HDDS-892. Parse aws v2 headers without spaces in Ozone s3 gateway. Co…

…ntributed by Elek Marton.
umd-dslam · Dec 6, 2018 · 6c852f2 · 6c852f2
1 parent 019836b
commit 6c852f2
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 35 deletions.
diff --git a/...zone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java b/...zone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/header/AuthorizationHeaderV4.java
@@ -62,35 +62,37 @@ public AuthorizationHeaderV4(String header) throws OS3Exception {
    */
   @SuppressWarnings("StringSplitter")
   public void parseAuthHeader() throws OS3Exception {
-    String[] split = authHeader.split(" ");
-
-    if (split.length != 4) {
+    int firstSep = authHeader.indexOf(' ');
+    if (firstSep < 0) {
       throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
     }
 
-    algorithm = split[0];
-    credential = split[1];
-    signedHeaders = split[2];
-    signature = split[3];
+    //split the value parts of the authorization header
+    String[] split = authHeader.substring(firstSep + 1).trim().split(", *");
+
+    if (split.length != 3) {
+      throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
+    }
 
+    algorithm = authHeader.substring(0, firstSep);
+    credential = split[0];
+    signedHeaders = split[1];
+    signature = split[2];
 
     if (credential.startsWith(CREDENTIAL)) {
-      credential = credential.substring(CREDENTIAL.length(), credential
-          .length() - 1);
+      credential = credential.substring(CREDENTIAL.length());
     } else {
       throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
     }
 
     if (signedHeaders.startsWith(SIGNEDHEADERS)) {
-      signedHeaders = signedHeaders.substring(SIGNEDHEADERS.length(),
-          signedHeaders.length() - 1);
+      signedHeaders = signedHeaders.substring(SIGNEDHEADERS.length());
     } else {
       throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
     }
 
     if (signature.startsWith(SIGNATURE)) {
-      signature = signature.substring(SIGNATURE.length(), signature
-          .length());
+      signature = signature.substring(SIGNATURE.length());
     } else {
       throw S3ErrorTable.newError(S3ErrorTable.MALFORMED_HEADER, authHeader);
     }

diff --git a/.../s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java b/.../s3gateway/src/test/java/org/apache/hadoop/ozone/s3/header/TestAuthorizationHeaderV4.java
@@ -31,51 +31,67 @@
 public class TestAuthorizationHeaderV4 {
 
   @Test
-  public void testV4Header1() {
-    try {
-      String auth = "AWS4-HMAC-SHA256 " +
-          "Credential=ozone/20130524/us-east-1/s3/aws4_request, " +
-          "SignedHeaders=host;range;x-amz-date, " +
-          "Signature=fe5f80f77d5fa3beca038a248ff027";
-      AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
-      assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm());
-      assertEquals("ozone", v4.getAccessKeyID());
-      assertEquals("20130524", v4.getDate());
-      assertEquals("us-east-1", v4.getAwsRegion());
-      assertEquals("aws4_request", v4.getAwsRequest());
-      assertEquals("host;range;x-amz-date", v4.getSignedHeaders());
-      assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature());
-    } catch (OS3Exception ex) {
-      fail("testV4Header");
-    }
-
+  public void testV4HeaderWellFormed() throws Exception {
+    String auth = "AWS4-HMAC-SHA256 " +
+        "Credential=ozone/20130524/us-east-1/s3/aws4_request, " +
+        "SignedHeaders=host;range;x-amz-date, " +
+        "Signature=fe5f80f77d5fa3beca038a248ff027";
+    AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
+    assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm());
+    assertEquals("ozone", v4.getAccessKeyID());
+    assertEquals("20130524", v4.getDate());
+    assertEquals("us-east-1", v4.getAwsRegion());
+    assertEquals("aws4_request", v4.getAwsRequest());
+    assertEquals("host;range;x-amz-date", v4.getSignedHeaders());
+    assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature());
   }
 
   @Test
-  public void testV4Header2() {
+  public void testV4HeaderMissingParts() {
     try {
       String auth = "AWS4-HMAC-SHA256 " +
           "Credential=ozone/20130524/us-east-1/s3/aws4_request, " +
           "SignedHeaders=host;range;x-amz-date,";
       AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
-      fail("testV4Header2");
+      fail("Exception is expected in case of malformed header");
     } catch (OS3Exception ex) {
       assertEquals("AuthorizationHeaderMalformed", ex.getCode());
     }
   }
 
-
   @Test
-  public void testV4Header3() {
+  public void testV4HeaderInvalidCredential() {
     try {
       String auth = "AWS4-HMAC-SHA256 " +
           "Credential=20130524/us-east-1/s3/aws4_request, " +
           "SignedHeaders=host;range;x-amz-date, " +
           "Signature=fe5f80f77d5fa3beca038a248ff027";
       AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
+      fail("Exception is expected in case of malformed header");
     } catch (OS3Exception ex) {
       assertEquals("AuthorizationHeaderMalformed", ex.getCode());
     }
   }
 
+  @Test
+  public void testV4HeaderWithoutSpace() throws OS3Exception {
+
+    String auth =
+        "AWS4-HMAC-SHA256 Credential=ozone/20130524/us-east-1/s3/aws4_request,"
+            + "SignedHeaders=host;x-amz-content-sha256;x-amz-date,"
+            + "Signature"
+            + "=fe5f80f77d5fa3beca038a248ff027";
+    AuthorizationHeaderV4 v4 = new AuthorizationHeaderV4(auth);
+
+    assertEquals("AWS4-HMAC-SHA256", v4.getAlgorithm());
+    assertEquals("ozone", v4.getAccessKeyID());
+    assertEquals("20130524", v4.getDate());
+    assertEquals("us-east-1", v4.getAwsRegion());
+    assertEquals("aws4_request", v4.getAwsRequest());
+    assertEquals("host;x-amz-content-sha256;x-amz-date",
+        v4.getSignedHeaders());
+    assertEquals("fe5f80f77d5fa3beca038a248ff027", v4.getSignature());
+
+  }
+
 }