Comments (5)
This is also a problem for me, and I do not know how to fix it either.
from aws.
I've had several users report S3 compatible services that seem to not work with V2 authorization and so I tried switching my program to use V4. GetObject from aws with V4 works for me. I wonder what I'm doing differently?
I tried both path-style and request-style, to us-eastern.
from aws.
i got same problem
from aws.
some body help?
from aws.
this work
`s3SignQuery S3Query{..} S3Configuration{ s3SignVersion = S3SignV4 signpayload,s3UseUri = True, .. } sd@SignatureData{..}
= SignedQuery
{ sqMethod = s3QMethod
, sqProtocol = s3Protocol
, sqHost = B.intercalate "." $ catMaybes host
, sqPort = s3Port
, sqPath = mconcat $ catMaybes path
, sqQuery = queryString ++ signatureQuery :: HTTP.Query
, sqDate = Just signatureTime
, sqAuthorization = authorization
, sqContentType = s3QContentType
, sqContentMd5 = s3QContentMd5
, sqAmzHeaders = Map.toList amzHeaders
, sqOtherHeaders = s3QOtherHeaders
, sqBody = s3QRequestBody
, sqStringToSign = stringToSign
}
where
-- V4 signing
-- * http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
-- * http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
-- * http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
iamTok = maybe [] (\x -> [(hAmzSecurityToken, x)]) $ iamToken signatureCredentials
amzHeaders = Map.fromList $ (hAmzDate, sigTime):(hAmzContentSha256, payloadHash):iamTok ++ s3QAmzHeaders
where
-- needs to match the one produces in the @authorizationV4@
sigTime = fmtTime "%Y%m%dT%H%M%SZ" $ signatureTime
payloadHash = case (signpayload, s3QRequestBody) of
(AlwaysUnsigned, _) -> "UNSIGNED-PAYLOAD"
(_, Nothing) -> emptyBodyHash
(_, Just (HTTP.RequestBodyLBS lbs)) -> Base16.encode $ ByteArray.convert (CH.hashlazy lbs :: CH.Digest CH.SHA256)
(_, Just (HTTP.RequestBodyBS bs)) -> Base16.encode $ ByteArray.convert (CH.hash bs :: CH.Digest CH.SHA256)
(SignWithEffort, _) -> "UNSIGNED-PAYLOAD"
(AlwaysSigned, _) -> error "aws: RequestBody must be a on-memory one when AlwaysSigned mode."
emptyBodyHash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
(host, path) = case s3RequestStyle of
PathStyle -> ([Just s3Endpoint], [Just "/", fmap (`B8.snoc` '/') s3QBucket, urlEncodedS3QObject])
BucketStyle -> ([s3QBucket, Just s3Endpoint], [Just "/", urlEncodedS3QObject])
VHostStyle -> ([Just $ fromMaybe s3Endpoint s3QBucket], [Just "/", urlEncodedS3QObject])
where
urlEncodedS3QObject = s3UriEncode False <$> s3QObject
-- must provide host in the canonical headers.
-- Map.union amzHeaders .
canonicalHeaders = Map.fromList $ catMaybes
[ Just ("host", B.intercalate "." $ catMaybes host)
, ("content-type",) <$> s3QContentType
]
signedHeaders = "host";-- B8.intercalate ";" (map CI.foldedCase $ Map.keys canonicalHeaders)
stringToSign = B.intercalate "\n" $
[ httpMethod s3QMethod -- method
, mconcat . catMaybes $ path -- path
, s3RenderQuery False $ sort queryString -- query string
] ++
Map.foldMapWithKey (\a b -> [CI.foldedCase a Sem.<> ":" Sem.<> b]) canonicalHeaders ++
[ "" -- end headers
, signedHeaders
, amzHeaders Map.! hAmzContentSha256
]
(authorization, signatureQuery, queryString) = case ti of
AbsoluteTimestamp _ -> (Just auth, [], allQueries)
AbsoluteExpires time ->
( Nothing
, [(CI.original hAmzSignature, Just sig)]
, (allQueries ++) . HTTP.toQuery . map (first CI.original) $
[ (hAmzAlgorithm, "AWS4-HMAC-SHA256")
, (hAmzCredential, cred)
, (hAmzDate, amzHeaders Map.! hAmzDate)
, (hAmzContentSha256, amzHeaders Map.! hAmzContentSha256)
, (hAmzExpires, B8.pack . (show :: Integer -> String) . floor $ diffUTCTime time signatureTime)
, (hAmzSignedHeaders, signedHeaders)
] ++ iamTok
)
where
allQueries = s3QSubresources ++ s3QQuery
region = s3ExtractRegion s3Endpoint
auth = authorizationV4 sd HmacSHA256 region "s3" signedHeaders stringToSign
sig = signatureV4 sd HmacSHA256 region "s3" stringToSign
cred = credentialV4 sd region "s3"
ti = case ( signatureTimeInfo) of
( AbsoluteTimestamp time) -> AbsoluteExpires $ s3DefaultExpiry `addUTCTime` time
( AbsoluteExpires time) -> AbsoluteExpires time
`
from aws.
Related Issues (20)
- PutBucket versioning HOT 2
- add etag to PutObjectResponse
- add etag to GetBucketResponse HOT 1
- S3 Buckets with "." in the name cause TLS issues when running PutObject HOT 1
- Support for network 3.x?
- DynamoDB conditions: Missing `attribute_not_exists`? HOT 2
- Json support for basic types
- `credentialsDefaultFile` references non-standard location
- Support HTTP and custom port in SES HOT 1
- SES no longer works HOT 2
- Build errors with aeson-2 HOT 3
- New maintainer or at least contributor HOT 8
- support unauthenticated S3 requests HOT 4
- Kinesis support
- HTTP2 support
- unable to specify a region for S3 servers not in AWS HOT 2
- unable to specify User-Agent
- software design HOT 1
- Build error with aeson 2.2 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws.