From a3fc03c0e4439b1c7b0f9d86e77a8f5c1be73b11 Mon Sep 17 00:00:00 2001
From: Gregory Leleytner <leleytner@gmail.com>
Date: Fri, 30 Aug 2024 09:17:25 +0000
Subject: [PATCH] allow invalid auth header for presigned urls

---
 .../java/org/gaul/s3proxy/S3ProxyHandler.java | 31 ++++++++++++++-----
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
index 9409942..4fd6379 100644
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@@ -366,13 +366,27 @@ public class S3ProxyHandler {
 
         BlobStore blobStore;
         String requestIdentity = null;
-        String headerAuthorization = request.getHeader(
-                HttpHeaders.AUTHORIZATION);
         S3AuthorizationHeader authHeader = null;
         boolean presignedUrl = false;
+        boolean headerAuth = true;
 
         if (!anonymousIdentity) {
+            //try login with auth header
+            String headerAuthorization = request.getHeader(HttpHeaders.AUTHORIZATION);
+            
             if (Strings.isNullOrEmpty(headerAuthorization)) {
+                headerAuth = false;
+            } else {
+                try {
+                    authHeader = new S3AuthorizationHeader(headerAuthorization);
+                    //whether v2 or v4 (normal header and query)
+                } catch (IllegalArgumentException iae) {
+                    headerAuth = false;
+                }
+            }
+
+            //try login as pre signed url if header failed
+            if (!headerAuth) {
                 String algorithm = request.getParameter("X-Amz-Algorithm");
                 if (algorithm == null) { //v2 query
                     String identity = request.getParameter("AWSAccessKeyId");
@@ -402,14 +416,15 @@ public class S3ProxyHandler {
                     throw new IllegalArgumentException("unknown algorithm: " +
                             algorithm);
                 }
+
+                try {
+                    authHeader = new S3AuthorizationHeader(headerAuthorization);
+                    //whether v2 or v4 (normal header and query)
+                } catch (IllegalArgumentException iae) {
+                    throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, iae);
+                }
             }
 
-            try {
-                authHeader = new S3AuthorizationHeader(headerAuthorization);
-                //whether v2 or v4 (normal header and query)
-            } catch (IllegalArgumentException iae) {
-                throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, iae);
-            }
             requestIdentity = authHeader.getIdentity();
         }