piping the headers

waahm7 · waahm7 · commit f8ffac17b468 · 2025-01-22T11:13:26.000-08:00
diff --git a/include/aws/s3/private/s3_request_messages.h b/include/aws/s3/private/s3_request_messages.h
@@ -167,6 +167,9 @@ extern const size_t g_s3_complete_multipart_upload_excluded_headers_count;
 AWS_S3_API
 extern const struct aws_byte_cursor g_s3_abort_multipart_upload_excluded_headers[];
 
+AWS_S3_API
+extern const struct aws_byte_cursor g_s3_create_session_allowed_headers[];
+
 AWS_S3_API
 extern const size_t g_s3_abort_multipart_upload_excluded_headers_count;
 
diff --git a/include/aws/s3/private/s3express_credentials_provider_impl.h b/include/aws/s3/private/s3express_credentials_provider_impl.h
@@ -26,6 +26,8 @@ struct aws_s3express_session {
     /* The region and host of the session */
     struct aws_string *region;
     struct aws_string *host;
+
+    struct aws_http_headers *headers;
     bool inactive;
 
     /* Only used for mock tests */
@@ -112,7 +114,8 @@ AWS_S3_API
 struct aws_string *aws_encode_s3express_hash_key_new(
     struct aws_allocator *allocator,
     const struct aws_credentials *original_credentials,
-    struct aws_byte_cursor host_value);
+    struct aws_byte_cursor host_value,
+    struct aws_http_headers *headers);
 
 AWS_EXTERN_C_END
 #endif /* AWS_S3EXPRESS_CREDENTIALS_PROVIDER_IMPL_H */
diff --git a/include/aws/s3/s3express_credentials_provider.h b/include/aws/s3/s3express_credentials_provider.h
@@ -27,6 +27,9 @@ struct aws_credentials_properties_s3express {
      * If empty, the region of the S3 client will be used.
      */
     struct aws_byte_cursor region;
+
+
+    struct aws_http_headers *headers;
 };
 
 struct aws_s3express_credentials_provider_vtable {
diff --git a/source/s3_meta_request.c b/source/s3_meta_request.c
@@ -968,6 +968,7 @@ void aws_s3_meta_request_sign_request_default_impl(
         context->user_data = user_data;
         context->properties.host = aws_byte_cursor_from_string(meta_request->s3express_session_host);
         context->properties.region = signing_config.region;
+        context->properties.headers = aws_http_message_get_headers(meta_request->initial_request_message);
 
         if (signing_config.credentials) {
             context->original_credentials = signing_config.credentials;
diff --git a/source/s3_request_messages.c b/source/s3_request_messages.c
@@ -229,6 +229,17 @@ const struct aws_byte_cursor g_s3_abort_multipart_upload_excluded_headers[] = {
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("if-none-match"),
 };
 
+const struct aws_byte_cursor g_s3_create_session_allowed_headers[] = {
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption-aws-kms-key-id"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption-context"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption-bucket-key-enabled"),
+
+};
+
+const size_t g_s3_create_session_allowed_headers_count =
+    AWS_ARRAY_SIZE(g_s3_create_session_allowed_headers);
+
 static const struct aws_byte_cursor s_x_amz_meta_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-meta-");
 
 static const struct aws_byte_cursor s_checksum_type_header =
diff --git a/source/s3express_credentials_provider.c b/source/s3express_credentials_provider.c
@@ -48,6 +48,7 @@ struct aws_s3express_session_creator {
     /* The region and host of the session we are creating */
     struct aws_string *region;
     struct aws_string *host;
+    struct aws_http_headers *headers;
 
     struct {
         /* Protected by the impl lock */
@@ -66,6 +67,7 @@ static struct aws_s3express_session *s_aws_s3express_session_new(
     const struct aws_string *hash_key,
     const struct aws_string *region,
     const struct aws_string *host,
+    struct aws_http_headers *headers,
     struct aws_credentials *credentials) {
 
     struct aws_s3express_session *session =
@@ -74,6 +76,8 @@ static struct aws_s3express_session *s_aws_s3express_session_new(
     session->impl = provider->impl;
     session->hash_key = aws_string_new_from_string(provider->allocator, hash_key);
     session->host = aws_string_new_from_string(provider->allocator, host);
+    aws_http_headers_acquire(headers);
+    session->headers = headers;
     if (region) {
         session->region = aws_string_new_from_string(provider->allocator, region);
     }
@@ -94,6 +98,7 @@ static void s_aws_s3express_session_destroy(struct aws_s3express_session *sessio
     aws_string_destroy(session->hash_key);
     aws_string_destroy(session->region);
     aws_string_destroy(session->host);
+    aws_http_headers_release(session->headers);
     aws_credentials_release(session->s3express_credentials);
     aws_mem_release(session->allocator, session);
 }
@@ -368,6 +373,7 @@ static void s_on_request_finished(
                 session_creator->hash_key,
                 session_creator->region,
                 session_creator->host,
+                session_creator->headers,
                 credentials);
             aws_cache_put(impl->synced_data.cache, session->hash_key, session);
         }
@@ -434,6 +440,7 @@ static struct aws_s3express_session_creator *s_aws_s3express_session_creator_des
     aws_string_destroy(session_creator->hash_key);
     aws_string_destroy(session_creator->region);
     aws_string_destroy(session_creator->host);
+    aws_http_headers_release(session_creator->headers);
 
     aws_byte_buf_clean_up(&session_creator->response_buf);
     aws_mem_release(session_creator->allocator, session_creator);
@@ -447,8 +454,9 @@ static struct aws_s3express_session_creator *s_aws_s3express_session_creator_des
 struct aws_string *aws_encode_s3express_hash_key_new(
     struct aws_allocator *allocator,
     const struct aws_credentials *original_credentials,
-    struct aws_byte_cursor host_value) {
-
+    struct aws_byte_cursor host_value,
+    struct aws_http_headers *headers) {
+    (void)headers;
     struct aws_byte_buf combine_key_buf;
 
     /* 1. Combine access_key and secret_access_key into one buffer */
@@ -500,6 +508,8 @@ static struct aws_s3express_session_creator *s_session_creator_new(
     session_creator->provider = provider;
     session_creator->host = aws_string_new_from_cursor(session_creator->allocator, &s3express_properties->host);
     session_creator->region = aws_string_new_from_cursor(session_creator->allocator, &s3express_properties->region);
+    aws_http_headers_acquire(s3express_properties->headers);
+    session_creator->headers = s3express_properties->headers;
 
     struct aws_signing_config_aws s3express_signing_config = {
         .credentials = original_credentials,
@@ -556,8 +566,8 @@ static int s_s3express_get_creds(
 
     uint64_t current_stamp = UINT64_MAX;
     aws_sys_clock_get_ticks(&current_stamp);
-    struct aws_string *hash_key =
-        aws_encode_s3express_hash_key_new(provider->allocator, original_credentials, s3express_properties->host);
+    struct aws_string *hash_key = aws_encode_s3express_hash_key_new(
+        provider->allocator, original_credentials, s3express_properties->host, s3express_properties->headers);
     uint64_t now_seconds = aws_timestamp_convert(current_stamp, AWS_TIMESTAMP_NANOS, AWS_TIMESTAMP_SECS, NULL);
 
     s_credentials_provider_s3express_impl_lock_synced_data(impl);
@@ -764,7 +774,8 @@ static void s_refresh_session_list(
                         struct aws_string *current_creds_hash = aws_encode_s3express_hash_key_new(
                             provider->allocator,
                             current_original_credentials,
-                            aws_byte_cursor_from_string(session->host));
+                            aws_byte_cursor_from_string(session->host),
+                            session->headers);
                         bool creds_match = aws_string_eq(current_creds_hash, hash_key);
                         aws_string_destroy(current_creds_hash);
                         if (!creds_match) {
@@ -784,6 +795,7 @@ static void s_refresh_session_list(
 
                         struct aws_credentials_properties_s3express s3express_properties = {
                             .host = aws_byte_cursor_from_string(session->host),
+                            .headers = session->headers,
                         };
                         if (session->region) {
                             s3express_properties.region = aws_byte_cursor_from_string(session->region);
diff --git a/tests/s3_mock_server_s3express_provider_test.c b/tests/s3_mock_server_s3express_provider_test.c
@@ -446,7 +446,7 @@ static size_t s_get_index_from_s3express_cache(
             node = aws_linked_list_next(node);
             struct aws_s3express_session *session = table_node->value;
             struct aws_string *hash_key =
-                aws_encode_s3express_hash_key_new(s_s3express_tester.allocator, original_credentials, host_value);
+                aws_encode_s3express_hash_key_new(s_s3express_tester.allocator, original_credentials, host_value, session->headers);
             if (aws_string_eq(session->hash_key, hash_key)) {
                 aws_string_destroy(hash_key);
                 aws_mutex_unlock(&impl->synced_data.lock);
