All requests return 403 when the device time is off by more than 15 minutes

[skensell]

After a lengthy debugging session and some Sherlock-Holmes-esque revelations, I discovered that if the user has manually changed the time on their device then all requests will return Request failed: forbidden (403). The reason is the following:

• As a part of the request signing process, the AFAmazonS3RequestSerializer correctly follows Amazon's instructions by hashing a variety of things, among which is a timestamp. This timestamp is generated with a simple [NSDate date] call https://github.com/AFNetworking/AFAmazonS3Manager/blob/master/AFAmazonS3Manager/AFAmazonS3RequestSerializer.m#L183. However, [NSDate date] reflects only the current device time, not the actual time.
• Amazon's time stamp requirement states that a deviation greater than 15 minutes in the timestamp used in the Authorization header signature will result in an error of RequestTimeTooSkewed .

Here are a few proposals which I think one or two pull requests could fix:

• These APIs should take an NSDate* argument with an explanation of the risks associated with supplying [NSDate date]:

- (NSURLRequest *)requestBySettingAuthorizationHeadersForRequest:(NSURLRequest *)request
                                                           error:(NSError * __autoreleasing *)error;
- (NSURLRequest *)preSignedRequestWithRequest:(NSURLRequest *)request
                                   expiration:(NSDate *)expiration
                                        error:(NSError * __autoreleasing *)error;

• A helper method could be provided to fetch the date from a reliable server, like one of these.
• The error user info should not hold raw data in the AFNetworkingOperationFailingURLResponseDataErrorKey when the response Content-Type header is 'application/xml'. Instead, an appropriate string should be stored (since most failed responses from Amazon are XML) by encoding it with UTF8. Then you can see more helpful error messages, like this:

(lldb) po [[NSString alloc] initWithData:error.userInfo[@"com.alamofire.serialization.response.error.data"] encoding:NSUTF8StringEncoding]
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>RequestTimeTooSkewed</Code>
<Message>The difference between the request time and the current time is too large.</Message>
<RequestTime>Wed, 19 Oct 2016 11:22:29 GMT</RequestTime>
<ServerTime>2016-10-19T11:03:35Z</ServerTime>
<MaxAllowedSkewMilliseconds>900000</MaxAllowedSkewMilliseconds>
<RequestId>AREQUESTID</RequestId>
<HostId>FOOBAR</HostId>
</Error>