From 9d21a73591b791c5d4e98e90d2f15e3a06cd13aa Mon Sep 17 00:00:00 2001 From: "n.fraison" Date: Fri, 17 Apr 2020 09:52:07 +0200 Subject: [PATCH] Use original uri to compute canonical_request in s3v4 signature Currently canonical_request is based on a canonical_uri for which bucket name is prepend if dns path style is used which is not compatible with s3v4 signature mechanism --- src/main/java/org/gaul/s3proxy/S3ProxyHandler.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java index 36ac504..6fe2e8e 100644 --- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java +++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java @@ -276,6 +276,7 @@ public class S3ProxyHandler { InputStream is) throws IOException, S3Exception { String method = request.getMethod(); String uri = request.getRequestURI(); + String originalUri = request.getRequestURI(); if (!this.servicePath.isEmpty()) { if (uri.length() > this.servicePath.length()) { @@ -535,9 +536,11 @@ public class S3ProxyHandler { String expectedSignature = null; - // When presigned url is generated, it doesn't consider service path - String uriForSigning = presignedUrl ? uri : this.servicePath + uri; if (authHeader.hmacAlgorithm == null) { //v2 + // When presigned url is generated, it doesn't consider + // service path + String uriForSigning = presignedUrl ? uri : this.servicePath + + uri; expectedSignature = AwsSignature.createAuthorizationSignature( request, uriForSigning, credential, presignedUrl, haveBothDateHeader); @@ -579,6 +582,8 @@ public class S3ProxyHandler { is = new ByteArrayInputStream(payload); } + String uriForSigning = presignedUrl ? originalUri : + this.servicePath + originalUri; expectedSignature = AwsSignature .createAuthorizationSignatureV4(// v4 sign baseRequest, authHeader, payload, uriForSigning,