s3_auth: Fix hash calculation

plugins/s3_auth/aws_auth_v4.cc

@@ -311,6 +311,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool signPayload, const StringSe
   str = api.getPath(&length);
   String path("/");
   path.append(str, length);
+  str = api.getParams(&length);
+  if (length > 0) {
+    path.append(";", 1);
+    path.append(str, length);
+  }
   String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
   sha256Update(&canonicalRequestSha256Ctx, canonicalUri);
   sha256Update(&canonicalRequestSha256Ctx, "\n");

plugins/s3_auth/aws_auth_v4.h

@@ -47,6 +47,7 @@ class TsInterface
   virtual const char *getMethod(int *length) = 0;
   virtual const char *getHost(int *length)   = 0;
   virtual const char *getPath(int *length)   = 0;
+  virtual const char *getParams(int *length) = 0;
   virtual const char *getQuery(int *length)  = 0;
   virtual HeaderIterator headerBegin()       = 0;
   virtual HeaderIterator headerEnd()         = 0;

plugins/s3_auth/aws_auth_v4_wrap.h

@@ -108,6 +108,11 @@ class TsApi : public TsInterface
     return TSUrlPathGet(_bufp, _url, len);
   }
   const char *
+  getParams(int *len) override
+  {
+    return TSUrlHttpParamsGet(_bufp, _url, len);
+  }
+  const char *
   getQuery(int *len) override
   {
     return TSUrlHttpQueryGet(_bufp, _url, len);

plugins/s3_auth/unit_tests/test_aws_auth_v4.cc

@@ -433,6 +433,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object", "[AWS][auth][SpecByExample]")
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("test.txt");
+  api._params.assign("");
   api._query.assign("");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Range", "bytes=0-9"));
@@ -478,6 +479,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle", "[AWS][auth][SpecByExamp
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("lifecycle");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -522,6 +524,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects", "[AWS][auth][SpecByEx
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -613,6 +616,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, unsigned pay-load, exc
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
@@ -662,6 +666,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, query param value alre
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("PATH==");
+  api._params.assign("");
   api._query.assign("key=TEST==");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));
@@ -708,6 +713,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name fields", "[AWS][auth][
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -772,6 +778,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers by default", "[AWS][auth][uti
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -806,6 +813,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers explicit", "[AWS][auth][SpecB
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -876,6 +884,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non overlapping headers", "[AWS][
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -910,6 +919,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers", "[AWS][auth
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -945,6 +955,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing inclu
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -980,6 +991,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing exclu
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1018,6 +1030,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type", "[AWS][auth][utility]")
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1051,6 +1064,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content type", "[AWS][auth][utili
   api._method.assign("GET");
   api._host.assign("examplebucket.s3.amazonaws.com");
   api._path.assign("");
+  api._params.assign("");
   api._query.assign("max-keys=2&prefix=J");
   api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com"));
   api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD"));

plugins/s3_auth/unit_tests/test_aws_auth_v4.h

@@ -95,6 +95,12 @@ class MockTsInterface : public TsInterface
     return _path.c_str();
   }
   const char *
+  getParams(int *length) override
+  {
+    *length = _params.length();
+    return _params.c_str();
+  }
+  const char *
   getQuery(int *length) override
   {
     *length = _query.length();
@@ -114,6 +120,7 @@ class MockTsInterface : public TsInterface
   String _method;
   String _host;
   String _path;
+  String _params;
   String _query;
   HeaderMultiMap _headers;
 };