From 99ff5f950ba87f8adee61455ed012d3e3dc372a2 Mon Sep 17 00:00:00 2001
From: Mikko Kortelainen <mikko.kortelainen@fail-safe.net>
Date: Wed, 28 Apr 2021 19:02:06 +0300
Subject: [PATCH] add getters for S3AuthorizationHeader fields and make fields
 private

---
 .../java/org/gaul/s3proxy/AwsSignature.java   | 13 ++---
 .../gaul/s3proxy/S3AuthorizationHeader.java   | 51 +++++++++++++++----
 .../java/org/gaul/s3proxy/S3ProxyHandler.java | 36 +++++++------
 3 files changed, 68 insertions(+), 32 deletions(-)

diff --git a/src/main/java/org/gaul/s3proxy/AwsSignature.java b/src/main/java/org/gaul/s3proxy/AwsSignature.java
index 34afd3c..b38d507 100644
--- a/src/main/java/org/gaul/s3proxy/AwsSignature.java
+++ b/src/main/java/org/gaul/s3proxy/AwsSignature.java
@@ -323,17 +323,18 @@ final class AwsSignature {
             throws InvalidKeyException, IOException, NoSuchAlgorithmException,
             S3Exception {
         String canonicalRequest = createCanonicalRequest(request, uri, payload,
-                authHeader.hashAlgorithm);
-        String algorithm = authHeader.hmacAlgorithm;
+                authHeader.getHashAlgorithm());
+        String algorithm = authHeader.getHmacAlgorithm();
         byte[] dateKey = signMessage(
-                authHeader.date.getBytes(StandardCharsets.UTF_8),
+                authHeader.getDate().getBytes(StandardCharsets.UTF_8),
                 ("AWS4" + credential).getBytes(StandardCharsets.UTF_8),
                 algorithm);
         byte[] dateRegionKey = signMessage(
-                authHeader.region.getBytes(StandardCharsets.UTF_8), dateKey,
+                authHeader.getRegion().getBytes(StandardCharsets.UTF_8),
+                dateKey,
                 algorithm);
         byte[] dateRegionServiceKey = signMessage(
-                authHeader.service.getBytes(StandardCharsets.UTF_8),
+                authHeader.getService().getBytes(StandardCharsets.UTF_8),
                 dateRegionKey, algorithm);
         byte[] signingKey = signMessage(
                 "aws4_request".getBytes(StandardCharsets.UTF_8),
@@ -344,7 +345,7 @@ final class AwsSignature {
         }
         String signatureString = "AWS4-HMAC-SHA256\n" +
                 date + "\n" +
-                authHeader.date + "/" + authHeader.region +
+                authHeader.getDate() + "/" + authHeader.getRegion() +
                 "/s3/aws4_request\n" +
                 canonicalRequest;
         byte[] signature = signMessage(
diff --git a/src/main/java/org/gaul/s3proxy/S3AuthorizationHeader.java b/src/main/java/org/gaul/s3proxy/S3AuthorizationHeader.java
index c863de5..b57b3a0 100644
--- a/src/main/java/org/gaul/s3proxy/S3AuthorizationHeader.java
+++ b/src/main/java/org/gaul/s3proxy/S3AuthorizationHeader.java
@@ -33,17 +33,14 @@ final class S3AuthorizationHeader {
     private static final String SIGNATURE_FIELD = "Signature=";
     private static final String CREDENTIAL_FIELD = "Credential=";
 
-    // TODO: these fields should have accessors
-    // CHECKSTYLE:OFF
-    final AuthenticationType authenticationType;
-    @Nullable final String hmacAlgorithm;
-    @Nullable final String hashAlgorithm;
-    @Nullable final String region;
-    @Nullable final String date;
-    @Nullable final String service;
-    final String identity;
-    final String signature;
-    // CHECKSTYLE:ON
+    private final AuthenticationType authenticationType;
+    @Nullable private final String hmacAlgorithm;
+    @Nullable private final String hashAlgorithm;
+    @Nullable private final String region;
+    @Nullable private final String date;
+    @Nullable private final String service;
+    private final String identity;
+    private final String signature;
 
     S3AuthorizationHeader(String header) {
         if (header.startsWith("AWS ")) {
@@ -122,4 +119,36 @@ final class S3AuthorizationHeader {
             return header.substring(signatureIndex, signatureEnd);
         }
     }
+
+    public AuthenticationType getAuthenticationType() {
+        return authenticationType;
+    }
+
+    public String getHmacAlgorithm() {
+        return hmacAlgorithm;
+    }
+
+    public String getHashAlgorithm() {
+        return hashAlgorithm;
+    }
+
+    public String getRegion() {
+        return region;
+    }
+
+    public String getDate() {
+        return date;
+    }
+
+    public String getService() {
+        return service;
+    }
+
+    public String getIdentity() {
+        return identity;
+    }
+
+    public String getSignature() {
+        return signature;
+    }
 }
diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index 55c09c8..26aea04 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -407,7 +407,7 @@ public class S3ProxyHandler {
             } catch (IllegalArgumentException iae) {
                 throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, iae);
             }
-            requestIdentity = authHeader.identity;
+            requestIdentity = authHeader.getIdentity();
         }
 
         long dateSkew = 0; //date for timeskew check
@@ -420,12 +420,14 @@ public class S3ProxyHandler {
             boolean haveDate = true;
 
             AuthenticationType finalAuthType = null;
-            if (authHeader.authenticationType == AuthenticationType.AWS_V2 &&
+            if (authHeader.getAuthenticationType() ==
+                    AuthenticationType.AWS_V2 &&
                     (authenticationType == AuthenticationType.AWS_V2 ||
                     authenticationType == AuthenticationType.AWS_V2_OR_V4)) {
                 finalAuthType = AuthenticationType.AWS_V2;
             } else if (
-                authHeader.authenticationType == AuthenticationType.AWS_V4 &&
+                authHeader.getAuthenticationType() ==
+                        AuthenticationType.AWS_V4 &&
                         (authenticationType == AuthenticationType.AWS_V4 ||
                     authenticationType == AuthenticationType.AWS_V2_OR_V4)) {
                 finalAuthType = AuthenticationType.AWS_V4;
@@ -517,7 +519,7 @@ public class S3ProxyHandler {
                 }
             }
             // The aim ?
-            switch (authHeader.authenticationType) {
+            switch (authHeader.getAuthenticationType()) {
             case AWS_V2:
                 switch (authenticationType) {
                 case AWS_V2:
@@ -542,12 +544,12 @@ public class S3ProxyHandler {
                 break;
             default:
                 throw new IllegalArgumentException("Unhandled type: " +
-                        authHeader.authenticationType);
+                        authHeader.getAuthenticationType());
             }
 
             String expectedSignature = null;
 
-            if (authHeader.hmacAlgorithm == null) { //v2
+            if (authHeader.getHmacAlgorithm() == null) { //v2
                 // When presigned url is generated, it doesn't consider
                 // service path
                 String uriForSigning = presignedUrl ? uri : this.servicePath +
@@ -581,7 +583,7 @@ public class S3ProxyHandler {
                         // maybe we should check this when signing,
                         // a lot of dup code with aws sign code.
                         MessageDigest md = MessageDigest.getInstance(
-                            authHeader.hashAlgorithm);
+                            authHeader.getHashAlgorithm());
                         byte[] hash = md.digest(payload);
                         if  (!contentSha256.equals(
                               BaseEncoding.base16().lowerCase()
@@ -604,7 +606,8 @@ public class S3ProxyHandler {
                 }
             }
 
-            if (!constantTimeEquals(expectedSignature, authHeader.signature)) {
+            if (!constantTimeEquals(expectedSignature,
+                    authHeader.getSignature())) {
                 throw new S3Exception(S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
             }
         }
@@ -2053,7 +2056,7 @@ public class S3ProxyHandler {
             throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, iae);
         }
 
-        switch (authHeader.authenticationType) {
+        switch (authHeader.getAuthenticationType()) {
         case AWS_V2:
             switch (authenticationType) {
             case AWS_V2:
@@ -2078,11 +2081,11 @@ public class S3ProxyHandler {
             break;
         default:
             throw new IllegalArgumentException("Unhandled type: " +
-                    authHeader.authenticationType);
+                    authHeader.getAuthenticationType());
         }
 
         Map.Entry<String, BlobStore> provider =
-                blobStoreLocator.locateBlobStore(authHeader.identity, null,
+                blobStoreLocator.locateBlobStore(authHeader.getIdentity(), null,
                         null);
         if (provider == null) {
             response.setStatus(HttpServletResponse.SC_FORBIDDEN);
@@ -2094,11 +2097,14 @@ public class S3ProxyHandler {
             byte[] kSecret = ("AWS4" + credential).getBytes(
                     StandardCharsets.UTF_8);
             byte[] kDate = hmac("HmacSHA256",
-                    authHeader.date.getBytes(StandardCharsets.UTF_8), kSecret);
+                    authHeader.getDate().getBytes(StandardCharsets.UTF_8),
+                    kSecret);
             byte[] kRegion = hmac("HmacSHA256",
-                    authHeader.region.getBytes(StandardCharsets.UTF_8), kDate);
-            byte[] kService = hmac("HmacSHA256", authHeader.service.getBytes(
-                    StandardCharsets.UTF_8), kRegion);
+                    authHeader.getRegion().getBytes(StandardCharsets.UTF_8),
+                    kDate);
+            byte[] kService = hmac("HmacSHA256",
+                    authHeader.getService().getBytes(StandardCharsets.UTF_8),
+                    kRegion);
             byte[] kSigning = hmac("HmacSHA256",
                     "aws4_request".getBytes(StandardCharsets.UTF_8), kService);
             String expectedSignature = BaseEncoding.base16().lowerCase().encode(