This is an automated email from the ASF dual-hosted git repository.
eze pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new 496fa2c4cb s3_auth: Fix hash calculation (#9780)
496fa2c4cb is described below
commit 496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Wed Jun 7 04:40:19 2023 +0900
s3_auth: Fix hash calculation (#9780)
(cherry picked from commit c54be207815c88431b8448c187e6163fa413e790)
---
plugins/s3_auth/aws_auth_v4.cc | 5 +++++
plugins/s3_auth/aws_auth_v4.h | 1 +
plugins/s3_auth/aws_auth_v4_wrap.h | 5 +++++
plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 ++++++++++++++
plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 +++++++
5 files changed, 32 insertions(+)
diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
index b252d92677..5df57151c6 100644
--- a/plugins/s3_auth/aws_auth_v4.cc
+++ b/plugins/s3_auth/aws_auth_v4.cc
@@ -303,6 +303,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool
signPayload, const StringSe
str = api.getPath(&length);
String path("/");
path.append(str, length);
+ str = api.getParams(&length);
+ if (length > 0) {
+ path.append(";", 1);
+ path.append(str, length);
+ }
String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
sha256Update(&canonicalRequestSha256Ctx, canonicalUri);
sha256Update(&canonicalRequestSha256Ctx, "\n");
diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h
index ff72ccfcbc..095cc036e9 100644
--- a/plugins/s3_auth/aws_auth_v4.h
+++ b/plugins/s3_auth/aws_auth_v4.h
@@ -47,6 +47,7 @@ public:
virtual const char *getMethod(int *length) = 0;
virtual const char *getHost(int *length) = 0;
virtual const char *getPath(int *length) = 0;
+ virtual const char *getParams(int *length) = 0;
virtual const char *getQuery(int *length) = 0;
virtual HeaderIterator headerBegin() = 0;
virtual HeaderIterator headerEnd() = 0;
diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h
b/plugins/s3_auth/aws_auth_v4_wrap.h
index a4351478c6..8097c2b9af 100644
--- a/plugins/s3_auth/aws_auth_v4_wrap.h
+++ b/plugins/s3_auth/aws_auth_v4_wrap.h
@@ -108,6 +108,11 @@ public:
return TSUrlPathGet(_bufp, _url, len);
}
const char *
+ getParams(int *len) override
+ {
+ return TSUrlHttpParamsGet(_bufp, _url, len);
+ }
+ const char *
getQuery(int *len) override
{
return TSUrlHttpQueryGet(_bufp, _url, len);
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
index d803ead047..8cf9b2948e 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
@@ -404,6 +404,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object",
"[AWS][auth][SpecByExample]")
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("test.txt");
+ api._params.assign("");
api._query.assign("");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Range", "bytes=0-9"));
@@ -449,6 +450,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle",
"[AWS][auth][SpecByExamp
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("lifecycle");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -493,6 +495,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects",
"[AWS][auth][SpecByEx
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -584,6 +587,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects,
unsigned pay-load, exc
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
@@ -633,6 +637,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects,
query param value alre
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("PATH==");
+ api._params.assign("");
api._query.assign("key=TEST==");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
@@ -679,6 +684,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name
fields", "[AWS][auth][
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -743,6 +749,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers by
default", "[AWS][auth][uti
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -777,6 +784,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers
explicit", "[AWS][auth][SpecB
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -847,6 +855,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non
overlapping headers", "[AWS][
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -881,6 +890,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers", "[AWS][auth
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -916,6 +926,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers missing inclu
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -951,6 +962,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers missing exclu
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -989,6 +1001,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type",
"[AWS][auth][utility]")
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1022,6 +1035,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content
type", "[AWS][auth][utili
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
index e295d750f0..e4eb4549c3 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
@@ -95,6 +95,12 @@ public:
return _path.c_str();
}
const char *
+ getParams(int *length)
+ {
+ *length = _params.length();
+ return _params.c_str();
+ }
+ const char *
getQuery(int *length)
{
*length = _query.length();
@@ -114,6 +120,7 @@ public:
String _method;
String _host;
String _path;
+ String _params;
String _query;
HeaderMultiMap _headers;
};
