Skip to content

Commit 481aec0

Browse files
jderussejderusse
authored
Fix signing of request with Date in header (#635)
1 parent 324afd2 commit 481aec0

File tree

3 files changed

+10
-21
lines changed

3 files changed

+10
-21
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@
1717
- Custom endpoints should not contain `%region%` and `%service` placeholder. They won't be replaced anymore in 2.0
1818
- Protected methods `getServiceCode`, `getSignatureVersion` and `getSignatureScopeName` of AbstractApi are deprecated and will be removed in 2.0
1919

20+
### Fixed
21+
22+
- Fix signing of requests with a header containing a date (like `expires` in `S3`).
23+
2024
## 1.1.0
2125

2226
### Added

src/Signer/SignerV4.php

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -267,22 +267,12 @@ private function buildCanonicalHeaders(Request $request, bool $isPresign): array
267267
{
268268
// Case-insensitively aggregate all of the headers.
269269
$canonicalHeaders = [];
270-
foreach ($request->getHeaders() as $key => $values) {
270+
foreach ($request->getHeaders() as $key => $value) {
271271
$key = strtolower($key);
272272
if (isset(self::BLACKLIST_HEADERS[$key])) {
273273
continue;
274274
}
275275

276-
if (!\is_array($values) && false !== \strpos($values, ',')) {
277-
$values = array_map('trim', \explode(',', $values));
278-
}
279-
if (\is_array($values)) {
280-
sort($values);
281-
$value = \implode(',', $values);
282-
} else {
283-
$value = $values;
284-
}
285-
286276
$canonicalHeaders[$key] = "$key:$value";
287277
}
288278
ksort($canonicalHeaders);

tests/Unit/Signer/SignerV4Test.php

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -91,11 +91,6 @@ public function provideRequests()
9191
"GET / HTTP/1.1\r\nHost: host.foo.com\r\nx-AMZ-date: 20110909T233600Z\r\nZOO:zoobar\r\n\r\n",
9292
"GET / HTTP/1.1\r\nHost: host.foo.com\r\nZOO: zoobar\r\nX-Amz-Date: 20110909T233600Z\r\nAuthorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=host;x-amz-date;zoo, Signature=287deb2c1249c9c415cb4b3ef74404629fcab56a8e9ec568bff88cf093196e8e\r\n\r\n",
9393
],
94-
// Duplicate header values must be sorted.
95-
[
96-
"POST / HTTP/1.1\r\nHost: host.foo.com\r\nx-AMZ-date: 20110909T233600Z\r\np: z\r\np: a\r\np: p\r\np: a\r\n\r\n",
97-
"POST / HTTP/1.1\r\nHost: host.foo.com\r\np: z, a, p, a\r\nX-Amz-Date: 20110909T233600Z\r\nAuthorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=host;p;x-amz-date, Signature=faca06aa6ae71c0a24116c9a61b01346e6d9d621001bac49d38a6fdb285649ec\r\n\r\n",
98-
],
9994
// Request with space.
10095
[
10196
"GET /%20/foo HTTP/1.1\r\nHost: host.foo.com\r\n\r\n",
@@ -121,11 +116,6 @@ public function provideRequests()
121116
"GET / HTTP/1.1\r\nHost: host.foo.com:443\r\nx-AMZ-date: 20110909T233600Z\r\nZOO:zoobar\r\n\r\n",
122117
"GET / HTTP/1.1\r\nHost: host.foo.com:443\r\nZOO: zoobar\r\nX-Amz-Date: 20110909T233600Z\r\nAuthorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=host;x-amz-date;zoo, Signature=69c57723eee136a804b6d4b1fd1b4d45ba059e1f758900a6b1301111e1e8c77e\r\n\r\n",
123118
],
124-
// HTTPS Duplicate header values must be sorted.
125-
[
126-
"POST / HTTP/1.1\r\nHost: host.foo.com:443\r\nx-AMZ-date: 20110909T233600Z\r\np: z\r\np: a\r\np: p\r\np: a\r\n\r\n",
127-
"POST / HTTP/1.1\r\nHost: host.foo.com:443\r\np: z, a, p, a\r\nX-Amz-Date: 20110909T233600Z\r\nAuthorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=host;p;x-amz-date, Signature=cec423fa9e930519918d3c05982c14ae60b7c5aedd296f2a1322b5831bbaf4ea\r\n\r\n",
128-
],
129119
// HTTPS Request with space.
130120
[
131121
"GET /%20/foo HTTP/1.1\r\nHost: host.foo.com:443\r\n\r\n",
@@ -142,6 +132,11 @@ public function provideRequests()
142132
"POST / HTTP/1.1\r\nHost: host.foo.com:443\r\nContent-Length: 4\r\nX-Amz-Date: 20110909T233600Z\r\nAuthorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=host;x-amz-date, Signature=e971be49c79358595ef6214f683ac9c0489d397a5d5d13b361291e751deeca03\r\n\r\nTest",
143133
"POST\n/\n\nhost:host.foo.com:443\n\nhost\n532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25",
144134
],
135+
// DateHeader should be kept
136+
[
137+
"POST / HTTP/1.1\r\nHost: host.foo.com:443\r\nx-AMZ-date: 20110909T233600Z\r\nExpires: Thu, 21 May 20 20:54:15 +0200\r\n\r\n",
138+
"POST / HTTP/1.1\r\nHost: host.foo.com:443\r\nexpires:Thu, 21 May 20 20:54:15 +0200\r\nX-Amz-Date: 20110909T233600Z\r\nAuthorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=expires;host;x-amz-date, Signature=7090e12acc44281b2b46ba195ee1ae09f2e8c81653fcd592abbfbc30e1a5acc6\r\n\r\n",
139+
],
145140
];
146141
}
147142

0 commit comments

Comments
 (0)