ZF-7039: Zend_Service_Amazon_Ec2 Improperly Formats Signature/Request

Description

EC2 Services use the API from 2008-12-01 and the current version is 2009-04-04

When signing requests the documentation states the code is setting the Timestamp parameter but the code actually sets Expires to the current time. Timestamp should be set to the current time, or Expires should be set to a few seconds in the future The code also used gmdate('c') which creates a timestamp in the wrong format for AWS

When signing requests Amazons documentation says that we should include empty parameters (ie "...Device=&Force=&InstanceId=&...") and the signature code does this, however when the Parameters are passed to the Zend_Http_Client that code drops empty (===null) data and changes the data we send that AWS expects to see to get the Signature:

Observe (data to sign)

POST ec2.amazonaws.com /

AWSAccessKeyId=0XXXYXXX7XXX3XXXDXXX&Action=DetachVolume&Device=&Force=&InstanceId=&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-06-18T06%3A57%3A20Z&Version=2008-12-01&VolumeId=vol-0de71234

Observe (data sent)

Action=DetachVolume&VolumeId=vol-0de70864&Force=0&AWSAccessKeyId=0JG3YBM57GQM3BJWDT02&SignatureVersion=2&Timestamp=2009-06-18T06%3A57%3A20Z&Version=2008-12-01&SignatureMethod=HmacSHA256&Signature=XAXCu8itY1%2BIPanMf6qnx1pMCrQ20gzzS2Wgs99kl5Y%3D

Notice that DeviceID and InstanceID have been dropped as well as Force has changed from blank to zero (This is behaviour request calling detachVolume and only passing the volume_id paramter) That is to say:

Saying this: $ebs->detachVolume('vol-0de71234') will fail because the signature it creates is not valid

But if we say this $ebs->detachVolume('vol-0de71234','','',0) The signature will succeed

Comments

This is a patch that does two things:

1) Forces data types for parameters on EBS->detachVolume() so they are treated the same by both Zend_Service_Amazon_Ec2_Abstract and Zend_Client_Http to correct the signature issue

2) Fixes a minor formatting issue in Zend_Service_Amazon_Ec2_Abstract

3) Changes the AWS parameter from Expires to Timestamp (which should help users who's clocks are off by a little bit)

4) Changes the format of the Timestamp value to match exactly with what Amazon wants.

gmdate('c'); - this format includes a trailing '+00:00' which AWS hates (but has seemed to work so far (oddly))

I am currently working on the update to 04-04-2009 and I should have it ready to check into the trunk by next monday. Once I get ZF-6717 done I will apply this patch and post it.

Fixed merged into the release branch with r16392