search

awslabs / amazon-kinesis-video-streams-webrtc-sdk-ios

iOS SDK for interfacing with the Amazon Kinesis Video Streams Signaling Service.
Apache License 2.0
66 stars 29 forks source link

WSS URL signing percentage encoding issue #76

Closed ankitsaini56 closed 1 year ago

ankitsaini56 commented 1 year ago

WSS URL signing percentage encoding was missed for X-Amz-ChannelARN key in queryParamsBuilder, because of that signalling socket connection was failing, have fixed this

sirknightj commented 1 year ago

Hi @ankitsaini56, thanks for your contribution. Could you please share what clientId you were trying that resulted in a failure to connect to the signaling websocket? (which clientId wasn't working previously, that is now working?)

ankitsaini56 commented 1 year ago

Hi @sirknightj The issue was not because of client id, while creating and signing the websocket url some Percentage encoding was missing, so the signalling was failing.

Before encoding

wss://m-3bffc0cd.kinesisvideo.ap-south-1.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-ChannelARN=arn:aws:kinesisvideo:ap-south-1:435372955654:channel/xyzChannelName/1692691929113214&X-Amz-Credential=xyz%x12z%2FREGION%2Fkinesisvideo%2Faws4_request&X-Amz-Date=20230824T063615Z&X-Amz-Expires=299&X-Amz-SignedHeaders=host&X-Amz-Signature=c1234kasdfueaf235dsfk4nkjkbadfkjb3kbkjabjkf

After encoding wss://m-3bffc0cd.kinesisvideo.ap-south-1.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-ChannelARN=arn%3Aaws%3Akinesisvideo%3Aap-south-1%3A435372955654%3Achannel%2FxyzChannelName%2F16926919291123413&X-Amz-Credential=xyz%2Fx12z%2FRegion%2Fkinesisvideo%2Faws4_request&X-Amz-Date=20230829T1101211Z&X-Amz-Expires=299&X-Amz-SignedHeaders=host&X-Amz-Signature=c1234kasdfueaf235dsfk4nkjkbadfkjb3kbkjabjkf

sirknightj commented 1 year ago

The original method works for me. Here are some logs of the existing sample without any modifications.

WSS URL : Optional("wss://x.kinesisvideo.us-west-2.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-ChannelARN=arn:aws:kinesisvideo:us-west-2:x:channel/demo-channel/x&X-Amz-Credential=x%2F20230908%2Fus-west-2%2Fkinesisvideo%2Faws4_request&X-Amz-Date=20230908T030900Z&X-Amz-Expires=299&X-Amz-Security-Token=x&X-Amz-SignedHeaders=host&X-Amz-Signature=x")
2023-09-07 20:09:00.919743-0700 AWSKinesisVideoWebRTCDemoApp[21217:6838651] Warning: A long-running operation is being executed on the main thread. 
 Break on awsbf_warnBlockingOperationOnMainThread() to debug.
ICE Server List :  [<AWSKinesisVideoSignalingIceServer: 0x600002e3ef70> {
    password = "x";
    ttl = 300;
    uris =     (
        "turn:x.kinesisvideo.us-west-2.amazonaws.com:443?transport=udp",
        "turns:x.kinesisvideo.us-west-2.amazonaws.com:443?transport=udp",
        "turns:x.kinesisvideo.us-west-2.amazonaws.com:443?transport=tcp"
    );
    username = "x:x";
}, <AWSKinesisVideoSignalingIceServer: 0x600002e3e640> {
    password = "x";
    ttl = 300;
    uris =     (
        "turn:x.kinesisvideo.us-west-2.amazonaws.com:443?transport=udp",
        "turns:x.kinesisvideo.us-west-2.amazonaws.com:443?transport=udp",
        "turns:x.kinesisvideo.us-west-2.amazonaws.com:443?transport=tcp"
    );
    username = "x:x";
}]
2023-09-07 20:09:01.196310-0700 AWSKinesisVideoWebRTCDemoApp[21217:6838651] [plugin] AddInstanceForFactory: No factory registered for id <CFUUID 0x6000020dce80> F8BB1C28-BAE8-11D6-9C31-00039315CD46
Connecting to web socket from channel config
Successfully connected!

I pulled in your changes and can confirm it still connects to Signaling.

I also tried using the original output URL to wscat, and that gave a 403, whereas your fixed version successfully connects. Even though the original URL should have encoded the : character, the WebSocket client that we're using looks to accept both.

ankitsaini56 commented 1 year ago

Thanks @sirknightj