1

I looked at all the responses on post AWS S3 - How to fix 'The request signature we calculated does not match the signature' error? but I still have issues with my Python API sign 4 error. It still returns me with error "The request signature we calculated does not match with the signature you provided".

  • Here are the details:

While I am able to sign successfully: https://abcdef.mycompany.com/issues/P1230 but can't get https://abcdef.mycompany.com/issues?q=assignedFolder%3A(abc123) signed, and keep getting error

import json, hashlib, hmac, datetime, uuid, sys, urllib3, boto3, time, urllib.parse, os, requests

def get_extract(docid): 
    method = 'GET'
    service = 'myservice'
    host = 'abcdef.mycompany.com'
    region = 'us-east-1'
    endpoint = 'https://abcdef.mycompany.com'
    request_parameters = '?q=assignedFolder%3A(abc123)' ## docid is abc123: hard-coding for example purpose


    def sign(key, msg):
        return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

    def getSignatureKey(key, dateStamp, regionName, serviceName):
        kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
        kRegion = sign(kDate, regionName)
        kService = sign(kRegion, serviceName)
        kSigning = sign(kService, 'aws4_request')
        return kSigning

    access_key = 'mykey123'
    secret_key = 'mykey123'
    if access_key is None or secret_key is None:
        print('No access key is available.')
        sys.exit()

    t = datetime.datetime.utcnow()
    amzdate = t.strftime('%Y%m%dT%H%M%SZ')
    datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

    canonical_uri =  '/issues'

    canonical_querystring = request_parameters

    canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'

    signed_headers = 'host;x-amz-date'

    payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()

    canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash

    algorithm = 'AWS4-HMAC-SHA256'
    credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
    string_to_sign = algorithm + '\n' +  amzdate + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

    signing_key = getSignatureKey(secret_key, datestamp, region, service)

    signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()

    authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature

    headers = {'x-amz-date':amzdate,'Host': host,'Authorization':authorization_header}

    request_url =  endpoint + canonical_uri + canonical_querystring
    http = urllib3.PoolManager()
    res = http.request('GET',request_url,headers=headers)

    print(len(res.data.decode('utf-8')))
    print(res.data.decode('utf-8'))

Error:

<InvalidSignatureException>
  <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
</InvalidSignatureException>

Need some help with this request, have been struggling to get this working for last 4-5 days. Any help is appreciated

StoneColdSteveAustin
  • 31
  • 4
  • Your request 'request_parameters' value isn't encoded, you have the colon encoded as %3A but the parenthesis () decoded. Instead try: %28abc123%29 – pkarfs Jun 29 '20 at 03:42

0 Answers0