I have an app which is currently uploading images to amazon S3. I have been trying to switch it from using NSURLConnection to NSURLSession so that the uploads can continue while the app is in the background! I seem to be hitting a bit of an issue. The NSURLRequest is created and passed to the NSURLSession but amazon sends back a 403 - forbidden response, if I pass the same request to a NSURLConnection it uploads the file perfectly.
Here is the code that creates the response:
NSString *requestURLString = [NSString stringWithFormat:@"http://%@.%@/%@/%@", BUCKET_NAME, AWS_HOST, DIRECTORY_NAME, filename];
NSURL *requestURL = [NSURL URLWithString:requestURLString];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:requestURL
cachePolicy:NSURLRequestReloadIgnoringLocalAndRemoteCacheData
timeoutInterval:60.0];
// Configure request
[request setHTTPMethod:@"PUT"];
[request setValue:[NSString stringWithFormat:@"%@.%@", BUCKET_NAME, AWS_HOST] forHTTPHeaderField:@"Host"];
[request setValue:[self formattedDateString] forHTTPHeaderField:@"Date"];
[request setValue:@"public-read" forHTTPHeaderField:@"x-amz-acl"];
[request setHTTPBody:imageData];
And then this signs the response (I think this came from another SO answer):
NSString *contentMd5 = [request valueForHTTPHeaderField:@"Content-MD5"];
NSString *contentType = [request valueForHTTPHeaderField:@"Content-Type"];
NSString *timestamp = [request valueForHTTPHeaderField:@"Date"];
if (nil == contentMd5) contentMd5 = @"";
if (nil == contentType) contentType = @"";
NSMutableString *canonicalizedAmzHeaders = [NSMutableString string];
NSArray *sortedHeaders = [[[request allHTTPHeaderFields] allKeys] sortedArrayUsingSelector:@selector(caseInsensitiveCompare:)];
for (id key in sortedHeaders)
{
NSString *keyName = [(NSString *)key lowercaseString];
if ([keyName hasPrefix:@"x-amz-"]){
[canonicalizedAmzHeaders appendFormat:@"%@:%@\n", keyName, [request valueForHTTPHeaderField:(NSString *)key]];
}
}
NSString *bucket = @"";
NSString *path = request.URL.path;
NSString *query = request.URL.query;
NSString *host = [request valueForHTTPHeaderField:@"Host"];
if (![host isEqualToString:@"s3.amazonaws.com"]) {
bucket = [host substringToIndex:[host rangeOfString:@".s3.amazonaws.com"].location];
}
NSString* canonicalizedResource;
if (nil == path || path.length < 1) {
if ( nil == bucket || bucket.length < 1 ) {
canonicalizedResource = @"/";
}
else {
canonicalizedResource = [NSString stringWithFormat:@"/%@/", bucket];
}
}
else {
canonicalizedResource = [NSString stringWithFormat:@"/%@%@", bucket, path];
}
if (query != nil && [query length] > 0) {
canonicalizedResource = [canonicalizedResource stringByAppendingFormat:@"?%@", query];
}
NSString* stringToSign = [NSString stringWithFormat:@"%@\n%@\n%@\n%@\n%@%@", [request HTTPMethod], contentMd5, contentType, timestamp, canonicalizedAmzHeaders, canonicalizedResource];
NSString *signature = [self signatureForString:stringToSign];
[request setValue:[NSString stringWithFormat:@"AWS %@:%@", self.S3AccessKey, signature] forHTTPHeaderField:@"Authorization"];
Then if I use this line of code:
[NSURLConnection connectionWithRequest:request delegate:self];
It works and uploads the file, but if I use:
NSURLSessionUploadTask *task = [self.session uploadTaskWithRequest:request fromFile:[NSURL fileURLWithPath:filePath]];
[task resume];
I get the forbidden error..!?
Has anyone tried uploading to S3 with this and hit similar issues? I wonder if it is to do with the way the session pauses and resumes uploads, or it is doing something funny to the request..?
One possible solution would be to upload the file to an interim server that I control and have that forward it to S3 when it is complete... but this is clearly not an ideal solution!
Any help is much appreciated!!
Thanks!
I made it work based on Zeev Vax answer. I want to provide some insight on problems I ran into and offer minor improvements.
Build a normal PutRequest, for instance
S3PutObjectRequest* putRequest = [[S3PutObjectRequest alloc] initWithKey:keyName inBucket:bucketName];
putRequest.credentials = credentials;
putRequest.filename = theFilePath;
Now we need to do some work the S3Client usually does for us
// set the endpoint, so it is not null
putRequest.endpoint = s3Client.endpoint;
// if you are using session based authentication, otherwise leave it out
putRequest.securityToken = messageTokenDTO.securityToken;
// sign the request (also computes md5 checksums etc.)
NSMutableURLRequest *request = [s3Client signS3Request:putRequest];
Now copy all of that to a new request. Amazon use their own NSUrlRequest class which would cause an exception
NSMutableURLRequest* request2 = [[NSMutableURLRequest alloc]initWithURL:request.URL];
[request2 setHTTPMethod:request.HTTPMethod];
[request2 setAllHTTPHeaderFields:[request allHTTPHeaderFields]];
Now we can start the actual transfer
NSURLSession* backgroundSession = [self backgroundSession];
_uploadTask = [backgroundSession uploadTaskWithRequest:request2 fromFile:[NSURL fileURLWithPath:theFilePath]];
[_uploadTask resume];
This is the code that creates the background session:
- (NSURLSession *)backgroundSession {
static NSURLSession *session = nil;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration backgroundSessionConfiguration:@"com.example.my.unique.id"];
session = [NSURLSession sessionWithConfiguration:configuration delegate:self delegateQueue:nil];
});
return session;
}
It took me a while to figure out that the session / task delegate needs to handle an auth challenge (we are in fact authentication to s3). So just implement
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler {
NSLog(@"session did receive challenge");
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
}