From 9329b161f263ca7e82142fc61fba981a94dd0f1b Mon Sep 17 00:00:00 2001
From: Andrew Gaul <andrew@gaul.org>
Date: Wed, 15 Feb 2017 18:12:10 -0800
Subject: [PATCH] Allow unsigned payloads

Fixes #184.
---
 .../java/org/gaul/s3proxy/S3ProxyHandler.java |  8 ++++++-
 .../java/org/gaul/s3proxy/S3AwsSdkTest.java   | 23 +++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index 20cc56b..efd79b5 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -420,12 +420,16 @@ public class S3ProxyHandler {
                 expectedSignature = createAuthorizationSignature(request,
                         uri, credential);
             } else {
+                String contentSha256 = request.getHeader(
+                        "x-amz-content-sha256");
                 try {
                     byte[] payload;
                     if ("STREAMING-AWS4-HMAC-SHA256-PAYLOAD".equals(
-                            request.getHeader("x-amz-content-sha256"))) {
+                            contentSha256)) {
                         payload = new byte[0];
                         is = new ChunkedInputStream(is);
+                    } else if ("UNSIGNED-PAYLOAD".equals(contentSha256)) {
+                        payload = new byte[0];
                     } else {
                         // buffer the entire stream to calculate digest
                         payload = ByteStreams.toByteArray(ByteStreams.limit(
@@ -2570,6 +2574,8 @@ public class S3ProxyHandler {
         String digest;
         if ("STREAMING-AWS4-HMAC-SHA256-PAYLOAD".equals(xAmzContentSha256)) {
             digest = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
+        } else if ("UNSIGNED-PAYLOAD".equals(xAmzContentSha256)) {
+            digest = "UNSIGNED-PAYLOAD";
         } else {
             digest = getMessageDigest(payload, hashAlgorithm);
         }
diff --git a/src/test/java/org/gaul/s3proxy/S3AwsSdkTest.java b/src/test/java/org/gaul/s3proxy/S3AwsSdkTest.java
index a1d1d4b..225e950 100644
--- a/src/test/java/org/gaul/s3proxy/S3AwsSdkTest.java
+++ b/src/test/java/org/gaul/s3proxy/S3AwsSdkTest.java
@@ -199,6 +199,29 @@ public final class S3AwsSdkTest {
         }
     }
 
+    @Test
+    public void testAwsV4SignaturePayloadUnsigned() throws Exception {
+        client = AmazonS3ClientBuilder.standard()
+                .withChunkedEncodingDisabled(true)
+                .withPayloadSigningEnabled(false)
+                .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
+                .withEndpointConfiguration(s3EndpointConfig)
+                .build();
+
+        ObjectMetadata metadata = new ObjectMetadata();
+        metadata.setContentLength(BYTE_SOURCE.size());
+        client.putObject(containerName, "foo",
+                BYTE_SOURCE.openStream(), metadata);
+
+        S3Object object = client.getObject(containerName, "foo");
+        assertThat(object.getObjectMetadata().getContentLength()).isEqualTo(
+                BYTE_SOURCE.size());
+        try (InputStream actual = object.getObjectContent();
+                InputStream expected = BYTE_SOURCE.openStream()) {
+            assertThat(actual).hasContentEqualTo(expected);
+        }
+    }
+
     @Test
     public void testAwsV4SignatureBadIdentity() throws Exception {
         client = AmazonS3ClientBuilder.standard()