HDDS-892. Parse aws v2 headers without spaces in Ozone s3 gateway. Contributed by Elek Marton.

2018-12-06 15:37:19 -08:00 · 2018-12-06 15:37:19 -08:00 · 6c852f2a37
parent 019836b113
commit 6c852f2a37
2 changed files with 53 additions and 35 deletions
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java
@ -62,35 +62,37 @@ public class AuthorizationHeaderV4 {
   */
  @SuppressWarnings("StringSplitter")
  public void parseAuthHeader() throws OS3Exception {
-    String[] split = authHeader.split(" ");
-
-    if (split.length != 4) {
+    int firstSep = authHeader.indexOf(' ');
+    if (firstSep < 0) {
      throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
    }

-    algorithm = split[0];
-    credential = split[1];
-    signedHeaders = split[2];
-    signature = split[3];
+    //split the value parts of the authorization header
+    String[] split = authHeader.substring(firstSep + 1).trim().split(", *");

+    if (split.length != 3) {
+      throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
+    }
+
+    algorithm = authHeader.substring(0, firstSep);
+    credential = split[0];
+    signedHeaders = split[1];
+    signature = split[2];

    if (credential.startsWith(CREDENTIAL)) {
-      credential = credential.substring(CREDENTIAL.length(), credential
-          .length() - 1);
+      credential = credential.substring(CREDENTIAL.length());
    } else {
      throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
    }

    if (signedHeaders.startsWith(SIGNEDHEADERS)) {
-      signedHeaders = signedHeaders.substring(SIGNEDHEADERS.length(),
-          signedHeaders.length() - 1);
+      signedHeaders = signedHeaders.substring(SIGNEDHEADERS.length());
    } else {
      throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
    }

    if (signature.startsWith(SIGNATURE)) {
-      signature = signature.substring(SIGNATURE.length(), signature
-          .length());
+      signature = signature.substring(SIGNATURE.length());
    } else {
      throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
    }
--- a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java
+++ b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java
@ -31,51 +31,67 @@ import static org.junit.Assert.fail;
 public class TestAuthorizationHeaderV4 {

  @Test
-  public void testV4Header1() {
-    try {
-      String auth = "AWS4-HMAC-SHA256 " +
-          "Credential=ozone/20130524/us-east-1/s3/aws4_request, " +
-          "SignedHeaders=host;range;x-amz-date, " +
-          "Signature=fe5f80f77d5fa3beca038a248ff027";
-      AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
-      assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm());
-      assertEquals("ozone", v4.getAccessKeyID());
-      assertEquals("20130524", v4.getDate());
-      assertEquals("us-east-1", v4.getAwsRegion());
-      assertEquals("aws4_request", v4.getAwsRequest());
-      assertEquals("host;range;x-amz-date", v4.getSignedHeaders());
-      assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature());
-    } catch (OS3Exception ex) {
-      fail("testV4Header");
-    }
-
+  public void testV4HeaderWellFormed() throws Exception {
+    String auth = "AWS4-HMAC-SHA256 " +
+        "Credential=ozone/20130524/us-east-1/s3/aws4_request, " +
+        "SignedHeaders=host;range;x-amz-date, " +
+        "Signature=fe5f80f77d5fa3beca038a248ff027";
+    AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
+    assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm());
+    assertEquals("ozone", v4.getAccessKeyID());
+    assertEquals("20130524", v4.getDate());
+    assertEquals("us-east-1", v4.getAwsRegion());
+    assertEquals("aws4_request", v4.getAwsRequest());
+    assertEquals("host;range;x-amz-date", v4.getSignedHeaders());
+    assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature());
  }

  @Test
-  public void testV4Header2() {
+  public void testV4HeaderMissingParts() {
    try {
      String auth = "AWS4-HMAC-SHA256 " +
          "Credential=ozone/20130524/us-east-1/s3/aws4_request, " +
          "SignedHeaders=host;range;x-amz-date,";
      AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
-      fail("testV4Header2");
+      fail("Exception is expected in case of malformed header");
    } catch (OS3Exception ex) {
      assertEquals("AuthorizationHeaderMalformed", ex.getCode());
    }
  }

-
  @Test
-  public void testV4Header3() {
+  public void testV4HeaderInvalidCredential() {
    try {
      String auth = "AWS4-HMAC-SHA256 " +
          "Credential=20130524/us-east-1/s3/aws4_request, " +
          "SignedHeaders=host;range;x-amz-date, " +
          "Signature=fe5f80f77d5fa3beca038a248ff027";
      AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
+      fail("Exception is expected in case of malformed header");
    } catch (OS3Exception ex) {
      assertEquals("AuthorizationHeaderMalformed", ex.getCode());
    }
  }

+  @Test
+  public void testV4HeaderWithoutSpace() throws OS3Exception {
+
+    String auth =
+        "AWS4-HMAC-SHA256 Credential=ozone/20130524/us-east-1/s3/aws4_request,"
+            + "SignedHeaders=host;x-amz-content-sha256;x-amz-date,"
+            + "Signature"
+            + "=fe5f80f77d5fa3beca038a248ff027";
+    AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
+
+    assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm());
+    assertEquals("ozone", v4.getAccessKeyID());
+    assertEquals("20130524", v4.getDate());
+    assertEquals("us-east-1", v4.getAwsRegion());
+    assertEquals("aws4_request", v4.getAwsRequest());
+    assertEquals("host;x-amz-content-sha256;x-amz-date",
+        v4.getSignedHeaders());
+    assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature());
+
+  }
+
 }