|
|
@ -37,6 +37,7 @@ import ( |
|
|
|
"time" |
|
|
|
"unicode/utf8" |
|
|
|
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/glog" |
|
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err" |
|
|
|
) |
|
|
|
|
|
|
@ -168,8 +169,9 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r |
|
|
|
// Trying with prefix before main path.
|
|
|
|
|
|
|
|
// Get canonical request.
|
|
|
|
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method) |
|
|
|
glog.V(4).Infof("Forwarded Prefix: %s", forwardedPrefix) |
|
|
|
|
|
|
|
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method) |
|
|
|
errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values) |
|
|
|
if errCode == s3err.ErrNone { |
|
|
|
return identity, errCode |
|
|
@ -191,7 +193,7 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r |
|
|
|
func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode { |
|
|
|
// Get string to sign from canonical request.
|
|
|
|
stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope()) |
|
|
|
|
|
|
|
glog.V(4).Infof("String to Sign:\n%s", stringToSign) |
|
|
|
// Calculate signature.
|
|
|
|
newSignature := iam.getSignature( |
|
|
|
secretKey, |
|
|
@ -200,6 +202,7 @@ func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, |
|
|
|
signV4Values.Credential.scope.service, |
|
|
|
stringToSign, |
|
|
|
) |
|
|
|
glog.V(4).Infof("Signature:\n%s", newSignature) |
|
|
|
|
|
|
|
// Verify if signature match.
|
|
|
|
if !compareSignatureV4(newSignature, signV4Values.Signature) { |
|
|
@ -801,6 +804,8 @@ func getCanonicalRequest(extractedSignedHeaders http.Header, payload, queryStr, |
|
|
|
getSignedHeaders(extractedSignedHeaders), |
|
|
|
payload, |
|
|
|
}, "\n") |
|
|
|
|
|
|
|
glog.V(4).Infof("Canonical Request:\n%s", canonicalRequest) |
|
|
|
return canonicalRequest |
|
|
|
} |
|
|
|
|
|
|
|