Skip to content

Commit

Permalink
writeCanonicalQueryParameters() added argument doubleEncodeEqualsInPa…
Browse files Browse the repository at this point in the history 
…rmsValues
  • Loading branch information
@giuspen
giuspen committed Nov 17, 2023
1 parent e647f48 commit 6861d74
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 11 deletions.
6 changes: 3 additions & 3 deletions source/include/sigv4.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,12 @@

/**
* @ingroup sigv4_canonical_flags
* @brief Set this flag to indicate that the HTTP request payload is
* already hashed.
* @brief Set this flag to indicate that the HTTP request is
* a presigned URL.
*
* This flag is valid only for #SigV4HttpParameters_t.flags.
*/
#define SIGV4_HTTP_PAYLOAD_IS_UNSIGNED 0x10U
#define SIGV4_HTTP_IS_PRESIGNED_URL 0x10U

/**
* @ingroup sigv4_canonical_flags
Expand Down
29 changes: 21 additions & 8 deletions source/sigv4.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,13 @@
*
* @param[in] pQuery HTTP request query.
* @param[in] queryLen Length of pQuery.
* @param[in] doubleEncodeEqualsInParmsValues whether to double-encode any equals ( = ) characters in parameter values.
* @param[in, out] pCanonicalContext Struct to maintain intermediary buffer
* and state of canonicalization.
*/
static SigV4Status_t generateCanonicalQuery( const char * pQuery,
size_t queryLen,
const bool doubleEncodeEqualsInParmsValues,
CanonicalContext_t * pCanonicalContext );

/**
Expand Down Expand Up @@ -2034,7 +2036,8 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
size_t bufferLen,
const char * pValue,
size_t valueLen,
size_t * pEncodedLen )
size_t * pEncodedLen,
const bool doubleEncodeEqualsInParmsValues )
{
SigV4Status_t returnStatus = SigV4Success;
size_t valueBytesWritten = 0U;
Expand Down Expand Up @@ -2062,8 +2065,8 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
valueLen,
pBufCur + 1U,
&valueBytesWritten,
true,
false );
true /* Encode slash (/) */,
doubleEncodeEqualsInParmsValues );

if( returnStatus == SigV4Success )
{
Expand All @@ -2078,7 +2081,8 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
/*-----------------------------------------------------------*/

static SigV4Status_t writeCanonicalQueryParameters( CanonicalContext_t * pCanonicalRequest,
size_t numberOfParameters )
size_t numberOfParameters,
const bool doubleEncodeEqualsInParmsValues )
{
SigV4Status_t returnStatus = SigV4Success;
char * pBufLoc = NULL;
Expand Down Expand Up @@ -2114,7 +2118,8 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
remainingLen,
pCanonicalRequest->pQueryLoc[ paramsIndex ].value.pData,
pCanonicalRequest->pQueryLoc[ paramsIndex ].value.dataLen,
&encodedLen );
&encodedLen,
doubleEncodeEqualsInParmsValues );
pBufLoc += encodedLen;
remainingLen -= encodedLen;
}
Expand Down Expand Up @@ -2156,6 +2161,7 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,

static SigV4Status_t generateCanonicalQuery( const char * pQuery,
size_t queryLen,
const bool doubleEncodeEqualsInParmsValues,
CanonicalContext_t * pCanonicalContext )
{
SigV4Status_t returnStatus = SigV4Success;
Expand All @@ -2179,9 +2185,8 @@ static void generateCredentialScope( const SigV4Parameters_t * pSigV4Params,
* - Do not URI-encode any of the unreserved characters that RFC 3986 defines:
* A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
* - Percent-encode all other characters with %XY, where X and Y are hexadecimal characters (0-9 and uppercase A-F).
* - Double-encode any equals ( = ) characters in parameter values.
*/
returnStatus = writeCanonicalQueryParameters( pCanonicalContext, numberOfParameters );
returnStatus = writeCanonicalQueryParameters( pCanonicalContext, numberOfParameters, doubleEncodeEqualsInParmsValues );
}

if( returnStatus == SigV4Success )
Expand Down Expand Up @@ -2779,6 +2784,13 @@ static SigV4Status_t generateCanonicalRequestUntilHeaders( const SigV4Parameters
SigV4Status_t returnStatus = SigV4Success;
const char * pPath = NULL;
size_t pathLen = 0U;
bool doubleEncodeEqualsInParmsValues = true;

/* In presigned URL we do not want to double-encode any equals ( = ) characters in parameter values */
if( FLAG_IS_SET( pParams->pHttpParameters->flags, SIGV4_HTTP_IS_PRESIGNED_URL ) )
{
doubleEncodeEqualsInParmsValues = false;
}

/* Set defaults for path and algorithm. */
if( ( pParams->pHttpParameters->pPath == NULL ) ||
Expand Down Expand Up @@ -2843,6 +2855,7 @@ static SigV4Status_t generateCanonicalRequestUntilHeaders( const SigV4Parameters
{
returnStatus = generateCanonicalQuery( pParams->pHttpParameters->pQuery,
pParams->pHttpParameters->queryLen,
doubleEncodeEqualsInParmsValues,
pCanonicalContext );
}
}
Expand Down Expand Up @@ -3070,7 +3083,7 @@ static SigV4Status_t writePayloadHashToCanonicalRequest( const SigV4Parameters_t
/* Remove new line at the end of the payload. */
pCanonicalContext->pBufCur--;
}
else if( FLAG_IS_SET( pParams->pHttpParameters->flags, SIGV4_HTTP_PAYLOAD_IS_UNSIGNED ) )
else if( FLAG_IS_SET( pParams->pHttpParameters->flags, SIGV4_HTTP_IS_PRESIGNED_URL ) )
{
/* Copy the UNSIGNED-PAYLOAD data in the headers data list. */
returnStatus = copyHeaderStringToCanonicalBuffer( "UNSIGNED-PAYLOAD", strlen( "UNSIGNED-PAYLOAD" ), pParams->pHttpParameters->flags, '\n', pCanonicalContext );
Expand Down

0 comments on commit 6861d74

Please sign in to comment.