Denis Jakupovic created NIFI-8608:
-------------------------------------
Summary: PutS3Object processor missing SHA256 Hash on https
endpoint. Enhancement
Key: NIFI-8608
URL: https://issues.apache.org/jira/browse/NIFI-8608
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.13.2, 1.13.1, 1.12.1
Reporter: Denis Jakupovic
Here is the HTTP PUT Header which is send by the PutS3Object processor if the
endpoint url of the s3 backend uses the https protocol:
PUT HTTP/1.1
[https://xxxxxxxx/bucket/file|https://172.29.20.55/BMS_TestZCP3/test/3004856f-6327-460d-b8ab-8ce0490f7a9d]
Host: xxxxxxxxx
User-Agent: NiFi, aws-sdk-java/1.11.880 Linux/3.10.0-1160.11.1.el7.x86_64
OpenJDK_64-Bit_Server_VM/25.282-b08 java/1.8.0_282 vendor/Oracle_Corporation
Content-Length: 25600
Amz-Sdk-Invocation-Id: 8a531ba6-7aa2-e679-0c5b-84779636e71e
Amz-Sdk-Request: attempt=1;max=1
Amz-Sdk-Retry: 0/0/500
Authorization: AWS4-HMAC-SHA256
Credential=C6anqCx1lMuGd7wAwUPO/20210517/us-east-1/s3/aws4_request,
SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;amz-sdk-retry;content-disposition;content-length;content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-storage-class,
Signature=fa16cf4bxxxxxxxxxx
Content-Disposition: 3004856f-6327-460d-b8ab-8ce0490f7a9d
Content-Type: application/octet-stream
Expect: 100-continue
X-Amz-Content-Sha256: *UNSIGNED-PAYLOAD*
X-Amz-Date: 20210517T112524Z
X-Amz-Storage-Class: STANDARD
Accept-Encoding: gzip
If the endpoint is set to http scheme instead the sha256 hash is being send.
Tested with "Use Chunked encoding" true and false.
It would be great if the processor had a property where signed headers could be
put dynamically seperated by a semicolon ; and inserted in the AWSV4 signature
at signedheaders and in the calculation of the signature.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
