Skip to content

fix: Signing and presigning s3-object-lambda requests fail #2459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stobrien89 merged 5 commits into from
Jul 6, 2022
Merged

fix: Signing and presigning s3-object-lambda requests fail #2459

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a7f7fa1
fix: Signing and presigning s3-object-lambda requests fail
yenfryherrerafeliz Jun 7, 2022
b3837a7
Merge branch 'aws:master' into fix-issue-2328
yenfryherrerafeliz Jun 7, 2022
e6b83f5
test: Add test cases for signature provider and s3-client
yenfryherrerafeliz Jul 6, 2022
78bcebc
Merge branch 'aws:master' into fix-issue-2328
yenfryherrerafeliz Jul 6, 2022
304293d
Merge remote-tracking branch 'refs/remotes/origin/fix-issue-2328' int…
yenfryherrerafeliz Jul 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix: Signing and presigning s3-object-lambda requests fail 
When signing and presigning s3-object-lambda requests we get an invalid signature error, due to that the signature provider was not resolving the right signature class implementation, which handle s3-object-lambda requests; The name for that class is S3SignatureV4 and the reason why was not resolved is that the s3-object-lambda service name was not in the s3-v4-signed-services-list "$s3v4SignedServices", so that to fix this behavior I added the desired services in that array. This fix also add a special handling in the presigning proccess that validates if the service is s3-object-lambda, then that is the service used for the signature, otherwise the default signing service is used.
  • Loading branch information
@yenfryherrerafeliz
yenfryherrerafeliz committed Jun 7, 2022
commit a7f7fa1fcb3d569c9b3a11ce82d99d08ef3336f6
22 changes: 20 additions & 2 deletions src/S3/S3Client.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -460,17 +460,19 @@ public function createPresignedRequest(CommandInterface $command, $expires, arra
{
$command = clone $command;
$command->getHandlerList()->remove('signer');
$request = \Aws\serialize($command);
$signing_name = $this->getSigningName($request->getUri()->getHost());

/** @var \Aws\Signature\SignatureInterface $signer */
$signer = call_user_func(
$this->getSignatureProvider(),
$this->getConfig('signature_version'),
$this->getConfig('signing_name'),
$signing_name,
$this->getConfig('signing_region')
);

return $signer->presign(
\Aws\serialize($command),
$request,
$this->getCredentials()->wait(),
$expires,
$options
Expand Down Expand Up @@ -638,6 +640,22 @@ private function getEncodingTypeMiddleware()
};
}

/**
* Special handling for when the service name is s3-object-lambda.
* So, if the host contains s3-object-lambda, then the service name
* returned is s3-object-lambda, otherwise the default signing service is returned.
* @param string $host The host to validate if is a s3-object-lambda URL.
* @return string returns the signing service name to be used
*/
private function getSigningName($host)
{
if (strpos( $host, 's3-object-lambda')) {
return 's3-object-lambda';
}

return $this->getConfig('signing_name');
}

/** @internal */
public static function _applyRetryConfig($value, $args, HandlerList $list)
{
Expand Down
1 change: 1 addition & 0 deletions src/Signature/SignatureProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ class SignatureProvider
private static $s3v4SignedServices = [
's3' => true,
's3control' => true,
's3-object-lambda' => true,
];

/**
Expand Down