I'm trying to work directly with the REST API for the S3 service from Amazon and I don't get to understand what a canonical request is.
What I understand is:
Then, the questions are:
This Authorization header contains a hashed HTTP request (the canonical request) This HTTP request needs a hashed payload and then is concatenated to a longer string. This string is hashed several times. The result is the Authentication header.
Signature Version 4 (SigV4) is the process to add authentication information to AWS API requests sent by HTTP. For security, most requests to AWS must be signed with an access key. The access key consists of an access key ID and secret access key, which are commonly referred to as your security credentials.
Description. AWS4-HMAC-SHA256. The algorithm that was used to calculate the signature. You must provide this value when you use AWS Signature Version 4 for authentication.
UNSIGNED-PAYLOAD can be used only with a query-string authentication. If you use Authorization header authentication, it cannot be used. As an option, you can use chunked transfer, so will have to calculate hashes for small chunks of data than can be buffered for hashing.
A canonical request
is a just a vocabulary thing.
The canonical request is the same as the real request?
It is a representation of the real request; per your screenshot, it is defined as
CanonicalRequest =
HTTPRequestMethod + '\n' +
CanonicalURI + '\n' +
CanonicalQueryString + '\n' +
CanonicalHeaders + '\n' +
SignedHeaders + '\n' +
HexEncode(Hash(RequestPayload))
of course if you pass that strict into your browser, it will not be understood and it will not be executed so it will be transform (make encoding nice etc ...)
so for example you will get a canonical representation of your request defined as
CanonicalRequest =
"GET" + '\n' +
"http://s3.amazonaws.com/examplebucket" + '\n' +
URI-encode("marker")+"="+URI-encode("someMarker")+"&"+URI-encode("max-keys")+"="+URI-encode("20") + "&" +URI-encode("prefix")+"="+URI-encode("somePrefix") + '\n' +
Lowercase("host")+":"+Trim("s3.amazonaws.com")+"\n"+Lowercase("x-amz-<something>")+":"+Trim("<the_value>")+ '\n' +
"host;x-amz-<something (same as above)>" + '\n' +
HexEncode(Hash(RequestPayload))
Then from this definition, the system will create the "real" request meaning the one that will be executed against the server
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With