From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Wed, 11 Aug 2021 15:21:25 +0000 (+0100)
Subject: [Minor] Lua_aws: Fix several issues
X-Git-Tag: 3.0~18
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7e66c1c7a047e32acd17c9596ecac1534814c13b;p=rspamd.git

[Minor] Lua_aws: Fix several issues
---

diff --git a/lualib/lua_aws.lua b/lualib/lua_aws.lua
index 315830b0a..d426e30a3 100644
--- a/lualib/lua_aws.lua
+++ b/lualib/lua_aws.lua
@@ -31,7 +31,7 @@ local exports = {}
 
 -- Returns a canonical representation of today date
 local function today_canonical()
-  return os.date('!%Y%m%d', os.time())
+  return os.date('!%Y%m%d')
 end
 
 --[[[
@@ -43,7 +43,7 @@ local function aws_date(date_str)
     date_str = today_canonical()
   end
 
-  return date_str .. 'T000000Z'
+  return date_str .. os.date('!T%H%M%SZ')
 end
 
 exports.aws_date = aws_date
@@ -129,7 +129,6 @@ exports.aws_signing_key = aws_signing_key
 -- Returns a hash + list of headers as required to produce signature afterwards
 --]]
 local function aws_canon_request_hash(method, uri, headers_to_sign, hex_hash)
-  lua_util.debugm(N, 'huis')
   assert(type(method) == 'string')
   assert(type(uri) == 'string')
   assert(type(headers_to_sign) == 'table')
@@ -142,7 +141,11 @@ local function aws_canon_request_hash(method, uri, headers_to_sign, hex_hash)
 
   local sha_ctx = rspamd_crypto_hash.create_specific('sha256')
 
+  lua_util.debugm(N, 'update signature with the method %s',
+      method)
   sha_ctx:update(method .. '\n')
+  lua_util.debugm(N, 'update signature with the uri %s',
+      uri)
   sha_ctx:update(uri .. '\n')
   -- XXX add query string canonicalisation
   sha_ctx:update('\n')
@@ -215,7 +218,7 @@ local function aws_authorization_hdr(tbl, transformed)
   end
 
   local string_to_sign = string.format('AWS4-HMAC-SHA256\n%s\n%s/%s/%s/%s\n%s',
-      aws_date(res.date),
+      res.headers['x-amz-date'] or aws_date(),
       res.date, res.region, res.service, res.req_type,
       signed_sha)
   lua_util.debugm(N, "string to sign: %s", string_to_sign)
@@ -257,7 +260,9 @@ local function aws_request_enrich(tbl, content)
   local content_sha256 = rspamd_crypto_hash.create_specific('sha256', content):hex()
   local hdrs = res.headers
   hdrs['x-amz-content-sha256'] = content_sha256
-  hdrs['x-amz-date'] = aws_date(res.date)
+  if not hdrs['x-amz-date'] then
+    hdrs['x-amz-date'] = aws_date(res.date)
+  end
   hdrs['Authorization'] = aws_authorization_hdr(res, true)
 
   return hdrs
@@ -268,7 +273,7 @@ exports.aws_request_enrich = aws_request_enrich
 -- A simple tests according to AWS docs to check sanity
 local test_request_hdrs = {
   ['Host'] = 'examplebucket.s3.amazonaws.com',
-  ['x-amz-date'] = '20130524T000000Z ',
+  ['x-amz-date'] = '20130524T000000Z',
   ['Range'] = 'bytes=0-9',
   ['x-amz-content-sha256'] = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
 }