Merge pull request #58 from awslabs/FB-HeaderSigning

JonathanHenson · web-flow · commit a42b10ca01b2 · 2016-12-16T11:25:32.000-08:00
Skip signing x-amzn-trace-id
diff --git a/aws-cpp-sdk-core/include/aws/core/auth/AWSAuthSigner.h b/aws-cpp-sdk-core/include/aws/core/auth/AWSAuthSigner.h
@@ -19,6 +19,7 @@
 
 #include <aws/core/Region.h>
 #include <aws/core/utils/memory/AWSMemory.h>
+#include <aws/core/utils/memory/stl/AWSSet.h>
 #include <aws/core/utils/DateTime.h>
 #include <aws/core/utils/Array.h>
 
@@ -130,11 +131,16 @@ namespace Aws
             Aws::String GenerateStringToSign(const Aws::String& dateValue, const Aws::String& simpleDate, const Aws::String& canonicalRequestHash) const;
             const Aws::Utils::ByteBuffer& ComputeLongLivedHash(const Aws::String& secretKey, const Aws::String& simpleDate) const;
 
+            bool ShouldSignHeader(const Aws::String& header) const;
+
             std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
             Aws::String m_serviceName;
             Aws::String m_region;
             Aws::UniquePtr<Aws::Utils::Crypto::Sha256> m_hash;
             Aws::UniquePtr<Aws::Utils::Crypto::Sha256HMAC> m_HMAC;
+
+            Aws::Set<Aws::String> m_unsignedHeaders;
+
             //these next four fields are ONLY for caching purposes and do not change
             //the logical state of the signer. They are marked mutable so the
             //interface can remain const.
diff --git a/aws-cpp-sdk-core/source/auth/AWSAuthSigner.cpp b/aws-cpp-sdk-core/source/auth/AWSAuthSigner.cpp
@@ -129,6 +129,7 @@ AWSAuthV4Signer::AWSAuthV4Signer(const std::shared_ptr<Auth::AWSCredentialsProvi
     m_region(region),
     m_hash(Aws::MakeUnique<Aws::Utils::Crypto::Sha256>(v4LogTag)),
     m_HMAC(Aws::MakeUnique<Aws::Utils::Crypto::Sha256HMAC>(v4LogTag)),
+    m_unsignedHeaders({"user-agent", "x-amzn-trace-id"}),
     m_signPayloads(signPayloads),
     m_urlEscapePath(urlEscapePath)
 {
@@ -141,6 +142,12 @@ AWSAuthV4Signer::~AWSAuthV4Signer()
     // empty destructor in .cpp file to keep from needing the implementation of (AWSCredentialsProvider, Sha256, Sha256HMAC) in the header file 
 }
 
+
+bool AWSAuthV4Signer::ShouldSignHeader(const Aws::String& header) const
+{
+    return m_unsignedHeaders.find(Aws::Utils::StringUtils::ToLower(header.c_str())) == m_unsignedHeaders.cend();
+}
+
 bool AWSAuthV4Signer::SignRequest(Aws::Http::HttpRequest& request) const
 {
     AWSCredentials credentials = m_credentialsProvider->GetAWSCredentials();
@@ -186,8 +193,11 @@ bool AWSAuthV4Signer::SignRequest(Aws::Http::HttpRequest& request) const
 
     for (const auto& header : CanonicalizeHeaders(request.GetHeaders()))
     {
-        headersStream << header.first.c_str() << ":" << header.second.c_str() << NEWLINE;
-        signedHeadersStream << header.first.c_str() << ";";
+        if(ShouldSignHeader(header.first))
+        {
+            headersStream << header.first.c_str() << ":" << header.second.c_str() << NEWLINE;
+            signedHeadersStream << header.first.c_str() << ";";
+        }
     }
 
     Aws::String canonicalHeadersString = headersStream.str();
