Handle X-Amz-Expires header during authentication

Found via s3verify.
2017-04-24 03:57:41 -07:00 · 2017-04-24 03:57:41 -07:00 · 0105fd66df
commit 0105fd66df
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@ -33,6 +33,7 @@ import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Collection;
@ -444,11 +445,23 @@ public class S3ProxyHandler {
            if (expiresString != null) {
                long expires = Long.parseLong(expiresString);
                long nowSeconds = System.currentTimeMillis() / 1000;
-                if (nowSeconds > expires) {
+                if (nowSeconds >= expires) {
                    throw new S3Exception(S3ErrorCode.ACCESS_DENIED);
                }
            }

+            String dateString = request.getParameter("X-Amz-Date");
+            expiresString = request.getParameter("X-Amz-Expires");
+            if (dateString != null && expiresString != null) {
+                long date = parseIso8601(dateString);
+                long expires = Long.parseLong(expiresString);
+                long nowSeconds = System.currentTimeMillis() / 1000;
+                if (nowSeconds >= date + expires) {
+                    throw new S3Exception(S3ErrorCode.ACCESS_DENIED,
+                            "Request has expired");
+                }
+            }
+
            switch (authHeader.authenticationType) {
            case AWS_V2:
                switch (authenticationType) {
@ -2436,6 +2449,18 @@ public class S3ProxyHandler {
        }
    }

+    /** Parse ISO 8601 timestamp into seconds since 1970. */
+    private static long parseIso8601(String date) {
+        SimpleDateFormat formatter = new SimpleDateFormat(
+                "yyyyMMdd'T'HHmmss'Z'");
+        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
+        try {
+            return formatter.parse(date).getTime() / 1000;
+        } catch (ParseException pe) {
+            throw new IllegalArgumentException(pe);
+        }
+    }
+
    // cannot call BlobStore.getContext().utils().date().iso8601DateFormatsince
    // it has unwanted millisecond precision
    private static String formatDate(Date date) {