3 files changed, 43 insertions, 19 deletions
diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class
index 0dfdbac..c88feca 100644
--- a/src/etc/inc/dyndns.class
+++ b/src/etc/inc/dyndns.class
@@ -96,7 +96,7 @@
 	 *  HE.net IPv6     - Last Tested: 7 July 2013
 	 *  HE.net Tunnel   - Last Tested: 28 June 2011
 	 *  SelfHost        - Last Tested: 26 December 2011
-	 *  Amazon Route 53 - Last Tested: 30 August 2016 
+	 *  Amazon Route 53 - Last Tested: 04 February 2017
 	 *  DNS-O-Matic     - Last Tested: 9 September 2010
 	 *  CloudFlare      - Last Tested: 05 September 2016
 	 *  CloudFlare IPv6 - Last Tested: 17 July 2016
@@ -650,9 +650,10 @@
 				case 'route53':		
 					require_once("r53.class");
 					$r53 = new Route53($this->_dnsUser, $this->_dnsPass);
-					$apiurl = $r53->getApiUrl($this->_dnsZoneID);
+					list($r53_regionId, $r53_zoneId) = split('/', $this->_dnsZoneID);
+					$apiurl = $r53->getApiUrl($r53_zoneId);
 					$xmlreq = $r53->getRequestBody($this->_dnsHost, $this->_dnsIP, $this->_dnsTTL);
-					$httphead = $r53->getHttpPostHeaders(strlen($xmlreq));
+					$httphead = $r53->getHttpPostHeaders($r53_zoneId, $r53_regionId, hash("sha256",$xmlreq));
 					curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead);
 					if($this->_dnsVerboseLog){
 						log_error(sprintf("Sending reuquest to: %s", $apiurl));
diff --git a/src/etc/inc/r53.class b/src/etc/inc/r53.class
index cc50d4a..4ec4cd9 100644
--- a/src/etc/inc/r53.class
+++ b/src/etc/inc/r53.class
@@ -83,7 +83,7 @@ class Route53
 	* @return string XML document
 	*/
 	public function getRequestBody($fqdn, $ip, $ttl){
-		$xmlreq .= "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
+		$xmlreq = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>";
 		$xmlreq .= "<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\">";
 		$xmlreq .= "<ChangeBatch><Changes><Change>";
 		$xmlreq .= "<Action>UPSERT</Action>";
@@ -102,7 +102,7 @@ class Route53
 	/**
 	* Return API URL
 	*
-	* @param string $zoneid Amazone Zone ID
+	* @param string $zoneid Amazon Zone ID
 	* @return string URL
 	*/
 	public function getApiUrl($zoneid){
@@ -112,21 +112,44 @@ class Route53
 	/**
 	* Return HTTP post headers 
 	* 
-	* @param int $bodylen length of the POST bost body
+	* @param string zoneId Amazon Zone
+	* @param string regionId Amazon Region Code (e.g. us-east-1)
+	* @param string requestBodySHA256 SHA256 hash of the request body
 	* @return Array headers
 	*/
-	public function getHttpPostHeaders($bodylen){
-		$reqdate = gmdate('D, d M Y H:i:s e');
-		$httphead[] = array();
-		$httphead[] = sprintf("Date: %s", $reqdate);
-		$httphead[] = "Content-Type: text/plain";
-		$httphead[] = sprintf("Content-Length: %d", $bodylen);
-		/* to avoid having user to know their AWS Region, for now use V3 */
-		$httphead[] = sprintf(
-			"X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=HMACSHA256,SignedHeaders=date,Signature=%s",
-			$this->__accessKey,
-			base64_encode(hash_hmac("sha256", $reqdate, $this->__secretKey, true))
-		);
+	public function getHttpPostHeaders($zoneId, $regionId, $requestBodySHA256){
+
+		$canonical_uri = sprintf("/2013-04-01/hostedzone/%s/rrset", $zoneId);
+		$amz_date = sprintf("%sT%sZ", gmdate('Ymd'), gmdate('His'));
+		$date_stamp = gmdate('Ymd');
+
+		$canonical_headers = sprintf("content-type:%s\nhost:%s\nx-amz-date:%s\n",
+			"text/xml", "route53.amazonaws.com", $amz_date);
+
+		$signed_headers = "content-type;host;x-amz-date";
+
+		$canonical_request = sprintf("%s\n%s\n\n%s\n%s\n%s", 
+			"POST", $canonical_uri, $canonical_headers, $signed_headers, $requestBodySHA256);
+		$algorithm = "AWS4-HMAC-SHA256";
+		$credential_scope = sprintf("%s/%s/%s/%s", $date_stamp, $regionId, "route53", "aws4_request");
+		$string_to_sign = sprintf("%s\n%s\n%s\n%s", 
+			$algorithm, $amz_date, $credential_scope, hash("sha256", $canonical_request));
+
+		$kSecret = sprintf("AWS4%s", $this->__secretKey);
+		$kDate = hash_hmac("sha256", $date_stamp, $kSecret, true);
+		$kRegion = hash_hmac("sha256", $regionId, $kDate, true);
+		$kService = hash_hmac("sha256", "route53", $kRegion, true);
+		$signing_key = hash_hmac("sha256","aws4_request", $kService, true);
+
+		$signature = bin2hex(hash_hmac("sha256", $string_to_sign, $signing_key, true));
+
+		$authorization_header = sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s",
+			$algorithm, $this->__accessKey, $credential_scope, $signed_headers, $signature);
+
+		$httphead[] = "Content-Type: text/xml";
+		$httphead[] = sprintf("X-Amz-Date: %s", $amz_date);
+		$httphead[] = sprintf("Authorization: %s", $authorization_header);
 		return $httphead;
 	}
 }
+
diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
index eeaacb1..292590f 100644
--- a/src/usr/local/www/services_dyndns_edit.php
+++ b/src/usr/local/www/services_dyndns_edit.php
@@ -376,7 +376,7 @@ $section->addInput(new Form_Input(
 	'Zone ID',
 	'text',
 	$pconfig['zoneid']
-))->setHelp('Enter Zone ID that was received when creating the domain in Route 53.' . '<br />' .
+))->setHelp('Route53: Enter AWS Region and Zone ID in the form REGION/ZONEID (example: "us-east-1/A1B2C3D4E5F6Z").' . '<br />' .
 			'DNSimple: Enter the Record ID of record to update.');
 
 $section->addInput(new Form_Input(