Can anyone help me figure out what is happening?
I am trying to load test an application where a user can upload and download files.
Journey:
Step-1:When a user choose a file from disk (POST request) it creates a fileID and path with uuid.
Response looks like:
{"id":"FILE-VX-1234","path":"uuid/filename.jpg","uri":["s3://{location}/{uuid}/{filename}?endpoint=s3.dualstack.eu-west-1.amazonaws.com"],"state":"OPEN","size":-1,"timestamp":"2020-02-13T10:59:43.146+0000","refreshFlag":1,"storage":"STORAGEID","metadata":{}
Step-2:Using these (POST request) which responds with a s3 uri with assesskeyID, secretaccesskey and sessionToken.
Response looks like:
{"uri":["s3://{accesskeyID}:{secretaccesskey}@{storage location}/{uuid}/{filename}?endpoint=s3.dualstack.eu-west-1.amazonaws.com&sessionToken={security token}"]}
Step-3:Using these and added temporary parameters (date), a PUT request uploads a file in s3 bucket.
Header looks like:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Authorization: AWS4-HMAC-SHA256 Credential=${accesskeyID}/${currentDate}/{region}/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-user-agent, Signature=${secretaccesskey}
Connection: keep-alive
Content-Length: 145541
Content-Type: image/jpeg
Host: <the host address>
Origin: https://{url}
Referer: https://{url}/upload/
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date:${currentDateInUTC}
x-amz-security-token: ${sessionToken}
X-Amz-User-Agent: aws-sdk-js/2.409.0 callback
Error:
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
I have verified that the signature(secretaccesskey), accesskeyID and sessionToken which are passed in PUT request are correct.
Note: Additional parameters date and "{region}/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-user-agent" in Authorisation error are hardcoded.
It is impossible to provide any assistance without seeing how do you generate the signature for the request, to wit this Authorization header
As per Signing and Authenticating REST Requests article
The Amazon S3 REST API uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication. To authenticate a request, you first concatenate selected elements of the request to form a string. You then use your AWS secret access key to calculate the HMAC of that string. Informally, we call this process "signing the request," and we call the output of the HMAC algorithm the signature, because it simulates the security properties of a real signature. Finally, you add this signature as a parameter of the request by using the syntax described in this section.
Here is a pseudo-code demonstrating how the header needs to be generated:
Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
Signature = Base64( HMAC-SHA1( YourSecretAccessKey, UTF-8-Encoding-Of( StringToSign ) ) );
StringToSign = HTTP-Verb + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
Date + "\n" +
CanonicalizedAmzHeaders +
CanonicalizedResource;
CanonicalizedResource = [ "/" + Bucket ] +
<HTTP-Request-URI, from the protocol name up to the query string> +
[ subresource, if present. For example "?acl", "?location", "?logging", or "?torrent"];
CanonicalizedAmzHeaders = <described below>
You can check How to Handle Dynamic AWS SigV4 in JMeter for API Testing article for example implementation.