Ivan Andika created HDDS-12935:
----------------------------------
Summary: Fix S3G signature mismatch for
STREAMING-UNSIGNED-PAYLOAD-TRAILER
Key: HDDS-12935
URL: https://issues.apache.org/jira/browse/HDDS-12935
Project: Apache Ozone
Issue Type: Sub-task
Reporter: Ivan Andika
Assignee: Ivan Andika
HDDS-12488 fixes the issue where the AWS checksum trailer data is silently
appended to the final payload. This works for http endpoint which will by
default provide with signed payload (i.e. x-amz-content-sha256 is set to the
payload signature).
When the request is sent against https endpoint, the x-amz-content-sha256 is
set to STREAMING-UNSIGNED-PAYLOAD-TRAILER. HDDS-12488 handled it by using
string "UNSIGNED-PAYLOAD: when building the canonical request
(StringToSignProducer#buildCanonicalRequest). However, this causes the mismatch
between the AWS SDK canonical request and the calculated canonical request
which results in signature mismatch and all PutObject requests for the newer
AWS SDK version to fail. The correct behavior seems to use the
"STREAMING-UNSIGNED-PAYLOAD-TRAILER" instead of "UNSIGNED-PAYLOAD" when
building the canonical request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
