mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Support signature v4 at rest
This commit is contained in:
parent
39026cb64b
commit
15dd0df187
@ -31,9 +31,11 @@ import (
|
|||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
|
||||||
|
"github.com/minio/minio/pkg/crypto/sha256"
|
||||||
"github.com/minio/minio/pkg/crypto/sha512"
|
"github.com/minio/minio/pkg/crypto/sha512"
|
||||||
"github.com/minio/minio/pkg/donut/split"
|
"github.com/minio/minio/pkg/donut/split"
|
||||||
"github.com/minio/minio/pkg/iodine"
|
"github.com/minio/minio/pkg/iodine"
|
||||||
|
"github.com/minio/minio/pkg/utils/atomic"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -220,7 +222,7 @@ func (b bucket) ReadObject(objectName string) (reader io.ReadCloser, size int64,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// WriteObject - write a new object into bucket
|
// WriteObject - write a new object into bucket
|
||||||
func (b bucket) WriteObject(objectName string, objectData io.Reader, expectedMD5Sum string, metadata map[string]string) (ObjectMetadata, error) {
|
func (b bucket) WriteObject(objectName string, objectData io.Reader, expectedMD5Sum string, metadata map[string]string, signature *Signature) (ObjectMetadata, error) {
|
||||||
b.lock.Lock()
|
b.lock.Lock()
|
||||||
defer b.lock.Unlock()
|
defer b.lock.Unlock()
|
||||||
if objectName == "" || objectData == nil {
|
if objectName == "" || objectData == nil {
|
||||||
@ -231,6 +233,7 @@ func (b bucket) WriteObject(objectName string, objectData io.Reader, expectedMD5
|
|||||||
return ObjectMetadata{}, iodine.New(err, nil)
|
return ObjectMetadata{}, iodine.New(err, nil)
|
||||||
}
|
}
|
||||||
sumMD5 := md5.New()
|
sumMD5 := md5.New()
|
||||||
|
sum256 := sha256.New()
|
||||||
sum512 := sha512.New()
|
sum512 := sha512.New()
|
||||||
objMetadata := ObjectMetadata{}
|
objMetadata := ObjectMetadata{}
|
||||||
objMetadata.Version = objectMetadataVersion
|
objMetadata.Version = objectMetadataVersion
|
||||||
@ -238,7 +241,7 @@ func (b bucket) WriteObject(objectName string, objectData io.Reader, expectedMD5
|
|||||||
// if total writers are only '1' do not compute erasure
|
// if total writers are only '1' do not compute erasure
|
||||||
switch len(writers) == 1 {
|
switch len(writers) == 1 {
|
||||||
case true:
|
case true:
|
||||||
mw := io.MultiWriter(writers[0], sumMD5, sum512)
|
mw := io.MultiWriter(writers[0], sumMD5, sum256, sum512)
|
||||||
totalLength, err := io.Copy(mw, objectData)
|
totalLength, err := io.Copy(mw, objectData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ObjectMetadata{}, iodine.New(err, nil)
|
return ObjectMetadata{}, iodine.New(err, nil)
|
||||||
@ -251,7 +254,7 @@ func (b bucket) WriteObject(objectName string, objectData io.Reader, expectedMD5
|
|||||||
return ObjectMetadata{}, iodine.New(err, nil)
|
return ObjectMetadata{}, iodine.New(err, nil)
|
||||||
}
|
}
|
||||||
// write encoded data with k, m and writers
|
// write encoded data with k, m and writers
|
||||||
chunkCount, totalLength, err := b.writeObjectData(k, m, writers, objectData, sumMD5, sum512)
|
chunkCount, totalLength, err := b.writeObjectData(k, m, writers, objectData, sumMD5, sum256, sum512)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ObjectMetadata{}, iodine.New(err, nil)
|
return ObjectMetadata{}, iodine.New(err, nil)
|
||||||
}
|
}
|
||||||
@ -267,7 +270,19 @@ func (b bucket) WriteObject(objectName string, objectData io.Reader, expectedMD5
|
|||||||
objMetadata.Object = objectName
|
objMetadata.Object = objectName
|
||||||
dataMD5sum := sumMD5.Sum(nil)
|
dataMD5sum := sumMD5.Sum(nil)
|
||||||
dataSHA512sum := sum512.Sum(nil)
|
dataSHA512sum := sum512.Sum(nil)
|
||||||
|
if signature != nil {
|
||||||
|
ok, err := signature.DoesSignatureMatch(hex.EncodeToString(sum256.Sum(nil)))
|
||||||
|
if err != nil {
|
||||||
|
return ObjectMetadata{}, iodine.New(err, nil)
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
// purge all writers, when control flow reaches here
|
||||||
|
for _, writer := range writers {
|
||||||
|
writer.(*atomic.File).CloseAndPurge()
|
||||||
|
}
|
||||||
|
return ObjectMetadata{}, iodine.New(SignatureDoesNotMatch{}, nil)
|
||||||
|
}
|
||||||
|
}
|
||||||
objMetadata.MD5Sum = hex.EncodeToString(dataMD5sum)
|
objMetadata.MD5Sum = hex.EncodeToString(dataMD5sum)
|
||||||
objMetadata.SHA512Sum = hex.EncodeToString(dataSHA512sum)
|
objMetadata.SHA512Sum = hex.EncodeToString(dataSHA512sum)
|
||||||
|
|
||||||
@ -382,7 +397,7 @@ func (b bucket) getDataAndParity(totalWriters int) (k uint8, m uint8, err error)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// writeObjectData -
|
// writeObjectData -
|
||||||
func (b bucket) writeObjectData(k, m uint8, writers []io.WriteCloser, objectData io.Reader, sumMD5, sum512 hash.Hash) (int, int, error) {
|
func (b bucket) writeObjectData(k, m uint8, writers []io.WriteCloser, objectData io.Reader, sumMD5, sum256, sum512 hash.Hash) (int, int, error) {
|
||||||
encoder, err := newEncoder(k, m, "Cauchy")
|
encoder, err := newEncoder(k, m, "Cauchy")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, 0, iodine.New(err, nil)
|
return 0, 0, iodine.New(err, nil)
|
||||||
@ -396,6 +411,7 @@ func (b bucket) writeObjectData(k, m uint8, writers []io.WriteCloser, objectData
|
|||||||
totalLength = totalLength + len(chunk.Data)
|
totalLength = totalLength + len(chunk.Data)
|
||||||
encodedBlocks, _ := encoder.Encode(chunk.Data)
|
encodedBlocks, _ := encoder.Encode(chunk.Data)
|
||||||
sumMD5.Write(chunk.Data)
|
sumMD5.Write(chunk.Data)
|
||||||
|
sum256.Write(chunk.Data)
|
||||||
sum512.Write(chunk.Data)
|
sum512.Write(chunk.Data)
|
||||||
for blockIndex, block := range encodedBlocks {
|
for blockIndex, block := range encodedBlocks {
|
||||||
_, err := io.Copy(writers[blockIndex], bytes.NewBuffer(block))
|
_, err := io.Copy(writers[blockIndex], bytes.NewBuffer(block))
|
||||||
|
@ -122,7 +122,7 @@ func (donut API) listObjects(bucket, prefix, marker, delimiter string, maxkeys i
|
|||||||
}
|
}
|
||||||
|
|
||||||
// putObject - put object
|
// putObject - put object
|
||||||
func (donut API) putObject(bucket, object, expectedMD5Sum string, reader io.Reader, metadata map[string]string) (ObjectMetadata, error) {
|
func (donut API) putObject(bucket, object, expectedMD5Sum string, reader io.Reader, metadata map[string]string, signature *Signature) (ObjectMetadata, error) {
|
||||||
errParams := map[string]string{
|
errParams := map[string]string{
|
||||||
"bucket": bucket,
|
"bucket": bucket,
|
||||||
"object": object,
|
"object": object,
|
||||||
@ -146,7 +146,7 @@ func (donut API) putObject(bucket, object, expectedMD5Sum string, reader io.Read
|
|||||||
if _, ok := bucketMeta.Buckets[bucket].BucketObjects[object]; ok {
|
if _, ok := bucketMeta.Buckets[bucket].BucketObjects[object]; ok {
|
||||||
return ObjectMetadata{}, iodine.New(ObjectExists{Object: object}, errParams)
|
return ObjectMetadata{}, iodine.New(ObjectExists{Object: object}, errParams)
|
||||||
}
|
}
|
||||||
objMetadata, err := donut.buckets[bucket].WriteObject(object, reader, expectedMD5Sum, metadata)
|
objMetadata, err := donut.buckets[bucket].WriteObject(object, reader, expectedMD5Sum, metadata, signature)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ObjectMetadata{}, iodine.New(err, errParams)
|
return ObjectMetadata{}, iodine.New(err, errParams)
|
||||||
}
|
}
|
||||||
|
@ -374,6 +374,7 @@ func (donut API) createObject(bucket, key, contentType, expectedMD5Sum string, s
|
|||||||
"contentType": contentType,
|
"contentType": contentType,
|
||||||
"contentLength": strconv.FormatInt(size, 10),
|
"contentLength": strconv.FormatInt(size, 10),
|
||||||
},
|
},
|
||||||
|
signature,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ObjectMetadata{}, iodine.New(err, nil)
|
return ObjectMetadata{}, iodine.New(err, nil)
|
||||||
|
Loading…
Reference in New Issue
Block a user