ListBuckets does not work on non-amazon services

Question

ListBuckets does not work on non-amazon services

SeventhCycle opened this issue 4 years ago · 12 comments

Here is an code example that I have here while trying to connect to Linode's S3 cloud storage service:

	require 'includes/S3.php';
	ini_set("display_errors", "on");
	error_reporting(E_ALL);
	
	$AccessKey = "[REMOVED]"; //private info
	$SecretKey = "[REMOVED]"; //private info
	$EndPoint  = "us-east-1.linodeobjects.com";
	$Region = "us-east-1";
	
	$s3Client = new S3($AccessKey, $SecretKey);					
	if (isset($EndPoint)) $s3Client->setEndPoint($EndPoint);
	if (isset($Region)) $s3Client->setRegion($Region);
	$s3Client->setSSL(true);
	
	$buckets = $s3Client->listBuckets();

As a result, I get this error:
Warning: S3::listBuckets(): [403] Unexpected HTTP status in includes/S3.php on line 440

If I go into the file and print out the $rest object to get more information, I get:

stdClass Object
(
    [error] => 
    [body] => SimpleXMLElement Object
        (
            [Code] => SignatureDoesNotMatch
            [RequestId] => tx00000000000000471bbb4-005f306dbc-158bf75-default
            [HostId] => 158bf75-default-default
        )

    [headers] => Array
        (
            [date] => 1597009340
            [type] => application/xml
            [size] => 200
        )

    [code] => 403
)

On the other hand, if I change the above code to an amazon service:

	$AccessKey = "[REMOVED]";
	$SecretKey = "[REMOVED]";
	$EndPoint = "s3.amazonaws.com";
	$Region = "us-east-1";

Authentication works properly on Amazon's services.

Just to make sure this isn't a problem on Linode's end, I tried doing this on another third party (MojoCloud) and ran into the same issue.

Finally, just to make sure that the information is correct, I tried using aws-sdk-php beneath the tpyo library to see if I can connect to S3 using the same info:

	$credentials = new Aws\Credentials\Credentials($AccessKey, $SecretKey);

	$s3Client = new Aws\S3\S3Client([
		'region' => $Region,
		'version' => 'latest',
		'endpoint' => "https://" . $EndPoint,
		'credentials' => $credentials
		]);
		
	$result = $s3Client->listBuckets();
	
	echo "<PRE>";
	print_r($result["Buckets"]);
	exit;

And sure enough, this works for all three services (Amazon, MojoCloud, Linode). This way, I know the connection information is correct.

What I suspect here is a generalization problem with __getSignatureV4() where a valid signature is generated on amazon services, but not on non-amazon services.

Please let me know if any more information is needed here. If any of the maintainers here needs an access key / secret key to try troubleshooting this and debugging this on Linode's object service, please let me know.

Or if there's something obvious I'm missing, please let me know :)

Answer 1 · 2020-08-22T16:21:26.000Z

I have the same problem, just with the deleteObject function, I also get the SignatureDoesNotMatch and I'm using DigitalOcean spaces

Answer 2 · 2020-08-22T16:25:17.000Z

@tpyo - Can you please take a look at this?

Answer 3 · 2020-08-23T00:02:40.000Z

Just odd that putObejct works fine, but not deleteObejct

Answer 4 · 2020-08-24T20:08:12.000Z

Hello guys, I'm facing the same issue, using Linode Object Storage

Answer 5 · 2020-08-24T23:15:21.000Z

I really hope it will be fixed, would hate begin using other overloaded classes just for that.

Answer 6 · 2020-08-25T20:07:46.000Z

Hello guys!
I could make it work using the v2 signature:

$s3 = new S3();
$s3->setAuth(AWS_S3_KEY, AWS_S3_SECRET);
$s3->setRegion(AWS_S3_REGION);
$s3->setEndpoint(AWS_S3_URL);
$s3->setSignatureVersion('v4');


// Uploader working with v4
$response = S3::putObject(foo,foo,foo);


// List working with v2
S3::setSignatureVersion('v2');
$list = $s3->listBuckets(true);

echo '<pre>';
print_r($list);
die;

I'm kind of new to the amazon s3 service, and I'm making a few tests in order to integrate it to a Legacy PHP application, so this class is really useful for me, any help/improvements will be really appreciated, I can collaborate also :)

Answer 7 · 2020-08-25T20:09:42.000Z

Awesome @mblint-postcron, I'll test this in a bit (Using Digital Ocean spaces) and return back to you if it works for me too

Answer 8 · 2020-08-25T20:34:04.000Z

@mblint-postcron, where do you see this $s3->setSignatureVersion('v4') function?

I can't find this function or one alike in the class?

Answer 9 · 2020-08-26T19:20:29.000Z

@mblint-postcron, hmm.. I don't get where you find this function.

Answer 10 · 2020-08-27T21:55:50.000Z

@mblint-postcron You there?

Answer 11 · 2020-08-28T02:20:21.000Z

Hi @Conver, sorry I was OOO.
You are right, this method is missing here in this S3 class. I don't know where I find this S3 file now, but seems to be a forked version maybe, check that:

https://gist.github.com/mblint-postcron/d54f6785df3dbeeb955bdd3d901c7127

Let me know if it's working with the v2

Answer 12 · 2020-08-28T02:23:10.000Z

Thanks @mblint-postcron, it works perfectly now with the v2 version!

Thanks a lot.