Emit InvalidAccessKeyId on access key mismatch

References #5.
2014-12-03 22:39:27 -08:00 · 2014-12-03 22:39:27 -08:00 · ae3598dbfb
commit ae3598dbfb
--- a/src/main/java/org/gaul/s3proxy/S3ErrorCode.java
+++ b/src/main/java/org/gaul/s3proxy/S3ErrorCode.java
@ -36,6 +36,7 @@ enum S3ErrorCode {
            "Your previous request to create the named bucket" +
            " succeeded and you already own it."),
    BUCKET_NOT_EMPTY(HttpServletResponse.SC_CONFLICT, "Conflict"),
+    INVALID_ACCESS_KEY_ID(HttpServletResponse.SC_FORBIDDEN, "Forbidden"),
    INVALID_ARGUMENT(HttpServletResponse.SC_BAD_REQUEST, "Bad Request"),
    INVALID_BUCKET_NAME(HttpServletResponse.SC_BAD_REQUEST, "Bad Request"),
    INVALID_DIGEST(HttpServletResponse.SC_BAD_REQUEST, "Bad Request"),
--- a/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
+++ b/src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
@ -211,8 +211,12 @@ final class S3ProxyHandler extends AbstractHandler {
            String parameterSignature = request.getParameter("Signature");

            if (headerIdentity != null && headerSignature != null) {
-                if (!identity.equals(headerIdentity) ||
-                        !expectedSignature.equals(headerSignature)) {
+                if (!identity.equals(headerIdentity)) {
+                    sendSimpleErrorResponse(response,
+                            S3ErrorCode.INVALID_ACCESS_KEY_ID);
+                    baseRequest.setHandled(true);
+                    return;
+                } else if (!expectedSignature.equals(headerSignature)) {
                    sendSimpleErrorResponse(response,
                            S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
                    baseRequest.setHandled(true);
@ -220,8 +224,12 @@ final class S3ProxyHandler extends AbstractHandler {
                }
            } else if (parameterIdentity != null &&
                    parameterSignature != null) {
-                if (!identity.equals(parameterIdentity) ||
-                        !expectedSignature.equals(parameterSignature)) {
+                if (!identity.equals(parameterIdentity)) {
+                    sendSimpleErrorResponse(response,
+                            S3ErrorCode.INVALID_ACCESS_KEY_ID);
+                    baseRequest.setHandled(true);
+                    return;
+                } else if (!expectedSignature.equals(parameterSignature)) {
                    sendSimpleErrorResponse(response,
                            S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
                    baseRequest.setHandled(true);