[
https://issues.apache.org/jira/browse/JCLOUDS-1476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16733147#comment-16733147
]
Blagoi Anastasov commented on JCLOUDS-1476:
-------------------------------------------
Strange that when I upload to S3(not amazon) endpoint also using V4 Signature,
it passes with response 200 and the file is uploaded successfully. It happens
only when I point to amazon s3 endpoint. Do you have any suggestions?
> AWS4 double authentication: query string and headers
> ----------------------------------------------------
>
> Key: JCLOUDS-1476
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1476
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-blobstore
> Affects Versions: 2.1.1
> Reporter: Blagoi Anastasov
> Priority: Major
>
> Hi,
> There is a problem when using AWSS3BlobRequestSignerV4.java signPutBLob(...)
> method as it turns out that the request which is returned is double
> signed(with query string, concatenated to the endpoint and also with
> headers). This happens when the blob object is created with
> payload(InputStream). It does not happen when the blob is with payload(File).
> I have examined it and it looks like when filtering the request in
> filter(HttpRequest request) method in RequestAuthorizeSignatureV4.java, as
> the payload is InputStream it is not repeatable by default so the
> filter(HttpRequest request) method goes for signForChunkedUpload(request)
> instead of signForAuthorizationHeader(request). And in this case the request
> returned is double signed. It has authorization headers and also
> authorization query string. It fails with:
> Caused by: org.jclouds.aws.AWSResponseException: request PUT
> https://xxx.xxx.xxx.xxx.s3.eu-central-1.amazonaws.com/upload/a1.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20181218/eu-central-1/s3/aws4_request&X-Amz-Date=20181218T115649Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=xxx
> HTTP/1.1 failed with code 400, error: AWSError\{requestId='xxx',
> requestToken='xxx', code='InvalidArgument', message='Only one auth mechanism
> allowed; only the X-Amz-Algorithm query parameter, Signature query string
> parameter or the Authorization header should be specified',
> context='{ArgumentValue=AWS4-HMAC-SHA256
> Credential=xxx/20181218/eu-central-1/s3/aws4_request,
> SignedHeaders=content-encoding;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length,
> Signature=xxx, HostId=xxx, ArgumentName=Authorization}'}
>
> Here is also stack trace:
>
> Caused by: org.jclouds.aws.AWSResponseException: request PUT
> https://xxx.xxx.xxx.xxx.s3.eu-central-1.amazonaws.com/upload/a1.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20181218/eu-central-1/s3/aws4_request&X-Amz-Date=20181218T115649Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=xxx
> HTTP/1.1 failed with code 400, error:
> AWSError\{requestId='6D61670538525FB9', requestToken='xxx',
> code='InvalidArgument', message='Only one auth mechanism allowed; only the
> X-Amz-Algorithm query parameter, Signature query string parameter or the
> Authorization header should be specified',
> context='{ArgumentValue=AWS4-HMAC-SHA256
> Credential=xxx/20181218/eu-central-1/s3/aws4_request,
> SignedHeaders=content-encoding;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length,
> Signature=xxx, HostId=xxx, ArgumentName=Authorization}'}
> at
> org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:75)
> at
> org.jclouds.http.handlers.DelegatingErrorHandler.handleError(DelegatingErrorHandler.java:65)
> at
> com.xxx.xxx.xxx.xxx.s3.xxx.jclouds.ssl.CustomJavaUrlHttpCommandExecutorService.shouldContinue(CustomJavaUrlHttpCommandExecutorService.java:125)
> at
> com.xxx.xxx.xxx.xxx.s3.xxx.jclouds.ssl.CustomJavaUrlHttpCommandExecutorService.invoke(CustomJavaUrlHttpCommandExecutorService.java:94)
> at
> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.java:91)
> at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:74)
> at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.java:45)
> at
> org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(DelegatesToInvocationFunction.java:156)
> at
> org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(DelegatesToInvocationFunction.java:123)
> at com.sun.proxy.$Proxy174.invoke(Unknown Source)
>
> It fails on invoke when trying to get a response from this request. But the
> problem is why the request is left to be double signed?
>
> Best Regards,
> Blago
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
