Hi team, here's a new case.
Problem Symptom
All basic services are unavailable, and signature mismatch is reported on clients.
Problem Diagnosis
Check the signature calculation method used by a client.
Check whether the format of StringToSign calculated by the client is correct.An incorrect StringToSign will be returned when the signature calculation method is incorrect or the bucket name is incorrectly resolved by a virtual host. Compare the incorrect StringToSign returned on the server with the one calculated by the client.
Check whether the access key ID (AK) and secret access key (SK) are correct.
View the logs to check whether the AK used by clients is the same and whether the AK is expired.
Causes
The signature calculated by a client must be the same as that calculated by the server. Otherwise, the authentication will fail.
Signature calculation rules
V2 authentication:
StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + x-obs-date + "\n" + User-defined header fields + "/bucketName/URI"
All user-defined header fields that need to be signed are organized in alphabetical order and separated by "\n".
V4 authentication:
StringToSign = "AWS4-HMAC-SHA256" + "\n" + TimeStampISO8601Format + "\n" + <Scope> + "\n" + Hex(SHA256Hash(<CanonicalRequest>))
Signature function (using the SK to encrypt StringToSign)
Solution
Ensure that the clients and server use the same signature calculation method or check whether the AK and SK configurations are correct.
Check After Recovery
Check whether services can run properly.
Suggestion and Summary
Locate the fault by performing the preceding steps.
