AWS Glacier Upload InvalidSignatureException C#

Question

I'm trying out the AWS SDK for .NET and have run into the following problem. I cannot get the upload to work.

What I'm trying to do is:

class ArchiveUploadSingleOpLowLevel
{
    static string vaultName = "test001";
    static string archiveToUpload = "ver.txt"; //located in the same directory as the executable

    public static void Upload()
    {
        AmazonGlacierClient client;
        try
        {
            using (client = new AmazonGlacierClient(Amazon.RegionEndpoint.EUWest1))
            {
                Console.WriteLine("Uploading an archive.");
                string archiveId = UploadAnArchive(client);
                Console.WriteLine("Archive ID: {0}", archiveId);
            }
            Console.WriteLine("To continue, press Enter");
            Console.ReadKey();
        }
        catch (AmazonGlacierException e) { Console.WriteLine(e.Message); }
        catch (AmazonServiceException e) { Console.WriteLine(e.Message); }
        catch (Exception e) { Console.WriteLine(e.Message); }
        Console.WriteLine("To continue, press Enter");
        Console.ReadKey();
    }

    static string UploadAnArchive(AmazonGlacierClient client)
    {
        using (FileStream fileStream = new FileStream(archiveToUpload, FileMode.Open, FileAccess.Read))
        {
            string treeHash = TreeHashGenerator.CalculateTreeHash(fileStream);
            UploadArchiveRequest request = new UploadArchiveRequest()
            {
                VaultName = vaultName,
                Body = fileStream,
                Checksum = treeHash
            };
            UploadArchiveResponse response = client.UploadArchive(request);
            string archiveID = response.ArchiveId;
            return archiveID;
        }
    }
}

But the result I keep getting is this AmazonGlacierException:

InvalidSignatureException

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/-/vaults/test001/archives

content-type:binary/octet-stream
host:glacier.eu-west-1.amazonaws.com
user-agent:aws-sdk-dotnet-45/2.0.4.0 .NET Runtime/4.0 .NET Framework/4.0 OS/6.2.9200.0
x-amz-content-sha256:2a7087861fb29e1f77da3600df98a9d3b0d1e8dee8d65700a6f2a5599c5a50ae, 2a7087861fb29e1f77da3600df98a9d3b0d1e8dee8d65700a6f2a5599c5a50ae
x-amz-date:20131230T114010Z
x-amz-glacier-version:2012-06-01
x-amz-sha256-tree-hash:2a7087861fb29e1f77da3600df98a9d3b0d1e8dee8d65700a6f2a5599c5a50ae
x-amz-target:Glacier.UploadArchive

content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-glacier-version;x-amz-sha256-tree-hash;x-amz-target
2a7087861fb29e1f77da3600df98a9d3b0d1e8dee8d65700a6f2a5599c5a50ae, 2a7087861fb29e1f77da3600df98a9d3b0d1e8dee8d65700a6f2a5599c5a50ae'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20131230T114010Z
20131230/eu-west-1/glacier/aws4_request
d405bac6780608e6fc3f7091dc5a9aa1d4d0d8415d61732feba6b9970678d40f'

Now the obvious error would be that I have the wrong AWSAccessKey or AWSSecretKey in my config. I have checked and re-copy/pasted them over and over. The documentation and High Level API doesn't give me much regarding signing method.

Also I have successfully created and listed my vaults in the same application.

So I'm leaning towards an encoding problem connected TreeHashGenerator due to me running .Net 4.5, VS2012 SP3 on a win8.1 (English version).

But that would be a guess. Anyone ever run into a similar problem?

Regards Martin

Answer 1

I exchanged a few messages over Twitter with AWS SDK for .NET team and they identified a bug. This issue has been resolved in version 2.0.6.1 of the SDK, and is now available in Nuget.