function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
David VPDavid VP 

Amazon S3 SOAP signature creation

Hi,


Does anyone know how to generate the correct signature for Amazon S3's soap services ?
I'm going with their docs :
http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?SOAPAuthentication.html

and so far I've got :

Code:
S3.AmazonS3 as3 = new S3.AmazonS3();
Datetime now = Datetime.now();


//format should be like 2006-01-01T12:00:00.000Z
String formattednow = now.formatGmt('yyyy-MM-dd')+'T'+now.formatGmt('HH:mm:ss')+'.000Z';
System.Debug('Formatted date : '+formattednow);

String canonical = 'AmazonS3'+'ListAllMyBuckets'+formattednow; //"AmazonS3" + OPERATION + Timestamp

System.debug('CANONICAL = '+canonical);

Blob bsig = Crypto.generateMac('HmacSHA1', Blob.valueOf(canonical), Blob.valueOf('myS3secretkey'));


String signature = EncodingUtil.base64Encode(bsig);

System.debug('SIGNATURE = ' + signature);

S3.ListAllMyBucketsResult result = as3.ListAllMyBuckets('myS3accesskey',now,signature);

 
I'm getting a SOAP exception back :
'SOAP Fault: The request signature we calculated does not match the signature you provided. Check your key and signing method.'


thanks,


David

Best Answer chosen by Admin (Salesforce Developers) 
David VPDavid VP
OK,

I'll answer my own question, it might be of use to someone out there :

I knew that the timestamp had to be within 15 minutes of amazon's server's clocks so I hadn't bothered with the milliseconds. What I had totally forgotten was that of course these milliseconds are also included in the String to be signed ...

duh !

Anyway, the working code is :

Code:
S3.AmazonS3 as3 = new S3.AmazonS3();
Datetime now = Datetime.now();


//format should be like 2006-01-01T12:00:00.000Z
String formattednow = now.formatGmt('yyyy-MM-dd')+'T'+now.formatGmt('HH:mm:ss')+'.'+now.formatGMT('SSS')+'Z';
System.Debug('Formatted date : '+formattednow);

String canonical = 'AmazonS3'+'ListAllMyBuckets'+formattednow; //"AmazonS3" + OPERATION + Timestamp

System.debug('CANONICAL = '+canonical);

Blob bsig = Crypto.generateMac('HmacSHA1', Blob.valueOf(canonical), Blob.valueOf('myS3secretkey'));


String signature = EncodingUtil.base64Encode(bsig);

System.debug('SIGNATURE = ' + signature);

S3.ListAllMyBucketsResult result = as3.ListAllMyBuckets('myS3accesskey',now,signature);

 

David


Message Edited by David VP on 09-29-2008 06:42 AM

Message Edited by David VP on 09-29-2008 06:42 AM

All Answers

David VPDavid VP
OK,

I'll answer my own question, it might be of use to someone out there :

I knew that the timestamp had to be within 15 minutes of amazon's server's clocks so I hadn't bothered with the milliseconds. What I had totally forgotten was that of course these milliseconds are also included in the String to be signed ...

duh !

Anyway, the working code is :

Code:
S3.AmazonS3 as3 = new S3.AmazonS3();
Datetime now = Datetime.now();


//format should be like 2006-01-01T12:00:00.000Z
String formattednow = now.formatGmt('yyyy-MM-dd')+'T'+now.formatGmt('HH:mm:ss')+'.'+now.formatGMT('SSS')+'Z';
System.Debug('Formatted date : '+formattednow);

String canonical = 'AmazonS3'+'ListAllMyBuckets'+formattednow; //"AmazonS3" + OPERATION + Timestamp

System.debug('CANONICAL = '+canonical);

Blob bsig = Crypto.generateMac('HmacSHA1', Blob.valueOf(canonical), Blob.valueOf('myS3secretkey'));


String signature = EncodingUtil.base64Encode(bsig);

System.debug('SIGNATURE = ' + signature);

S3.ListAllMyBucketsResult result = as3.ListAllMyBuckets('myS3accesskey',now,signature);

 

David


Message Edited by David VP on 09-29-2008 06:42 AM

Message Edited by David VP on 09-29-2008 06:42 AM
This was selected as the best answer
Antigoni TsouriAntigoni Tsouri
Hi thanks for the anwer on t his, really helpful that you posted it.
S3-LinkS3-Link
S3- Link is FREE App for Salesforce - Amazon Connector. Its also available on Appexchange. 

 1. Create Amazon S3 file for standard Salesforce attachment through
    trigger.
 2. Upload attachments on Amazon S3 and create reference in Salesforc to
    access those attachments
 3. Attach file related to any Salesforce object on Amazon.
 4. Unlimited free storage.
 5. Auto backup Event logs / inbound email attachments.
 6. Server Side Encryption: AES-256
 7. No file size limit for upload.
 8. File access control capabiliy.
 9. Track file downloads by users.
 10. File exlorer capability.

https://appexchange.salesforce.com/listingDetail?listingId=a0N3000000CW1OXEA1

Here is our email address. Let us know if you have any query.
support@neiloncloud.com

Thanks.