How to troubleshooting Amazon S3 GET request signature mismatch?

Question

I've successfully uploaded a file to Amazon S3 using a signed url request generated by Amazons Java library:

GeneratePresignedUrlRequest generatePresignedUrlRequest =
    new GeneratePresignedUrlRequest(bucket, objectName)

generatePresignedUrlRequest.
    withContentType(contentType).
    withMethod(HTTPMethod.PUT)

URL url = s3client.generatePresignedUrl(generatePresignedUrlRequest)

I changed HTTPMethod.PUT to HTTPMethod.GET and called it with the same arguments.

When I paste the resulting URL into my browser, I get:

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>
<AWSAccessKeyId>XXXX</AWSAccessKeyId>
<StringToSign>GET 1449712291 /my-bucket/picture.png</StringToSign>
....
</Error>

Is there a way to pull the so-called StringToSign being used out of the presigned request object to compare? Or is there another way to troubleshoot this?

Answer 1

withContentType(contentType)

This line doesn't make sense. You wouldn't set Content-Type: for a GET request, since that header describes what you're sending -- which is "nothing" for a typical GET request. Since that is one of the components of the string to sign, and the error response shows that S3 wants it blank, removing this should solve the issue.