handler/PUT: Handle signature verification through a custom reader. (#2066)

Change brings in a new signVerifyReader which provides a io.Reader compatible reader, additionally implements Verify() function. Verify() function validates the signature present in the incoming request. This approach is choosen to avoid complexities involved in using io.Pipe(). Thanks to Krishna for his inputs on this. Fixes #2058 Fixes #2054 Fixes #2087
2025-11-28 13:09:09 -05:00 · 2016-07-05 01:04:50 -07:00
parent 0540863663
commit 8a028a9efb
18 changed files with 380 additions and 518 deletions
--- a/auth-handler.go
+++ b/auth-handler.go
@@ -27,10 +27,6 @@ import (
 	"strings"
 )

-// http Header "x-amz-content-sha256" == "UNSIGNED-PAYLOAD" indicates that the
-// client did not calculate sha256 of the payload.
-const unsignedPayload = "UNSIGNED-PAYLOAD"
-
 // Verify if the request http Header "x-amz-content-sha256" == "UNSIGNED-PAYLOAD"
 func isRequestUnsignedPayload(r *http.Request) bool {
 	return r.Header.Get("x-amz-content-sha256") == unsignedPayload
@@ -136,7 +132,9 @@ func isReqAuthenticated(r *http.Request) (s3Error APIErrorCode) {
 	r.Body = ioutil.NopCloser(bytes.NewReader(payload))
 	validateRegion := true // Validate region.
 	var sha256sum string
-	if skipSHA256Calculation(r) {
+	// Skips calculating sha256 on the payload on server,
+	// if client requested for it.
+	if skipContentSha256Cksum(r) {
 		sha256sum = unsignedPayload
 	} else {
 		sha256sum = hex.EncodeToString(sum256(payload))