add php-v3

Author: josecorella

test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java

@@ -69,20 +69,22 @@ public class RoundTripTests {
         serverList.add(new LanguageServerTarget("Python-V3", "8081"));
         serverList.add(new LanguageServerTarget("Go-V3", "8082"));
         serverList.add(new LanguageServerTarget("PHP-V2", "8087"));
+        serverList.add(new LanguageServerTarget("PHP-V3", "8093"));
 
         serverMap = new HashMap<>(14);
         serverMap.put("Java-V3", new LanguageServerTarget("Java-V3", "8080"));
         serverMap.put("Python-V3", new LanguageServerTarget("Python-V3", "8081"));
         serverMap.put("Go-V3", new LanguageServerTarget("Go-V3", "8082"));
         serverMap.put("PHP-V2", new LanguageServerTarget("PHP-V2", "8087"));
+        serverMap.put("PHP-V3", new LanguageServerTarget("PHP-V3", "8093"));
     }
 
     // These S3EC implementations do not validate encryption context provided to getObject (i.e. on decrypt).
     // If the encryption context provided to getObject does not match the encryption context on the stored object,
     // these implementations will not raise an error as expected.
     // For now, skip tests that expect encryption context validation on decrypt.
     private static final Set<String> ENCRYPTION_CONTEXT_ON_DECRYPT_UNSUPPORTED =
-        Set.of("Go-V3", "PHP-V2");
+        Set.of("Go-V3", "PHP-V2", "PHP-V3");
 
     static public class LanguageServerTarget {
         public String getLanguageName() {

test-server/php-v2-server/src/client.php

@@ -1,5 +1,7 @@
 <?php
 
+require_once __DIR__ . '/errors.php';
+
 use Ramsey\Uuid\Uuid;
 
 function handleCreateClient()
@@ -10,15 +12,21 @@ function handleCreateClient()
     // Parse JSON if the body contains JSON
     $requestData = json_decode($rawBody, true);
     if (json_last_error() !== JSON_ERROR_NONE) {
-        http_response_code(400);
-        return json_encode(['error' => 'Invalid JSON in request body']);
+        return GenericServerError("Invalid JSON in request body", 400);
     }
     $configData = $requestData['config'] ?? [];
     $keyMaterial = $configData["keyMaterial"] ?? null;
     $legacyAlgorithms = $configData["enableLegacyWrappingAlgorithms"] ?? false;
     $clientId = Uuid::uuid4()->toString();
     $kmsKeyId = $keyMaterial["kmsKeyId"] ?? null;
 
+    if ($configData == []) {
+        return GenericServerError("Invalid config in request body", 400);
+    }
+    if (($keyMaterial || $kmsKeyId) === null) {
+        return GenericServerError("Invalid keyMaterial in config", 400);
+    }
+
     // Store client configuration instead of objects (AWS objects can't be serialized)
     $_SESSION['s3ecCache'][$clientId] = [
         's3Config' => [

test-server/php-v2-server/src/errors.php

@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * Used for "internal" errors, e.g. problems with the test server itself
+ * Tests MUST NOT expect this error in negative tests.
+ * 
+ * @param string $message The error message to include in the response
+ * @param int $code The error code to set in the reponse
+ * @return string JSON-encoded error response
+ */
+function GenericServerError($message, $code = 500)
+{
+    http_response_code(500);
+    header('Content-Type: application/json');
+
+    $errorResponse = [
+        'error' => 'GenericServerError',
+        'message' => $message
+    ];
+
+    return json_encode($errorResponse);
+}
+
+/**
+ * Used for modeled errors, e.g. errors thrown by the S3EC
+ * Tests SHOULD expect this error in negative tests.
+ * 
+ * @param string $message The error message to include in the response
+ * @return string JSON-encoded error response
+ */
+function S3EncryptionClientError($message)
+{
+    http_response_code(500);
+    header('Content-Type: application/json');
+
+    $errorResponse = [
+        "__type" => "software.amazon.encryption.s3#S3EncryptionClientError",
+        'message' => $message
+    ];
+
+    return json_encode($errorResponse);
+}

test-server/php-v2-server/src/get_object.php

@@ -1,19 +1,20 @@
 <?php
 
+require_once __DIR__ . '/errors.php';
+
 function handleGetObject($params)
 {
     // Get ClientID from HTTP header
     $clientId = $_SERVER['HTTP_X_CLIENT_ID'] ?? $_SERVER['HTTP_CLIENTID'] ?? null;
 
     if (empty($clientId)) {
-        http_response_code(400);
-        return json_encode(['error' => 'ClientID header is required']);
+        return GenericServerError("ClientID header is required", 400);
     }
 
     # Get the S3EncryptionClient from the client_cache
     $s3ecClientTuple = getCachedClient($clientId);
     if ($s3ecClientTuple == null) {
-        $s3ecClientTuple = createDefaultClientTuple();
+        return GenericServerError("No client found for ClientID: " . $clientId, 404);
     }
 
     $metadata = $_SERVER['HTTP_CONTENT_METADATA'] ?? '';
@@ -23,6 +24,10 @@ function handleGetObject($params)
     $bucket = $params['bucket'] ?? null;
     $key = $params['key'] ?? null;
 
+    if (is_null($bucket) || is_null($key)) {
+        return GenericServerError("Invalidb bucket or key parameters", 400);
+    }
+
     $s3ec = $s3ecClientTuple["encryptionClient"];
     $materialProvider = $s3ecClientTuple["materialsProvider"];
     $clientConfig = $s3ecClientTuple["config"];
@@ -62,22 +67,19 @@ function handleGetObject($params)
         return $body;
     } catch (InvalidArgumentException $e) {
         // Clean up output buffer if still active
-        if (ob_get_level())
+        if (ob_get_level()) {
             ob_end_clean();
-        http_response_code(400);
-        return json_encode(['error' => 'Invalid argument: ' . $e->getMessage()]);
+        }
+        return GenericServerError("Invalid argument: " . $e->getMessage(), 400);
     } catch (Exception $e) {
         // Clean up output buffer if still active
-        if (ob_get_level())
+        if (ob_get_level()) {
             ob_end_clean();
-        http_response_code(500);
+        }
         if (strpos($e->getMessage(), "@SecurityProfile=V2") !== false) {
-            return json_encode([
-                "__type" => "software.amazon.encryption.s3#S3EncryptionClientError",
-                "message" => $e->getMessage() . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms",
-            ]);
+            return S3EncryptionClientError($e->getMessage() . " " . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms");
         } else {
-            return json_encode(['error' => 'Server error: ' . $e->getMessage()]);
+            return GenericServerError("Server argument: " . $e->getMessage(), 500);
         }
     }
 }

test-server/php-v2-server/src/put_object.php

@@ -1,5 +1,7 @@
 <?php
 
+require_once __DIR__ . '/errors.php';
+
 function handlePutObject($params)
 {
     // Get the raw request body
@@ -8,14 +10,13 @@ function handlePutObject($params)
     $clientId = $_SERVER['HTTP_X_CLIENT_ID'] ?? $_SERVER['HTTP_CLIENTID'] ?? null;
 
     if (empty($clientId)) {
-        http_response_code(400);
-        return json_encode(['error' => 'ClientID header is required']);
+        return GenericServerError("ClientID header is required", 400);
     }
 
     # Get the S3EncryptionClient from the client_cache
     $s3ecClientTuple = getCachedClient($clientId);
-    if ($s3ecClientTuple === null) {
-        $s3ecClientTuple = createDefaultClientTuple();
+    if (is_null($s3ecClientTuple)) {
+        return GenericServerError("No client found for ClientID: " . $clientId, 404);
     }
 
     // Capture all Content-Metadata headers
@@ -26,6 +27,10 @@ function handlePutObject($params)
     $bucket = $params['bucket'] ?? null;
     $key = $params['key'] ?? null;
 
+    if (is_null($bucket) || is_null($key)) {
+        return GenericServerError("Invalidb bucket or key parameters", 400);
+    }
+
     $s3ec = $s3ecClientTuple["encryptionClient"];
     $materialProvider = $s3ecClientTuple["materialsProvider"];
     $cipherOptions = [
@@ -55,14 +60,13 @@ function handlePutObject($params)
         return json_encode([
             "bucket" => $bucket,
             "key" => $key,
+            // php for some reason blows java's heap if we pass the metadata
             // "metadata" => $encryptionContext
         ]);
 
     } catch (InvalidArgumentException $e) {
-        http_response_code(400);
-        return json_encode(['error' => 'Invalid argument: ' . $e->getMessage()]);
+        return S3EncryptionClientError("Invalid arguement: " . $e->getMessage());
     } catch (Exception $e) {
-        http_response_code(500);
-        return json_encode(['error' => 'Server error: ' . $e->getMessage()]);
+        return GenericServerError("Server error: " . $e->getMessage());
     }
 }

test-server/php-v3-server/.gitignore

@@ -0,0 +1,4 @@
+vendor/*
+cookies.txt
+server.pid
+composer.lock

test-server/php-v3-server/Makefile

@@ -0,0 +1,24 @@
+# Makefile for S3 Encryption Client Testing
+
+.PHONY: start-server stop-server wait-for-server
+
+PID_FILE := server.pid
+PORT := 8093
+
+start-server:
+	@echo "Starting PHP V2 server..."
+	AWS_ACCESS_KEY_ID="$$AWS_ACCESS_KEY_ID" \
+	AWS_SECRET_ACCESS_KEY="$$AWS_SECRET_ACCESS_KEY" \
+	AWS_SESSION_TOKEN="$$AWS_SESSION_TOKEN" \
+	AWS_REGION="us-west-2" \
+	composer run start & echo $$! > $(PID_FILE)
+	@echo "PHP V2 server starting..."
+
+stop-server:
+	@if [ -f $(PID_FILE) ]; then \
+		kill $$(cat $(PID_FILE)) 2>/dev/null || true; \
+		rm $(PID_FILE); \
+	fi
+
+wait-for-server:
+	$(MAKE) -C .. wait-for-port PORT=$(PORT)

test-server/php-v3-server/README.md

@@ -0,0 +1,66 @@
+# S3EC PHP v2 Test Server
+
+This is the PHP V3 implementation of the S3ECTestServer framework. It provides a server implementation for testing S3 Encryption Client functionality.
+
+## Overview
+
+The S3ECPhpV2TestServer implements the S3ECTestServer service defined in the shared Smithy model. It provides endpoints for:
+
+- Creating S3 Encryption Clients with session-based caching
+- Putting objects with encryption
+- Getting and decrypting objects
+
+## Starting the Server
+
+### Method 1: Using Composer (Recommended)
+```bash
+composer run start
+```
+
+The server will start on port `8093`.
+
+## Available Endpoints
+
+### Server Status
+- **GET /** - Returns server status and available endpoints
+
+### Client Management
+- **POST /client** - Creates an S3EncryptionClient and caches it with session persistence
+- **GET /cache** - Shows current session state and cached clients (for debugging)
+
+### Object Operations
+- **GET /object/{bucket}/{key}** - Handle GET requests using the S3EncryptionClient
+- **PUT /object/{bucket}/{key}** - Handle PUT requests using the S3EncryptionClient
+
+## Testing with curl
+
+### Important: Session Cookie Management
+
+To properly test the server and maintain session persistence, you **must** use cookies with curl:
+
+#### First Request (creates session cookie):
+```bash
+curl -X POST http://localhost:8093/client \
+  -H "Content-Type: application/json" \
+  -v
+```
+
+#### Subsequent Requests (reuses session cookie):
+```bash
+curl -X POST http://localhost:8093/client \
+  -H "Content-Type: application/json" \
+  -v
+```
+
+#### Check Cache Status:
+```bash
+curl http://localhost:8093/cache \
+  -b cookies.txt
+```
+
+#### Helpful Notes
+- **Session Storage**: Client configurations are stored in `$_SESSION['s3ecCache']`
+- **Object Recreation**: AWS SDK objects are recreated from stored configuration (they cannot be serialized)
+AWS SDK obbjects cannot be serialized due to internal resources and closures.
+- **Helper Function**: `getCachedClient($clientId)` retrieves and recreates clients from cache
+- **Debugging**: Enhanced logging and `/cache` endpoint for troubleshooting

test-server/php-v3-server/composer.json

@@ -0,0 +1,24 @@
+{
+    "name": "aws/s3ec-php-v2-test-server",
+    "description": "PHP v2 implementation of the S3EC Test Server framework",
+    "type": "project",
+    "license": "Apache-2.0",
+    "require": {
+        "php": ">=7.4",
+        "aws/aws-sdk-php": "^3.356",
+        "ramsey/uuid": "^4.9"
+    },
+    "autoload": {
+        "psr-4": {
+            "S3EC\\PhpV2Server\\": "src/"
+        }
+    },
+    "scripts": {
+        "start": [
+            "php -S 0.0.0.0:8093 src/index.php"
+        ]
+    },
+    "config": {
+        "optimize-autoloader": true
+    }
+}