From c965eba2e4fb5a7d2d2508ae310b1d363d2ffb21 Mon Sep 17 00:00:00 2001 From: zrq495 Date: Fri, 21 Jun 2019 13:54:24 +0800 Subject: [PATCH 1/2] fixes urlencode --- src/lua/api-gateway/aws/AwsService.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lua/api-gateway/aws/AwsService.lua b/src/lua/api-gateway/aws/AwsService.lua index 2dc22a7..38eec8d 100644 --- a/src/lua/api-gateway/aws/AwsService.lua +++ b/src/lua/api-gateway/aws/AwsService.lua @@ -228,8 +228,9 @@ function _M:getRequestArguments(actionName, parameters) local urlencoded_args = "Action=" .. actionName if parameters ~= nil then for key, value in pairs(parameters) do - local proper_val = ngx.re.gsub(tostring(value), "&", "%26", "ijo") - urlencoded_args = urlencoded_args .. "&" .. key .. "=" .. (proper_val or "") + local t = {} + t[key] = tostring(value) + urlencoded_args = urlencoded_args .. "&" .. ngx.encode_args(t) end end return urlencoded_args From 349cc7bdc58d09c1d5fc63e364e34cf144b62dbd Mon Sep 17 00:00:00 2001 From: paulpearcy Date: Tue, 23 Mar 2021 10:42:59 -0400 Subject: [PATCH 2/2] [Bug] InvalidSignatureException - Ordering issue in canonical headers #30 --- src/lua/api-gateway/aws/AwsV4Signature.lua | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/src/lua/api-gateway/aws/AwsV4Signature.lua b/src/lua/api-gateway/aws/AwsV4Signature.lua index 3936937..3cb61c7 100644 --- a/src/lua/api-gateway/aws/AwsV4Signature.lua +++ b/src/lua/api-gateway/aws/AwsV4Signature.lua @@ -51,20 +51,13 @@ end local _sign = _sign_sha256_FFI local _hash = _sha256_hex -local function get_hashed_canonical_request(method, uri, querystring, headers, requestPayload) +local function get_hashed_canonical_request(method, uri, querystring, host, amzDate, requestPayload) local hash = method .. '\n' .. uri .. '\n' .. (querystring or "") .. '\n' - -- add canonicalHeaders - local canonicalHeaders = "" - local signedHeaders = "" - for h_n,h_v in pairs(headers) do - -- todo: trim and lowercase - canonicalHeaders = canonicalHeaders .. h_n .. ":" .. h_v .. "\n" - signedHeaders = signedHeaders .. h_n .. ";" - end - --remove the last ";" from the signedHeaders - signedHeaders = string.sub(signedHeaders, 1, -2) + -- add canonicalHeaders. Headers must be in alphabetical order + local canonicalHeaders = "host:" .. host .. "\n" .. "x-amz-date:" .. amzDate .. "\n" + local signedHeaders = "host;x-amz-date" hash = hash .. canonicalHeaders .. "\n" .. signedHeaders .. "\n" @@ -157,9 +150,7 @@ function HmacAuthV4Handler:getSignature(http_method, request_uri, uri_arg_table, local date1 = self.aws_date_short local date2 = self.aws_date - local headers = {} - headers.host = self.aws_service .. "." .. self.aws_region .. ".amazonaws.com" - headers["x-amz-date"] = date2 + local host = self.aws_service .. "." .. self.aws_region .. ".amazonaws.com" local encoded_request_uri = request_uri if (self.doubleUrlEncode == true) then @@ -176,7 +167,7 @@ function HmacAuthV4Handler:getSignature(http_method, request_uri, uri_arg_table, get_hashed_canonical_request( http_method, encoded_request_uri, uri_args, - headers, request_payload) ) ) + host, date2, request_payload) ) ) return sign end