Uploaded image for project: 'jclouds'
  1. jclouds
  2. JCLOUDS-1261

AWS v4 auth excludes port numbers from host header

    Details

      Description

      The JClouds library is unable to communicate with S3 compatible services running on non-standard ports. This has been traced to the v4 authentication code.

      In HTTP, the host header can "optionally" include a port number. In practice, this is included when the HTTP service is running on a non-standard port (i.e. not 80 or 443). The AWSv4 auth code uses only the hostname from the URI for the host header, as can be seen at:
      https://github.com/jclouds/jclouds/blob/37101b7825edce7899c8a12e02f2153168ebc4df/apis/s3/src/main/java/org/jclouds/s3/filters/Aws4SignerForAuthorizationHeader.java#L76
      This is fine for AWS's official S3 endpoints which are only accessible via TCP ports 80 or 443, but is incorrect for communicating with "compatible" endpoints running on non-standard ports. In the non-standard case, the host header should include a :port suffix.

      See HTTP RFC: https://tools.ietf.org/html/rfc7230#section-5.4

        Activity

        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 36b3dadf8c3f817c80f7edc639b449a2b40b9388 in jclouds's branch refs/heads/2.0.x from Stephen Tomkinson
        [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=36b3dad ]

        Add logic from JCLOUDS-1261 to the other 2 types of Aws4 signer.

        Show
        jira-bot ASF subversion and git services added a comment - Commit 36b3dadf8c3f817c80f7edc639b449a2b40b9388 in jclouds's branch refs/heads/2.0.x from Stephen Tomkinson [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=36b3dad ] Add logic from JCLOUDS-1261 to the other 2 types of Aws4 signer.
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 89ae3b4fa6b64deeea45fabb3ca151ca200872e8 in jclouds's branch refs/heads/master from Stephen Tomkinson
        [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=89ae3b4 ]

        Add logic from JCLOUDS-1261 to the other 2 types of Aws4 signer.

        Show
        jira-bot ASF subversion and git services added a comment - Commit 89ae3b4fa6b64deeea45fabb3ca151ca200872e8 in jclouds's branch refs/heads/master from Stephen Tomkinson [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=89ae3b4 ] Add logic from JCLOUDS-1261 to the other 2 types of Aws4 signer.
        Hide
        neonbunny Stephen Tomkinson added a comment - - edited

        Due to the copy & paste nature of the v4 auth code, there's a couple of extra places this logic needs adding

        Show
        neonbunny Stephen Tomkinson added a comment - - edited Due to the copy & paste nature of the v4 auth code, there's a couple of extra places this logic needs adding
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 1a23a1634306fb64a81186946585b7eeab068a2c in jclouds's branch refs/heads/2.0.x from Stephen Tomkinson
        [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=1a23a16 ]

        Resolves JCLOUDS-1261 by ensuring non-standard port numbers are in the host header that's used for the AWSv4 auth calculations.

        Show
        jira-bot ASF subversion and git services added a comment - Commit 1a23a1634306fb64a81186946585b7eeab068a2c in jclouds's branch refs/heads/2.0.x from Stephen Tomkinson [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=1a23a16 ] Resolves JCLOUDS-1261 by ensuring non-standard port numbers are in the host header that's used for the AWSv4 auth calculations.
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 15d27da73980ed753f8435e43cabd9f74bc79095 in jclouds's branch refs/heads/master from Stephen Tomkinson
        [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=15d27da ]

        Resolves JCLOUDS-1261 by ensuring non-standard port numbers are in the host header that's used for the AWSv4 auth calculations.

        Show
        jira-bot ASF subversion and git services added a comment - Commit 15d27da73980ed753f8435e43cabd9f74bc79095 in jclouds's branch refs/heads/master from Stephen Tomkinson [ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=15d27da ] Resolves JCLOUDS-1261 by ensuring non-standard port numbers are in the host header that's used for the AWSv4 auth calculations.
        Hide
        neonbunny Stephen Tomkinson added a comment -

        This is now in as a pull request - https://github.com/apache/jclouds/pull/3

        Show
        neonbunny Stephen Tomkinson added a comment - This is now in as a pull request - https://github.com/apache/jclouds/pull/3
        Hide
        gaul Andrew Gaul added a comment -

        Stephen Tomkinson Would you like to submit a pull request to address this? We also have user requests to reparent v4 signer code from the Amazon specific aws-s3 provider to the generic s3 provider which might be related to this issue.

        Show
        gaul Andrew Gaul added a comment - Stephen Tomkinson Would you like to submit a pull request to address this? We also have user requests to reparent v4 signer code from the Amazon specific aws-s3 provider to the generic s3 provider which might be related to this issue.

          People

          • Assignee:
            gaul Andrew Gaul
            Reporter:
            neonbunny Stephen Tomkinson
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development