MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-24 19:46:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: trim arn:aws:kms from incoming SSE aws-kms-key-id (#15540)

Browse Source
This commit is contained in:
Harshavardhana
2022-08-16 11:28:30 -07:00
committed by GitHub
parent 5682685c80
commit 48640b1de2
8 changed files with 227 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/bucket/encryption/bucket-sse-config.go
View File

@@ -22,6 +22,7 @@ import (
"errors"
"io"
"net/http"
"strings"
"github.com/minio/minio/internal/crypto"
xhttp "github.com/minio/minio/internal/http"
@@ -102,9 +103,14 @@ func ParseBucketSSEConfig(r io.Reader) (*BucketSSEConfig, error) {
return nil, errors.New("MasterKeyID is allowed with aws:kms only")
}
case AWSKms:
if rule.DefaultEncryptionAction.MasterKeyID == "" {
keyID := rule.DefaultEncryptionAction.MasterKeyID
if keyID == "" {
return nil, errors.New("MasterKeyID is missing with aws:kms")
}
spaces := strings.HasPrefix(keyID, " ") || strings.HasSuffix(keyID, " ")
if spaces {
return nil, errors.New("MasterKeyID contains unsupported characters")
}
}
}
@@ -164,7 +170,7 @@ func (b *BucketSSEConfig) Algo() Algorithm {
// empty key ID.
func (b *BucketSSEConfig) KeyID() string {
for _, rule := range b.Rules {
return rule.DefaultEncryptionAction.MasterKeyID
return strings.TrimPrefix(rule.DefaultEncryptionAction.MasterKeyID, crypto.ARNPrefix)
}
return ""
}