Search code examples
javaalgorithmamazon-s3postmansignature

Newest version Postman creating different signature for AWS access compared to my java algorithm

So I've created the java algorithm for AWS signature creation, following the guidelines of AWS >https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

The algorithm is available on my github >https://github.com/marcodag/aws_signature_creation/blob/main/SignatureCreation.java

These are the steps that I take:

  1. retrieve secret key, access key and token from AWS account
  2. create call on Postman (for Linux) v8.12.5, by using AWS Signature auth
  3. the call goes OK.
  4. I retrieve the signature that it created and the X-AMZ-DATE used
  5. I run my java algorithm and check if the signature is the same as postman produced
  6. they're the same.

So a colleague tries the same steps, but with latest postman version (9+). Postman call goes OK, but it generates a different signature from the java one. Also, he created a js algorithm based on the java one and the js and java make the same signature. Just, my postman matches the signature, his not.
The number and type of headers generated are the same. What could be the problem?

Solution

  • SOLVED

    Well, my postman was calling an url like

    https://s3.eu-west-1.amazonaws.com/a_bucket/a_key

    with the dot between s3 and eu. And my colleague was calling

    https://s3-eu-west-1.amazonaws.com/a_bucket/a_key

    with the dash between s3 and eu. AWS is accepting both. Of course the host is used to create the signature, hence the differences.