search

aws / aws-sdk-net

The official AWS SDK for .NET. For more information on the AWS SDK for .NET, see our web site:
http://aws.amazon.com/sdkfornet/
Apache License 2.0
2.05k stars 852 forks source link

AmazonCloudFrontUrlSigner doesn't work in non-windows environment #606

Closed steelheaddigital closed 7 years ago

steelheaddigital commented 7 years ago

Attempting to use the AmazonCloudFrontCookieSigner.GetCookiesForCannedPolicy() method in a Linux (Docker) environment results in "System.PlatformNotSupportedException: Operation is not supported on this platform."

Stack Trace:

System.PlatformNotSupportedException: Operation is not supported on this platform. at Amazon.CloudFront.AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(TextReader privateKeyReader) at Amazon.CloudFront.AmazonCloudFrontCookieSigner.GetCookiesForCannedPolicy(String resourceUrlOrPath, String keyPairId, TextReader privateKey, DateTime expiresOn) at Amazon.CloudFront.AmazonCloudFrontCookieSigner.GetCookiesForCannedPolicy(String resourceUrlOrPath, String keyPairId, FileSystemInfo privateKey, DateTime expiresOn) at Learning.ContentDeliveryService.Web.Controllers.LaunchController.Post() at lambda_method(Closure , Object , Object[] ) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d27.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d25.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d22.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ResourceExecutedContext context) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d20.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Builder.RouterMiddleware.d4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d6.MoveNext() fail: GlobalExceptionHandler[0] Operation is not supported on this platform. GlobalExceptionHandler:Error: Operation is not supported on this platform. Loaded '/root/.nuget/packages/System.Xml.XDocument/4.3.0/lib/netstandard1.3/System.Xml.XDocument.dll' info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 15074.6292ms 500 application/json Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 15074.6292ms 500 application/json

Here's the code I'm attempting to run. Note, this works fine when running in Windows.

var cookieOptions = new CookieOptions
{
    Secure = true,
    Domain = "learning.com"
};

var cloudFrontKeyPairId = _cloudFrontKeyPairId;

var privateKeyFile = new FileInfo("_privateKeyLocation");
const string resourceUri = "https://somedomain.com/test.html";

var awsCookies = AmazonCloudFrontCookieSigner.GetCookiesForCannedPolicy(
    resourceUri,
    cloudFrontKeyPairId,
    privateKeyFile,
    DateTime.Today.AddYears(1)); // Date until which the signed cookies are valid

Response.Cookies.Append(awsCookies.Expires.Key, awsCookies.Expires.Value, cookieOptions);
Response.Cookies.Append(awsCookies.Signature.Key, awsCookies.Signature.Value, cookieOptions);
Response.Cookies.Append(awsCookies.KeyPairId.Key, awsCookies.KeyPairId.Value, cookieOptions);

return new RedirectResult(resourceUri);

The issue appears to be in ConvertPEMToRSAParameters method in AmazonCloudFrontUrlSigner.cs. This method is using RSACryptoServiceProvider, which is a Windows-only class as far as I can tell. I believe it should be using RSA.Create() instead. Note, this is also an issue SignWithSha1RSA() method.

vellozzi commented 7 years ago

We've reproduced the issue and are working on a fix.

vellozzi commented 7 years ago

This is fixed in https://www.nuget.org/packages/AWSSDK.CloudFront/ version 3.3.3.2.