Hello Team I am trying to debug the request to AWS sts servi WireMock #general

Hello Team, I am trying to debug the request to AW...

Sandeep Vinayak

08/05/2024, 8:27 PM

Hello Team, I am trying to debug the request to AWS sts service through wiremock which is resulting in

SignatureDoesNotMatch

because wiremock is changing request in someway before forwarding it to aws. If I remove the wiremock proxy, the request is successful. Here is the comparison of clients with and without wiremock proxy

Copy code

ProxyConfiguration proxyConfig = ProxyConfiguration.builder().endpoint(URI.create("https://" + WIREMOCK_HOST + ":" + WIREMOCK_PORT)).build();
        TrustManager[] trustAllCerts = createTrustAllManager();
        SdkHttpClient httpClient = ApacheHttpClient.builder()
                .proxyConfiguration(proxyConfig)
                .tlsTrustManagersProvider(() -> trustAllCerts)
                .build();
        return StsClient.builder()
                .httpClient(httpClient) <---------removing this will be success
                .region(Region.US_WEST_2)
                .endpointOverride(
                        URI.create("<https://sts.us-west-2.amazonaws.com>"))
                .build();
    }

my wiremock server is configured as follow:

Copy code

wireMockServer = new WireMockServer(WireMockConfiguration.options()
                .httpsPort(WIREMOCK_PORT)
                .keystorePath("/Users/something/Desktop/wiremock-keystore.jks").keystorePassword("something")
                .withRootDirectory("src/test/resources")
                .enableBrowserProxying(true));

        wireMockServer.start();

With this we are sure that, wiremock is certainly changing the request in some way. How can I force the wiremock not to change anything in request?

Sandeep Vinayak

08/05/2024, 8:30 PM

here is the recorded transaction with wiremock as proxy:

Copy code

{
  "id": "befe53c1-dad5-43b8-8d4c-151babbb6973",
  "name": "",
  "request": {
    "url": "/",
    "method": "POST",
    "bodyPatterns": [
      {
        "equalTo": "Action=AssumeRole&Version=2011-06-15&RoleArn=arn%3Aaws%3Aiam%3A%asas%3Arole%2Ftest&RoleSessionName=any",
        "caseInsensitive": false
      }
    ]
  },
  "response": {
    "status": 403,
    "body": "<ErrorResponse xmlns=\"<https://sts.amazonaws.com/doc/2011-06-15/>\">\n  <Error>\n    <Type>Sender</Type>\n    <Code>SignatureDoesNotMatch</Code>\n    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>\n  </Error>\n  <RequestId>redact</RequestId>\n</ErrorResponse>\n",
    "headers": {
      "x-amzn-RequestId": "redact",
      "Date": "Mon, 05 Aug 2024 20:28:27 GMT",
      "Content-Type": "text/xml",
      "X-Content-Length": "431",
      "ContentLength": "431"
    }
  },
  "uuid": "redact3",
  "persistent": true,
  "insertionIndex": 6
}

19 Views

Open in Slack

Previous Next