search

peterknife / boto

Automatically exported from code.google.com/p/boto
0 stars 0 forks source link

SignatureDoesNotMatch Error when using Boto 2.0b4 #510

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. Install python-boto 2.0b4 on Debian Squeeze 
2. Use a Proxy (export http_proxy=http://proxy:3128)
3. edit ~/.boto

  [Boto]
  debug=2

3. Run the script: 

  import boto
  import boto.ec2
  regions = boto.ec2.regions()

What is the expected output? What do you see instead?

Expected: 

root[EC2:elconas]@debian:~$ python muh.py 2>&1 | grep reply
reply: 'HTTP/1.1 200 OK\r\n'

Failure: 
root[EC2:elconas]@debian:~$ python muh.py 2>&1 | grep reply
reply: 'HTTP/1.1 403 Forbidden\r\n'

What version of the product are you using? On what operating system?

Ok: boto 1.9
Problem: boto 2.0b4 
OS: Debian Squeeze (i386)

Please provide any additional information below.

I need to run boto 2.0 to get support for TagSets, thus it needs to work :(

Running on Boto 1.9 (Debian Package)
------------------------------------

2011-04-08 12:31:16,743 foo [DEBUG]:using calc_signature_2
2011-04-08 12:31:16,744 foo [DEBUG]:query string: 
AWSAccessKeyId=XXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=HmacSHA
256&SignatureVersion=2&Tim
estamp=2011-04-08T10%3A31%3A16&Version=2009-11-30
2011-04-08 12:31:16,744 foo [DEBUG]:string_to_sign: GET
ec2.amazonaws.com
/
AWSAccessKeyId=XXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=HmacSHA
256&SignatureVersion=2&Timestamp=2011-04-08T10%3A31%3A16&Version=2009-11-30
2011-04-08 12:31:16,744 foo [DEBUG]:len(b64)=44
2011-04-08 12:31:16,744 foo [DEBUG]:base64 encoded digest: 
e0fnANcBOFYinrrz3sLOjmgE33tcNXEhZbiBGoTLSiI=
2011-04-08 12:31:16,745 foo [DEBUG]:Canonical: GET

Fri, 08 Apr 2011 10:31:16 GMT
/https:/ec2.amazonaws.com/
2011-04-08 12:31:16,745 foo [DEBUG]:Method: GET
2011-04-08 12:31:16,746 foo [DEBUG]:Path: 
https://ec2.amazonaws.com/?AWSAccessKeyId=XXXXXXXXXXXXXXXXXX&Action=DescribeRegi
ons&SignatureMethod=HmacSHA256&Sig
natureVersion=2&Timestamp=2011-04-08T10%3A31%3A16&Version=2009-11-30&Signature=e
0fnANcBOFYinrrz3sLOjmgE33tcNXEhZbiBGoTLSiI%3D
2011-04-08 12:31:16,746 foo [DEBUG]:Data:
2011-04-08 12:31:16,746 foo [DEBUG]:Headers: {'Date': 'Fri, 08 Apr 2011 
10:31:16 GMT', 'Content-Length': '0', 'Authorization': 'AWS 
XXXXXXXXXXXXXXXXXX:Ad0JO
Dbv8G+uM1WVZI+o2qYls/Q=', 'User-Agent': 'Boto/1.9b (linux2)'}
2011-04-08 12:31:16,746 foo [DEBUG]:Host: None
2011-04-08 12:31:16,746 foo [DEBUG]:establishing HTTP connection
2011-04-08 12:31:17,356 foo [DEBUG]:<?xml version="1.0" encoding="UTF-8"?>
<DescribeRegionsResponse xmlns="http://ec2.amazonaws.com/doc/2009-11-30/">
    <requestId>bd93603d-705a-49e0-b49f-098cd0b46f9d</requestId>
    <regionInfo>
        <item>
            <regionName>eu-west-1</regionName>
            <regionEndpoint>ec2.eu-west-1.amazonaws.com</regionEndpoint>
        </item>
        <item>
            <regionName>us-east-1</regionName>
            <regionEndpoint>ec2.us-east-1.amazonaws.com</regionEndpoint>
        </item>
        <item>
            <regionName>ap-northeast-1</regionName>
            <regionEndpoint>ec2.ap-northeast-1.amazonaws.com</regionEndpoint>
        </item>
        <item>
            <regionName>us-west-1</regionName>
            <regionEndpoint>ec2.us-west-1.amazonaws.com</regionEndpoint>
        </item>
        <item>
            <regionName>ap-southeast-1</regionName>
            <regionEndpoint>ec2.ap-southeast-1.amazonaws.com</regionEndpoint>
        </item>
    </regionInfo>
</DescribeRegionsResponse>

Same call with Boto 2.0 beta 4
------------------------------

2011-04-08 12:30:29,966 foo [DEBUG]:using _calc_signature_2
2011-04-08 12:30:29,967 foo [DEBUG]:query string: 
AWSAccessKeyId=XXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=HmacSHA
256&SignatureVersion=2&Timestamp=2011-04-08T10%3A30%3A29Z&Version=2010-08-31
2011-04-08 12:30:29,967 foo [DEBUG]:string_to_sign: POST
ec2.amazonaws.com
https://ec2.amazonaws.com/
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=HmacS
HA256&SignatureVersion=2&Timestamp=2011-04-08T10%3A30%3A29Z&Version=2010-08-31
2011-04-08 12:30:29,967 foo [DEBUG]:len(b64)=44
2011-04-08 12:30:29,967 foo [DEBUG]:base64 encoded digest: 
Dv7JJTriq4Dtq8zCIMnn7v6ECnamOk6kABVOnOZ04pQ=
2011-04-08 12:30:29,968 foo [DEBUG]:query_string: 
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=HmacS
HA256&SignatureVersion=2&Timestamp=2011-04-08T10%3A30%3A29Z&Version=2010-08-31 
Signature: Dv7JJTriq4Dtq8zCIMnn7v6ECnamOk6kABVOnOZ04pQ=
2011-04-08 12:30:29,968 foo [DEBUG]:Method: POST
2011-04-08 12:30:29,968 foo [DEBUG]:Path: https://ec2.amazonaws.com/
2011-04-08 12:30:29,968 foo [DEBUG]:Data: 
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=HmacS
HA256&SignatureVersion=2&Timestamp=2011-04-08T10%3A30%3A29Z&Version=2010-08-31&S
ignature=Dv7JJTriq4Dtq8zCIMnn7v6ECnamOk6kABVOnOZ04pQ%3D
2011-04-08 12:30:29,968 foo [DEBUG]:Headers: {'Content-Length': '215', 
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 
'User-Agent': 'Boto/2.0b4 (linux2)'}
2011-04-08 12:30:29,968 foo [DEBUG]:Host: ec2.amazonaws.com
2011-04-08 12:30:29,969 foo [DEBUG]:establishing HTTPS connection
2011-04-08 12:30:30,445 foo [DEBUG]:<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>SignatureDoesNotMatch</Code><Message>The request 
signature we calculated does not match the signature you provided. Check your 
AWS Secret Access Key and signing method. Consult the service documentation for 
details.</Message></Error></Errors><RequestID>822ed26b-c0ce-41ae-8ef3-2723350e19
bd</RequestID></Response>
2011-04-08 12:30:30,445 foo [ERROR]:403 Forbidden
2011-04-08 12:30:30,445 foo [ERROR]:<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>SignatureDoesNotMatch</Code><Message>The request 
signature we calculated does not match the signature you provided. Check your 
AWS Secret Access Key and signing method. Consult the service documentation for 
details.</Message></Error></Errors><RequestID>822ed26b-c0ce-41ae-8ef3-2723350e19
bd</RequestID></Response>
send: 'POST https://ec2.amazonaws.com/ HTTP/1.1\r\nHost: 
ec2.amazonaws.com\r\nAccept-Encoding: identity\r\nContent-Length: 
215\r\nContent-Type: application/x-www-form-urlencoded; 
charset=UTF-8\r\nUser-Agent: Boto/2.0b4 (linux2)\r\n\r\n'
send: 
'AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX&Action=DescribeRegions&SignatureMethod=Hmac
SHA256&SignatureVersion=2&Timestamp=2011-04-08T10%3A30%3A29Z&Version=2010-08-31&
Signature=Dv7JJTriq4Dtq8zCIMnn7v6ECnamOk6kABVOnOZ04pQ%3D'
reply: 'HTTP/1.1 403 Forbidden\r\n'
header: Transfer-Encoding: chunked
header: Date: Fri, 08 Apr 2011 10:25:43 GMT
header: Server: AmazonEC2

Original issue reported on code.google.com by elconas...@googlemail.com on 8 Apr 2011 at 10:40

GoogleCodeExporter commented 9 years ago 
Thanks for the detailed report.  We obviously screwed something up with proxies 
when we moved to the plugable authentication mechanism.  I'm going through this 
now to try to identify the problem.

Original comment by Mitch.Ga...@gmail.com on 8 Apr 2011 at 1:53

GoogleCodeExporter commented 9 years ago 
I don't have an easy way to test with a proxy server.  I wonder if it would be 
possible for you to apply this patch, try your call again, and let me know the 
results?

Original comment by Mitch.Ga...@gmail.com on 8 Apr 2011 at 2:18

Attachments:

GoogleCodeExporter commented 9 years ago 
Done that - fixed that :)

I applied the patch (had to it manually) and now everything works. Thank you 
for this fix ! - this is what I call fast open source support. Thumps up!

Regards, 
Robert

Original comment by elconas...@googlemail.com on 8 Apr 2011 at 3:24

GoogleCodeExporter commented 9 years ago 
That's great to hear.  I'm going to do a bunch of testing here locally to 
confirm that I haven't broken anything else and if all goes well, I will push 
this change to github.  Thanks for reporting and for testing.

Original comment by Mitch.Ga...@gmail.com on 8 Apr 2011 at 3:29

GoogleCodeExporter commented 9 years ago 
BTW: I also had this problem, 2.0b4 and b5, on Windows XP (yes I know dangit) 
behind corporate proxy.

Applying this patch fixed it for me too.

Original comment by liam.friel on 4 May 2011 at 12:56

GoogleCodeExporter commented 9 years ago 
This patch has been merged to github master:

https://github.com/boto/boto/commit/a4e3bfc23828538d3ee4ed2871aa5087ea457015

Original comment by Mitch.Ga...@gmail.com on 4 May 2011 at 2:21

GoogleCodeExporter commented 9 years ago 
Issue 491 has been merged into this issue.

Original comment by Mitch.Ga...@gmail.com on 4 May 2011 at 2:22

GoogleCodeExporter commented 9 years ago 
If you're running boto-2.0b4 on Google App Engine, you'll probably get 
SignatureDoesNotMatch errors as well.  Cloning the git repo makes everything 
all right.

Original comment by ryancut...@gmail.com on 30 May 2011 at 4:41