Add handling for NULL credentials (#44)

awslabs · Nov 23, 2019 · a42e16d · a42e16d
1 parent be1c5da
commit a42e16d
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 9 deletions.
diff --git a/source/signing.c b/source/signing.c
@@ -32,6 +32,8 @@ int aws_sign_request_aws(
     aws_signing_complete_fn *on_complete,
     void *userdata) {
 
+    AWS_PRECONDITION(base_config);
+
     if (base_config->config_type != AWS_SIGNING_CONFIG_AWS) {
         return aws_raise_error(AWS_AUTH_SIGNING_MISMATCHED_CONFIGURATION);
     }
@@ -58,11 +60,20 @@ int aws_sign_request_aws(
 
 void s_aws_signing_on_get_credentials(struct aws_credentials *credentials, void *user_data) {
     struct aws_signing_state_aws *state = user_data;
-    state->credentials = credentials;
 
     struct aws_signing_result *result = NULL;
     int error_code = AWS_ERROR_SUCCESS;
 
+    if (!credentials) {
+        AWS_LOGF_ERROR(
+            AWS_LS_AUTH_SIGNING, "(id=%p) Credentials Provider provided no credentials", (void *)state->signable);
+
+        error_code = AWS_AUTH_SIGNING_NO_CREDENTIALS;
+        goto cleanup;
+    }
+
+    state->credentials = credentials;
+
     if (aws_signing_build_canonical_request(state)) {
         AWS_LOGF_ERROR(
             AWS_LS_AUTH_SIGNING,

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -157,6 +157,7 @@ add_test_case(sigv4_fail_date_param_test)
 add_test_case(sigv4_fail_credential_param_test)
 add_test_case(sigv4_fail_algorithm_param_test)
 add_test_case(sigv4_fail_signed_headers_param_test)
+add_test_case(signer_null_credentials_test)
 
 set(TEST_BINARY_NAME ${CMAKE_PROJECT_NAME}-tests)
 generate_test_driver(${TEST_BINARY_NAME})

diff --git a/tests/credentials_provider_utils.c b/tests/credentials_provider_utils.c
@@ -166,7 +166,9 @@ struct aws_credentials_provider *aws_credentials_provider_new_mock(
     provider->allocator = allocator;
     provider->vtable = &s_aws_credentials_provider_mock_vtable;
     provider->impl = impl;
-    provider->shutdown_options = *shutdown_options;
+    if (shutdown_options) {
+        provider->shutdown_options = *shutdown_options;
+    }
     aws_atomic_store_int(&provider->ref_count, 1);
 
     return provider;
@@ -361,7 +363,9 @@ struct aws_credentials_provider *aws_credentials_provider_new_mock_async(
     provider->allocator = allocator;
     provider->vtable = &s_aws_credentials_provider_mock_async_vtable;
     provider->impl = impl;
-    provider->shutdown_options = *shutdown_options;
+    if (shutdown_options) {
+        provider->shutdown_options = *shutdown_options;
+    }
     aws_atomic_store_int(&provider->ref_count, 1);
 
     return provider;
@@ -445,7 +449,9 @@ struct aws_credentials_provider *aws_credentials_provider_new_null(
     provider->allocator = allocator;
     provider->vtable = &s_aws_credentials_provider_null_vtable;
     provider->impl = NULL;
-    provider->shutdown_options = *shutdown_options;
+    if (shutdown_options) {
+        provider->shutdown_options = *shutdown_options;
+    }
     aws_atomic_store_int(&provider->ref_count, 1);
 
     return provider;

diff --git a/tests/sigv4_tests.c b/tests/sigv4_tests.c
@@ -21,12 +21,14 @@
 #include <aws/auth/signing.h>
 #include <aws/common/condition_variable.h>
 #include <aws/common/string.h>
+#include <aws/http/request_response.h>
 #include <aws/io/file_utils.h>
 #include <aws/io/stream.h>
 #include <aws/io/uri.h>
 
 #include <ctype.h>
 
+#include "credentials_provider_utils.h"
 #include "test_signable.h"
 
 struct sigv4_test_suite_contents {
@@ -958,3 +960,56 @@ static int s_sigv4_fail_signed_headers_param_test(struct aws_allocator *allocato
         allocator, s_amz_signed_headers_param_request, AWS_AUTH_SIGNING_ILLEGAL_REQUEST_QUERY_PARAM);
 }
 AWS_TEST_CASE(sigv4_fail_signed_headers_param_test, s_sigv4_fail_signed_headers_param_test);
+
+struct null_credentials_state {
+    struct aws_signing_result *result;
+    int error_code;
+};
+
+static void s_null_credentials_on_signing_complete(struct aws_signing_result *result, int error_code, void *userdata) {
+
+    struct null_credentials_state *state = userdata;
+    state->result = result;
+    state->error_code = error_code;
+}
+
+static int s_signer_null_credentials_test(struct aws_allocator *allocator, void *ctx) {
+    (void)ctx;
+
+    struct get_credentials_mock_result results = {
+        .credentials = NULL,
+        .error_code = AWS_AUTH_SIGNING_NO_CREDENTIALS,
+    };
+
+    struct aws_http_message *request = aws_http_message_new_request(allocator);
+    struct aws_signable *signable = aws_signable_new_http_request(allocator, request);
+
+    struct aws_signing_config_aws config = {
+        .config_type = AWS_SIGNING_CONFIG_AWS,
+        .algorithm = AWS_SIGNING_ALGORITHM_SIG_V4_HEADER,
+        .region = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-east-1"),
+        .service = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("elasticbuttservice"),
+    };
+    config.credentials_provider = aws_credentials_provider_new_mock(allocator, &results, 1, NULL);
+    aws_date_time_init_now(&config.date);
+
+    struct null_credentials_state state;
+    AWS_ZERO_STRUCT(state);
+
+    ASSERT_SUCCESS(aws_sign_request_aws(
+        allocator,
+        signable,
+        (struct aws_signing_config_base *)&config,
+        s_null_credentials_on_signing_complete,
+        &state));
+
+    ASSERT_PTR_EQUALS(NULL, state.result);
+    ASSERT_INT_EQUALS(AWS_AUTH_SIGNING_NO_CREDENTIALS, state.error_code);
+
+    aws_credentials_provider_release(config.credentials_provider);
+    aws_signable_destroy(signable);
+    aws_http_message_release(request);
+
+    return AWS_OP_SUCCESS;
+}
+AWS_TEST_CASE(signer_null_credentials_test, s_signer_null_credentials_test);
diff --git a/tests/test_signable.c b/tests/test_signable.c
@@ -85,11 +85,12 @@ static void s_aws_signable_test_clean_up(struct aws_signable *signable) {
     }
 }
 
-static struct aws_signable_vtable s_signable_test_vtable = {.get_property = s_aws_signable_test_get_property,
-                                                            .get_property_list = s_aws_signable_test_get_property_list,
-                                                            .get_payload_stream =
-                                                                s_aws_signable_test_get_payload_stream,
-                                                            .clean_up = s_aws_signable_test_clean_up};
+static struct aws_signable_vtable s_signable_test_vtable = {
+    .get_property = s_aws_signable_test_get_property,
+    .get_property_list = s_aws_signable_test_get_property_list,
+    .get_payload_stream = s_aws_signable_test_get_payload_stream,
+    .clean_up = s_aws_signable_test_clean_up,
+};
 
 struct aws_signable *aws_signable_new_test(
     struct aws_allocator *allocator,