This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push:
new 726a79cb2f s3_auth: Fix hash calculation (#9779)
726a79cb2f is described below
commit 726a79cb2f70fcbe0e2139aab3fe56930d3d8c27
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Thu Jun 8 02:27:52 2023 +0900
s3_auth: Fix hash calculation (#9779)
(cherry picked from commit 867c48c1adf9e795c8d85c48d2d0f07f08aa87ec)
---
plugins/s3_auth/aws_auth_v4.cc | 5 +++++
plugins/s3_auth/aws_auth_v4.h | 1 +
plugins/s3_auth/aws_auth_v4_wrap.h | 5 +++++
plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 ++++++++++++++
plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 +++++++
5 files changed, 32 insertions(+)
diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
index 004c0b3935..d21ae814b4 100644
--- a/plugins/s3_auth/aws_auth_v4.cc
+++ b/plugins/s3_auth/aws_auth_v4.cc
@@ -311,6 +311,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool
signPayload, const StringSe
str = api.getPath(&length);
String path("/");
path.append(str, length);
+ str = api.getParams(&length);
+ if (length > 0) {
+ path.append(";", 1);
+ path.append(str, length);
+ }
String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
sha256Update(&canonicalRequestSha256Ctx, canonicalUri);
sha256Update(&canonicalRequestSha256Ctx, "\n");
diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h
index 865a199385..984bc62402 100644
--- a/plugins/s3_auth/aws_auth_v4.h
+++ b/plugins/s3_auth/aws_auth_v4.h
@@ -47,6 +47,7 @@ public:
virtual const char *getMethod(int *length) = 0;
virtual const char *getHost(int *length) = 0;
virtual const char *getPath(int *length) = 0;
+ virtual const char *getParams(int *length) = 0;
virtual const char *getQuery(int *length) = 0;
virtual HeaderIterator headerBegin() = 0;
virtual HeaderIterator headerEnd() = 0;
diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h
b/plugins/s3_auth/aws_auth_v4_wrap.h
index 72221c3b89..3ed858a1e1 100644
--- a/plugins/s3_auth/aws_auth_v4_wrap.h
+++ b/plugins/s3_auth/aws_auth_v4_wrap.h
@@ -108,6 +108,11 @@ public:
return TSUrlPathGet(_bufp, _url, len);
}
const char *
+ getParams(int *len) override
+ {
+ return TSUrlHttpParamsGet(_bufp, _url, len);
+ }
+ const char *
getQuery(int *len) override
{
return TSUrlHttpQueryGet(_bufp, _url, len);
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
index b3866ba469..506fef4387 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
@@ -433,6 +433,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object",
"[AWS][auth][SpecByExample]")
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("test.txt");
+ api._params.assign("");
api._query.assign("");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Range", "bytes=0-9"));
@@ -478,6 +479,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle",
"[AWS][auth][SpecByExamp
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("lifecycle");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -522,6 +524,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects",
"[AWS][auth][SpecByEx
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -613,6 +616,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects,
unsigned pay-load, exc
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
@@ -662,6 +666,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects,
query param value alre
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("PATH==");
+ api._params.assign("");
api._query.assign("key=TEST==");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
@@ -708,6 +713,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name
fields", "[AWS][auth][
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -772,6 +778,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers by
default", "[AWS][auth][uti
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -806,6 +813,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers
explicit", "[AWS][auth][SpecB
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -876,6 +884,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non
overlapping headers", "[AWS][
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -910,6 +919,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers", "[AWS][auth
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -945,6 +955,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers missing inclu
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -980,6 +991,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers missing exclu
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1018,6 +1030,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type",
"[AWS][auth][utility]")
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1051,6 +1064,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content
type", "[AWS][auth][utili
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
+ api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
index 86dc566bab..0ce55d281a 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
@@ -95,6 +95,12 @@ public:
return _path.c_str();
}
const char *
+ getParams(int *length) override
+ {
+ *length = _params.length();
+ return _params.c_str();
+ }
+ const char *
getQuery(int *length) override
{
*length = _query.length();
@@ -114,6 +120,7 @@ public:
String _method;
String _host;
String _path;
+ String _params;
String _query;
HeaderMultiMap _headers;
};
