InvalidAccessKeySecret and signaturenotmatch errors when the response status code is 400

ssy352959096 · JacksonTian · commit 0fe4514d4233 · 2019-02-27T13:20:59.000+08:00
diff --git a/aliyun-java-sdk-core/src/main/java/com/aliyuncs/DefaultAcsClient.java b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/DefaultAcsClient.java
@@ -24,9 +24,9 @@
 import com.aliyuncs.exceptions.ServerException;
 import com.aliyuncs.http.FormatType;
 import com.aliyuncs.http.HttpClientFactory;
-import com.aliyuncs.http.HttpUtil;
 import com.aliyuncs.http.HttpRequest;
 import com.aliyuncs.http.HttpResponse;
+import com.aliyuncs.http.HttpUtil;
 import com.aliyuncs.http.IHttpClient;
 import com.aliyuncs.http.UserAgentConfig;
 import com.aliyuncs.profile.DefaultProfile;
@@ -193,7 +193,8 @@ private <T extends AcsResponse> T parseAcsResponse(AcsRequest<T> request, HttpRe
             AcsError error = readError(baseResponse, format);
             if (500 <= baseResponse.getStatus()) {
                 throw new ServerException(error.getErrorCode(), error.getErrorMessage(), error.getRequestId());
-            } else if ("IncompleteSignature".equals(error.getErrorCode())) {
+            } else if (400 == baseResponse.getStatus() && ("IncompleteSignature".equals(error.getErrorCode())
+                    || "SignatureDoesNotMatch".equals(error.getErrorCode()))) {
                 String errorMessage = error.getErrorMessage();
                 Pattern startPattern = Pattern.compile(SIGNATURE_BEGIN);
                 Matcher startMatcher = startPattern.matcher(errorMessage);
diff --git a/aliyun-java-sdk-core/src/test/java/com/aliyuncs/DefaultAcsClientTest.java b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/DefaultAcsClientTest.java
@@ -475,7 +475,7 @@ public void testGetCommonResponseClientException() throws ClientException, IOExc
         Mockito.when(response.isSuccess()).thenReturn(false);
         Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
         Mockito.when(response.getHttpContentString()).thenReturn(makeAcsErrorXML("", "", "500", "ServerException", ""));
-        Mockito.when(response.getStatus()).thenReturn(401);
+        Mockito.when(response.getStatus()).thenReturn(404);
         thrown.expect(ClientException.class);
         spyClient.getCommonResponse(commonRequest);
     }
@@ -516,7 +516,7 @@ public void testResponseNotIncompleteSignatureError() throws ClientException {
         DefaultAcsClient client = new DefaultAcsClient(profile);
         DefaultAcsClient spyClient = Mockito.spy(client);
         HttpResponse response = Mockito.mock(HttpResponse.class);
-        Mockito.when(response.getStatus()).thenReturn(401);
+        Mockito.when(response.getStatus()).thenReturn(400);
         Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
         Mockito.when(response.getHttpContentString()).thenReturn(makeAcsErrorXML("", "", "Not IncompleteSignature",
                 "ClientException", ""));
@@ -537,7 +537,7 @@ public void testResponseInvalidAccessKeySecretError() throws ClientException {
         DefaultAcsClient client = new DefaultAcsClient(profile);
         DefaultAcsClient spyClient = Mockito.spy(client);
         HttpResponse response = Mockito.mock(HttpResponse.class);
-        Mockito.when(response.getStatus()).thenReturn(401);
+        Mockito.when(response.getStatus()).thenReturn(400);
         Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
         AcsRequest request = Mockito.mock(AcsRequest.class);
         request.strToSign = "GET&%2F%3DDescriat%3DXML%26";
@@ -560,7 +560,7 @@ public void testResponseSignatureNullError() throws ClientException {
         DefaultAcsClient client = new DefaultAcsClient(profile);
         DefaultAcsClient spyClient = Mockito.spy(client);
         HttpResponse response = Mockito.mock(HttpResponse.class);
-        Mockito.when(response.getStatus()).thenReturn(401);
+        Mockito.when(response.getStatus()).thenReturn(400);
         Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
         AcsRequest request = Mockito.mock(AcsRequest.class);
         request.strToSign = "GET&%2F&scribeInstancesDXML%26";
@@ -583,7 +583,7 @@ public void testResponseSignatureError() throws ClientException {
         DefaultAcsClient client = new DefaultAcsClient(profile);
         HttpResponse response = Mockito.mock(HttpResponse.class);
         DefaultAcsClient spyClient = Mockito.spy(client);
-        Mockito.when(response.getStatus()).thenReturn(401);
+        Mockito.when(response.getStatus()).thenReturn(400);
         Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
         AcsRequest request = Mockito.mock(AcsRequest.class);
         request.strToSign = "GET&%2F&Action%3DDescribeInances%26Format%3DXML%26";
@@ -596,6 +596,28 @@ public void testResponseSignatureError() throws ClientException {
         spyClient.getAcsResponse(request);
     }
 
+    @Test
+    public void testResponseSignatureDoesNotMatch() throws ClientException {
+        Credential credential = Mockito.mock(Credential.class);
+        Mockito.when(credential.getSecurityToken()).thenReturn(null);
+        DefaultProfile profile = Mockito.mock(DefaultProfile.class);
+        Mockito.when(profile.getCredential()).thenReturn(credential);
+        DefaultAcsClient client = new DefaultAcsClient(profile);
+        HttpResponse response = Mockito.mock(HttpResponse.class);
+        DefaultAcsClient spyClient = Mockito.spy(client);
+        Mockito.when(response.getStatus()).thenReturn(400);
+        Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
+        AcsRequest request = Mockito.mock(AcsRequest.class);
+        request.strToSign = "GET&%2F&Action%3DDescribeInances%26Format%3DXML%26";
+        String errorMessage = "signature does not conform to standards. server string to sign is:Error Signature";
+        Mockito.when(response.getHttpContentString()).thenReturn(makeAcsErrorXML("", "", "SignatureDoesNotMatch",
+                errorMessage, ""));
+        Mockito.doReturn(response).when(spyClient).doAction(request);
+        thrown.expect(ClientException.class);
+        thrown.expectMessage("SignatureDoesNotMatch : " + errorMessage);
+        spyClient.getAcsResponse(request);
+    }
+
     @SuppressWarnings({ "unchecked", "rawtypes", "deprecation" })
     @Test
     public void testResponseStringContentNull() throws ClientException {
@@ -606,7 +628,7 @@ public void testResponseStringContentNull() throws ClientException {
         DefaultAcsClient client = new DefaultAcsClient(profile);
         HttpResponse response = Mockito.mock(HttpResponse.class);
         DefaultAcsClient spyClient = Mockito.spy(client);
-        Mockito.when(response.getStatus()).thenReturn(401);
+        Mockito.when(response.getStatus()).thenReturn(400);
         Mockito.when(response.getHttpContentType()).thenReturn(FormatType.XML);
         AcsRequest request = Mockito.mock(AcsRequest.class);
         request.strToSign = "GET&%2F&ssddddfgfK";
diff --git a/java-sdk-function-test/src/test/java/com/aliyuncs/NewEndpointTest.java b/java-sdk-function-test/src/test/java/com/aliyuncs/NewEndpointTest.java
@@ -332,7 +332,7 @@ public void testInvalidAccessKeySecret() {
             resolve("cn-hangzhou", "Ecs", "ecs", "innerAPI");
             Assert.fail();
         } catch (ClientException e) {
-            Assert.assertEquals("SignatureDoesNotMatch", e.getErrCode());
+            Assert.assertEquals("SDK.InvalidAccessKeySecret", e.getErrCode());
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -332,7 +332,7 @@ public void testInvalidAccessKeySecret() {`
`332`	`332`	`resolve("cn-hangzhou", "Ecs", "ecs", "innerAPI");`
`333`	`333`	`Assert.fail();`
`334`	`334`	`} catch (ClientException e) {`
`335`		`- Assert.assertEquals("SignatureDoesNotMatch", e.getErrCode());`
	`335`	`+ Assert.assertEquals("SDK.InvalidAccessKeySecret", e.getErrCode());`
`336`	`336`	`}`
`337`	`337`	`}`
`338`	`338`