mirror
/
s3proxy
kopia lustrzana https://github.com/gaul/s3proxy
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

fix time skew validation for presigned urls

pull/678/head
Timur Saikaliev 2024-06-19 00:11:58 +03:00 zatwierdzone przez Andrew Gaul
rodzic 96d82c681a
commit a3e6f47cfc
1 zmienionych plików z 13 dodań i 5 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

12
src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
Wyświetl plik

@ -462,7 +462,7 @@ public class S3ProxyHandler {
haveDate = false; haveDate = false;
} }
if (haveDate) { if (haveDate) {
isTimeSkewed(dateSkew); isTimeSkewed(dateSkew, presignedUrl);
} }
} }
@ -2945,16 +2945,24 @@ public class S3ProxyHandler {
} }
} }
private void isTimeSkewed(long date) throws S3Exception { private void isTimeSkewed(
long date, boolean isPresigned) throws S3Exception {
if (date < 0) { if (date < 0) {
throw new S3Exception(S3ErrorCode.ACCESS_DENIED); throw new S3Exception(S3ErrorCode.ACCESS_DENIED);
} }
long now = System.currentTimeMillis() / 1000; long now = System.currentTimeMillis() / 1000;
if (isPresigned) {
if (now + maximumTimeSkew < date) {
logger.debug("request is not valid yet {} {}", date, now);
throw new S3Exception(S3ErrorCode.ACCESS_DENIED);
}
} else {
if (now + maximumTimeSkew < date || now - maximumTimeSkew > date) { if (now + maximumTimeSkew < date || now - maximumTimeSkew > date) {
logger.debug("time skewed {} {}", date, now); logger.debug("time skewed {} {}", date, now);
throw new S3Exception(S3ErrorCode.REQUEST_TIME_TOO_SKEWED); throw new S3Exception(S3ErrorCode.REQUEST_TIME_TOO_SKEWED);
} }
} }
}
// cannot call BlobStore.getContext().utils().date().iso8601DateFormatsince // cannot call BlobStore.getContext().utils().date().iso8601DateFormatsince
// it has unwanted millisecond precision // it has unwanted millisecond precision