AWS: Authenticating request uri-php

Question

Following instructions from: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html , I created a function but I keep getting "signature does not match error". I don't know what I am doing wrongly I think I followed all the steps to the letter. I believe my key and id are correct.

Here is my code:

    $longDate = gmdate("Ymd\THis\Z");
    $shortDate = gmdate("Ymd");
    $region = $this->config['aws']['region'];
    $version = $this->config['aws']['version'];
    $bucket = $this->config['aws']['s3']['bucket'];
    $host = "https://" .$bucket . ".s3.eu-central-1.amazonaws.com";
    $url = "https://s3.eu-central-1.amazonaws.com/" .$bucket ."/" . $location;
    $credentials = explode('aws_secret_access_key = ', explode('aws_access_key_id = ',file_get_contents($this->config['aws']['credentialsFile']))[1]);
    $id = trim($credentials[0]);
    $secret = trim($credentials[1]);


    $canonicalRequest = "GET\n";
    $canonicalRequest .= "/" . $location . "\n";  
    $canonicalRequest .= "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . urlencode("/") . $shortDate . urlencode("/") . $region . urlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host\n";
    $canonicalRequest .= "host:" . $host . "\n";
    $canonicalRequest .= "\n";
    $canonicalRequest .= "host\n";
    $canonicalRequest .= "UNSIGNED-PAYLOAD";
    var_dump($canonicalRequest);

    $stringToSign = "AWS4-HMAC-SHA256\n";
    $stringToSign .= $longDate ."\n";
    $stringToSign .= $shortDate . "/". $region ."/s3/aws4_request\n";
    $stringToSign .= hash("sha256", $canonicalRequest); 
    var_dump($stringToSign);

    $signingKey = hash_hmac("sha256", "aws4_request", hash_hmac("sha256", "s3", hash_hmac("sha256", $region, hash_hmac("sha256", $shortDate, "AWS4" . $secret, true), true), true), true);

    $signature = hash_hmac("sha256", $stringToSign, $signingKey);

    $url = $url . "?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . urlencode("/") . $shortDate . urlencode("/") . $region . urlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host&X-Amz-Signature=" . $signature;

Answer 1

In case anyone runs into this problem the mistake was adding https to the host. This is the code that works:

$location = str_replace(" ", "%20", $location);
$longDate = gmdate("Ymd\THis\Z");
$shortDate = gmdate("Ymd");
$region = $this->config['aws']['region'];
$bucket = $this->config['aws']['s3']['bucket'];
$host = $bucket . ".s3.eu-central-1.amazonaws.com";
$url = "https://" .$host ."/" . $location;
$credentials = explode('aws_secret_access_key = ', explode('aws_access_key_id = ',file_get_contents($this->config['aws']['credentialsFile']))[1]);
$id = trim($credentials[0]);
$secret = trim($credentials[1]);


$canonicalRequest = "GET\n";
$canonicalRequest .= "/" . $location . "\n"; 
var_dump(($location));
$canonicalRequest .= "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . rawurlencode("/") . $shortDate . rawurlencode("/") . $region . rawurlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host\n";
$canonicalRequest .= "host:" . $host . "\n";
$canonicalRequest .= "\n";
$canonicalRequest .= "host\n";
$canonicalRequest .= "UNSIGNED-PAYLOAD";
var_dump($canonicalRequest);

$stringToSign = "AWS4-HMAC-SHA256\n";
$stringToSign .= $longDate ."\n";
$stringToSign .= $shortDate . "/". $region ."/s3/aws4_request\n";
$stringToSign .= hash("sha256", $canonicalRequest); 
var_dump($stringToSign);

$signingKey = hash_hmac("sha256", "aws4_request", hash_hmac("sha256", "s3", hash_hmac("sha256", $region, hash_hmac("sha256", $shortDate, "AWS4" . $secret, true), true), true), true);

$signature = hash_hmac("sha256", $stringToSign, $signingKey);

$url =  $url . "?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=". $id . rawurlencode("/") . $shortDate . rawurlencode("/") . $region . rawurlencode("/s3/aws4_request") . "&X-Amz-Date=" . $longDate . "&X-Amz-Expires=" . $expiry . "&X-Amz-SignedHeaders=host&X-Amz-Signature=" . $signature;