mirror of
https://github.com/minio/minio.git
synced 2025-11-28 13:09:09 -05:00
merge nested hash readers (#9582)
The `ioutil.NopCloser(reader)` was hiding nested hash readers. We make it an `io.Closer` so it can be attached without wrapping and allows for nesting, by merging the requests.
This commit is contained in:
Klaus Post
GitHub
@@ -28,14 +28,13 @@ import (
|
||||
sha256 "github.com/minio/sha256-simd"
|
||||
)
|
||||
|
||||
var errNestedReader = errors.New("Nesting of Reader detected, not allowed")
|
||||
|
||||
// Reader writes what it reads from an io.Reader to an MD5 and SHA256 hash.Hash.
|
||||
// Reader verifies that the content of the io.Reader matches the expected checksums.
|
||||
type Reader struct {
|
||||
src io.Reader
|
||||
size int64
|
||||
actualSize int64
|
||||
bytesRead int64
|
||||
|
||||
md5sum, sha256sum []byte // Byte values of md5sum, sha256sum of client sent values.
|
||||
md5Hash, sha256Hash hash.Hash
|
||||
@@ -44,44 +43,14 @@ type Reader struct {
|
||||
// NewReader returns a new hash Reader which computes the MD5 sum and
|
||||
// SHA256 sum (if set) of the provided io.Reader at EOF.
|
||||
func NewReader(src io.Reader, size int64, md5Hex, sha256Hex string, actualSize int64, strictCompat bool) (*Reader, error) {
|
||||
if _, ok := src.(*Reader); ok {
|
||||
return nil, errNestedReader
|
||||
if r, ok := src.(*Reader); ok {
|
||||
// Merge expectations and return parent.
|
||||
return r.merge(size, md5Hex, sha256Hex, actualSize, strictCompat)
|
||||
}
|
||||
|
||||
sha256sum, err := hex.DecodeString(sha256Hex)
|
||||
if err != nil {
|
||||
return nil, SHA256Mismatch{}
|
||||
}
|
||||
|
||||
md5sum, err := hex.DecodeString(md5Hex)
|
||||
if err != nil {
|
||||
return nil, BadDigest{}
|
||||
}
|
||||
|
||||
var sha256Hash hash.Hash
|
||||
if len(sha256sum) != 0 {
|
||||
sha256Hash = sha256.New()
|
||||
}
|
||||
var md5Hash hash.Hash
|
||||
if strictCompat {
|
||||
// Strict compatibility is set then we should
|
||||
// calculate md5sum always.
|
||||
md5Hash = md5.New()
|
||||
} else if len(md5sum) != 0 {
|
||||
md5Hash = md5.New()
|
||||
}
|
||||
if size >= 0 {
|
||||
src = io.LimitReader(src, size)
|
||||
}
|
||||
return &Reader{
|
||||
md5sum: md5sum,
|
||||
sha256sum: sha256sum,
|
||||
src: src,
|
||||
size: size,
|
||||
md5Hash: md5Hash,
|
||||
sha256Hash: sha256Hash,
|
||||
actualSize: actualSize,
|
||||
}, nil
|
||||
// Create empty reader and merge into that.
|
||||
r := Reader{src: src, size: -1, actualSize: -1}
|
||||
return r.merge(size, md5Hex, sha256Hex, actualSize, strictCompat)
|
||||
}
|
||||
|
||||
func (r *Reader) Read(p []byte) (n int, err error) {
|
||||
@@ -94,10 +63,11 @@ func (r *Reader) Read(p []byte) (n int, err error) {
|
||||
r.sha256Hash.Write(p[:n])
|
||||
}
|
||||
}
|
||||
r.bytesRead += int64(n)
|
||||
|
||||
// At io.EOF verify if the checksums are right.
|
||||
if err == io.EOF {
|
||||
if cerr := r.Verify(); cerr != nil {
|
||||
if cerr := r.verify(); cerr != nil {
|
||||
return 0, cerr
|
||||
}
|
||||
}
|
||||
@@ -150,9 +120,9 @@ func (r *Reader) SHA256HexString() string {
|
||||
return hex.EncodeToString(r.sha256sum)
|
||||
}
|
||||
|
||||
// Verify verifies if the computed MD5 sum and SHA256 sum are
|
||||
// verify verifies if the computed MD5 sum and SHA256 sum are
|
||||
// equal to the ones specified when creating the Reader.
|
||||
func (r *Reader) Verify() error {
|
||||
func (r *Reader) verify() error {
|
||||
if r.sha256Hash != nil && len(r.sha256sum) > 0 {
|
||||
if sum := r.sha256Hash.Sum(nil); !bytes.Equal(r.sha256sum, sum) {
|
||||
return SHA256Mismatch{hex.EncodeToString(r.sha256sum), hex.EncodeToString(sum)}
|
||||
@@ -165,3 +135,63 @@ func (r *Reader) Verify() error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// merge another hash into this one.
|
||||
// There cannot be conflicting information given.
|
||||
func (r *Reader) merge(size int64, md5Hex, sha256Hex string, actualSize int64, strictCompat bool) (*Reader, error) {
|
||||
if r.bytesRead > 0 {
|
||||
return nil, errors.New("internal error: Already read from hash reader")
|
||||
}
|
||||
// Merge sizes.
|
||||
// If not set before, just add it.
|
||||
if r.size < 0 && size >= 0 {
|
||||
r.src = io.LimitReader(r.src, size)
|
||||
r.size = size
|
||||
}
|
||||
// If set before and set now they must match.
|
||||
if r.size >= 0 && size >= 0 && r.size != size {
|
||||
return nil, ErrSizeMismatch{Want: r.size, Got: size}
|
||||
}
|
||||
|
||||
if r.actualSize <= 0 && actualSize >= 0 {
|
||||
r.actualSize = actualSize
|
||||
}
|
||||
|
||||
// Merge SHA256.
|
||||
sha256sum, err := hex.DecodeString(sha256Hex)
|
||||
if err != nil {
|
||||
return nil, SHA256Mismatch{}
|
||||
}
|
||||
|
||||
// If both are set, they must be the same.
|
||||
if r.sha256Hash != nil && len(sha256sum) > 0 {
|
||||
if !bytes.Equal(r.sha256sum, sha256sum) {
|
||||
return nil, SHA256Mismatch{}
|
||||
}
|
||||
} else if len(sha256sum) > 0 {
|
||||
r.sha256Hash = sha256.New()
|
||||
r.sha256sum = sha256sum
|
||||
}
|
||||
|
||||
// Merge MD5 Sum.
|
||||
md5sum, err := hex.DecodeString(md5Hex)
|
||||
if err != nil {
|
||||
return nil, BadDigest{}
|
||||
}
|
||||
// If both are set, they must expect the same.
|
||||
if r.md5Hash != nil && len(md5sum) > 0 {
|
||||
if !bytes.Equal(r.md5sum, md5sum) {
|
||||
return nil, BadDigest{}
|
||||
}
|
||||
} else if len(md5sum) > 0 || (r.md5Hash == nil && strictCompat) {
|
||||
r.md5Hash = md5.New()
|
||||
r.md5sum = md5sum
|
||||
}
|
||||
return r, nil
|
||||
}
|
||||
|
||||
// Close and release resources.
|
||||
func (r *Reader) Close() error {
|
||||
// Support the io.Closer interface.
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user