You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Andrew Gaul (Jira)" <ji...@apache.org> on 2022/01/23 04:23:00 UTC
[jira] [Commented] (JCLOUDS-1595) Aws4SignerBase.getCanonicalizedQueryString should not escape the slash char
[ https://issues.apache.org/jira/browse/JCLOUDS-1595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480550#comment-17480550 ]
Andrew Gaul commented on JCLOUDS-1595:
--------------------------------------
Sounds reasonable but please compare with what AWS does.
> Aws4SignerBase.getCanonicalizedQueryString should not escape the slash char
> ---------------------------------------------------------------------------
>
> Key: JCLOUDS-1595
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1595
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-blobstore
> Affects Versions: 2.4.0
> Reporter: Jim Sermersheim
> Priority: Minor
> Labels: s3
> Time Spent: 40m
> Remaining Estimate: 0h
>
> org.jclouds.s3.filters.Aws4SignerBase#getCanonicalizedQueryString should leave the '/' char unescaped when it is being used by org.jclouds.s3.filters.Aws4SignerBase#createStringToSign
> As it is, it's escaping the '/' char in the query string, and this is not consistent with the actual query string that is used in the URL when making the HTTP request (the '/' is unescaped in that case).
> This is currently causing a bug when jclouds is used to list with a prefix against NetApp's ONTAP S3 server (version 9.10.1). The calculation of the S3 V4 signature differs between JClouds and the NetApp because the NetApp is calculating the signature witn unescaped slashes (which is what the client sent in the URL)
> For reference, the error coming back from the NetApp ONTAP is a 403 with the message: "The request signature we calculated does not match the signature you provided. Check your key and signing method."
> Other S3 servers must be more lenient in this regard, or perhaps don't validate the signature.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)