Cannot send-multi chunk S3:PutObject request with trailing signature (x-amz-trailer-signature) #3030

slechta · 2023-09-14T07:10:07Z

slechta
Sep 14, 2023

Hi,
amazon S3 now supports sending Trailing Headers. That means trailing checksum x-amz-checksum-sha256 and trailing signature x-amz-trailer-signature. When this happens the HTTP (normal, not trailing) header x-amz-checksum-sha256 is set to constant STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER.

I have tried

package com.purestorage.checksums;

import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.http.async.SdkAsyncHttpClient;
import software.amazon.awssdk.http.nio.netty.NettyNioAsyncHttpClient;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.model.ChecksumAlgorithm;
import software.amazon.awssdk.transfer.s3.S3TransferManager;
import software.amazon.awssdk.transfer.s3.model.CompletedFileUpload;
import software.amazon.awssdk.transfer.s3.model.FileUpload;
import software.amazon.awssdk.transfer.s3.model.UploadFileRequest;
import software.amazon.awssdk.transfer.s3.progress.LoggingTransferListener;

import java.nio.file.Paths;

import static software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute.ENABLE_CHUNKED_ENCODING;
import static software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING;

public class Main {
    private static final String BUCKET_NAME = "bucketname";

    private static final String ACCESS_KEY = "key";
    private static final String SECRET_KEY = "secret";

    public static void main(String[] args) {
        AwsCredentials credentials = AwsBasicCredentials.create(ACCESS_KEY, SECRET_KEY);
        StaticCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(credentials);

        SdkAsyncHttpClient nettyHttpClient = NettyNioAsyncHttpClient.builder()
                .build();

        ClientOverrideConfiguration.Builder ovverrideConfBuilder = ClientOverrideConfiguration.builder();

        ovverrideConfBuilder.executionAttributes()
                .putAttribute(ENABLE_PAYLOAD_SIGNING, true)
                .putAttribute(ENABLE_CHUNKED_ENCODING, true);

        ClientOverrideConfiguration clientOverrideConfiguration = ovverrideConfBuilder.build();

        S3AsyncClient client = S3AsyncClient.builder()
                .httpClient(nettyHttpClient)
                .region(Region.US_EAST_2)
                .overrideConfiguration(clientOverrideConfiguration)
                .build();


        S3TransferManager transferManager =
                S3TransferManager.builder()
                        .s3Client(client)
                        .build();

        uploadFile(transferManager, BUCKET_NAME, "someobject", "file.tmp");
    }

    public static String uploadFile(S3TransferManager transferManager, String bucketName, String key, String filePath) {
        UploadFileRequest uploadFileRequest =
                UploadFileRequest.builder()
                        .putObjectRequest(b -> {
                            b.bucket(bucketName).key(key);
                            b.checksumAlgorithm(ChecksumAlgorithm.CRC32);
                        })
                        .addTransferListener(LoggingTransferListener.create())
                        .source(Paths.get(filePath))
                        .build();

        FileUpload fileUpload = transferManager.uploadFile(uploadFileRequest);

        CompletedFileUpload uploadResult = fileUpload.completionFuture().join();
        return uploadResult.response().eTag();
    }
}

But all I get is signature invalid.

Whatever I do I cannot get signed payload with x-amz-trailer-signature passing.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cannot send-multi chunk S3:PutObject request with trailing signature (x-amz-trailer-signature) #3030

{{title}}

Replies: 0 comments

Select a reply

Cannot send-multi chunk S3:PutObject request with trailing signature (x-amz-trailer-signature) #3030

slechta Sep 14, 2023

Replies: 0 comments

slechta
Sep 14, 2023