[Pharo-users] AWS Version 4 authentication + streaming upload

PAUL DEBRUICKER pdebruic at gmail.com
Sat May 14 13:41:06 EDT 2016

Hi Sven,

For AWS regions created after Jan 30 2014, AWS requires one to use version 4 of their authentication scheme (http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html).  It describes a header and request signing process that is more involved than version 2 that is implemented in the Zinc AWS client.   

Sho Yoshida has already made an AWS client (https://github.com/newapplesho/aws-sdk-smalltalk) that works great for their version 4 non-streaming uploads to S3.  It uses Zinc.    

I'm planning to add streaming and had some questions for you about how Zinc does streaming and where/how I should make some modifications.

When streaming an upload you have to SHA256 each chunk of file data and attach its SHA to the subsequent chunk.  The initial chunk gets the first chunk of file data and the SHA256 of the secret key.   The last chunk is empty and has the SHA256 of the last chunk of file data.  That is all described here http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html.
and example request is here http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html#example-signature-calculations-streaming

My first inclination is to subclass ZnStreamingEntity, give the subclass an instVar to hold the secret key hash. And then extend ZnUtils to do all the hashing and extending of the stream in a frankenstein #awsHashedStreamFrom:to:size:  .  Does that seem like a reasonable approach?

Do I need to adapt the server logic at all?  It seems like I wouldn't. 



More information about the Pharo-users mailing list