203 lines
9.2 KiB
Diff
203 lines
9.2 KiB
Diff
From 726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 Mon Sep 17 00:00:00 2001
|
|
From: Masakazu Kitajo <maskit@apache.org>
|
|
Date: Thu, 8 Jun 2023 02:27:52 +0900
|
|
Subject: [PATCH] s3_auth: Fix hash calculation (#9779)
|
|
|
|
(cherry picked from commit 867c48c1adf9e795c8d85c48d2d0f07f08aa87ec)
|
|
---
|
|
plugins/s3_auth/aws_auth_v4.cc | 5 +++++
|
|
plugins/s3_auth/aws_auth_v4.h | 1 +
|
|
plugins/s3_auth/aws_auth_v4_wrap.h | 5 +++++
|
|
plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 ++++++++++++++
|
|
plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 +++++++
|
|
5 files changed, 32 insertions(+)
|
|
|
|
diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
|
|
index 3f9aea0..6ba76d8 100644
|
|
--- a/plugins/s3_auth/aws_auth_v4.cc
|
|
+++ b/plugins/s3_auth/aws_auth_v4.cc
|
|
@@ -303,6 +303,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool signPayload, const StringSe
|
|
str = api.getPath(&length);
|
|
String path("/");
|
|
path.append(str, length);
|
|
+ str = api.getParams(&length);
|
|
+ if (length > 0) {
|
|
+ path.append(";", 1);
|
|
+ path.append(str, length);
|
|
+ }
|
|
String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
|
|
sha256Update(&canonicalRequestSha256Ctx, canonicalUri);
|
|
sha256Update(&canonicalRequestSha256Ctx, "\n");
|
|
diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h
|
|
index 865a199..984bc62 100644
|
|
--- a/plugins/s3_auth/aws_auth_v4.h
|
|
+++ b/plugins/s3_auth/aws_auth_v4.h
|
|
@@ -47,6 +47,7 @@ public:
|
|
virtual const char *getMethod(int *length) = 0;
|
|
virtual const char *getHost(int *length) = 0;
|
|
virtual const char *getPath(int *length) = 0;
|
|
+ virtual const char *getParams(int *length) = 0;
|
|
virtual const char *getQuery(int *length) = 0;
|
|
virtual HeaderIterator headerBegin() = 0;
|
|
virtual HeaderIterator headerEnd() = 0;
|
|
diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h b/plugins/s3_auth/aws_auth_v4_wrap.h
|
|
index 72221c3..3ed858a 100644
|
|
--- a/plugins/s3_auth/aws_auth_v4_wrap.h
|
|
+++ b/plugins/s3_auth/aws_auth_v4_wrap.h
|
|
@@ -108,6 +108,11 @@ public:
|
|
return TSUrlPathGet(_bufp, _url, len);
|
|
}
|
|
const char *
|
|
+ getParams(int *len) override
|
|
+ {
|
|
+ return TSUrlHttpParamsGet(_bufp, _url, len);
|
|
+ }
|
|
+ const char *
|
|
getQuery(int *len) override
|
|
{
|
|
return TSUrlHttpQueryGet(_bufp, _url, len);
|
|
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
|
|
index 595fe00..a11213c 100644
|
|
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
|
|
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
|
|
@@ -404,6 +404,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object", "[AWS][auth][SpecByExample]")
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("test.txt");
|
|
+ api._params.assign("");
|
|
api._query.assign("");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Range", "bytes=0-9"));
|
|
@@ -449,6 +450,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle", "[AWS][auth][SpecByExamp
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("lifecycle");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
|
|
@@ -493,6 +495,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects", "[AWS][auth][SpecByEx
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
|
|
@@ -584,6 +587,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, unsigned pay-load, exc
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
|
|
@@ -633,6 +637,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, query param value alre
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("PATH==");
|
|
+ api._params.assign("");
|
|
api._query.assign("key=TEST==");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
|
|
@@ -679,6 +684,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name fields", "[AWS][auth][
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -777,6 +783,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers explicit", "[AWS][auth][SpecB
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -812,6 +819,7 @@ TEST_CASE("S3AuthV4UtilParams: exclude all headers explicit", "[AWS][auth][utili
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -847,6 +855,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non overlapping headers", "[AWS][
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -881,6 +890,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers", "[AWS][auth
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -916,6 +926,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing inclu
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -951,6 +962,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing exclu
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -989,6 +1001,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type", "[AWS][auth][utility]")
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("Content-Type", "gzip"));
|
|
@@ -1022,6 +1035,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content type", "[AWS][auth][utili
|
|
api._method.assign("GET");
|
|
api._host.assign("examplebucket.s3.amazonaws.com");
|
|
api._path.assign("");
|
|
+ api._params.assign("");
|
|
api._query.assign("max-keys=2&prefix=J");
|
|
api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
|
|
api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
|
|
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
|
|
index e295d75..e4eb454 100644
|
|
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
|
|
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
|
|
@@ -95,6 +95,12 @@ public:
|
|
return _path.c_str();
|
|
}
|
|
const char *
|
|
+ getParams(int *length)
|
|
+ {
|
|
+ *length = _params.length();
|
|
+ return _params.c_str();
|
|
+ }
|
|
+ const char *
|
|
getQuery(int *length)
|
|
{
|
|
*length = _query.length();
|
|
@@ -114,6 +120,7 @@ public:
|
|
String _method;
|
|
String _host;
|
|
String _path;
|
|
+ String _params;
|
|
String _query;
|
|
HeaderMultiMap _headers;
|
|
};
|
|
--
|
|
2.30.0
|
|
|