justinm1 / s3signeraws Goto Github PK

Hi. I have an issue where query parameters such as response-content-disposition on a s3 url that i want to presign leads to an invalid request.

let url = "https://s3.amazonaws.com/somebucket/resources/8fc67703-27e7-4717-aa2e-1b68cf1396b2_sketch.zip?response-content-disposition=attachment%3b+filename%3diPhone%20XS%203DSketch.zip"
return try signer.presignedURLV4(httpMethod: .get, urlString: url,
                                         expiration: .thirtyMinutes, headers: [:])

generates this url:

https://s3.amazonaws.com/somebucket/resources/8fc67703-27e7-4717-aa2e-1b68cf1396b2_sketch.zip?response-content-disposition=attachment%3b+filename%3diPhone%20XS%203DSketch.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISXSCUIUV72UKPUQ%2F20181129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20181129T132601Z&X-Amz-Expires=1800&X-Amz-SignedHeaders=host&X-Amz-Signature=946680fadbd3637df79ce26c25fd3f5feaa4b1c530949b01e74552739143f479

which is clearly wrong since S3SignerAWS adds another ? to the query. I think the issue in question is caused by this line:

https://github.com/JustinM1/S3SignerAWS/blob/master/Sources/S3SignerAWS.swift#L302

Which should probably be appending the queryComponents instead.

It would be amazing to have Region.host public so the developer doesn't have to replicate the same enum on their side when building the S3 URL

Thanks,

Ondrej

It's not very clean to use it in other frameworks like perfect, because of the Vapor dependencies. Isn't it possible to use some 3rd party lib like CryptoSwift?

I am getting the following error from Amazon when generating a v4 signed url for a delete request:

Optional(Response
- Version: 1.1.0
- Status: 400
- Headers:
	Connection: close
	Transfer-Encoding: chunked
	Server: AmazonS3
	x-amz-id-2: !REDACTED!
	x-amz-request-id: B14FD676248BDE17
	Content-Type: application/xml
	Date: Fri, 15 Sep 2017 13:35:43 GMT
- Body:
	<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AuthorizationQueryParametersError</Code><Message>X-Amz-Date must be in the ISO8601 Long Format "yyyyMMdd'T'HHmmss'Z'"</Message><RequestId>B14FD676248BDE17</RequestId><HostId>WT6L5j7KbXwRLZAUvoqpZhFvpdl7QrnSA3E0aBEAOcMY5hb2ZXj74Uaug7Isf6oJHESZ/dT/oV0=</HostId></Error>)

I am generating the url like this:

return try signer.presignedURLV4(httpMethod: .delete, urlString: url,
                                         expiration: .thirtyMinutes, headers: [:])

It fails when uri(path name at aws S3) has special characters like "="(for Hive compatible partition name), thus I think it needs to encode this at "createStringToSign" method.

I Found this AWS guide
at http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html

Using Base64 Encoding

HMAC request signatures must be Base64 encoded. Base64 encoding converts the signature into a simple ASCII string that can be attached to the request. Characters that could appear in the signature string like plus (+), forward slash (/), and equals (=) must be encoded if used in a URI. For example, if the authentication code includes a plus (+) sign, encode it as %2B in the request. Encode a forward slash as %2F and equals as %3D.

Guys, When I try to complete a project under Swift 4, using S3SignerAWS, Xcode suggests a code change in the following function:

internal func canonicalHeaders(
	headers: [String: String])
	-> String
{
		let headerList = Array(headers.keys)
			.map { "\($0.lowercased()):\(headers[$0]!)" }
			.filter { $0 != "authorization" }
			.sorted { $0.localizedCompare($1) == ComparisonResult.orderedAscending }
			.joined(separator: "\n")
			.appending("\n")
		
		return headerList

}

to

internal func canonicalHeaders(
headers: [String: String])
-> String
{
let headerList = Array(headers.keys)
.map { "($0.lowercased()):(headers[$0]!)" }
.filter { $0 != "authorization" }
.sorted { $0.0.localizedCompare($0.1) == ComparisonResult.orderedAscending }
.joined(separator: "\n")
.appending("\n")

		return headerList
}

This then causes other syntax issues.

Kind regards, Phil

I am tried to generate a valid V4 pre-signed url for uploading an image to S3.

I have checked and double-checked this:

• I have a valid set of accessKey and secretKey
• The IAM user for the keys has PutObject & PutObjectAcl permissions for the correct bucket
• The bucket's ACL has "Any authenticated AWS user" Read, Write access
• My bucket name does not contain a - or a .

Here is my code:

let path = generateUrlForAsset(withName: assetName, fileExtension: validated.fileExtension)
let requestHeaders = ["x-amz-acl": "public-read"]
let preSigned = try s3Signer.presignedURLV4(httpMethod: .put, urlString: path, expiration: .thirtyMinutes, headers: requestHeaders)

the generateUrlForAsset function generates a url like https://s3.amazonaws.com/mybucketname/originals/5FBD0704-882B-4A8A-B931-8DB03D8DECBC.png

I've tried using the signed url both with a web form but also curl like so:

curl "https://s3.amazonaws.com/mybucketname/originals/5FBD0704-882B-4A8A-B931-8DB03D8DECBC.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYS3ISSUEDACCESSKEY%2F20170629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170629T125701Z&X-Amz-Expires=1800&X-Amz-SignedHeaders=host;x-amz-acl&X-Amz-Signature=68c7d70b876a581bb581d23b159c2161dcc4f76343468dc5d805813ef1724b9c" --upload-file test.png -H "x-amz-acl: public-read"

I am out of options for debugging so far. Do you have any idea what I might be doing wrong?

Update 1:
I studied the generated url further and I saw that the query parameter for signed headers seperate the headers by ; which doesn't seem like a valid query parameter value to mee

X-Amz-SignedHeaders=host;x-amz-acl

Update 2:
I remove the x-amz-acl header from the list of headers and the url works now.

Update 3:
Escaping the ; is unfortunately not enough.

I tried generating a url with the native aws-sdk for node.js and it generates the same url where the ; is escaped, but it also appends &x-amz-acl=public-read. This URL however works.

I'm getting the error "no such module 'Core'" and also on crypto. Where do these imports are coming from?