Add hash key test

waahm7 · waahm7 · commit 30e9a18e6c12 · 2025-01-24T09:47:45.000-08:00
diff --git a/include/aws/s3/private/s3express_credentials_provider_impl.h b/include/aws/s3/private/s3express_credentials_provider_impl.h
@@ -107,8 +107,12 @@ struct aws_s3express_credentials_provider *aws_s3express_credentials_provider_ne
     const struct aws_s3express_credentials_provider_default_options *options);
 
 /**
- * Encode the hash key to be [host_value][hash_of_credentials]
- * hash_of_credentials is the sha256 of [access_key][secret_access_key]
+ * Encodes the hash key in the format: [host_value][hash_of_credentials_and_headers]
+ *
+ * The hash_of_credentials_and_headers is calculated as follows:
+ * 1. Concatenate: [access_key][secret_access_key][headers]
+ *    where headers = ",header_name1:header_value1,header_name2:header_value2..."
+ * 2. Generates SHA256 hash of the concatenated string
  */
 AWS_S3_API
 struct aws_string *aws_encode_s3express_hash_key_new(
diff --git a/source/s3express_credentials_provider.c b/source/s3express_credentials_provider.c
@@ -480,11 +480,6 @@ static struct aws_s3express_session_creator *s_aws_s3express_session_creator_des
     return NULL;
 }
 
-/**
- * Encode the hash key to be [host_value][hash_of_credentials]
- * hash_of_credentials is the sha256 of [access_key][secret_access_key]
- * TODO: Update docs
- **/
 struct aws_string *aws_encode_s3express_hash_key_new(
     struct aws_allocator *allocator,
     const struct aws_credentials *original_credentials,
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -370,6 +370,7 @@ add_net_test_case(s3express_client_get_object_multiple)
 add_net_test_case(s3express_client_get_object_create_session_error)
 add_net_test_case(s3express_client_copy_object)
 add_net_test_case(s3express_client_copy_object_multipart)
+add_net_test_case(s3express_hash_key_test)
 
 add_net_test_case(meta_request_auto_ranged_get_new_error_handling)
 add_net_test_case(meta_request_auto_ranged_put_new_error_handling)
diff --git a/tests/s3_s3express_client_test.c b/tests/s3_s3express_client_test.c
@@ -10,6 +10,7 @@
 #include "s3_tester.h"
 #include <aws/common/atomics.h>
 #include <aws/common/clock.h>
+#include <aws/common/encoding.h>
 #include <aws/common/lru_cache.h>
 #include <aws/io/stream.h>
 #include <aws/io/uri.h>
@@ -714,3 +715,53 @@ TEST_CASE(s3express_client_copy_object_multipart) {
     aws_s3_tester_clean_up(&tester);
     return AWS_OP_SUCCESS;
 }
+
+/**
+ * Test hash of the express cache key 
+ */
+TEST_CASE(s3express_hash_key_test) {
+    (void)ctx;
+
+    struct aws_string *access_key = aws_string_new_from_c_str(allocator, "AccessKey");
+    struct aws_string *secret_access_key = aws_string_new_from_c_str(allocator, "SecretAccessKey");
+    struct aws_http_headers *headers = aws_http_headers_new(allocator);
+    aws_http_headers_add(
+        headers, aws_byte_cursor_from_c_str("x-amz-server-side-encryption"), aws_byte_cursor_from_c_str("aws:kms"));
+    aws_http_headers_add(
+        headers,
+        aws_byte_cursor_from_c_str("x-amz-server-side-encryption-aws-kms-key-id"),
+        aws_byte_cursor_from_c_str("kms-key-id"));
+    aws_http_headers_add(
+        headers,
+        aws_byte_cursor_from_c_str("x-amz-server-side-encryption-context"),
+        aws_byte_cursor_from_c_str("context"));
+    aws_http_headers_add(
+        headers,
+        aws_byte_cursor_from_c_str("x-amz-server-side-encryption-bucket-key-enabled"),
+        aws_byte_cursor_from_c_str("true"));
+    aws_http_headers_add(
+        headers, aws_byte_cursor_from_c_str("header-not-allowed"), aws_byte_cursor_from_c_str("should-be-ignored"));
+
+    struct aws_credentials *creds =
+        aws_credentials_new_from_string(allocator, access_key, secret_access_key, NULL, UINT64_MAX);
+
+    struct aws_string *hash_key =
+        aws_encode_s3express_hash_key_new(allocator, creds, aws_byte_cursor_from_c_str("host"), headers);
+    struct aws_byte_cursor hash_cursor = aws_byte_cursor_from_string(hash_key);
+
+    struct aws_byte_buf encoded_buf;
+    aws_byte_buf_init(&encoded_buf, allocator, 100);
+    aws_hex_encode_append_dynamic(&hash_cursor, &encoded_buf);
+
+    char *expected_encoded_key = "686f737498ae6a365790707488b3e85402c9eddf422dc39f096e15eaba0d7cdd45f57ad2";
+    ASSERT_BIN_ARRAYS_EQUALS(expected_encoded_key, strlen(expected_encoded_key), encoded_buf.buffer, encoded_buf.len);
+
+    aws_byte_buf_clean_up(&encoded_buf);
+    aws_string_destroy(access_key);
+    aws_string_destroy(secret_access_key);
+    aws_credentials_release(creds);
+    aws_string_destroy(hash_key);
+    aws_http_headers_release(headers);
+
+    return 0;
+}
