ZF-7039: Zend_Service_Amazon_Ec2 Improperly Formats Signature/Request

Issue Type: Bug Created: 2009-06-18T00:08:03.000+0000 Last Updated: 2009-07-31T20:53:54.000+0000 Status: Resolved Fix version(s): - 1.9.0 (31/Jul/09)

Reporter: edoceo (edoceo) Assignee: Jon Whitcraft (sidhighwind) Tags: - Zend_Service_Amazon_Ec2

Related issues: - ZF-7163

Attachments: - zf-ebs.patch


EC2 Services use the API from 2008-12-01 and the current version is 2009-04-04

When signing requests the documentation states the code is setting the Timestamp parameter but the code actually sets Expires to the current time. Timestamp should be set to the current time, or Expires should be set to a few seconds in the future The code also used gmdate('c') which creates a timestamp in the wrong format for AWS

When signing requests Amazons documentation says that we should include empty parameters (ie "...Device=&Force=&InstanceId=&...") and the signature code does this, however when the Parameters are passed to the Zend_Http_Client that code drops empty (===null) data and changes the data we send that AWS expects to see to get the Signature:

Observe (data to sign)



Observe (data sent)


Notice that DeviceID and InstanceID have been dropped as well as Force has changed from blank to zero (This is behaviour request calling detachVolume and only passing the volume_id paramter) That is to say:

Saying this: $ebs->detachVolume('vol-0de71234') will fail because the signature it creates is not valid

But if we say this $ebs->detachVolume('vol-0de71234','','',0) The signature will succeed


Posted by edoceo (edoceo) on 2009-06-18T00:13:42.000+0000

This is a patch that does two things:

  1. Forces data types for parameters on EBS->detachVolume() so they are treated the same by both Zend_Service_Amazon_Ec2_Abstract and Zend_Client_Http to correct the signature issue

  2. Fixes a minor formatting issue in Zend_Service_Amazon_Ec2_Abstract

  3. Changes the AWS parameter from Expires to Timestamp (which should help users who's clocks are off by a little bit)

  4. Changes the format of the Timestamp value to match exactly with what Amazon wants.

gmdate('c'); - this format includes a trailing '+00:00' which AWS hates (but has seemed to work so far (oddly))

Posted by Jon Whitcraft (sidhighwind) on 2009-06-18T03:18:18.000+0000

I am currently working on the update to 04-04-2009 and I should have it ready to check into the trunk by next monday. Once I get ZF-6717 done I will apply this patch and post it.

Posted by Jon Whitcraft (sidhighwind) on 2009-06-30T18:27:25.000+0000

Fixed merged into the release branch with r16392

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.