Merge branch 'main' into account-id-in-creds

include/aws/auth/credentials.h

@@ -915,7 +915,7 @@ bool aws_credentials_is_anonymous(const struct aws_credentials *credentials);
  * the hybrid mode based on AWS credentials.
  *
  * @param allocator memory allocator to use for all memory allocation
- * @param credentials AWS credentials to derive the ECC key from using the AWS sigv4a key deriviation specification
+ * @param credentials AWS credentials to derive the ECC key from using the AWS sigv4a key derivation specification
  * @return a new ecc key pair or NULL on failure
  */
 AWS_AUTH_API

include/aws/auth/signing_config.h

@@ -209,7 +209,7 @@ struct aws_signing_config_aws {
     void *should_sign_header_ud;
 
     /*
-     * Put all flags in here at the end.  If this grows, stay aware of bit-space overflow and ABI compatibilty.
+     * Put all flags in here at the end.  If this grows, stay aware of bit-space overflow and ABI compatibility.
      */
     struct {
         /**

source/aws_imds_client.c

@@ -954,7 +954,7 @@ static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *us
     return ret;
 }
 /**
- * Once a requseter returns from token request, it should call this function to unblock all other
+ * Once a requester returns from token request, it should call this function to unblock all other
  * waiting requesters. When the token parameter is NULL, means the token request failed. Now we need
  * a new requester to acquire the token again.
  */

source/aws_signing.c

@@ -82,6 +82,7 @@ static struct aws_byte_cursor s_sec_websocket_key_header_name;
 static struct aws_byte_cursor s_sec_websocket_protocol_header_name;
 static struct aws_byte_cursor s_sec_websocket_version_header_name;
 static struct aws_byte_cursor s_upgrade_header_name;
+static struct aws_byte_cursor s_transfer_encoding_header_name;
 
 static struct aws_byte_cursor s_amz_content_sha256_header_name;
 static struct aws_byte_cursor s_amz_date_header_name;
@@ -157,6 +158,11 @@ int aws_signing_init_signing_tables(struct aws_allocator *allocator) {
         return AWS_OP_ERR;
     }
 
+    s_transfer_encoding_header_name = aws_byte_cursor_from_c_str("transfer-encoding");
+    if (aws_hash_table_put(&s_skipped_headers, &s_transfer_encoding_header_name, NULL, NULL)) {
+        return AWS_OP_ERR;
+    }
+
     if (aws_hash_table_init(
             &s_forbidden_headers,
             allocator,

source/credentials_provider_cached.c

@@ -60,7 +60,7 @@ static void s_swap_cached_credentials(
 
         AWS_LOGF_DEBUG(
             AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-            "(id=%p) Cached credentials provider succesfully sourced credentials on refresh",
+            "(id=%p) Cached credentials provider successfully sourced credentials on refresh",
             (void *)provider);
     } else {
         AWS_LOGF_DEBUG(

source/credentials_provider_sso.c

@@ -378,7 +378,7 @@ static void s_on_get_token_callback(struct aws_credentials *credentials, int err
     struct aws_byte_cursor token = aws_credentials_get_token(credentials);
     AWS_LOGF_INFO(
         AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-        "(id=%p): successfully accquired a token",
+        "(id=%p): successfully acquired a token",
         (void *)sso_query_context->provider);
 
     sso_query_context->token = aws_string_new_from_cursor(sso_query_context->allocator, &token);
@@ -401,7 +401,7 @@ static void s_on_acquire_connection(struct aws_http_connection *connection, int
     }
     AWS_LOGF_INFO(
         AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-        "(id=%p): successfully accquired a connection",
+        "(id=%p): successfully acquired a connection",
         (void *)sso_query_context->provider);
     sso_query_context->connection = connection;
 

source/credentials_provider_sts.c

@@ -742,7 +742,7 @@ struct aws_credentials_provider *aws_credentials_provider_new_sts(
     const struct aws_credentials_provider_sts_options *options) {
 
     if (!options->bootstrap) {
-        AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "a client bootstrap is necessary for quering STS");
+        AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "a client bootstrap is necessary for querying STS");
         aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
         return NULL;
     }

source/credentials_utils.c

@@ -96,7 +96,7 @@ static bool s_parse_expiration_value_from_json_object(
             if (aws_json_value_get_string(value, &expiration_cursor)) {
                 AWS_LOGF_INFO(
                     AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-                    "Unabled to extract credentials Expiration field from Json document.");
+                    "Unable to extract credentials Expiration field from Json document.");
                 return false;
             }
 
@@ -123,7 +123,7 @@ static bool s_parse_expiration_value_from_json_object(
             if (aws_json_value_get_number(value, &expiration_value)) {
                 AWS_LOGF_INFO(
                     AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-                    "Unabled to extract credentials Expiration field from Json document.");
+                    "Unable to extract credentials Expiration field from Json document.");
                 return false;
             }
 
@@ -136,7 +136,7 @@ static bool s_parse_expiration_value_from_json_object(
             if (aws_json_value_get_number(value, &expiration_value_ms)) {
                 AWS_LOGF_INFO(
                     AWS_LS_AUTH_CREDENTIALS_PROVIDER,
-                    "Unabled to extract credentials Expiration field from Json document.");
+                    "Unable to extract credentials Expiration field from Json document.");
                 return false;
             }
 

source/token_provider_sso_session.c

@@ -53,7 +53,7 @@ static int s_token_provider_sso_session_get_token(
         goto done;
     }
 
-    /* TODO: Refresh token if it is within refresh window and refreshable */
+    /* TODO: Refresh token if it is within refresh window and refreshble */
 
     credentials = aws_credentials_new_token(
         provider->allocator,

tests/CMakeLists.txt

@@ -195,6 +195,7 @@ add_test_case(credentials_utils_construct_endpoint_test)
 add_test_case(sigv4_skip_xray_header_test)
 add_test_case(sigv4_skip_user_agent_header_test)
 add_test_case(sigv4_skip_custom_header_test)
+add_test_case(sigv4_skip_transfer_encoding_header_test)
 
 add_test_case(sigv4_fail_date_header_test)
 add_test_case(sigv4_fail_content_header_test)

tests/sigv4_signing_tests.c

@@ -1599,6 +1599,33 @@ static int s_sigv4_skip_user_agent_header_test(struct aws_allocator *allocator,
 }
 AWS_TEST_CASE(sigv4_skip_user_agent_header_test, s_sigv4_skip_user_agent_header_test);
 
+AWS_STATIC_STRING_FROM_LITERAL(
+    s_skip_transfer_encoding_header_request,
+    "GET / HTTP/1.1\n"
+    "Transfer-Encoding: chunked\n"
+    "Host:example.amazonaws.com\n\n");
+
+AWS_STATIC_STRING_FROM_LITERAL(
+    s_skip_transfer_encoding_header_expected_canonical_request,
+    "GET\n"
+    "/\n"
+    "\n"
+    "host:example.amazonaws.com\n"
+    "x-amz-date:20150830T123600Z\n"
+    "\n"
+    "host;x-amz-date\n"
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
+
+static int s_sigv4_skip_transfer_encoding_header_test(struct aws_allocator *allocator, void *ctx) {
+    (void)ctx;
+    return s_do_header_skip_test(
+        allocator,
+        NULL,
+        s_skip_transfer_encoding_header_request,
+        s_skip_transfer_encoding_header_expected_canonical_request);
+}
+AWS_TEST_CASE(sigv4_skip_transfer_encoding_header_test, s_sigv4_skip_transfer_encoding_header_test);
+
 AWS_STATIC_STRING_FROM_LITERAL(
     s_skip_custom_header_request,
     "GET / HTTP/1.1\n"