Fix PreSign request (#358)

* Use DateTimte::format to generate date

* Fix typo in comment

* Use `php://temp` to deal with buffer

* Simplify Stream factories in decorators

* Move $signature in else branch

* Switch to UTC

Author: jderusse

src/Signer/SignerV4.php

@@ -61,15 +61,27 @@ public function __construct(string $scopeName, string $region)
 
     public function presign(Request $request, Credentials $credentials, RequestContext $context): void
     {
-        $now = $context->getCurrentDate() ?? new \DateTimeImmutable();
-        $expires = $context->getExpirationDate() ?? (new \DateTimeImmutable($now->format(\DateTimeInterface::ATOM)))->add(new \DateInterval('PT1H'));
+        if (null === $now = $context->getCurrentDate()) {
+            $now = new \DateTimeImmutable();
+        } else {
+            $now = new \DateTimeImmutable($now->format(\DateTimeInterface::ATOM));
+        }
+        // Signer date have to be UTC https://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html
+        $now = $now->setTimezone(new \DateTimeZone('UTC'));
+        $expires = $context->getExpirationDate() ?? $now->add(new \DateInterval('PT1H'));
 
         $this->handleSignature($request, $credentials, $now, $expires, true);
     }
 
     public function sign(Request $request, Credentials $credentials, RequestContext $context): void
     {
-        $now = $context->getCurrentDate() ?? new \DateTimeImmutable();
+        if (null === $now = $context->getCurrentDate()) {
+            $now = new \DateTimeImmutable();
+        } else {
+            $now = new \DateTimeImmutable($now->format(\DateTimeInterface::ATOM));
+        }
+        // Signer date have to be UTC https://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html
+        $now = $now->setTimezone(new \DateTimeZone('UTC'));
 
         $this->handleSignature($request, $credentials, $now, $now, false);
     }
@@ -105,19 +117,19 @@ private function handleSignature(Request $request, Credentials $credentials, \Da
         $credentialString = \implode('/', $credentialScope);
         $signingKey = $this->buildSigningKey($credentials, $credentialScope);
 
-        // signature is passed by reference to convertBodyToStream
-        $signature = '';
         if ($isPresign) {
             // Should be called before `buildBodyDigest` because this method may alter the body
             $this->convertBodyToQuery($request);
         } else {
+            // $signature does not exists but passed by reference then computed buildSignature
+            $signature = '';
             $this->convertBodyToStream($request, $now, $credentialString, $signingKey, $signature);
         }
 
         $bodyDigest = $this->buildBodyDigest($request, $isPresign);
 
         if ($isPresign) {
-            // Should be called after `buildBodyDigest` because header this method may remove `x-amz-content-sha256`
+            // Should be called after `buildBodyDigest` because this method may remove the header `x-amz-content-sha256`
             $this->convertHeaderToQuery($request);
         }
 
@@ -196,16 +208,16 @@ private function buildTime(Request $request, \DateTimeInterface $now, \DateTimeI
                 throw new InvalidArgument('The expiration date of presigned URL must be in the future');
             }
 
-            $request->setQueryAttribute('X-Amz-Date', gmdate('Ymd\THis\Z', $now->getTimestamp()));
+            $request->setQueryAttribute('X-Amz-Date', $now->format('Ymd\THis\Z'));
             $request->setQueryAttribute('X-Amz-Expires', $duration);
         } else {
-            $request->setHeader('X-Amz-Date', gmdate('Ymd\THis\Z', $now->getTimestamp()));
+            $request->setHeader('X-Amz-Date', $now->format('Ymd\THis\Z'));
         }
     }
 
     private function buildCredentialString(Request $request, Credentials $credentials, \DateTimeInterface $now, bool $isPresign): array
     {
-        $credentialScope = [gmdate('Ymd', $now->getTimestamp()), $this->region, $this->scopeName, 'aws4_request'];
+        $credentialScope = [$now->format('Ymd'), $this->region, $this->scopeName, 'aws4_request'];
 
         if ($isPresign) {
             $request->setQueryAttribute('X-Amz-Credential', $credentials->getAccessKeyId() . '/' . implode('/', $credentialScope));
@@ -380,7 +392,7 @@ private function buildStringToSign(\DateTimeInterface $now, string $credentialSt
     {
         return implode("\n", [
             self::ALGORITHM_REQUEST,
-            gmdate('Ymd\THis\Z', $now->getTimestamp()),
+            $now->format('Ymd\THis\Z'),
             $credentialString,
             hash('sha256', $canonicalRequest),
         ]);
@@ -393,7 +405,7 @@ private function buildChunkStringToSign(\DateTimeInterface $now, string $credent
 
         return implode("\n", [
             self::ALGORITHM_CHUNK,
-            gmdate('Ymd\THis\Z', $now->getTimestamp()),
+            $now->format('Ymd\THis\Z'),
             $credentialString,
             $signature,
             $emptyHash,

src/Stream/FixedSizeStream.php

@@ -23,16 +23,13 @@ private function __construct(RequestStream $content, int $chunkSize = 64 * 1024)
         $this->chunkSize = $chunkSize;
     }
 
-    public static function create($content, int $chunkSize = 64 * 1024): FixedSizeStream
+    public static function create(RequestStream $content, int $chunkSize = 64 * 1024): FixedSizeStream
     {
         if ($content instanceof self) {
             return $content;
         }
-        if ($content instanceof RequestStream) {
-            return new self($content, $chunkSize);
-        }
 
-        throw new InvalidArgument(sprintf('Expect content to be an instance of "%s". "%s" given.', RequestStream::class, \is_object($content) ? \get_class($content) : \gettype($content)));
+        return new self($content, $chunkSize);
     }
 
     public function length(): ?int

src/Stream/RewindableStream.php

@@ -2,8 +2,6 @@
 
 namespace AsyncAws\Core\Stream;
 
-use AsyncAws\Core\Exception\InvalidArgument;
-
 /**
  * Provides a Stream that can be read several time.
  *
@@ -31,16 +29,13 @@ private function __construct(RequestStream $content)
         $this->content = $content;
     }
 
-    public static function create($content): RewindableStream
+    public static function create(RequestStream $content): RewindableStream
     {
         if ($content instanceof self) {
             return $content;
         }
-        if ($content instanceof RequestStream) {
-            return new self($content);
-        }
 
-        throw new InvalidArgument(sprintf('Expect content to be a "Stream". "%s" given.', \is_object($content) ? \get_class($content) : \gettype($content)));
+        return new self($content);
     }
 
     public function length(): ?int
@@ -69,27 +64,11 @@ public function getIterator(): \Traversable
             return;
         }
 
-        $resource = \fopen('php://memory', 'r+b');
+        $resource = \fopen('php://temp', 'r+b');
         $this->fallback = ResourceStream::create($resource);
 
-        $size = 0;
-        $inmemory = true;
         foreach ($this->content as $chunk) {
             \fwrite($resource, $chunk);
-            if ($inmemory) {
-                $size += \strlen($chunk);
-                // switch to filesystem if string larger that 1 Mb
-                if ($size > 1024 * 1024) {
-                    $memoryStream = $resource;
-                    $resource = \tmpfile();
-                    $this->fallback = ResourceStream::create($resource);
-                    $inmemory = false;
-
-                    \fseek($memoryStream, 0);
-                    \stream_copy_to_stream($memoryStream, $resource);
-                    \fclose($memoryStream);
-                }
-            }
             yield $chunk;
         }
     }