MinIO request was successfull!!!

ggcr · ggcr · commit 15372faf7b59 · 2025-11-30T18:56:31.000+01:00
diff --git a/src/s3cpp/auth.h b/src/s3cpp/auth.h
@@ -50,16 +50,17 @@ class AWSSigV4Signer {
 
     // To sign
     std::string string_to_sign =
-        std::format("{}\n{}\n{}\n{}\n", hash_algo, request_date,
+        std::format("{}\n{}\n{}\n{}", hash_algo, timestamp,
                     credential_scope, hex_cannonical_request);
-		std::string signature = hex(HMAC_SHA256(deriveSigningKey(request_date), string_to_sign));
+    std::string signature =
+        hex(HMAC_SHA256(deriveSigningKey(request_date), SHA256_DIGEST_LENGTH, string_to_sign));
 
     // Build the final auth header value
     request.header(
         "Authorization",
         std::format("{} Credential={}/{}, SignedHeaders={}, Signature={}",
                     hash_algo, access_key, credential_scope, signed_headers,
-                    hex_cannonical_request, signature));
+                    signature));
   }
 
   std::string createCannonicalRequest(HttpRequest &request) {
@@ -71,7 +72,13 @@ class AWSSigV4Signer {
     if (size_t bpos = url.find("amazonaws.com"); bpos != std::string::npos) {
       uri = url.erase(0, bpos + 13);
     } else {
-      // Assume localhost falls here...
+      // Assume localhost:XXXX (dirty, sorry :( i know)
+      size_t path_start = url.find('/', 7);
+      if (path_start != std::string::npos) {
+        uri = url.substr(path_start);
+      } else {
+        uri = "/";
+      }
     }
 
     // URI Query-string
@@ -112,11 +119,9 @@ class AWSSigV4Signer {
     return digest;
   }
 
-  const unsigned char *HMAC_SHA256(const unsigned char *key,
+  const unsigned char *HMAC_SHA256(const unsigned char *key, size_t key_len,
                                    const std::string &data) {
-    unsigned int hashLen;
-
-    return HMAC(EVP_sha256(), key, strlen((char *)key),
+    return HMAC(EVP_sha256(), key, key_len,
                 reinterpret_cast<const unsigned char *>(data.c_str()),
                 data.size(), NULL, NULL);
   }
@@ -130,7 +135,6 @@ class AWSSigV4Signer {
     return ss.str();
   }
 
-
   // Move to S3 client class
   // --
   // Required by AWS SigV4 to be in ISO8601 format
@@ -164,13 +168,16 @@ class AWSSigV4Signer {
     }
   }
 
-  const unsigned char * deriveSigningKey(const std::string request_date) {
-		const std::string initial_candidate = "AWS4" + secret_key;
-		const unsigned char* keyCandidate = reinterpret_cast<const unsigned char*>(initial_candidate.c_str());
-    const unsigned char* DateKey = HMAC_SHA256(keyCandidate, request_date);
-    const unsigned char* DateRegionKey = HMAC_SHA256(DateKey, aws_region);
-    const unsigned char* DateRegionServiceKey = HMAC_SHA256(DateRegionKey, "s3");
-    const unsigned char* SigningKey = HMAC_SHA256(DateRegionServiceKey, "aws4_request");
+  const unsigned char *deriveSigningKey(const std::string request_date) {
+    const std::string initial_candidate = "AWS4" + secret_key;
+    const unsigned char *keyCandidate =
+        reinterpret_cast<const unsigned char *>(initial_candidate.c_str());
+    const unsigned char *DateKey = HMAC_SHA256(keyCandidate, initial_candidate.size(), request_date);
+    const unsigned char *DateRegionKey = HMAC_SHA256(DateKey, SHA256_DIGEST_LENGTH, aws_region);
+    const unsigned char *DateRegionServiceKey =
+        HMAC_SHA256(DateRegionKey, SHA256_DIGEST_LENGTH, "s3");
+    const unsigned char *SigningKey =
+        HMAC_SHA256(DateRegionServiceKey, SHA256_DIGEST_LENGTH, "aws4_request");
     return SigningKey;
   }
 };
diff --git a/test/auth_test.cpp b/test/auth_test.cpp
@@ -5,16 +5,39 @@
 // TODO(cristian): Skip the functional tests that actually query MinIO if its
 // not up
 
-
 TEST(AUTH, SHA256HexDigest) {
   auto signer = AWSSigV4Signer("minio_access", "minio_secret");
-  EXPECT_EQ(signer.hex(signer.sha256("github.com/ggcr/s3cpp")), "bc088c51b33c2730707dbb528d1d0bfafc59ba56c8c9aa3b8e0dc0c13e3d9b2b");
+  EXPECT_EQ(signer.hex(signer.sha256("github.com/ggcr/s3cpp")),
+            "bc088c51b33c2730707dbb528d1d0bfafc59ba56c8c9aa3b8e0dc0c13e3d9b2b");
 }
 
 TEST(AUTH, HMACSHA256HexDigest) {
   auto signer = AWSSigV4Signer("minio_access", "minio_secret");
-	std::string key = "super-secret-key";
-  EXPECT_EQ(signer.hex(signer.HMAC_SHA256(reinterpret_cast<const unsigned char *>(key.c_str()), "github.com/ggcr/s3cpp")), "558084957fb05bb4786ad6791bfbee71e67a11fea964e5dac6bac6b2f749b339");
+  std::string key = "super-secret-key";
+  EXPECT_EQ(signer.hex(signer.HMAC_SHA256(
+                reinterpret_cast<const unsigned char *>(key.c_str()),
+                key.size(),
+                "github.com/ggcr/s3cpp")),
+            "558084957fb05bb4786ad6791bfbee71e67a11fea964e5dac6bac6b2f749b339");
+}
+
+TEST(AUTH, ChainedHMACSHA256HexDigest) {
+  auto signer = AWSSigV4Signer("minio_access", "minio_secret");
+
+	// AWS SigV4 derives the key for the signature using nested HMAC_SHA256
+	// This test tries to assert that HMAC(HMAC(k, v), v) works as expected
+	// The hardcoded hashes are taken from: https://emn178.github.io/online-tools/sha256.html
+
+	std::string v = "github.com/ggcr/s3cpp";
+
+  // HMAC(k, v)
+  std::string key1 = "super-secret-key";
+  const unsigned char *hash1 = signer.HMAC_SHA256(reinterpret_cast<const unsigned char *>(key1.c_str()), key1.size(), v);
+  EXPECT_EQ(signer.hex(hash1), "558084957fb05bb4786ad6791bfbee71e67a11fea964e5dac6bac6b2f749b339");
+
+  // HMAC(HMAC(k, v), v)
+  const unsigned char *hex2 = signer.HMAC_SHA256(hash1, SHA256_DIGEST_LENGTH, v);
+  EXPECT_EQ(signer.hex(hex2), "d5a2b747dcb6b25cc4da081eedc15edef2d217d8497c67987ed9167d412d898c");
 }
 
 TEST(AUTH, CannonicalGETRequest) {
@@ -47,4 +70,32 @@ TEST(AUTH, CannonicalGETRequest) {
                   host, empty_payload_hash, timestamp, empty_payload_hash);
 
   EXPECT_EQ(signer.createCannonicalRequest(req), expected_canonical);
+  signer.sign(req);
+  EXPECT_TRUE(req.getHeaders().contains("Authorization"));
+}
+
+TEST(AUTH, MinIOBasicRequest) {
+  // create signer & http client
+  auto signer = AWSSigV4Signer("minio_access", "minio_secret");
+  HttpClient client{};
+
+  // prepare request
+  const std::string host = "127.0.0.1:9000";
+  const std::string URI = "/";
+  const std::string URL = std::format("http://{}{}", host, URI);
+  const std::string timestamp = signer.getTimestamp();
+  const std::string empty_payload_hash =
+      "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
+  HttpRequest req = client.get(URL)
+                        .header("Host", host)
+                        .header("X-Amz-Date", timestamp)
+                        .header("X-Amz-Content-Sha256", empty_payload_hash);
+  signer.sign(req);
+  HttpResponse resp = req.execute();
+
+	EXPECT_EQ(resp.status(), 200);
+
+  // std::println("RESPONSE STATUS: {}", resp.status());
+  // std::println("RESPONSE HEADERS: {}", resp.headers());
+  // std::println("RESPONSE BODY: {}", resp.body());
 }
