Invalid signature on only some SQS calls

66 views
Skip to first unread message

Brandon Green

unread,
May 19, 2013, 6:57:48 PM5/19/13
to go...@googlegroups.com
I am attempting to use SQS by using the code in this pull request https://code.launchpad.net/~prudhvikrishna/goamz/sqs/+merge/107309

My first call to GetGueue works and the signature is accepted, but then the call to ReceiveMessage fails with a signature error, has anyone seen a problem like this before? What could be causing it? If the signature generation was incorrect then I would expect the first GetQueue call to fail also, but it works


Code I am using:

package main

import (
"sqs"
"log"
"os"
)

func main() {

key, secret := os.Getenv("AWS_KEY"), os.Getenv("AWS_SECRET")
if key == "" || secret == "" {
log.Fatal("Expected AWS_KEY and AWS_SECRET environment variables to be set")
}
auth := aws.Auth{key, secret}
log.Print(auth)
endpoint := sqs.New(auth, aws.Region{SQSEndpoint: "https://sqs.us-west-2.amazonaws.com/"})
log.Print(endpoint)

queue, err := endpoint.GetQueue("AwsPiControl")
if err != nil {
log.Fatal("GetQueue err", err)
}
log.Print("GetQueue", queue)

resp, err := queue.ReceiveMessage([]string{"ALL"}, 1, 15)
if err != nil {
log.Fatal("ReceiveMessage err", err)
}
log.Print("ReceiveMessage", resp)

log.Print("Done")
}


Calling GetQueue works, and the signature is accepted, you can see the valid response I get

2013/05/19 17:50:45 Payload:GET
/
AWSAccessKeyId=MYAWSKEY&Action=GetQueueUrl&QueueName=AwsPiControl&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-05-19T22%3A50%3A45Z&Version=2011-10-01
2013/05/19 17:50:45 Signature:Hjo3Et7fbAsAyjCNOfOXchT0sNUOOc/yctS8rLmtfTU=
2013/05/19 17:50:45 response:
2013/05/19 17:50:45 HTTP/1.1 200 OK
Content-Length: 332
Content-Type: text/xml
X-Amzn-Requestid: f7da185e-6690-5088-914f-524d3f157312

<?xml version="1.0"?><GetQueueUrlResponse xmlns="http://queue.amazonaws.com/doc/2011-10-01/"><GetQueueUrlResult><QueueUrl>https://sqs.us-west-2.amazonaws.com/316379139379/AwsPiControl</QueueUrl></GetQueueUrlResult><ResponseMetadata><RequestId>f7da185e-6690-5088-914f-524d3f157312</RequestId></ResponseMetadata></GetQueueUrlResponse>
}



But when I call ReceiveMessage, I get an error saying invalid request signature

2013/05/19 17:50:45 Payload:GET
316379139379/AwsPiControl
AWSAccessKeyId=MYAWSKEY&Action=ReceiveMessage&AttributeName.1=ALL&MaxNumberOfMessages=1&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-05-19T22%3A50%3A45Z&Version=2011-10-01&VisibilityTimeout=15
2013/05/19 17:50:45 Signature:xp8VGSHMoR1YxrxrEtCmfhME1iWtcPQtTWnPhnIplvo=
2013/05/19 17:50:45 response:
2013/05/19 17:50:45 HTTP/1.1 403 Forbidden
Content-Length: 436
Content-Type: text/xml
X-Amzn-Requestid: a36c2ec8-f602-538f-a39e-64dbaf87a417

<?xml version="1.0"?><ErrorResponse xmlns="http://queue.amazonaws.com/doc/2011-10-01/"><Error><Type>Sender</Type><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message><Detail/></Error><RequestId>a36c2ec8-f602-538f-a39e-64dbaf87a417</RequestId></ErrorResponse>
}
2013/05/19 17:50:45 ReceiveMessage err 403 Forbidden ()

Brandon Green

unread,
May 19, 2013, 9:19:38 PM5/19/13
to go...@googlegroups.com
And the problem was that the path parameter to the Sign method was missing the first / for the ReceiveMessage call, it was signing

GET
316379139379/AwsPiControl
AWSAccessKeyId=MYAWSKEY&Action=ReceiveMessage&AttributeName.1=ALL&MaxNumberOfMessages=1&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-05-19T22%3A50%3A45Z&Version=2011-10-01&VisibilityTimeout=15

When it needed to be signing:

GET
/316379139379/AwsPiControl
AWSAccessKeyId=MYAWSKEY&Action=ReceiveMessage&AttributeName.1=ALL&MaxNumberOfMessages=1&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-05-19T22%3A50%3A45Z&Version=2011-10-01&VisibilityTimeout=15
Reply all
Reply to author
Forward
0 new messages