RadosGW strange behavior when using a presigned url generated by SDK PHP

"Huy Nguyen" <viplanghe6@xxxxxxxxx> · Thu, 29 Jun 2023 10:46:16 -0000

Hi,
I tried to generate a presigned url using SDK PHP, but it doesn't work. (I also tried to use boto3 with the same configures and the url works normally)

Here is my php code:

<?php
require 'aws-autoloader.php';
use Aws\S3\S3Client;
use Aws\Exception\AwsException;
$s3Client = new Aws\S3\S3Client([
    'version'     => '2006-03-01',
    'region'      => 'us-east-1',
    'signature_version' => 'v4',
    'use_path_style_endpoint'  => true,
    'endpoint'    => 'http://hn.ss.bfcplatform.vn',
        'credentials' => [
        'key'      => 'DNMZAFE6G2PP8H9P05UU',
        'secret'   => 'XXX',
    ]
]);
$cmd = $s3Client->getCommand('PutObject', [
    'Bucket' => 'huynnp-testbucket1',
    'Key' => 'testfile.txt',
]);

$request = $s3Client->createPresignedRequest($cmd, '+60 minutes'); // Set the expiration time as desired
$presignedUrl = (string)$request->getUri();
echo "$presignedUrl";
?>

and then:
curl  -X PUT -T testfile.txt `php s3.php`
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><RequestId>tx00000b7bb3b2deb6a6ef2-00649d5ebd-d1d50041-hn-1</RequestId><HostId>d1d50041-hn-1-hn</HostId></Error>

I enable the debug_rgw and what I can see is really strange. the domain has been added :8084, so it make "canonical request hash" and "signature" between client and server unmatched. I can't explain why does this happens

2023-06-29T17:10:46.880+0700 7f26014b0700 10 v4 credential format = DNMZAFE6G2PP8H9P05UU/20230629/us-east-1/s3/aws4_request
2023-06-29T17:10:46.880+0700 7f26014b0700 10 access key id = DNMZAFE6G2PP8H9P05UU
2023-06-29T17:10:46.880+0700 7f26014b0700 10 credential scope = 20230629/us-east-1/s3/aws4_request
2023-06-29T17:10:46.880+0700 7f26014b0700 10 req 15647562574720867919 1000005ns canonical headers format = host:hn.ss.bfcplatform.vn:8084
2023-06-29T17:10:46.880+0700 7f26014b0700 10 payload request hash = UNSIGNED-PAYLOAD
2023-06-29T17:10:46.880+0700 7f26014b0700 10 canonical request = PUT
/huynnp-testbucket1/testfile.txt
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=DNMZAFE6G2PP8H9P05UU%2F20230629%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230629T101046Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host
host:hn.ss.bfcplatform.vn:8084

host
UNSIGNED-PAYLOAD
2023-06-29T17:10:46.880+0700 7f26014b0700 10 canonical request hash = d28e6c3104aff99e9928f902892627d2b284a29d489fbb034ed5c90aa21c566a
2023-06-29T17:10:46.880+0700 7f26014b0700 10 string to sign = AWS4-HMAC-SHA256
20230629T101046Z
20230629/us-east-1/s3/aws4_request
d28e6c3104aff99e9928f902892627d2b284a29d489fbb034ed5c90aa21c566a
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx