chore(php): support v3 format on read

test-server/java-tests/src/it/java/software/amazon/encryption/s3/RoundTripTests.java

@@ -381,6 +381,8 @@ public void kmsV1LegacyFailsWhenLegacyDisabled(String language) {
               ));
             } else if (language.equals(RUBY_V3) || language.equals(RUBY_V2_CURRENT)) {
               assertTrue(e.getMessage().contains("The requested object is encrypted with V1 encryption schemas that have been disabled by client configuration security_profile = :v2. Retry with :v2_and_legacy or re-encrypt the object."));
+            } else if (language.equals(PHP_V2_CURRENT) || language.equals(PHP_V3)) {
+              assertTrue(e.getMessage().contains("The requested object is encrypted with V1 encryption schemas that have been disabled by client configuration @SecurityProfile=V2. Retry with V2_AND_LEGACY enabled or reencrypt the object."));;
             } else {
               assertTrue(e.getMessage().contains("Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms"));
             }

test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java

@@ -75,7 +75,7 @@ public class TestUtils {
 
     // Sets of unsupported features by language
     public static final Set<String> ENCRYPTION_CONTEXT_ON_DECRYPT_UNSUPPORTED =
-        Set.of(GO_V3_CURRENT, PHP_V2_CURRENT, PHP_V3, NET_V2_CURRENT, NET_V3);
+        Set.of(GO_V3_CURRENT, PHP_V2_CURRENT, NET_V2_CURRENT, NET_V3);
 
     public static final Set<String> ENCRYPTION_CONTEXT_ON_ENCRYPT_UNSUPPORTED =
         Set.of(NET_V2_CURRENT, NET_V3);

test-server/php-v2-server/src/get_object.php

@@ -77,7 +77,7 @@ function handleGetObject($params)
             ob_end_clean();
         }
         if (strpos($e->getMessage(), "@SecurityProfile=V2") !== false) {
-            return S3EncryptionClientError($e->getMessage() . " " . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms");
+            return S3EncryptionClientError($e->getMessage());
         } else {
             return GenericServerError("Server argument: " . $e->getMessage(), 500);
         }

test-server/php-v3-server/.duvet/config.toml

@@ -6,6 +6,15 @@ pattern = "local-php-sdk/src/S3/**/*.php"
 [[source]]
 pattern = "local-php-sdk/src/Crypto/**/*.php"
 
+[[source]]
+pattern = "local-php-sdk/tests/S3/**/*.php"
+
+[[source]]
+pattern = "local-php-sdk/tests/Crypto/**/*.php"
+
+[[source]]
+pattern = "local-php-sdk/compliance_exceptions/*.txt"
+
 # Include required specifications here
 [[specification]]
 source = "../specification/s3-encryption/data-format/content-metadata.md"

test-server/php-v3-server/src/get_object.php

@@ -77,7 +77,10 @@ function handleGetObject($params)
             ob_end_clean();
         }
         if (strpos($e->getMessage(), "@SecurityProfile=V2") !== false) {
-            return S3EncryptionClientError($e->getMessage() . " " . "Enable legacy wrapping algorithms to use legacy key wrapping algorithm: kms");
+            return S3EncryptionClientError($e->getMessage());
+        }
+        if (strpos($e->getMessage(), "Provided encryption context does not match information retrieved from S3") !== false) {
+            return S3EncryptionClientError($e->getMessage());
         } else {
             return GenericServerError("Server argument: " . $e->getMessage(), 500);
         }

test-server/php-v3-server/src/index.php

@@ -5,8 +5,8 @@
 require_once __DIR__ . '/get_object.php';
 require_once __DIR__ . '/put_object.php';
 
-use Aws\S3\Crypto\S3EncryptionClientV2;
-use Aws\Crypto\KmsMaterialsProviderV2;
+use Aws\S3\Crypto\S3EncryptionClientV3;
+use Aws\Crypto\KmsMaterialsProviderV3;
 use Aws\S3\S3Client;
 use Aws\Kms\KmsClient;
 
@@ -157,10 +157,10 @@ function getCachedClient($clientId)
 
     // Recreate the AWS clients from stored configuration
     $s3Client = new S3Client($config['s3Config']);
-    $encryptionClient = new S3EncryptionClientV2($s3Client);
+    $encryptionClient = new S3EncryptionClientV3($s3Client);
 
     $kmsClient = new KmsClient($config['kmsConfig']);
-    $materialsProvider = new KmsMaterialsProviderV2($kmsClient, $config['kmsKeyId']);
+    $materialsProvider = new KmsMaterialsProviderV3($kmsClient, $config['kmsKeyId']);
 
     return [
         'encryptionClient' => $encryptionClient,
@@ -183,7 +183,7 @@ function createDefaultClientTuple(): array
             ]
         ]
     ]);
-    $encryptionClient = new S3EncryptionClientV2($s3Client);
+    $encryptionClient = new S3EncryptionClientV3($s3Client);
 
     $kmsClient = new KmsClient([
         'region' => 'us-west-2',
@@ -197,7 +197,7 @@ function createDefaultClientTuple(): array
             ]
         ]
     ]);
-    $materialsProvider = new KmsMaterialsProviderV2($kmsClient, 'arn:aws:kms:us-west-2:370957321024:alias/S3EC-Test-Server-Github-KMS-Key');
+    $materialsProvider = new KmsMaterialsProviderV3($kmsClient, 'arn:aws:kms:us-west-2:370957321024:alias/S3EC-Test-Server-Github-KMS-Key');
 
     return [
         'encryptionClient' => $encryptionClient,