AWS 署名付きヘッダーが必要な Android アプリケーションにサーバー API 呼び出しを実装しようとしています。同じヘッダーが postman と node.js で機能していますが、Android コードでは機能していません。AWS モバイル クライアントの最新バージョン、つまり 2.9.1 を使用しています。
ヘッダーのさまざまな組み合わせを試してみましたが、ダミーのアクセス トークン、セッション キーを追加してみました。すべての組み合わせで、403 のみが返されます。
private void startProcess(View view) {
buildRequest();
new SessionCredentialLoader().execute();
}
private void buildRequest(){
awsRequest = generateBasicRequest(URL);
Map<String, String> requestHeaders = getSignHeader(awsRequest);
okhttp3.Request.Builder builder = new okhttp3.Request.Builder().url(URL).get();
for (HashMap.Entry<String, String> entrySet : requestHeaders.entrySet()) {
String key = entrySet.getKey();
String value = entrySet.getValue();
builder.addHeader(key,value );
Log.d(TAG, "Header() "+key+" : "+value);
}
request =builder.build();
}
public Map<String, String> getSignHeader(com.amazonaws.Request request){
AWS4Signer signer = new AWS4Signer();
com.amazonaws.Request<?> aws;
aws = request;
/* AWSCredentials credentials = new BasicAWSCredentials(
*//*getAWSAccessKeyId*//* ACCESS_KEY,
*//*getAWSSecretKey*//* SECRET_KEY);*/
BasicSessionCredentials credentials = new BasicSessionCredentials(ACCESS_KEY, SECRET_KEY, SESSION_KEY);
signer.setServiceName("execute-api");
signer.setRegionName("ap-south-1");
signer.sign(aws, credentials);
Log.d(TAG, "getSignHeader() getHeaders(): "+aws.getHeaders().toString());
return aws.getHeaders();
}
public com.amazonaws.Request<?> generateBasicRequest(String url) {
//com.amazonaws.Request<?> request = new DefaultRequest<Void>("execute-api");
AmazonWebServiceRequest amazonWebServiceRequest = new AmazonWebServiceRequest() {
};
//ClientConfiguration clientConfiguration = new ClientConfiguration();
String API_GATEWAY_SERVICE_NAME = "execute-api";
com.amazonaws.Request<?> request = new DefaultRequest(amazonWebServiceRequest, API_GATEWAY_SERVICE_NAME);
request.addHeader("Content-type", "application/json");
//request.addHeader("Content-Type","application/x-www-form-urlencoded");
request.addHeader("x-api-key", XAPI_KEY);
// request.setResourcePath("/");
request.setEndpoint(URI.create(url));
request.setResourcePath(url);
request.setHttpMethod(HttpMethodName.GET);
return request;
}
private class SessionCredentialLoader extends AsyncTask<Void, Void, Boolean> {
@Override
protected Boolean doInBackground(Void... voids) {
try {
response = client.newCall(request).execute();
} catch (IOException e) {
e.printStackTrace();
}
return (response != null);
}
@Override
protected void onPostExecute(Boolean result) {
Log.d(TAG, "onPostExecute() result: "+result );
Log.d(TAG, "onPostExecute() response: "+response.toString() );
}
}
API がヒットし、CMS から応答が得られるはずです。どこで間違いを犯しているのか、教えてください。これらは、http 要求に追加されるヘッダーです。
Header() X-Amz-Date : 20181224T112843Z
Header() Host : abc.amazonaws.com
Header() x-api-key : 23423432432342XYZ
Header() Content-type : application/json
Header() x-amz-security-token : abc......xyz
Header() Authorization : AWS4-HMAC-SHA256 Credential=ACCESS_KEY/20181224/ap-south-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=85246b145dbef7b119c93ee71c9ee7dbd0f017893cc25b162234445149a91461
生成されたエラー:
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. \n\n The Canonical String for this request should have been\n'POST\n/dev/api/client/getAllChannels\n\nhost:abc.amazonaws.com \n x-amz-date:20181225T121555Z\nx-amz-security-token:abcsessionToken'\n\n The String-to-Sign should have been\n'AWS4-HMAC-SHA256\n 20181225T121555Z\n20181225/ap-south-1/execute-api/aws4_request\signatureCode'\n"}