From 6c852f2a3757129491c21a9ba3b315a7a00c0c28 Mon Sep 17 00:00:00 2001 From: Bharat Viswanadham Date: Thu, 6 Dec 2018 15:37:19 -0800 Subject: [PATCH] HDDS-892. Parse aws v2 headers without spaces in Ozone s3 gateway. Contributed by Elek Marton. --- .../s3/header/AuthorizationHeaderV4.java | 28 +++++---- .../s3/header/TestAuthorizationHeaderV4.java | 60 ++++++++++++------- 2 files changed, 53 insertions(+), 35 deletions(-) diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java index c3f7072121..45e1692f61 100644 --- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java +++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java @@ -62,35 +62,37 @@ public AuthorizationHeaderV4(String header) throws OS3Exception { */ @SuppressWarnings("StringSplitter") public void parseAuthHeader() throws OS3Exception { - String[] split = authHeader.split(" "); - - if (split.length != 4) { + int firstSep = authHeader.indexOf(' '); + if (firstSep < 0) { throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader); } - algorithm = split[0]; - credential = split[1]; - signedHeaders = split[2]; - signature = split[3]; + //split the value parts of the authorization header + String[] split = authHeader.substring(firstSep + 1).trim().split(", *"); + if (split.length != 3) { + throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader); + } + + algorithm = authHeader.substring(0, firstSep); + credential = split[0]; + signedHeaders = split[1]; + signature = split[2]; if (credential.startsWith(CREDENTIAL)) { - credential = credential.substring(CREDENTIAL.length(), credential - .length() - 1); + credential = credential.substring(CREDENTIAL.length()); } else { throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader); } if (signedHeaders.startsWith(SIGNEDHEADERS)) { - signedHeaders = signedHeaders.substring(SIGNEDHEADERS.length(), - signedHeaders.length() - 1); + signedHeaders = signedHeaders.substring(SIGNEDHEADERS.length()); } else { throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader); } if (signature.startsWith(SIGNATURE)) { - signature = signature.substring(SIGNATURE.length(), signature - .length()); + signature = signature.substring(SIGNATURE.length()); } else { throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader); } diff --git a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java index b7bd425273..6385ff5dca 100644 --- a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java +++ b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java @@ -31,51 +31,67 @@ public class TestAuthorizationHeaderV4 { @Test - public void testV4Header1() { - try { - String auth = "AWS4-HMAC-SHA256 " + - "Credential=ozone/20130524/us-east-1/s3/aws4_request, " + - "SignedHeaders=host;range;x-amz-date, " + - "Signature=fe5f80f77d5fa3beca038a248ff027"; - AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth); - assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm()); - assertEquals("ozone", v4.getAccessKeyID()); - assertEquals("20130524", v4.getDate()); - assertEquals("us-east-1", v4.getAwsRegion()); - assertEquals("aws4_request", v4.getAwsRequest()); - assertEquals("host;range;x-amz-date", v4.getSignedHeaders()); - assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature()); - } catch (OS3Exception ex) { - fail("testV4Header"); - } - + public void testV4HeaderWellFormed() throws Exception { + String auth = "AWS4-HMAC-SHA256 " + + "Credential=ozone/20130524/us-east-1/s3/aws4_request, " + + "SignedHeaders=host;range;x-amz-date, " + + "Signature=fe5f80f77d5fa3beca038a248ff027"; + AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth); + assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm()); + assertEquals("ozone", v4.getAccessKeyID()); + assertEquals("20130524", v4.getDate()); + assertEquals("us-east-1", v4.getAwsRegion()); + assertEquals("aws4_request", v4.getAwsRequest()); + assertEquals("host;range;x-amz-date", v4.getSignedHeaders()); + assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature()); } @Test - public void testV4Header2() { + public void testV4HeaderMissingParts() { try { String auth = "AWS4-HMAC-SHA256 " + "Credential=ozone/20130524/us-east-1/s3/aws4_request, " + "SignedHeaders=host;range;x-amz-date,"; AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth); - fail("testV4Header2"); + fail("Exception is expected in case of malformed header"); } catch (OS3Exception ex) { assertEquals("AuthorizationHeaderMalformed", ex.getCode()); } } - @Test - public void testV4Header3() { + public void testV4HeaderInvalidCredential() { try { String auth = "AWS4-HMAC-SHA256 " + "Credential=20130524/us-east-1/s3/aws4_request, " + "SignedHeaders=host;range;x-amz-date, " + "Signature=fe5f80f77d5fa3beca038a248ff027"; AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth); + fail("Exception is expected in case of malformed header"); } catch (OS3Exception ex) { assertEquals("AuthorizationHeaderMalformed", ex.getCode()); } } + @Test + public void testV4HeaderWithoutSpace() throws OS3Exception { + + String auth = + "AWS4-HMAC-SHA256 Credential=ozone/20130524/us-east-1/s3/aws4_request," + + "SignedHeaders=host;x-amz-content-sha256;x-amz-date," + + "Signature" + + "=fe5f80f77d5fa3beca038a248ff027"; + AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth); + + assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm()); + assertEquals("ozone", v4.getAccessKeyID()); + assertEquals("20130524", v4.getDate()); + assertEquals("us-east-1", v4.getAwsRegion()); + assertEquals("aws4_request", v4.getAwsRequest()); + assertEquals("host;x-amz-content-sha256;x-amz-date", + v4.getSignedHeaders()); + assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature()); + + } + }