We Keep Coding

Invalid AWS Access Key when calling S3 from Apex

I am attempting to access s3 from Apex using credentials returned from AssumeRole. However, I am receiving the following error:
<Message>The AWS Access Key Id you provided does not exist in our records.</Message>
<AWSAccessKeyId>ASIA********</AWSAccessKeyId>
I am able to successfully call GetObject on this s3 bucket from the CLI using the credentials returned from AssumeRole, so I can be reasonably sure that my bucket permissions have been set up fine. I have the following code in Apex:
Http http = new http();
Profile p = [SELECT Id FROM Profile WHERE Profile.Name = 'S3 Test User' LIMIT 1];
S3_Settings__c s3 = S3_Settings__c.getInstance(p.Id);
String exp = String.valueOf(Cache.Session.get('expiration'));
String sessionToken = String.valueOf(Cache.Session.get('token'));
if(exp == null || exp == '' || (DateTime) JSON.deserialize('"' + exp + '"', DateTime.class) < System.now()) {
requestSessionToken();
}
sessionToken = String.valueOf(Cache.Session.get('token'));
DateTime expires = (DateTime) JSON.deserialize('"' + String.valueOf(Cache.Session.get('expiration')) + '"', DateTime.class);
String accessKeyId = String.valueOf(Cache.Session.get('accessKeyId'));
String accessSecret = String.valueOf(Cache.Session.get('secret'));
String bucketname = s3.Recording_Bucket__c;
String host = 's3.amazonaws.com';
String formattedDateString = Datetime.now().formatGMT('EEE, dd MMM yyyy HH:mm:ss z');
String method = 'GET';
String filePath = 'https://' + bucketname + '.' + host + '/' + filename;
HttpRequest req = new HttpRequest();
req.setMethod(method);
req.setEndpoint(filePath);
req.setHeader('Host', bucketname + '.' + host);
req.setHeader('Connection', 'keep-alive');
String stringToSign = 'GET\n\n' + 'x-amz-security-token=' + sessionToken + '&expiration=' + expires + '\n' + formattedDateString + '\n/' + '/' + bucketname + '/' + filename;
System.debug('SIGN ' + stringToSign);
String encodedStringToSign = EncodingUtil.urlEncode(stringToSign, 'UTF-8');
Blob mac = Crypto.generateMac('HMACSHA1', blob.valueof(stringToSign),blob.valueof(accessSecret));
String signedKey = EncodingUtil.base64Encode(mac);
String authHeader = 'AWS' + ' ' + accessKeyId + ':' + signedKey;
req.setHeader('Date', formattedDateString);
//req.setHeader('x-amz-security-token', sessionToken); //AWS returns 'invalid signature' if this is set
req.setHeader('Authorization',authHeader);
HttpResponse resp = http.send(req);
It seems as if the AWS is reading in the AccessKeyId/Secret, but not the session token. I've also tried setting x-amz-security-token as a header, but this throws a 403 Error -- Signature mismatch. Am I missing something within my headers or signature that would enable this request to return successfully?

Turns out I was placing the x-amz-security-token header in the wrong location. It needs to occur in the canonical AMZ Headers section immediately after the formatted date, with a comma to separate the name and value:
String stringToSign = 'GET\n\n\n' + formattedDateString + '\n' + 'x-amz-security-token:' + sessionToken + '\n' + '/' + bucketname + '/' + filename;
Additionally, the following line needed to be uncommented:
req.setHeader('x-amz-security-token', sessionToken);
As a last note, be sure that neither the header nor the canonicalized AMZ Header are capitalized.

getting "415:Media not supported" Error when passing pdf to IBM watson in Salesforce

I am planning to integrate the IBM Watson Document Conversion service
with Salesforce.
From there I am unable to send my pdf file directly to Watson and I'm getting Media Type not supported.
I am also getting this error:
{
"code" : 500 ,
"error" : "Server Error" ,
"description" : "2017-07-18T06:02:19-04:00, Error WATSNGWERR-0x0113001c occurred when accessing https://gateway.watsonplatform.net/document-conversion/api/v1/convert_document?version=2015-12-15&config="{"conversion_target":"answer_units"}", Tran-Id: gateway-dp02-1967135880 - Watson Gateway Error"
}
Here is the code I'm using:
public class Resume {
String boundary = '----------------------------741e90d31eff';
public string id{get;set;}
public string content{get;set;}
Transient public Attachment att{set;get;}
public Resume(ApexPages.StandardController controller) {
id=ApexPages.currentPage().getParameters().get('id');
att=new Attachment();
att=[Select Id,ParentId, Name,body,ContentType From Attachment where ParentId=:id limit 1];
content=String.valueOf(att.body);
System.debug('---->' + content);
String header = '--' + boundary + '\nContent-Disposition: form-data; name="att"; filename="'+att.name+'";\nContent-Type: application/pdf';
String footer = '--' + boundary + '--';
String headerEncoded =
EncodingUtil.base64Encode(Blob.valueOf(header+'\r\n\r\n'));
String bodyEncoded = EncodingUtil.base64Encode(att.body);
Blob bodyBlob = null;
String last4Bytes =
bodyEncoded.substring(bodyEncoded.length() - 4, bodyEncoded.length());
while (headerEncoded.endsWith('=')){
header+=' ';
headerEncoded = EncodingUtil.base64Encode(Blob.valueOf(header+'\r\n\r\n'));
}
if (last4Bytes.endsWith('==')) {
last4Bytes = last4Bytes.substring(0,2) + '0K';
bodyEncoded = bodyEncoded.substring(0,bodyEncoded.length()-4) + last4Bytes;
String footerEncoded = EncodingUtil.base64Encode(Blob.valueOf(footer));
bodyBlob = EncodingUtil.base64Decode(headerEncoded + bodyEncoded + footerEncoded);
} else if (last4Bytes.endsWith('=')) {
last4Bytes = last4Bytes.substring(0,3) + 'N';
bodyEncoded = bodyEncoded.substring(0,bodyEncoded.length()-4) + last4Bytes;
footer = '\n' + footer;
String footerEncoded = EncodingUtil.base64Encode(Blob.valueOf(footer));
bodyBlob = EncodingUtil.base64Decode(headerEncoded + bodyEncoded + footerEncoded);
} else {
footer = '\r\n' + footer;
String footerEncoded = EncodingUtil.base64Encode(Blob.valueOf(footer));
bodyBlob = EncodingUtil.base64Decode(headerEncoded + bodyEncoded + footerEncoded);
}
String configAsString ='\"conversion_target:answer_units\"';
Http h = new Http();
HttpRequest request = new HttpRequest();
request.setMethod('POST');
request.setHeader('Content-Type','multipart/form-data; boundary=' + boundary);
String username= 'DOCUMENT-CONVERSION-USERNAME';
String password= 'DOCUMENT-CONVERSION-PASSWORD';
request.setHeader('Authorization', 'Basic ' + EncodingUtil.base64Encode(blob.valueOf(username + ':' + password)));
request.setEndpoint('https://gateway.watsonplatform.net/document-conversion/api/v1/convert_document?version=2015-12-15&config='+configAsString);
request.setBodyAsBlob(bodyBlob);
request.setCompressed(true);
HttpResponse response = h.send(request);
System.debug(response.getBody());
}
}

You are sending the config as a query parameter, but it should be in the body.
Here is the curl command that makes what you are trying to do:
curl -X POST \
-u "{username}":"{password}" \
-F config="{\"conversion_target\":\"answer_units\"}" \
-F "file=#sample.pdf;type=application/pdf" \
"https://gateway.watsonplatform.net/document-conversion/api/v1/convert_document?version=2015-12-15"
I also think there is an error in the way you are creating the body. My team built an SDK to use the Watson APIs in the Salesforce environment. I would suggest you take a look.
If you can't deploy the SDK to your Salesforce organization (It's a lot of code), copy the code from the IBMWatsonMultipartBody.cls class. It will help you encode an Attachment as base64 so that you can end it to Watson.
UPDATE: The Document Conversion service was deprecated but the features from that service were enhanced and migrated to the Discovery service

Uploading JSON to BigQuery

Update: I will answer this myself immediately (this code works):
My customized upload code based off: https://developers.google.com/bigquery/loading-data-into-bigquery#loaddatapostrequest
import sys
import json
from apiclient.discovery import build
from oauth2client.file import Storage
from oauth2client.client import AccessTokenRefreshError
from oauth2client.client import OAuth2WebServerFlow
from oauth2client.tools import run
from apiclient.errors import HttpError
import httplib2
FLOW = OAuth2WebServerFlow(
client_id='xxxxxxx.apps.googleusercontent.com',
client_secret='shhhhhhhhhhhh',
scope='https://www.googleapis.com/auth/bigquery',
user_agent='my-program-name/1.0')
def loadTable(http, service):
projectId = 'drc-compute'
datasetId = 'standing'
import time
tableId = 'test_' + str(int(time.time()))
url = "https://www.googleapis.com/upload/bigquery/v2/projects/" + projectId + "/jobs"
schema = open('test_schema.json', 'r')
# Create the body of the request, separated by a boundary of xxx
newresource = ('--xxx\n' +
'Content-Type: application/json; charset=UTF-8\n' + '\n' +
'{\n' +
' "configuration": {\n' +
' "load": {\n' +
' "sourceFormat": "NEWLINE_DELIMITED_JSON",\n' +
' "schema": {\n'
' "fields": ' + schema.read() + '\n' +
' },\n' +
' "destinationTable": {\n' +
' "projectId": "' + projectId + '",\n' +
' "datasetId": "' + datasetId + '",\n' +
' "tableId": "' + tableId + '"\n' +
' }\n' +
' }\n' +
' }\n' +
'}\n' +
'--xxx\n' +
'Content-Type: application/octet-stream\n' +
'\n')
# Append data from the specified file to the request body
f = open('test.json', 'r')
newresource += f.read().replace('\n', '\r\n')
# Signify the end of the body
newresource += ('--xxx--\n')
print newresource
headers = {'Content-Type': 'multipart/related; boundary=xxx'}
resp, content = http.request(url, method="POST", body=newresource, headers=headers)
if not resp.status == 200:
print resp
print content
else:
jsonResponse = json.loads(content)
jobReference = jsonResponse['jobReference']['jobId']
import time
while True:
jobCollection = service.jobs()
getJob = jobCollection.get(projectId=projectId, jobId=jobReference).execute()
currentStatus = getJob['status']['state']
if 'DONE' == currentStatus:
print "Done Loading!"
return
else:
print 'Waiting to load...'
print 'Current status: ' + currentStatus
print time.ctime()
time.sleep(10)
def main(argv):
# If the credentials don't exist or are invalid, run the native client
# auth flow. The Storage object will ensure that if successful the good
# credentials will get written back to a file.
storage = Storage('bigquery2.dat') # Choose a file name to store the credentials.
credentials = storage.get()
if credentials is None or credentials.invalid:
credentials = run(FLOW, storage)
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with our good credentials.
http = httplib2.Http()
http = credentials.authorize(http)
service = build('bigquery','v2', http=http)
#datasets = service.datasets().list(projectId='917370487687').execute()
loadTable(http, service)
if __name__ == '__main__':
main(sys.argv)
You'll need your own bigquery client_id and client_secret to replicate in addition to running it once on a machine you can open a browser and log in to google with. Then bigquery2.dat will then store oauth2 refresh tokens and such. The simple test data I'm playing with is just:
test.json
{"asdf": "dd"}
{"asdf": "ax"}
test_schema.json
[
{
"type": "STRING",
"name": "asdf",
"mode": "NULLABLE"
}
]

To not leave this question open, as you already answered it in the question section - thanks to #noonien comment:
"remember to set sourceFormat within the load properties to
NEWLINE_DELIMITED_JSON"

Embedded Signing api docusign

I'm using DocuSign to add eSignature to my requests and everything's working well. Right now I send my signature requests,by using Embedded method- to initiate my workflows immediately by navigating to a URL.
After login,and execute the bellow code,i get the (Embedded View: https://demo.docusign.net/Member/StartInSession.aspx?StartConsole=1&t=32598057-5a59-4d0b-bad8-a8ff8f2407f6&DocuEnvelope=168bc155-e013-4ffd-abb4-7608b56647f8&send=1), but whene i paste the url to try signing document in navigate, but will redirect me to an other url is(http://www.docusign.com/?event=Send&envelopeId=168bc155-e013-4ffd-abb4-7608b56647f8),
how can'i start wotkflow process to sign my enveloppe ?? i can't see my enveloppe to sign it.
// STEP 2 - Create an envelope with one recipient, document, and tab and send
//
String jsonBody = "{\"emailBlurb\":\"partail\"," +
"\"emailSubject\":\"API Call for adding signature request to document and sending\"," +
"\"documents\":[{" +
"\"documentId\":\"1\"," +
"\"name\":\"test.pdf\"}]," +
"\"recipients\":{" +
"\"signers\":[{" +
"\"email\":\"" + EmailRecipients + "\"," +
"\"name\":\"name\"," +
"\"recipientId\":\"1\"," +
"\"routingOrder\":\"1\","+
"\"clientUserId\":\"1000\","+
"\"tabs\":{" +
"\"signHereTabs\":[{" +
"\"xPosition\":\"300\"," +
"\"yPosition\":\"600\"," +
"\"documentId\":\"1\"," +
"\"pageNumber\":\"1\"" + "}]}}]}," +
"\"status\":\"sent\"}";
//DemandeSign.getenvelope();
File file = new File("D:/test.pdf");
InputStream inputStream = new FileInputStream(file);
byte[] bytes = new byte[(int) file.length()];
inputStream.read(bytes);
inputStream.close();
String requestBody = "\r\n\r\n--BOUNDARY\r\n" +
"Content-Type: application/json\r\n" +
"Content-Disposition: form-data\r\n" +
"\r\n" +
jsonBody + "\r\n\r\n--BOUNDARY\r\n" + // our json formatted request body
"Content-Type: application/pdf\r\n" +
"Content-Disposition: file; filename=\"test.pdf\"; documentId=1\r\n" +
"\r\n";
// we break this up into two string since the PDF doc bytes go here and are not in string format.
// see further below where we write to the outputstream...
String reqBody2 = "\r\n" + "--BOUNDARY--\r\n\r\n";
// append "/envelopes" to the baseUrl and use in the request
conn = (HttpURLConnection)new URL(baseURL + "/envelopes").openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("X-DocuSign-Authentication", authenticateStr);
conn.setRequestProperty("Content-Type", "multipart/form-data; boundary=BOUNDARY");
conn.setRequestProperty("Content-Length", Integer.toString(requestBody.toString().length()));
conn.setRequestProperty("Accept", "application/xml");
// write the body of the request...
DataOutputStream dos = new DataOutputStream( conn.getOutputStream() );
dos.writeBytes(requestBody.toString());
dos.write(bytes);
dos.writeBytes(reqBody2.toString());
dos.flush(); dos.close();
status = conn.getResponseCode(); // triggers the request
if( status != 201 ) // 201 = Created
{
System.out.println("Error calling webservice, status is: " + status);
InputStreamReader isr = new InputStreamReader( conn.getErrorStream() );
br = new BufferedReader(isr);
StringBuilder error_response = new StringBuilder();
while ( (line = br.readLine()) != null)
error_response.append(line);
System.out.println("Error response is " + error_response.toString() );
System.exit(-1);
}
// Read the response
InputStreamReader isr = new InputStreamReader( conn.getInputStream() );
br = new BufferedReader(isr);
StringBuilder response2 = new StringBuilder();
while ( (line = br.readLine()) != null)
response2.append(line);
//token1 = "//*[1]/*[local-name()='envelopeId']";
//String envelopeId = xPath.evaluate(token1, new InputSource(new StringReader(response2.toString())));
//--- display results
//System.out.println("Document sent! envelopeId is " + envelopeId );//envelopeId is e4c0659a-9d01-4ac3-a45f-02a80fd6bd96 at 04/07/2013 17:24
token1 = "//*[1]/*[local-name()='uri']";
String uri = xPath.evaluate(token1, new InputSource(new StringReader(response2.toString())));
//--- display results
System.out.println("uri = " + uri );
/// Step3
// construct another outgoing XML request body
String reqBody = "<returnUrlRequest xmlns=\"http://www.docusign.com/restapi\">" +
"<authenticationMethod>email</authenticationMethod>" +
"<email>***test#gmail.com***</email>" +
"<returnUrl>http://www.docusign.com</returnUrl>" +
"<userName>name</userName>" +
"<clientUserId>1000</clientUserId>" +
"</returnUrlRequest>";
// append uri + "/views/sender" to the baseUrl and use in the request
conn = (HttpURLConnection)new URL(baseURL + uri + "/views/sender").openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("X-DocuSign-Authentication", authenticateStr);
conn.setRequestProperty("Content-Type", "application/xml");
conn.setRequestProperty("Content-Length", Integer.toString(reqBody.length()));
conn.setRequestProperty("Accept", "application/xml");
// write the body of the request...
dos = new DataOutputStream( conn.getOutputStream() );
dos.writeBytes(reqBody); dos.flush(); dos.close();
status = conn.getResponseCode(); // triggers the request
if( status != 201 ) // 201 = Created
{
System.out.println("Error calling webservice, status is: " + status);
System.exit(-1);
}
// Read the response
isr = new InputStreamReader( conn.getInputStream() );
br = new BufferedReader(isr);
StringBuilder response3 = new StringBuilder();
while ( (line = br.readLine()) != null)
response3.append(line);
token1 = "//*[1]/*[local-name()='url']";
//--- display results
System.out.println("Embedded View: " + xPath.evaluate(token1, new InputSource(new StringReader(response3.toString()))));`

Are you trying to access the URL immediately or are you waiting at all? Once you generate a URL token to access a given envelope it has a TTL (time to life) of 5 mins, meaning it expires after 5 minutes and you then need to generate a new one.
If that's not it, your problem might be related to how you are identifying your recipient. A recipient in DocuSign is identified by the unique combination of their name, email, recipientId, and in the case of embedding, the clientUserId. You seem to be setting all of those, however whatever the combination is when you first create the envelope, you need to refer to the same combination when you are requesting the Embedded URL token.
When you create your envelope I see you are setting the name literally to "name" and that you are setting the email through a variable called "EmailRecipients". But when you request the URL token you are using email "test#gmail.com", that might be causing your issue too.

Get Items from Sharepoint List

I'm trying to get items from a list in sharepoint but i have some problems, it's difficult to explain so look at the code :
try
{
using (System.IO.StreamWriter file = new System.IO.StreamWriter(#"C:\log\Steps_" + DateTime.Now.Day + "_at_" + DateTime.Now.Hour + "h" + DateTime.Now.Minute + ".txt", true))
{
if (SPSite.Exists(new Uri(Url)))
{
using (SPSite site = new SPSite(Url))
{
file.WriteLine("step 1 : " + DateTime.Now.Hour + "h" + DateTime.Now.Minute + " " + DateTime.Now.Second + "s " + DateTime.Now.Millisecond + "ms ");
SPList list = site.AllWebs[""].Lists["CrmInfo"];
file.WriteLine("step 2 : " + DateTime.Now.Hour + "h" + DateTime.Now.Minute + " " + DateTime.Now.Second + "s " + DateTime.Now.Millisecond + "ms ");
var items = list.GetItems();
file.WriteLine("step 3 : " + DateTime.Now.Hour + "h" + DateTime.Now.Minute + " " + DateTime.Now.Second + "s " + DateTime.Now.Millisecond + "ms ");
foreach (SPListItem item in list.Items)
{
if (item.Name.Equals("serverName"))
serverName = (string)item["Value"];
if (item.Name.Equals("orgName"))
orgName = (string)item["Value"];
if (item.Name.Equals("userName"))
userName = (string)item["Value"];
if (item.Name.Equals("userPassword"))
userPassword = (string)item["Value"];
if (item.Name.Equals("userDomain"))
userDomain = (string)item["Value"]; }
}
}
}
}
catch (Exception e)
{
using (System.IO.StreamWriter file = new System.IO.StreamWriter(#"C:\log\error_" + DateTime.Now.Day + "_at_" + DateTime.Now.Hour + "h" + DateTime.Now.Minute + ".txt", true))
{
file.WriteLine("An error occured on {0}th at {1}h{2}", DateTime.Now.Day, DateTime.Now.Hour, DateTime.Now.Minute);
file.WriteLine(e.Message);
}
}
Here is the problem : if i remove
using (System.IO.StreamWriter file = new System.IO.StreamWriter(#"C:\log\Steps_" + DateTime.Now.Day + "_at_" + DateTime.Now.Hour + "h" + DateTime.Now.Minute + ".txt", true))
(with all corresponding file.WriteLine ...) and i deploy my feature on sharepoint, i get a 500 internal server error. If i let it like that, it works but i want to remove that part.
Can someone tell me what's wrong ? I really don't understand ...
Thank you.
edit : If i remove all the file.WriteLine ... when i deploy, it creats a Steps_xxxx.txt file which is empty (logic) but it catch an exception :
The process cannot access the file 'C:\log\Steps_17_at_12h22.txt' because it is being used by another process. But i'm not using it anywhere else!
Edit : New Element, i get this in my logfile
An error occured on 20th at 11h3
The request channel timed out while waiting for a reply after 00:00:43.5159686. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.
System.TimeoutException: The HTTP request to 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' has exceeded the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. ---> System.Net.WebException: The operation has timed out
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
mscorlib
I searched a little bit an modify the client.config timeout (from 00:00:20 to 00:02:00) but still not working ...
In fact there is one question to resolve this problem :
Why can't i use a SPSite in my feature ?
I found a way to debug the code when launching the sharepoint Site (using Debug->Attach to process...) and i tried with this :
if (SPContext.Current.Site.RootWeb.Site!=null)
{
using (SPSite site = SPContext.Current.Site.RootWeb.Site)
{
My breakpoint is on this first line and SPContext.Current.Site.RootWeb.Site is null ... Don't understand why.
then in a log file that i created i see this :
Object reference not set to an instance of an object.