edge icon indicating copy to clipboard operation
edge copied to clipboard
verified publisher icon storj

Using testrand.Path() as object key throws signature validation errors

Open halkyon opened this issue 7 months ago • 0 comments

We have integration tests in testsuite/server that upload test objects to a gateway running as a peer. Most of the time, tests use a key named something like "testobject1" which works fine. However, if we change that to testrand.Path() the S3 gateway returns 403 signature errors. This random path works fine for uplink operations, but not for the S3 gateway.

Gateway error:

SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method. status code: 403, request id: 183F8F21AF4D0CA8, host id:

Example response log:

2025-05-15T13:29:15.262+1200	DEBUG	gateway	response	{"httpRequest": {"requestMethod": "PUT", "requestUrl": "/id2k6cmwcp2uz0tmuvlbk49z0ucddngibkfzxr-t581191hqge90nbtyk5/01g62%21yj7%28%29Z%03%27_%277RAE9Hu0--etdz%F0US_5u%28%7B7-M_5-IL.%29IY%F06X%29%2Bk4ib991ay5o%27-e8k2D9u/_65my.b%7BCX0a%28qlnXq%3DJSn-%28/%21T-eS0%21%3A0%F0f%288/a%401dp~kd%FD71Y%F0n-%7BmbCpc%2B.%25b5GZ%5E%7D/0-/%23-KvJAeYp%20%29S.76E%21Yf48/2%FDe1_/_5220%21c%3DC4e-~%3A.%7BN%270v-pU%FDg-/9Rb-%5E8ifI0V0%FD8%FDb_/7%F0i6y-Ki%3A-%5E0%28j8APX/q.%5DX-_E5I%27al~%5D8%20M_5zuS3V%28-v004GY1j%5Ecq9%2Bf7%5DeV%7B0A-Rq%FDp%3A%7B%40H/.%2B%F0ll-9Lc0G%FD%5DPwB2c%7Bb4%20I%7BXi~ip-3xB5.7%25a%28nL52BZ2%7Dz8%286D3%03zM_--0%7D0e_80ED%2152%FD-b.NP%F0%037hFJj8LM4-lm/B%03El46g%03k_wpA7%F0_%F0f.i%3D%FD/%7Dw-%20/k%20p%5B0h.q%29/1%5D6/Oo%F0o%3AzXYL_7-%256P-h5w%7DS%FD7mHXs", "status": 403, "responseSize": "1509", "userAgent": "aws-sdk-go/1.55.6 (go1.24.3; linux; amd64)", "remoteIp": "127.0.0.1", "latency": "0.000302584s", "protocol": "HTTP/1.1"}, "host": "127.0.0.1:45713"}

SDK client: github.com/aws/aws-sdk-go v1.55.6

Current Behavior

Gateway returns a 403 error.

Expected Behavior

Gateway returns a 200 (no error)

Possible Solution

Unsure if it's the client or the server generating the wrong signature. I guess we might need to look through the signing code and see if there's anything that could be an issue with the characters generated by testrand.Path().

halkyon avatar May 15 '25 01:05 halkyon