diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-01-19 19:49:33 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-01-19 19:49:33 +0200 |
commit | 9342c2d779b78b55e7e3b555930c5d3d0423ec40 (patch) | |
tree | ce9b86d0f8096581ec702d486b4818583988ad6d | |
parent | c0bb40dff16db55f2147e0074f54178c6d0fe308 (diff) | |
download | eclat-9342c2d779b78b55e7e3b555930c5d3d0423ec40.tar.gz eclat-9342c2d779b78b55e7e3b555930c5d3d0423ec40.tar.bz2 |
Minor improvement
* lib/reqsign.c (querysign4): Pass credentials in HTTP headers,
instead of parameters.
-rw-r--r-- | lib/reqsign.c | 75 |
1 files changed, 27 insertions, 48 deletions
diff --git a/lib/reqsign.c b/lib/reqsign.c index 4492897..a34595a 100644 --- a/lib/reqsign.c +++ b/lib/reqsign.c @@ -155,7 +155,6 @@ querysign4(struct ec2_query *req, char *secret) size_t i, n; struct grecs_txtacc *acc; char digest[SHA256_DIGEST_SIZE]; - size_t siglen; const char *verb; char tsbuf[22]; time_t t; @@ -167,20 +166,16 @@ querysign4(struct ec2_query *req, char *secret) static char algostr[] = "AWS4-HMAC-SHA256"; static char termstr[] = "aws4_request"; char *canonical_req; - char *signed_headers; + static char *signed_headers = "host;x-amz-date"; char *credential; char *signature; struct sha256_ctx ctx; char *service; size_t service_len; - struct grecs_list_entry *ep; service = req->endpoint; service_len = strcspn(service, "."); - if (req->token) - eclat_query_add_param(req, "X-Amz-Security-Token", req->token); - /* Create text accumulator */ acc = grecs_txtacc_create(); @@ -202,26 +197,8 @@ querysign4(struct ec2_query *req, char *secret) credential = grecs_txtacc_finish(acc, 0); eclat_query_add_header(req, "Host", req->endpoint); + eclat_query_add_header(req, "X-Amz-Date", tsbuf); - /* Signed headers */ - for (ep = req->headers->head; ep; ep = ep->next) { - struct ec2_param *param = ep->data; - for (p = param->name; *p; p++) - grecs_txtacc_grow_char(acc, tolower(*p)); - if (ep->next) - grecs_txtacc_grow_char(acc, ';'); - } - grecs_txtacc_grow_char(acc, 0); - signed_headers = grecs_txtacc_finish(acc, 0); - - if (!(req->flags & EC2_QF_POST)) { - eclat_query_add_param(req, "X-Amz-Algorithm", algostr); - eclat_query_add_param(req, "X-Amz-Date", tsbuf); - eclat_query_add_param(req, "X-Amz-SignedHeaders", - signed_headers); - eclat_query_add_param(req, "X-Amz-Credential", credential); - } - /* Encode the query */ eclat_query_encode(req); @@ -258,14 +235,16 @@ querysign4(struct ec2_query *req, char *secret) grecs_txtacc_grow_char(acc, '\n'); /* CanonicalHeaders */ - for (ep = req->headers->head; ep; ep = ep->next) { - struct ec2_param *param = ep->data; - for (p = param->name; *p; p++) - grecs_txtacc_grow_char(acc, tolower(*p)); - grecs_txtacc_grow_char(acc, ':'); - grecs_txtacc_grow_string(acc, param->value); - grecs_txtacc_grow_char(acc, '\n'); - } + grecs_txtacc_grow_string(acc, "host"); + grecs_txtacc_grow_char(acc, ':'); + grecs_txtacc_grow_string(acc, req->endpoint); + grecs_txtacc_grow_char(acc, '\n'); + + grecs_txtacc_grow_string(acc, "x-amz-date"); + grecs_txtacc_grow_char(acc, ':'); + grecs_txtacc_grow_string(acc, tsbuf); + grecs_txtacc_grow_char(acc, '\n'); + /* end of headers */ grecs_txtacc_grow_char(acc, '\n'); /* Signed Headers */ @@ -339,21 +318,21 @@ querysign4(struct ec2_query *req, char *secret) eclat_hex_encode((unsigned char *)digest, sizeof(digest), &signature, &hashsize); - if (req->flags & EC2_QF_POST) { - /* Build authorization header */ - grecs_txtacc_grow_string(acc, algostr); - grecs_txtacc_grow_string(acc, " Credential="); - grecs_txtacc_grow_string(acc, credential); - grecs_txtacc_grow_string(acc, ", SignedHeaders="); - grecs_txtacc_grow_string(acc, signed_headers); - grecs_txtacc_grow_string(acc, ", Signature="); - grecs_txtacc_grow_string(acc, signature); - grecs_txtacc_grow_char(acc, 0); - p = grecs_txtacc_finish(acc, 0); - eclat_query_add_header(req, "Authorization", p); - } else { - eclat_query_add_param(req, "X-Amz-Signature", signature); - } + if (req->token) + eclat_query_add_header(req, "X-Amz-Security-Token", req->token); + + /* Build authorization header */ + grecs_txtacc_grow_string(acc, algostr); + grecs_txtacc_grow_string(acc, " Credential="); + grecs_txtacc_grow_string(acc, credential); + grecs_txtacc_grow_string(acc, ", SignedHeaders="); + grecs_txtacc_grow_string(acc, signed_headers); + grecs_txtacc_grow_string(acc, ", Signature="); + grecs_txtacc_grow_string(acc, signature); + grecs_txtacc_grow_char(acc, 0); + p = grecs_txtacc_finish(acc, 0); + eclat_query_add_header(req, "Authorization", p); + free(signature); grecs_txtacc_free(acc); /* Encode the query */ |