add more logging for s3 signature (#6652)

weed/s3api/auth_signature_v4.go

@@ -37,6 +37,7 @@ import (
 	"time"
 	"unicode/utf8"
 
+	"github.com/seaweedfs/seaweedfs/weed/glog"
 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
 )
 
@@ -168,8 +169,9 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
 		// Trying with prefix before main path.
 
 		// Get canonical request.
-		canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
+		glog.V(4).Infof("Forwarded Prefix: %s", forwardedPrefix)
 
+		canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
 		errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values)
 		if errCode == s3err.ErrNone {
 			return identity, errCode
@@ -191,7 +193,7 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
 func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode {
 	// Get string to sign from canonical request.
 	stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope())
-
+	glog.V(4).Infof("String to Sign:\n%s", stringToSign)
 	// Calculate signature.
 	newSignature := iam.getSignature(
 		secretKey,
@@ -200,6 +202,7 @@ func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest,
 		signV4Values.Credential.scope.service,
 		stringToSign,
 	)
+	glog.V(4).Infof("Signature:\n%s", newSignature)
 
 	// Verify if signature match.
 	if !compareSignatureV4(newSignature, signV4Values.Signature) {
@@ -801,6 +804,8 @@ func getCanonicalRequest(extractedSignedHeaders http.Header, payload, queryStr,
 		getSignedHeaders(extractedSignedHeaders),
 		payload,
 	}, "\n")
+
+	glog.V(4).Infof("Canonical Request:\n%s", canonicalRequest)
 	return canonicalRequest
 }