Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

address review comments: add trailer signature to test, fix constant alignment

pull/7623/head
chrislu 1 week ago
parent
a4aa7ded43
commit
8c5900e80f
2 changed files with 16 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      weed/s3api/auth_signature_v4.go
  2. 13
      weed/s3api/chunked_reader_v4_test.go

10
weed/s3api/auth_signature_v4.go
View File

@ -53,11 +53,11 @@ func (iam *IdentityAccessManagement) reqSignatureV4Verify(r *http.Request) (*Ide
// Constants specific to this file
const (
emptySHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
streamingContentSHA256 = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
streamingContentSHA256Trailer = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER"
streamingUnsignedPayload = "STREAMING-UNSIGNED-PAYLOAD-TRAILER"
unsignedPayload = "UNSIGNED-PAYLOAD"
emptySHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
streamingContentSHA256 = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
streamingContentSHA256Trailer = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER"
streamingUnsignedPayload = "STREAMING-UNSIGNED-PAYLOAD-TRAILER"
unsignedPayload = "UNSIGNED-PAYLOAD"
// Limit for IAM/STS request body size to prevent DoS attacks
iamRequestBodyLimit = 10 * (1 << 20) // 10 MiB
)

13
weed/s3api/chunked_reader_v4_test.go
View File

@ -291,10 +291,19 @@ func TestSignedStreamingUploadWithTrailer(t *testing.T) {
checksum := writer.Sum(nil)
base64EncodedChecksum := base64.StdEncoding.EncodeToString(checksum)
// Build the chunked payload with trailer
// Calculate trailer signature
// The trailer content is: "x-amz-checksum-crc32:{checksum}\n"
trailerContent := "x-amz-checksum-crc32:" + base64EncodedChecksum + "\n"
trailerHash := getSHA256Hash([]byte(trailerContent))
trailerStringToSign := "AWS4-HMAC-SHA256-TRAILER\n" + amzDate + "\n" + scope + "\n" +
finalSignature + "\n" + trailerHash
trailerSignature := getSignature(signingKey, trailerStringToSign)
// Build the chunked payload with trailer and trailer signature
payload := fmt.Sprintf("c;chunk-signature=%s\r\n%s\r\n", chunk1Signature, chunk1Data) +
fmt.Sprintf("0;chunk-signature=%s\r\n", finalSignature) +
"x-amz-checksum-crc32:" + base64EncodedChecksum + "\n\r\n" +
trailerContent +
"x-amz-trailer-signature:" + trailerSignature + "\r\n" +
"\r\n"
// Create the request

Write Preview
Loading…
Cancel
Save