I have an iPhone application I've been using for some time that uses ASIHTTPRequest
to upload videos to a bucket on Amazon S3. It has been functioning well without any problems. Recently, we decided to make use of the new "server-side encryption" that Amazon has implemented. This allows you to tell Amazon's server to encrypt files that have been posted to a bucket automatically by including an additional HTTP
request header.
I have added a single line of code to my application to implement this, but now my Amazon uploads are failing. The specific error message that is appearing is:
"The request signature we calculated does not match the signature you provided. Check your key and signing method."
The name of the bucket I am using conforms to Amazon's naming standards, so I am confident that is not the issue. I am also confident that the secret and public keys I am using are correct.
It would appear that adding this header is somehow breaking the signature calculation, I am assuming because it is being included in the calculation on one side of the transmission but not the other.
Am I doing this incorrectly? Or is this a bug in ASIHTTPRequest
?
Here is my code for reference:
[ASIS3Request setSharedSecretAccessKey:@"mysecretkey"];
[ASIS3Request setSharedAccessKey:@"myaccesskey"];
NSString *bucketPath = [NSString stringWithFormat:@"mypath/filename"];
ASIS3ObjectRequest *request = [ASIS3ObjectRequest PUTRequestForFile:filepath withBucket:@"my-bucket" key:bucketPath];
// If the following line is commented, the upload completes successfully
[request addRequestHeader:@"x-amz-server-side-encryption" value:@"AES256"];
////
request.requestScheme = ASIS3RequestSchemeHTTPS;
[request setShouldContinueWhenAppEntersBackground:YES];
[request startSynchronous];
if ([request error])
{
// The error messag is being displayed here
NSLog(@"xmit error: [%@]",[[request error] localizedDescription]);
}
You're doing everything right, the issue is that constructing the Authorization
header (ie "the request signature") involves signing a string which includes all of the x-amz-
headers; you've added one such header ( x-amz-server-side-encryption
), but you've not caused it to be factored into the signature.
I just created a branch of ASIHTTPRequest with support for SSE . If you use that branch, you should just be able to say [request setUseServerSideEncryption:YES];
. Alternately, if you're more interested in the technique, here are the details of making it work .
I'm having the same issue, however I'm not using encryption. But what I found so far is that upper case letters get the wrong signature.
In my case I'm setting the storage class with ASIS3StorageClassReducedRedundancy
that has a value of @"REDUCED_REDUNDANCY"
which is in uppercase. If I don't set this option the request goes successful.
So maybe your problem is with the value AES256
that has uppercase letters.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.