7

I am developing code for salesforce. We are using 'Force.com for Amazon Web Services' App from Appexchange. The app is provided by Amazon.

I am downloading files from Amazon S3 on a machine.

Sometimes I am getting the below mentioned error. Interesting thing is, only sometimes I get this error, rest of the times it works, even for the same file.

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>

I tried using both URL patterns provided by Amazon. Expires is set for 1hr after link generation, hence may not be an issue.

URL1:- http://adminportal.s3.amazonaws.com/sample.pdf?AWSAccessKeyId=AKIAIRUZSRRCVSLXZCIA&Expires=1372653478&Signature=RvMJ1gJL+qNKmnRkqzuytmlUTGQ=
URL2:- http://s3.amazonaws.com/adminportal/sample.pdf?AWSAccessKeyId=AKIAIRUZSRRCVSLXZCIA&Expires=1372658253&Signature=%2FmI0m0PTlHJpJ%2FP5d%2FX3OApqzcI%3D

The signature is generated by class provided by Amazon, I guess it must work well all of the times.

Can someone elaborate why would S3 give this error only sometimes?

Ganesh Bhosle
  • 1,283
  • 6
  • 14
  • 33

2 Answers2

10

Finally I was able to solve this problem, here is how?

Sample URL for file on Amazon S3 is-

http://adminportal.s3.amazonaws.com/sample.pdf?AWSAccessKeyId=AKIAIRUZSRRCVSLXZCIA&Expires=1372653478&Signature=RvMJ1gJL+qNKmnRkqzuytmlUTGQ=

Here the Signature is generated by classes provided by Amazon.

For unknown reasons, 'Force.com for Amazon Web Services' app was generating signature which contain SPACES.

E.g. In the given URL, space is replaced by '+'.

To get rid of the problem, just URL encode the signature. Encoding will replace spaces with special character and problem will be resolved.

Ganesh Bhosle
  • 1,283
  • 6
  • 14
  • 33
  • 1
    Do you mean the '+' would get replaced by some special chars. I have this code: `var signature = crypto.createHmac('sha1',AWS_SECRET_KEY).update(put_request).digest( 'base64');` `signature = encodeURIComponent(signature.trim());` `signature = signature.replace('%2B','+');` should the last line be `signature = signature.replace('+', '%2B');` or should it be removed? – vinit May 23 '14 at 05:44
  • I am asking you because its very hard to recreate the test case, so wanted to make sure from you. – vinit May 23 '14 at 05:47
  • @vinit signature generated may contain spaces. The signature is URL parameter, & browser was replacing spaces in URL with '+' sign. URL encoding converts spaces to '%2B'. If you want to reproduce scenario, hard code above signature as 'RvMJ1gJL qNKmnRkqzuytmlUTGQ=' & check if code handles this & converts it to 'RvMJ1gJL%2BqNKmnRkqzuytmlUTGQ=' – Ganesh Bhosle May 26 '14 at 05:36
  • Cool, Thanks for the tip. – vinit May 26 '14 at 05:43
  • Heroku suggests using the `+` symbol to encode spaces (https://devcenter.heroku.com/articles/s3-upload-python#setting-up-the-server-side-python-code), and using `%2B` (`.quote()` instead of `.quote_plus()` in python) isn't working for me either. – nnyby Feb 10 '15 at 21:55
0

Are you using the Java SDK? Which version?

A bug was introduced in version 1.4.4 I think, and has been fixed in the most recent releases. Once I upgraded to the buggy version, I had intermittent signature problems when using SQS, and I've seen a post on AWS Forums of some people reporting the exact same issue with DynamoDB. Now I upgraded to version 1.4.7 and the bug disappeared.

Maybe you are seeing the same bug!

Bruno Reis
  • 34,789
  • 11
  • 109
  • 148
  • I am developing this on Salesforce Platform. So this not related to Java thing as such. – Ganesh Bhosle Jul 02 '13 at 04:41
  • I am having the same issue wight eh java driver. I can set up two almost identical tests and one works, while the other doesn't at the same time on the same server. – Brill Pappin Mar 12 '14 at 16:52