Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

checksum algorithm on presigned url ignored #1078

Open
jeusdi opened this issue Mar 8, 2024 · 1 comment
Open

checksum algorithm on presigned url ignored #1078

jeusdi opened this issue Mar 8, 2024 · 1 comment
Labels
component: s3 S3 integration related issue type: enhancement Smaller enhancement in existing integration
Milestone
3.2.0 M2

Comments

@jeusdi
Copy link

jeusdi commented Mar 8, 2024

Type: Bug

Component:
"S3"

Describe the bug
I'm trying to create PUT presigned url` in order to send them to the client and client makes the upload to my S3 bucket.

My S3 is configured to send PutObejct events to an SQS. Then, I need to get the checksum of uploaded file in order to store the checksum into my database.

I'm trying to create a put presigned_url with this code:

public URL generatePushResourceLocation(DocumentId documentId, String contentMD5) {
	ObjectMetadata objectMetadata = ObjectMetadata.builder().checksumAlgorithm(ChecksumAlgorithm.SHA256).build();
	URL signedPutURL = s3Template.createSignedPutURL(this.bucket, key, Duration.ofMinutes(10), objectMetadata, null);

	return signedPutURL;
}

The generated url sample is like:

http://localstack.localhost:8000/espaidoc/9a6f8254-502b-4a44-b82a-5fb16022e8fd?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240308T120347Z&X-Amz-SignedHeaders=host%3Bx-amz-sdk-checksum-algorithm&X-Amz-Expires=60&X-Amz-Credential=test%2F20240308%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1df5154810a2b11136c9425333c139ac0a1c4d6537de2d372e74645be7ab22c3

As you can see, a x-amz-sdk-checksum-algorithm parameter is appended, but it's empty.

When I make the PUT using generated presigned url everything seems to work, but when I'm trying to get object attributes, I'm not getting any ChecksumSHA256:

$ aws s3api get-object-attributes --bucket $BUCKET_NAME --key $KEY --object-attributes "ObjectSize" "Checksum" | yq .
{
  "LastModified": "2024-03-08T12:05:24+00:00",
  "ObjectSize": 2333
}

I'm trying to simulate this behavior using cli:

$ aws s3api put-object --bucket $BUCKET_NAME --key $KEY --body pom.xml --checksum-algorithm SHA256 | yq .
{
  "ETag": "\"44a7a97ddff52b27557a39cb2983ae62\"",
  "ChecksumSHA256": "ZR6CNpjrGvQWPPkaHiAeTWm2La1ZZIHLjtrFaPjnaPc=",
  "ServerSideEncryption": "AES256"
}

Also, I'm able to get object attributes like:

$ aws s3api get-object-attributes --bucket $BUCKET_NAME --key $KEY --object-attributes "ObjectSize" "Checksum" | yq .
{
  "LastModified": "2024-03-08T12:01:16+00:00",
  "Checksum": {
    "ChecksumSHA256": "ZR6CNpjrGvQWPPkaHiAeTWm2La1ZZIHLjtrFaPjnaPc="
  },
  "ObjectSize": 2097
}

Isn't it able to set a checksum algorithm on presigned PUT url?
@maciejwalkowiak
Copy link
Contributor

This is how AWS SDK behaves, but what i have missed is that x-amz-sdk-checksum-algorithm with proper value gets added to signedHeaders of PresignedPutObjectRequest, that we do not return from the S3Template. So this is indeed a problem, but there's at the moment no clear solution. I'd recommend to fallback to using directly SDK until it is fixed.

@maciejwalkowiak maciejwalkowiak added type: bug Something isn't working component: s3 S3 integration related issue type: enhancement Smaller enhancement in existing integration and removed type: bug Something isn't working labels Mar 9, 2024
@maciejwalkowiak maciejwalkowiak added this to the 3.2.0 M2 milestone Mar 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component: s3 S3 integration related issue type: enhancement Smaller enhancement in existing integration
Projects
None yet
Milestone
3.2.0 M2
Development

No branches or pull requests
2 participants
@jeusdi @maciejwalkowiak