0

I'm trying to put a file in S3 using a presigned signature my Java web server provides http://docs.amazonwebservices.com/AmazonS3/latest/dev/PresignedUrlUploadObjectDotNetSDK.html

I need my uploading client (currently my windows 7 using C++) to have a handshake with amazon servers and I don't know how to do it.

When I tried to send the request with a "default context" (naively) it printed a "self signed certificate in certificate chain" error and asked me to accept or not the certificate. Then I tried to figure out how to add a certificate and found this code: POCO C++ - NET SSL - how to POST HTTPS request

The problem is that I'm not sure which pem file is needed here. I tried providing the pem files I've downloaded from x.509 in Amazon Web Services Console but it raised an SSL exception: SSL3_GET_SERVER_CERTIFICATE

My Code:

URI uri("https://BUCKET.s3.amazonaws.com/nosigfile?Expires=1959682330&AWSAccessKeyId=ACCESSKEY&Signature=DgOifWPmQi%2BASAIDaIOGXla10%2Fw%3D");
const Poco::Net::Context::Ptr context( new Poco::Net::Context( Poco::Net::Context::CLIENT_USE, "", "", "cert(x509).pem") );
Poco::Net::HTTPSClientSession session(uri.getHost(), uri.getPort(), context );
HTTPRequest req(HTTPRequest::HTTP_PUT, uri.getPathAndQuery(), HTTPMessage::HTTP_1_1);
req.setContentLength(contentLength);
session.sendRequest(req) << streamToSend;

Thanks

Community
  • 1
  • 1
Chen Harel
  • 9,684
  • 5
  • 44
  • 58

1 Answers1

0

Poco includes certificates in the project.

You will need any.pem, rootcert.pem, yourappname.xml which you can find in the poco test suite for the SSL side.

./poco-1.4.1p1-all/NetSSL_OpenSSL/testsuite/{any.pem,rootcert.pem,testsuite.xml}

Once you include the two pem files, your xml, which is used during the initializeSSL phase you will not get the warning for self-signed certificates.

class MySSLApp: public Poco::Util::Application
{
public:
    MySSLApp()
    {
        Poco::Net::initializeSSL();
        Poco::Net::HTTPStreamFactory::registerFactory();
        Poco::Net::HTTPSStreamFactory::registerFactory();
    }

    ~MySSLApp()
    {
        Poco::Net::uninitializeSSL();
    }
protected:
    void initialize(Poco::Util::Application& self)
    {
        loadConfiguration(); // load default configuration files, if present
        Poco::Util::Application::initialize(self);
    }

    void myUpload(...) {
        ...
        FilePartSource* pFPS = new FilePartSource(szFilename);
        std::string szHost = "BUCKET.s3.amazonaws.com";
        std::string szPath = "/";
        int nRespCode = 201;
        try{
            HTTPClientSession s(szHost);
            HTTPRequest request(HTTPRequest::HTTP_POST, szPath, HTTPMessage::HTTP_1_1);
            HTMLForm pocoForm(HTMLForm::ENCODING_MULTIPART);
            pocoForm.set("AWSAccessKeyId",        ACCESSKEY);
            pocoForm.set("acl",                   "public-read");
            pocoForm.set("success_action_status", toString(nRespCode));
            pocoForm.set("Content-Type",          m_szContentType);
            pocoForm.set("key",                   m_szPath + "/" + m_szDestFileName);
            pocoForm.set("policy",                m_szPolicy);
            pocoForm.set("signature",             m_szSignature);
            pocoForm.addPart("file",              pFPS);

            pocoForm.prepareSubmit(request);

            std::ostringstream oszMessage;
            pocoForm.write(oszMessage);
            std::string szMessage = oszMessage.str();

            //AWS requires a ContentLength set EVEN though it is chunked!
            request.setContentLength((int) szMessage.length());

            s.sendRequest(request) << szMessage;
            //or:
            //pocoForm.write(s.sendRequest(request));

            HTTPResponse response;
            std::istream& rs = s.receiveResponse(response);
            int code = response.getStatus();
            if (code != nRespCode) {
                stringstream s;
                s << "HTTP Error " << code;
                throw Poco::IOException(s.str());
            }
        } catch (Exception& exc) {
            std::cout << exc.displayText() << endl;
            return;
        }
        return;   
    }
 }

The xml file will look something like this:

<AppConfig>
<openSSL>
    <server>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>none</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </server>
    <client>
        <privateKeyFile>${application.configDir}any.pem</privateKeyFile>
        <caConfig>${application.configDir}rootcert.pem</caConfig>
        <verificationMode>relaxed</verificationMode>
        <verificationDepth>9</verificationDepth>
        <loadDefaultCAFile>true</loadDefaultCAFile>
        <cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
        <privateKeyPassphraseHandler>
            <name>KeyFileHandler</name>
            <options>
                <password>secret</password>
            </options>
        </privateKeyPassphraseHandler>
        <invalidCertificateHandler>
            <name>AcceptCertificateHandler</name>
            <options>
            </options>
        </invalidCertificateHandler>
    </client>
</openSSL>
</AppConfig>
cedarwrk
  • 38
  • 2