0

I'm new to AWS can anyone please help me how to generate session token using STS API to upload files to S3 Brief: I went through AWS documentation and researched on Google I have found below library for codeigniter to upload files to S3 https://github.com/psugand/CodeIgniter-S3 It is working fine and I'm able to upload files using my Access ID and secret key. But our requirement is to generate get temporary credentials from Amazon and send to iOS developers so that they can upload files directly to S3. I found below link on Amazon documentation where I need to follow 4 Tasks to get the temporary credentials. http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html But some how response always says signature that I'm creating is not matching. Below is my code and response from Amazon. If I'm doing anything wrong please help me. 

$AWSAccessKeyId = "AKIAIK4R57JLAFN4Z5SA";
$SecretAccessKey = AMAZON_SECRET_KEY;       
$region = 'us-east-1';
$service = 'sts';
$term = 'aws4_request';

$Timestamp = gmdate('D, d M Y H:i:s') . ' GMT';     
$date = gmdate('Ymd\THis\Z');
$credentialsScope = gmdate('Ymd').'/'.$region.'/'.$service.'/'.$term;               
$credentials = $AWSAccessKeyId.'/'.$credentialsScope;

Task 1 Canonical Request

$CanonicalRequest =
'POST'."\n".
"/"."\n".          
'Action=GetSessionToken&Version=2011-06-15&Name=Aasim&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=3600&X-Amz-Credential='.$credentials.'&X-Amz-Date='.$date.'&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date'."\n".
'content-type:text/xml;charset=utf-8'."\n".
'host:sts.amazonaws.com'."\n".
'x-amz-date:'.$Timestamp."\n"."\n".
'content-type;host;x-amz-date'."\n".
hash("sha256",'UNSIGNED-PAYLOAD')."\n";

$hashedRequestPayload = hash("sha256",$CanonicalRequest);

Task 2 creating String-to-sign

$StringToSign =
'AWS4-HMAC-SHA256'."\n".
$date."\n".
$credentialsScope."\n".
$hashedRequestPayload;

Task 3 Calculating Signature

$kDate = hash_hmac('sha256', 'AWS4'.$SecretAccessKey, gmdate('Ymd'));
$kRegion = hash_hmac('sha256', $kDate,'us-east-1');
$kService = hash_hmac('sha256', $kRegion,'sts');
$kSigning = hash_hmac('sha256', $kService,'aws4_request');      
$Signature = hash_hmac('sha256',$kSigning, $StringToSign);

Task 4 Add the Signing Information to the Request

$querystring = 'Action=GetSessionToken';
$querystring .= '&Version=2011-06-15';
$querystring .= '&X-Amz-Algorithm=AWS4-HMAC-SHA256';
$querystring .= '&X-Amz-Credential='.$credentials;
$querystring .= '&X-Amz-Date='.$date;
$querystring .= '&X-Amz-Expires=3600';
$querystring .= '&X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date';
$querystring .= '&X-Amz-Signature='.$Signature;

Executing Curl Request

$endpoint = 'https://sts.amazonaws.com/?'.$querystring;
$headers = array(
          'x-amz-date:'.$Timestamp,
          'host:sts.amazonaws.com',
          'content-type: text/xml;charset=utf-8',
        );
$session  = curl_init($endpoint);                        // create a curl session
curl_setopt($session, CURLOPT_POST, true);              // POST request type
curl_setopt($session, CURLOPT_RETURNTRANSFER, true);    // return values as a string - not to std out
curl_setopt($session, CURLOPT_HTTPHEADER, $headers);
$responseXML = curl_exec($session);
print_r($responseXML);

Response from Amazon

<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/
Action=GetSessionToken&amp;Version=2011-06-15&amp;X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=AKIAIK4R57JLAFN4Z5SA%2F20141231%2Fus-east-1%2Fsts%2Faws4_request&amp;X-Amz-Date=20141231T065554Z&amp;X-Amz-Expires=3600&amp;X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date
content-type:text/xml;charset=utf-8
host:sts.amazonaws.com
x-amz-date:Wed, 31 Dec 2014 06:55:54 GMT

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20141231T065554Z
20141231/us-east-1/sts/aws4_request
c3ec81de483674a1bf52b60307ae36a4b5e00cff6c85a30f07cc5d00eeb0d699'
</Message>
  </Error>
  <RequestId>15cb2945-90ba-11e4-829d-1362e6783c1f</RequestId>
</ErrorResponse>

I'm using codeiginter for this. Please help me . Thanks in advance

Raj Kumar
  • 736
  • 1
  • 12
  • 31
  • Why aren't you using the official PHP SDK for all of this work? You're re-inventing the wheel here. – Ryan Parman Dec 31 '14 at 08:54
  • I'm using below library for codeigniter https://github.com/psugand/CodeIgniter-S3. Amazon PHP SDK consist of core PHP. Is there any library which supports codeigniter and givesme session token? please help me – Raj Kumar Dec 31 '14 at 09:50

0 Answers0