[jira] [Created] (JCLOUDS-1161) Signed PUT requests using signature v4

Mon, 29 Aug 2016 09:56:33 -0700 

Shri Javadekar created JCLOUDS-1161:
---------------------------------------

             Summary: Signed PUT requests using signature v4
                 Key: JCLOUDS-1161
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1161
             Project: jclouds
          Issue Type: Bug
          Components: jclouds-blobstore
    Affects Versions: 2.0.0
         Environment: Tried this on commit 
557a1156945590c221094a1ccc983ba9e1d99a60.

{noformat}
commit 557a1156945590c221094a1ccc983ba9e1d99a60
Author: Iván Lomba <[email protected]>
Date:   Tue Aug 16 22:12:47 2016 +0200

    JCLOUDS-482: Fix ProfitBricksComputeServiceLiveTest custom hardware assert
{noformat}
            Reporter: Shri Javadekar
             Fix For: 2.0.0


JIRA issues JCLOUDS-766 and JCLOUDS-1090 mention that signed put requests don't 
work with jclouds. This is because "v4 URL signing requires a content hash for 
the server to accept the PUT request but the jclouds API does not allow for 
this". There is another way for doing this. The AWS documentation[1] says that 
phrase UNSIGNED-PAYLOAD can be used when the content hash is not available.

The current code in jclouds already uses UNSIGNED-PAYLOAD as the content hash 
and signs the requests. However, even with that signed put requests were 
failing for me.

Here are a couple of things I had to do to get signed put requests to work.

1. Use AWSS3BlobRequestSignerv4.
{noformat}
diff --git 
a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
 
b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
index 6c551d5..79ea8c7 100644
--- 
a/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
+++ 
b/providers/aws-s3/src/main/java/org/jclouds/aws/s3/blobstore/config/AWSS3BlobStoreContextModule.java
@@ -16,7 +16,7 @@
  */
 package org.jclouds.aws.s3.blobstore.config;

-import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSigner;
+import org.jclouds.aws.s3.blobstore.AWSS3BlobRequestSignerV4;
 import org.jclouds.aws.s3.blobstore.AWSS3BlobStore;
 import org.jclouds.blobstore.BlobRequestSigner;
 import org.jclouds.s3.blobstore.S3BlobStore;
@@ -34,6 +34,6 @@ public class AWSS3BlobStoreContextModule extends 
S3BlobStoreContextModule {

    @Override
    protected void bindRequestSigner() {
-      bind(BlobRequestSigner.class).to(AWSS3BlobRequestSigner.class);
+      bind(BlobRequestSigner.class).to(AWSS3BlobRequestSignerV4.class);
    }
 }
{noformat}

2. In my application, I had to make sure that the contentMD5 is not added to 
the blob builder.
{noformat}
                            blob = blobStore.blobBuilder(newBlobName())
                                .forSigning()
                                .payload(input)
                                .contentLength(input.size())
//                                .contentMD5(input.hash(Hashing.md5()))  
<<<------------ HAD TO REMOVE THIS
                                .contentType(MediaType.OCTET_STREAM.toString())
                                .build();
                            request = signer.signPutBlob(containerName, blob,
                                    requestTimeoutSeconds);
{noformat}

Ofcourse, #2 above is the responsibility of the app writer. But jclouds should 
change the default signed to AWSS3BlobRequestSignerV4.

[1] http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to