AWS API calls
This question is about calling AWS REST APIs. Based on:
http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
AWS requires REST clients to call their APIs using Signature Version 4 which in case you don't know what I am talking about is a pain in the neck. Here comes the question:
Has anybody, by any chance implemented the v4 signing alg. in COS? If yes, would she or he have the kind heart to share?
Thanks,
Chris
Chris
I've not looked at the V4 Signature rules in detail, but the V1 & V2 rules were implemented in this SimpleDB Client that I created years ago for use with both AWS SimpleDB and my M/DB clone:
https://s3.amazonaws.com/rtweeddata/simpleDBClient.xml
Not sure if that helps, but feel free to adapt as needed if it provides a useful starting point - start around line 426 which is the createHTTPRequest() function that creates a signed HTTP request
Rob
Thanks Rob. Will have a look.
Chris,
Did you ever get anywhere with this. I had mine working until I tried uploading a character stream with content-type of text/csv and now it won't sign properly
Hey Dave,
I encountered similar issues with 'text/*' ( text/plain, text/csv, etc) Content-Type header values when I included them in the v4 signed canonical request, and found (in my case) that this is due to Caché appending the charset based on the instance's localization settings (string "; charset=UTF-8") for this header value, eg "Content-Type=text/csv; charset=UTF-8". That likely means you're passing "text/csv" into your signing algorithm to derive your signature but the actual request you're sending has "text/csv; charset=UTF-8", hence the signature failure on the AWS end.
As per this doc,
Since this isn't one of the headers that needs to be included in AWS v4 signing for the authorisation header, I just removed this from the list to sign (while still passing it in the actual HTTP request) so I could retain the default charset without too much fuss (I'm not too worried about an attack here, since I'm signing payloads), but the other options (as far as I can tell) would be to pass the same full string to your signing function (including the charset), or prevent charset from being included in Content-Type via that NoDefaultContentCharset property.
Cheers
Joe
Hi Joe,
would you mind sharing some of your code (minus API key values :-) ) for signing AWS REST calls? I have almost scratched my head off trying to find out why things still aren't working when my StringToSign and SigningKey appear to be correct, but the hash I create from them isn't. I can even reproduce (aka "make the same mistake") using the sample Python code AWS provides.
Relevant but not working (and therefore less relevant) code:
I am attempting the same thing currently. At first I used the same approach for converting to hex:
ClassMethod Hex(pRaw As %String) As %String [ Internal ] { set out="", l=$l(pRaw) for i = 1:1:l { set out=out_$zhex($ascii(pRaw,i)) } quit $$$LOWER(out) }
But have discovered that the Hex function above is not correct. Instead use the system function, ##class(%xsd.hexBinary).LogicalToXSD.
##class(%xsd.hexBinary).LogicalToXSD
The conversion to hex using the custom method was removing zeroes in the string. That had a cascading effect, the canonical request hash will be wrong, and consequently so will the string to sign and then ultimately the signature. Hope this helps anyone else that might be struggling.
Here is some documentation specifically for S3:
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
Here's a (very simple) working example of uploading to an AWS S3 bucket. I used essentially the same approach that Cliff originally used to generate the hex. I didn't experience the same problem, but I may have just been lucky and not had any zeroes in the value I'm converting.
Or it looks like I was handling the zero issue manually:
Just wondering if anyone has put together similar examples for Azure -- preferably for uploading Azure Blobs.
Check out: https://github.com/intersystems-community/irisdemo-demo-appointmentsms/tree/master/appointmentsms-iris-atelier-project/AWS
Thanks Anton. Maybe I didn't dig deep enough in that github link but it looks like that is for AWS, not Azure?
Social networks
InterSystems resources
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue