Get Presigned URL from AWS S3 Bucket

Muhammad Arif B
Tera Contributor

‎03-25-2024 12:19 AM - edited ‎03-25-2024 12:21 AM

I have created script to get presigned URL from Amazon S3 Bucket using CryptoJS. The script is based on AWS documents and I have follow the step from their website (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html). Then URL I generated return error 

 

<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
 
I there any missing/wrong on my script?

 

 

 

var sigDate = new GlideDateTime();
var dateStamp = String(sigDate).substr(0, 4) + String(sigDate).substr(5, 2) + String(sigDate).substr(8, 2);
var timeStamp = String(sigDate).substr(11, 2) + String(sigDate).substr(14, 2) + String(sigDate).substr(17, 2);

var SecretKey = "xxxxxxxxxxxxxxxxxxxxxxx"; //S3 access ID

var CanonicalRequest;
var method = "GET";
var canonicalURI = "test.pdf";

var canonicalQueryString = "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=" + SecretKey + "%2F" + dateStamp + "%2Fap-southeast-1%2Fs3%2Faws4_request&X-Amz-Date=" + dateStamp + "T" + timeStamp + "Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host";

var host = "host:xxx-xxx-xxx.s3.ap-southeast-1.amazonaws.com"; 
CanonicalRequest = method + "\n/" + canonicalURI + "\n" + canonicalQueryString + "\n" + host + "\n" + "host\nUNSIGNED-PAYLOAD";

var StringToSign;
var AWS = "AWS4-HMAC-SHA256";
var STStimeStamp = dateStamp + "T" + timeStamp + "Z";
var STSscope = dateStamp + "/ap-southeast-1/s3/aws4_request";

var hexStringx = new GlideDigest().getSHA256Hex(CanonicalRequest);
var hexString = hexStringx.toLowerCase();


StringToSign = AWS + "\n" + STStimeStamp + "\n" + STSscope + "\n" + hexString;


var Signature;
var SignatureKey = getSignatureKey(SecretKey , dateStamp, "ap-southeast-1", "s3");

Signature = x_158350_amazonuti.CryptoJS.HmacSHA256(StringToSign, SignatureKey);


gs.info("https://xxx-xxx-xxx.s3.ap-southeast-1.amazonaws.com/" + canonicalURI + "?" + canonicalQueryString + "&X-Amz-Signature=" + Signature);

function getSignatureKey(key, dateStamp, regionName, serviceName) {
    
    var kDate = x_158350_amazonuti.CryptoJS.HmacSHA256(dateStamp, "AWS4" + key);
    var kRegion = x_158350_amazonuti.CryptoJS.HmacSHA256(regionName, kDate);
    var kService = x_158350_amazonuti.CryptoJS.HmacSHA256(serviceName, kRegion);
    var kSigning = x_158350_amazonuti.CryptoJS.HmacSHA256("aws4_request", kService);
	
    return kSigning;
}

 

 

 

0 Helpfuls
  • 457 Views
0 REPLIES 0