Reputation: 362
Minio with the iOS AWS S3 SDK SignatureDoesNotMatch
I have an iOS app that uploads / downloads to / from Amazon's S3. I'd like to replace Amazon's S3 with my own Minio cloud.
I followed the quick tutorial here https://github.com/minio/minio and I have Minio running on my localhost and I can put files using s3cmd (https://docs.minio.io/docs/s3cmd-with-minio).
Unfortunately I can't manage to get it to work from within my iOS app.
I'm using the AWS SDK v2.4.16 so I can change the endpoint and I made it my localhost (http://my-imac.local:9000) and I updated my access and secret keys but I get a SignatureDoesNotMatch error: "The request signature we calculated does not match the signature you provided. Check your key and signing method.".
Pointing to my local server:
AWSEndpoint *minioEndpoint = [[AWSEndpoint alloc] initWithURLString:@"http://my-imac.local:9000"];
AWSServiceConfiguration *configuration = [[AWSServiceConfiguration alloc] initWithRegion:region
endpoint:minioEndpoint
credentialsProvider:credentialProvider];
[AWSS3 registerS3WithConfiguration:configuration forKey:s3RegionString];
Here's what I get on my localhost:
time="2017-04-10T23:36:21Z" level=error msg="{\"method\":\"PUT\",\"path\":\"/mybucket/28AB7D6DCFC44102955EBC0AEFF6E4E2-20170407161228839-0700/foo_28AB7D6DCFC44102955EBC0AEFF6E4E2-20170407161228839-0700_v2.json_bin\",\"query\":\"\",\"header\":{\"Accept\":[\"/\"],\"Accept-Encoding\":[\"gzip, deflate\"],\"Accept-Language\":[\"en-us\"],\"Authorization\":[\"AWS4-HMAC-SHA256 Credential=LNTXV0YMMZ9SY7MD0ACZ/20170410/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;user-agent;x-amz-date, Signature=7b2f4172dd926ba84c7edba5170028e0f9361bd8a656ad8f01c7e232f585ab31\"],\"Connection\":[\"keep-alive\"],\"Content-Length\":[\"282416\"],\"Content-Type\":[\"application/octet-stream\"],\"Host\":[\"my-imac.local\"],\"User-Agent\":[\"aws-sdk-iOS/2.4.16 iPhone-OS/9.1 en_US\"],\"X-Amz-Date\":[\"20170410T233620Z\"]}}" cause="Signature does not match" source="[object-handlers.go:472:objectAPIHandlers.PutObjectHandler()]"
On the iOS side:
The request headers are:
{
Authorization = "AWS4-HMAC-SHA256 Credential=LNTXV0YMMZ9SY7MD0ACZ/20170410/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-type;host;user-agent;x-amz-date, Signature=454c8bad35bdd3a15a08c9bf555fc69f1d5c0dabad78a474eabd4d844ca69aef";
"Content-Length" = 282416;
"Content-Type" = "application/octet-stream";
Host = "my-imac.local";
"User-Agent" = "aws-sdk-iOS/2.4.16 iPhone-OS/9.1 en_US";
"X-Amz-Date" = 20170410T233622Z;
}
The response:
2017-04-10 16:36:22.507 demo[7969:4711709] AWSiOSSDK v2.4.16 [Debug] AWSURLSessionManager.m line:566 | -[AWSURLSessionManager printHTTPHeadersForResponse:] | Response headers:
{
"Accept-Ranges" = bytes;
Connection = close;
"Content-Type" = "application/xml";
Date = "Mon, 10 Apr 2017 23:36:22 GMT";
Server = "Minio/RELEASE.2017-03-16T21-50-32Z (linux; amd64)";
"Transfer-Encoding" = Identity;
Vary = Origin;
"X-Amz-Request-Id" = 14B42D7AE5B09A2B;
}
Upvotes: 0
Views: 2423
Answers (2)
Reputation: 6848
I'll bet your trying to use user credentials instead of a service account.
From the web UI, take a look at the user and create a service account which makes a new "access key" and "secret key" associated with this user.
Those credentials should do the trick. (or at-least that's what worked for me.)
I was using a really old version of minio and updated to a 2023 release and wow its really different in a good way.
Upvotes: 0
Reputation: 1428
Please replace accessKey, secretKey, and url, change the region base on what you need, service must set to .S3
(AWSS3 will auto remove port number if you type xxxx:9000 in url, currently it only support full url without port, so please make sure you have a domain map to port 9000, you may need refer to this Setup Nginx proxy with Minio Server)
let accessKey = "XXXXXXX"
let secretKey = "XXXXXXX"
let credentialsProvider = AWSStaticCredentialsProvider(accessKey: accessKey, secretKey: secretKey)
let configuration = AWSServiceConfiguration(region: .USEast1, endpoint: AWSEndpoint(region: .USEast1, service: .S3, url: URL(string:"XXXXXX")),credentialsProvider: credentialsProvider)
AWSServiceManager.default().defaultServiceConfiguration = configuration
let S3BucketName = "images"
let remoteName = "test.jpg"
let fileURL = URL(fileURLWithPath: NSTemporaryDirectory()).appendingPathComponent(remoteName)
let image = UIImage(named: "test")
let data = UIImageJPEGRepresentation(image!, 0.9)
do {
try data?.write(to: fileURL)
}
catch {}
let uploadRequest = AWSS3TransferManagerUploadRequest()!
uploadRequest.body = fileURL
uploadRequest.key = remoteName
uploadRequest.bucket = S3BucketName
uploadRequest.contentType = "image/jpeg"
uploadRequest.acl = .publicRead
let transferManager = AWSS3TransferManager.default()
transferManager.upload(uploadRequest).continueWith { (task: AWSTask<AnyObject>) -> Any? in
...
}
NOTE you need to apply the following change as well to make it fully work https://github.com/aws/aws-sdk-ios/pull/638
Upvotes: 0
Related Questions
- Amazon S3 Signature Does Not Match - AWS SDK Java
- Any way to configure what signature version a Minio server accepts?
- AWS S3 - Golang SDK - SignatureDoesNotMatch
- AWS s3 and minio incompatibility signature checking if url params contains ;
- How to find the source for the SignatureDoesNotMatch error on Minio
- Aws iOS sdk Pre-singed url giving "SignatureDoesNotMatch" error
- AWS iOS SDK TLS Support
- AWSS3PresignedURLErrorDomain, iOS, AWSSDK v2
- AWS SDK iOS 2.0 S3 upload: add correct md5
- Amazon S3 iOS SDK v2 Upload with AWSAccessKeyId:Signature