 ### JDK version used 17 ### Operating System and version Mac OS Monterey 16 GB RAM.
debora-ito commented 10 months ago 
String bucketFullPath = generateFullBucketPath(appId, folder);
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketFullPath,
keyName);

The first argument of GeneratePresignedUrlRequest must be just the bucket name. If you're providing any additional prefixes as part of the bucket name, they need to be part of the object name instead.

Don't use: GeneratePresignedUrlRequest("bucket/prefix", "key") Instead, use: GeneratePresignedUrlRequest("bucket", "prefix/key")

Anuragh6911 commented 10 months ago

Thank you @debora-ito this fixed my issue.

I was wondering why this worked with the micronaut version 3.7.9 ? I used the same version aws-sdk in both cases.

debora-ito commented 10 months ago

We are not the maintainers of Micronaut, you need to reach out to them. Closing this.

github-actions[bot] commented 10 months ago

COMMENT VISIBILITY WARNING

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.