Uploaded image for project: 'jclouds'
  1. jclouds
  2. JCLOUDS-1261

AWS v4 auth excludes port numbers from host header

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The JClouds library is unable to communicate with S3 compatible services running on non-standard ports. This has been traced to the v4 authentication code.

      In HTTP, the host header can "optionally" include a port number. In practice, this is included when the HTTP service is running on a non-standard port (i.e. not 80 or 443). The AWSv4 auth code uses only the hostname from the URI for the host header, as can be seen at:
      https://github.com/jclouds/jclouds/blob/37101b7825edce7899c8a12e02f2153168ebc4df/apis/s3/src/main/java/org/jclouds/s3/filters/Aws4SignerForAuthorizationHeader.java#L76
      This is fine for AWS's official S3 endpoints which are only accessible via TCP ports 80 or 443, but is incorrect for communicating with "compatible" endpoints running on non-standard ports. In the non-standard case, the host header should include a :port suffix.

      See HTTP RFC: https://tools.ietf.org/html/rfc7230#section-5.4

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            gaul Andrew Gaul
            neonbunny Stephen Tomkinson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment