Workaround V4 Signing problem

[masahide]

403 error occurs if the space is included in the message, etc.

        sns_client := sns.New(auth, aws.APNortheast)
        pubOpt := &sns.PublishOpt{
                Message:  "aa      a  hoge",
                Subject:  "SNS_Message",
                TopicArn: "xxxxxxxxxxxxxxxxxxxxxxxxx",
        }
        resp, err := sns_client.Publish(pubOpt)
        log.Printf("resp: %#v\n\n", resp)
        log.Printf("err: %#v\n\n", err)

Execution result of the above

2014/10/04 05:35:53 resp: &sns.PublishResp{MessageId:"", ResponseMetadata:sns.ResponseMetadata{RequestId:"", BoxUsage:0}}

2014/10/04 05:35:53 err: &sns.Error{StatusCode:403, Code:"", Message:"403 Forbidden", RequestId:"e2fe9215-bf24-508b-9c76-debcb490bc6a"}

The cause is believed to be a matter of "Signature Version 4 Signing"

http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

The space character is a reserved character and must be encoded as "%20" (and not as "+").

but escape of net / url is
https://code.google.com/p/go/source/browse/src/pkg/net/url/url.go?name=go1.3beta1#198

           case c == ' ' && mode == encodeQueryComponent:
                   t[j] = '+'

I tried the implementation of replace "%20",
but the 403 error still occurred.
About this,
Because there is a possibility of the problem of AWS side of a combination of sns and V4 signing,
its problem inquiry to amazon is ongoing.

As a workaround
I was back port "V2 signing".

[alimoeeny]

@masahide thanks. I don't quite understand what is going on here. Is signing for SNS different from other AWS services? If not why not use and fix the one in goamz/aws ?

[ando-masaki]

There are 2 probrems.

1. The space character is a reserved character and must be encoded as "%20" (and not as "+").
   See: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
2. If the space characters in message, signature does not match.
   API retuens 403 forbidden error and following error message.
   "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."

[masahide]

@ando-masaki thanks.

[alimoeeny]

Thanks @ando-masaki and @masahide , so basically the signing is different. in that case it makes sense.

[ando-masaki]

Thanks @lostghost .
Neverthless, a problem remains.
”%20” in the encoded string, signature does not match.
If solve this probrem, we can use V4 signer.

[lostghost]

@ando-masaki Are you saying that even with the "%20" encoded space that the signature is failing?

[ando-masaki]

Yes. When I cut ”%20” from encoded string, API returns 200 OK.