trinodb · wendigo · Oct 3, 2024 · Oct 3, 2024
diff --git a/...c/main/java/io/trino/spooling/filesystem/encryption/AzureEncryptionHeadersTranslator.java b/...c/main/java/io/trino/spooling/filesystem/encryption/AzureEncryptionHeadersTranslator.java
@@ -24,7 +24,7 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static io.trino.spooling.filesystem.encryption.HeadersUtils.getOnlyHeader;
 
-public class AzureEncryptionHeadersTranslator
+class AzureEncryptionHeadersTranslator
         implements EncryptionHeadersTranslator
 {
     @Override

diff --git a/...em/src/main/java/io/trino/spooling/filesystem/encryption/EncryptionHeadersTranslator.java b/...em/src/main/java/io/trino/spooling/filesystem/encryption/EncryptionHeadersTranslator.java
@@ -19,6 +19,7 @@
 import java.util.List;
 import java.util.Map;
 
+import static io.trino.spooling.filesystem.encryption.HeadersUtils.normalizeHeaders;
 import static java.util.Objects.requireNonNull;
 
 public interface EncryptionHeadersTranslator
@@ -35,14 +36,40 @@ static EncryptionHeadersTranslator encryptionHeadersTranslator(Location location
                 .orElseThrow(() -> new IllegalArgumentException("Unknown location scheme: " + location));
     }
 
-    private static EncryptionHeadersTranslator forScheme(String scheme)
+    static EncryptionHeadersTranslator forScheme(String scheme)
     {
         // These should match schemes supported in the FileSystemSpoolingModule
-        return switch (scheme) {
+        EncryptionHeadersTranslator schemeHeadersTranslator = switch (scheme) {
             case "s3" -> new S3EncryptionHeadersTranslator();
             case "gs" -> new GcsEncryptionHeadersTranslator();
             case "abfs" -> new AzureEncryptionHeadersTranslator();
             default -> throw new IllegalArgumentException("Unknown file system scheme: " + scheme);
         };
+
+        // Normalize header case so it won't matter which case we will get from the client
+        return new NormalizingHeadersTranslator(schemeHeadersTranslator);
+    }
+
+    class NormalizingHeadersTranslator
+            implements EncryptionHeadersTranslator
+    {
+        private final EncryptionHeadersTranslator delegate;
+
+        NormalizingHeadersTranslator(EncryptionHeadersTranslator delegate)
+        {
+            this.delegate = requireNonNull(delegate, "delegate is null");
+        }
+
+        @Override
+        public EncryptionKey extractKey(Map<String, List<String>> headers)
+        {
+            return delegate.extractKey(normalizeHeaders(headers));
+        }
+
+        @Override
+        public Map<String, List<String>> createHeaders(EncryptionKey encryption)
+        {
+            return normalizeHeaders(delegate.createHeaders(encryption));
+        }
     }
 }
diff --git a/...src/main/java/io/trino/spooling/filesystem/encryption/GcsEncryptionHeadersTranslator.java b/...src/main/java/io/trino/spooling/filesystem/encryption/GcsEncryptionHeadersTranslator.java
@@ -25,7 +25,7 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static io.trino.spooling.filesystem.encryption.HeadersUtils.getOnlyHeader;
 
-public class GcsEncryptionHeadersTranslator
+class GcsEncryptionHeadersTranslator
         implements EncryptionHeadersTranslator
 {
     @Override

diff --git a/...ooling-filesystem/src/main/java/io/trino/spooling/filesystem/encryption/HeadersUtils.java b/...ooling-filesystem/src/main/java/io/trino/spooling/filesystem/encryption/HeadersUtils.java
@@ -17,16 +17,33 @@
 import java.util.Map;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
+import static java.util.Locale.ENGLISH;
 
 public class HeadersUtils
 {
     private HeadersUtils() {}
 
     public static String getOnlyHeader(Map<String, List<String>> headers, String name)
     {
-        List<String> values = headers.get(name);
-        checkArgument(values != null && !values.isEmpty(), "Required header " + name + " was not found");
-        checkArgument(values.size() == 1, "Required header " + name + " contains more than one value");
+        String headerName = normalizeHeaderNameCase(name);
+        List<String> values = headers.get(headerName);
+        checkArgument(values != null && !values.isEmpty(), "Required header %s was not found", headerName);
+        checkArgument(values.size() == 1, "Required header %s contains more than one value", headerName);
         return values.getFirst();
     }
+
+    static Map<String, List<String>> normalizeHeaders(Map<String, List<String>> headers)
+    {
+        return headers.entrySet()
+                .stream()
+                .collect(toImmutableMap(
+                        entry -> normalizeHeaderNameCase(entry.getKey()),
+                        entry -> List.copyOf(entry.getValue())));
+    }
+
+    static String normalizeHeaderNameCase(String headerName)
+    {
+        return headerName.toLowerCase(ENGLISH);
+    }
 }
diff --git a/.../src/main/java/io/trino/spooling/filesystem/encryption/S3EncryptionHeadersTranslator.java b/.../src/main/java/io/trino/spooling/filesystem/encryption/S3EncryptionHeadersTranslator.java
@@ -25,14 +25,14 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static io.trino.spooling.filesystem.encryption.HeadersUtils.getOnlyHeader;
 
-public class S3EncryptionHeadersTranslator
+class S3EncryptionHeadersTranslator
         implements EncryptionHeadersTranslator
 {
     @Override
     public EncryptionKey extractKey(Map<String, List<String>> headers)
     {
         byte[] key = Base64.getDecoder().decode(getOnlyHeader(headers, "x-amz-server-side-encryption-customer-key"));
-        String md5Checksum = getOnlyHeader(headers, "x-amz-server-side-encryption-customer-key-MD5");
+        String md5Checksum = getOnlyHeader(headers, "x-amz-server-side-encryption-customer-key-md5");
         EncryptionKey encryption = new EncryptionKey(key, getOnlyHeader(headers, "x-amz-server-side-encryption-customer-algorithm"));
         checkArgument(md5(encryption).equals(md5Checksum), "Key MD5 checksum does not match");
         return encryption;
@@ -44,7 +44,7 @@ public Map<String, List<String>> createHeaders(EncryptionKey encryption)
         return ImmutableMap.of(
                 "x-amz-server-side-encryption-customer-algorithm", ImmutableList.of(encryption.algorithm()),
                 "x-amz-server-side-encryption-customer-key", ImmutableList.of(encoded(encryption)),
-                "x-amz-server-side-encryption-customer-key-MD5", ImmutableList.of(md5(encryption)));
+                "x-amz-server-side-encryption-customer-key-md5", ImmutableList.of(md5(encryption)));
     }
 
     public static String encoded(EncryptionKey key)

diff --git a/...st/java/io/trino/spooling/filesystem/encryption/TestAzureEncryptionHeadersTranslator.java b/...st/java/io/trino/spooling/filesystem/encryption/TestAzureEncryptionHeadersTranslator.java
@@ -14,19 +14,23 @@
 package io.trino.spooling.filesystem.encryption;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Iterators;
 import io.trino.filesystem.encryption.EncryptionKey;
 import org.junit.jupiter.api.Test;
 
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.function.Function;
 
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 class TestAzureEncryptionHeadersTranslator
 {
-    private static final EncryptionHeadersTranslator SSE = new AzureEncryptionHeadersTranslator();
+    private static final EncryptionHeadersTranslator SSE = EncryptionHeadersTranslator.forScheme("abfs");
 
     @Test
     public void testKnownKey()
@@ -49,6 +53,14 @@ public void testRoundTrip()
         assertThat(SSE.extractKey(SSE.createHeaders(key))).isEqualTo(key);
     }
 
+    @Test
+    public void testRoundTripWithMixedCaseHeaders()
+    {
+        EncryptionKey key = EncryptionKey.randomAes256();
+        Map<String, List<String>> headers = mixCase(SSE.createHeaders(key));
+        assertThat(SSE.extractKey(headers)).isEqualTo(key);
+    }
+
     @Test
     public void testThrowsOnInvalidChecksum()
     {
@@ -61,4 +73,18 @@ public void testThrowsOnInvalidChecksum()
                 .isInstanceOf(IllegalArgumentException.class)
                 .hasMessageContaining("Key SHA256 checksum does not match");
     }
+
+    private static Map<String, List<String>> mixCase(Map<String, List<String>> headers)
+    {
+        Iterator<Function<String, String>> iterator = Iterators.cycle(
+                String::toUpperCase,
+                value -> value.replaceFirst("x-ms-", "X-Ms-"),
+                value -> value.replaceFirst("x-ms-encryption", "X-ms-Encryption"));
+
+        return headers.entrySet()
+                .stream()
+                .collect(toImmutableMap(
+                        entry -> iterator.next().apply(entry.getKey()),
+                        Map.Entry::getValue));
+    }
 }
diff --git a/...test/java/io/trino/spooling/filesystem/encryption/TestGcsEncryptionHeadersTranslator.java b/...test/java/io/trino/spooling/filesystem/encryption/TestGcsEncryptionHeadersTranslator.java
@@ -14,20 +14,23 @@
 package io.trino.spooling.filesystem.encryption;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Iterators;
 import io.trino.filesystem.encryption.EncryptionKey;
-import org.assertj.core.api.AssertionsForClassTypes;
 import org.junit.jupiter.api.Test;
 
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.function.Function;
 
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 class TestGcsEncryptionHeadersTranslator
 {
-    private static final EncryptionHeadersTranslator SSE = new GcsEncryptionHeadersTranslator();
+    private static final EncryptionHeadersTranslator SSE = EncryptionHeadersTranslator.forScheme("gs");
 
     @Test
     public void testKnownKey()
@@ -47,7 +50,15 @@ public void testKnownKey()
     public void testRoundTrip()
     {
         EncryptionKey key = EncryptionKey.randomAes256();
-        AssertionsForClassTypes.assertThat(SSE.extractKey(SSE.createHeaders(key))).isEqualTo(key);
+        assertThat(SSE.extractKey(SSE.createHeaders(key))).isEqualTo(key);
+    }
+
+    @Test
+    public void testRoundTripWithMixedCaseHeaders()
+    {
+        EncryptionKey key = EncryptionKey.randomAes256();
+        Map<String, List<String>> headers = mixCase(SSE.createHeaders(key));
+        assertThat(SSE.extractKey(headers)).isEqualTo(key);
     }
 
     @Test
@@ -62,4 +73,18 @@ public void testThrowsOnInvalidChecksum()
                 .isInstanceOf(IllegalArgumentException.class)
                 .hasMessageContaining("Key SHA256 checksum does not match");
     }
+
+    private static Map<String, List<String>> mixCase(Map<String, List<String>> headers)
+    {
+        Iterator<Function<String, String>> iterator = Iterators.cycle(
+                String::toUpperCase,
+                value -> value.replaceFirst("x-goog-", "X-Goog-"),
+                value -> value.replaceFirst("x-goog-encryption", "X-goog-Encryption"));
+
+        return headers.entrySet()
+                .stream()
+                .collect(toImmutableMap(
+                        entry -> iterator.next().apply(entry.getKey()),
+                        Map.Entry::getValue));
+    }
 }
diff --git a/.../test/java/io/trino/spooling/filesystem/encryption/TestS3EncryptionHeadersTranslator.java b/.../test/java/io/trino/spooling/filesystem/encryption/TestS3EncryptionHeadersTranslator.java
@@ -14,19 +14,23 @@
 package io.trino.spooling.filesystem.encryption;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Iterators;
 import io.trino.filesystem.encryption.EncryptionKey;
 import org.junit.jupiter.api.Test;
 
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.function.Function;
 
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 class TestS3EncryptionHeadersTranslator
 {
-    private static final EncryptionHeadersTranslator SSE = new S3EncryptionHeadersTranslator();
+    private static final EncryptionHeadersTranslator SSE = EncryptionHeadersTranslator.forScheme("s3");
 
     @Test
     public void testKnownKey()
@@ -38,7 +42,7 @@ public void testKnownKey()
         assertThat(headers)
                 .hasSize(3)
                 .containsEntry("x-amz-server-side-encryption-customer-key", List.of("VHJpbm9XaWxsRmx5V2l0aFNwb29sZWRQcm90b2NvbCE="))
-                .containsEntry("x-amz-server-side-encryption-customer-key-MD5", List.of("CX3f4fSIpiyVyQDCzuhDWg=="))
+                .containsEntry("x-amz-server-side-encryption-customer-key-md5", List.of("CX3f4fSIpiyVyQDCzuhDWg=="))
                 .containsEntry("x-amz-server-side-encryption-customer-algorithm", List.of("AES256"));
     }
 
@@ -49,16 +53,38 @@ public void testRoundTrip()
         assertThat(SSE.extractKey(SSE.createHeaders(key))).isEqualTo(key);
     }
 
+    @Test
+    public void testRoundTripWithMixedCaseHeaders()
+    {
+        EncryptionKey key = EncryptionKey.randomAes256();
+        Map<String, List<String>> headers = mixCase(SSE.createHeaders(key));
+        assertThat(SSE.extractKey(headers)).isEqualTo(key);
+    }
+
     @Test
     public void testThrowsOnInvalidChecksum()
     {
         Map<String, List<String>> headers = ImmutableMap.of(
                 "x-amz-server-side-encryption-customer-key", List.of("VHJpbm9XaWxsRmx5V2l0aFNwb29sZWRQcm90b2NvbCE="),
-                "x-amz-server-side-encryption-customer-key-MD5", List.of("brokenchecksum"),
+                "x-amz-server-side-encryption-customer-key-md5", List.of("brokenchecksum"),
                 "x-amz-server-side-encryption-customer-algorithm", List.of("AES256"));
 
         assertThatThrownBy(() -> SSE.extractKey(headers))
                 .isInstanceOf(IllegalArgumentException.class)
                 .hasMessageContaining("Key MD5 checksum does not match");
     }
+
+    private static Map<String, List<String>> mixCase(Map<String, List<String>> headers)
+    {
+        Iterator<Function<String, String>> iterator = Iterators.cycle(
+                String::toUpperCase,
+                value -> value.replaceFirst("x-amz-", "X-Amz-"),
+                value -> value.replaceFirst("x-amz-server-side", "X-amz-Server-Side"));
+
+        return headers.entrySet()
+                .stream()
+                .collect(toImmutableMap(
+                        entry -> iterator.next().apply(entry.getKey()),
+                        Map.Entry::getValue));
+    }
 }