kopia lustrzana https://github.com/gaul/s3proxy
Use original uri to compute canonical_request in s3v4 signature
Currently canonical_request is based on a canonical_uri for which bucket name is prepend if dns path style is used which is not compatible with s3v4 signature mechanismpull/332/head
rodzic
0ff8ec0e97
commit
9d21a73591
|
@ -276,6 +276,7 @@ public class S3ProxyHandler {
|
||||||
InputStream is) throws IOException, S3Exception {
|
InputStream is) throws IOException, S3Exception {
|
||||||
String method = request.getMethod();
|
String method = request.getMethod();
|
||||||
String uri = request.getRequestURI();
|
String uri = request.getRequestURI();
|
||||||
|
String originalUri = request.getRequestURI();
|
||||||
|
|
||||||
if (!this.servicePath.isEmpty()) {
|
if (!this.servicePath.isEmpty()) {
|
||||||
if (uri.length() > this.servicePath.length()) {
|
if (uri.length() > this.servicePath.length()) {
|
||||||
|
@ -535,9 +536,11 @@ public class S3ProxyHandler {
|
||||||
|
|
||||||
String expectedSignature = null;
|
String expectedSignature = null;
|
||||||
|
|
||||||
// When presigned url is generated, it doesn't consider service path
|
|
||||||
String uriForSigning = presignedUrl ? uri : this.servicePath + uri;
|
|
||||||
if (authHeader.hmacAlgorithm == null) { //v2
|
if (authHeader.hmacAlgorithm == null) { //v2
|
||||||
|
// When presigned url is generated, it doesn't consider
|
||||||
|
// service path
|
||||||
|
String uriForSigning = presignedUrl ? uri : this.servicePath +
|
||||||
|
uri;
|
||||||
expectedSignature = AwsSignature.createAuthorizationSignature(
|
expectedSignature = AwsSignature.createAuthorizationSignature(
|
||||||
request, uriForSigning, credential, presignedUrl,
|
request, uriForSigning, credential, presignedUrl,
|
||||||
haveBothDateHeader);
|
haveBothDateHeader);
|
||||||
|
@ -579,6 +582,8 @@ public class S3ProxyHandler {
|
||||||
is = new ByteArrayInputStream(payload);
|
is = new ByteArrayInputStream(payload);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String uriForSigning = presignedUrl ? originalUri :
|
||||||
|
this.servicePath + originalUri;
|
||||||
expectedSignature = AwsSignature
|
expectedSignature = AwsSignature
|
||||||
.createAuthorizationSignatureV4(// v4 sign
|
.createAuthorizationSignatureV4(// v4 sign
|
||||||
baseRequest, authHeader, payload, uriForSigning,
|
baseRequest, authHeader, payload, uriForSigning,
|
||||||
|
|
Ładowanie…
Reference in New Issue