Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set useDoubleURIEncode to false for S3 SigV4Config #718

Closed
harsh62 opened this issue Nov 17, 2022 · 5 comments · Fixed by #719
Closed

Set useDoubleURIEncode to false for S3 SigV4Config #718

harsh62 opened this issue Nov 17, 2022 · 5 comments · Fixed by #719
Assignees
@jbelkins
Labels
bug This issue is a bug.

Comments

@harsh62
Copy link
Member

harsh62 commented Nov 17, 2022

Describe the bug

We are facing an issue where the presignURL captured from GetObjectInput , PutObjectInput and UploadPartInput has useDoubleURIEncode set to true which fails to upload to S3.

Expected Behavior

The presignURL captured from the S3 Input objects should result in successful uploads.

Current Behavior

The presignURL results in a not authorized 403 error.

The request signature we calculated does not match the signature you provided. Check your key and signing method."), _requestID: Optional("DKGVF6G0WJQ2ETGD"), _retryable: false, _type: ClientRuntime.ErrorType.unknow

Reproduction Steps

Create a presignedURL form the input and use that to upload to S3 using URLSession.

let config: S3ClientConfigurationProtocol = // your configuration
let input = GetObjectInput(bucket: bucket, key: key)
let preSignedUrl = try await input.presignURL(config: config, expiration: expiration)

Possible Solution

Set useDoubleURIEncode set to false for S3 during SigV4 creation.

Additional Information/Context

No response

AWS SWIFT SDK version used

0.5.0

Compiler and Version used

Xcode 14.1

Operating System and version

iOS 16.1
@harsh62 harsh62 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 17, 2022
@jbelkins
Copy link
Contributor

URLs being signed for S3 requests must be constructed with single URI-encoding of the canonical URI. Other services receive double URI-encoding.
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html (see step 2.)

Our presign and presignURL methods for S3 operations do not specify single URI-encoding (though our operations do.)

@harsh62
Copy link
Member Author

harsh62 commented Nov 17, 2022
edited
Loading

Also note that UploadPartInput is missing a method to fetch presignURL. Please note that GetObjectInput , PutObjectInput has dedicated methods to get presignURL.
It would be nice if UploadPartInput could also provide that method.

@jbelkins jbelkins mentioned this issue Nov 18, 2022
Merged
@epau epau removed the needs-triage This issue or PR still needs to be triaged. label Nov 18, 2022
@jbelkins
Copy link
Contributor

@harsh62 #723 has been created for the UploadPart presign feature.

@jbelkins
Copy link
Contributor

Fix for this issue is in #719 and will ship in the next release.

It was also discovered that the SDK was improperly normalizing URL paths for requests to S3; though that is not related to this issue, it has been fixed as well.

@jbelkins jbelkins reopened this Nov 29, 2022
@jbelkins
Copy link
Contributor

jbelkins commented Dec 7, 2022

Shipped in https://github.com/awslabs/aws-sdk-swift/releases/tag/0.6.0, closing as completed.

@jbelkins jbelkins closed this as completed Dec 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jbelkins jbelkins

Labels
bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: fix S3 presigning, centralize generation of signature params awslabs/aws-sdk-swift
3 participants
@jbelkins @epau @harsh62