This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 9.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push: new 726a79cb2f s3_auth: Fix hash calculation (#9779) 726a79cb2f is described below commit 726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Thu Jun 8 02:27:52 2023 +0900 s3_auth: Fix hash calculation (#9779) (cherry picked from commit 867c48c1adf9e795c8d85c48d2d0f07f08aa87ec) --- plugins/s3_auth/aws_auth_v4.cc | 5 +++++ plugins/s3_auth/aws_auth_v4.h | 1 + plugins/s3_auth/aws_auth_v4_wrap.h | 5 +++++ plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 ++++++++++++++ plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 +++++++ 5 files changed, 32 insertions(+) diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc index 004c0b3935..d21ae814b4 100644 --- a/plugins/s3_auth/aws_auth_v4.cc +++ b/plugins/s3_auth/aws_auth_v4.cc @@ -311,6 +311,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool signPayload, const StringSe str = api.getPath(&length); String path("/"); path.append(str, length); + str = api.getParams(&length); + if (length > 0) { + path.append(";", 1); + path.append(str, length); + } String canonicalUri = canonicalEncode(path, /* isObjectName */ true); sha256Update(&canonicalRequestSha256Ctx, canonicalUri); sha256Update(&canonicalRequestSha256Ctx, "\n"); diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h index 865a199385..984bc62402 100644 --- a/plugins/s3_auth/aws_auth_v4.h +++ b/plugins/s3_auth/aws_auth_v4.h @@ -47,6 +47,7 @@ public: virtual const char *getMethod(int *length) = 0; virtual const char *getHost(int *length) = 0; virtual const char *getPath(int *length) = 0; + virtual const char *getParams(int *length) = 0; virtual const char *getQuery(int *length) = 0; virtual HeaderIterator headerBegin() = 0; virtual HeaderIterator headerEnd() = 0; diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h b/plugins/s3_auth/aws_auth_v4_wrap.h index 72221c3b89..3ed858a1e1 100644 --- a/plugins/s3_auth/aws_auth_v4_wrap.h +++ b/plugins/s3_auth/aws_auth_v4_wrap.h @@ -108,6 +108,11 @@ public: return TSUrlPathGet(_bufp, _url, len); } const char * + getParams(int *len) override + { + return TSUrlHttpParamsGet(_bufp, _url, len); + } + const char * getQuery(int *len) override { return TSUrlHttpQueryGet(_bufp, _url, len); diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc index b3866ba469..506fef4387 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc @@ -433,6 +433,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object", "[AWS][auth][SpecByExample]") api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign("test.txt"); + api._params.assign(""); api._query.assign(""); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Range", "bytes=0-9")); @@ -478,6 +479,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle", "[AWS][auth][SpecByExamp api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("lifecycle"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); @@ -522,6 +524,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects", "[AWS][auth][SpecByEx api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); @@ -613,6 +616,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, unsigned pay-load, exc api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); @@ -662,6 +666,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, query param value alre api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign("PATH=="); + api._params.assign(""); api._query.assign("key=TEST=="); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); @@ -708,6 +713,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name fields", "[AWS][auth][ api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -772,6 +778,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers by default", "[AWS][auth][uti api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -806,6 +813,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers explicit", "[AWS][auth][SpecB api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -876,6 +884,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non overlapping headers", "[AWS][ api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -910,6 +919,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers", "[AWS][auth api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -945,6 +955,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing inclu api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -980,6 +991,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing exclu api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -1018,6 +1030,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type", "[AWS][auth][utility]") api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("Content-Type", "gzip")); @@ -1051,6 +1064,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content type", "[AWS][auth][utili api._method.assign("GET"); api._host.assign("examplebucket.s3.amazonaws.com"); api._path.assign(""); + api._params.assign(""); api._query.assign("max-keys=2&prefix=J"); api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h index 86dc566bab..0ce55d281a 100644 --- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h +++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h @@ -95,6 +95,12 @@ public: return _path.c_str(); } const char * + getParams(int *length) override + { + *length = _params.length(); + return _params.c_str(); + } + const char * getQuery(int *length) override { *length = _query.length(); @@ -114,6 +120,7 @@ public: String _method; String _host; String _path; + String _params; String _query; HeaderMultiMap _headers; };