From a078703214f0b82496f19072f4e0bbb52a64fcc8 Mon Sep 17 00:00:00 2001 From: Andreas Auernhammer Date: Sat, 4 Aug 2018 01:55:45 +0200 Subject: [PATCH] catch crypto.* errors and add SSE-S3 invalid algorithm err (#6229) This commit adds the crypto.* errors to the `toAPIErrorCode` switch. Further this commit adds an S3 API error code returned whenever the client specifes a SSE-S3 request with an invalid algorithm parameter. --- cmd/api-errors.go | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/cmd/api-errors.go b/cmd/api-errors.go index de9a9c8f5..eeadc67b6 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -22,6 +22,7 @@ import ( "fmt" "net/http" + "github.com/minio/minio/cmd/crypto" "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/dns" "github.com/minio/minio/pkg/event" @@ -129,6 +130,9 @@ const ( ErrInvalidPrefixMarker // Add new error codes here. + // SSE-S3 related API errors + ErrInvalidEncryptionMethod + // Server-Side-Encryption (with Customer provided key) related API errors. ErrInsecureSSECustomerRequest ErrSSEMultipartEncrypted @@ -629,6 +633,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{ Description: "Your metadata headers exceed the maximum allowed metadata size.", HTTPStatusCode: http.StatusBadRequest, }, + ErrInvalidEncryptionMethod: { + Code: "InvalidRequest", + Description: "The encryption method specified is not supported", + HTTPStatusCode: http.StatusBadRequest, + }, ErrInsecureSSECustomerRequest: { Code: "InvalidRequest", Description: "Requests specifying Server Side Encryption with Customer provided keys must be made over a secure connection.", @@ -866,17 +875,19 @@ func toAPIErrorCode(err error) (apiErr APIErrorCode) { case auth.ErrInvalidSecretKeyLength: apiErr = ErrAdminInvalidSecretKey // SSE errors + case crypto.ErrInvalidEncryptionMethod: + apiErr = ErrInvalidEncryptionMethod case errInsecureSSERequest: apiErr = ErrInsecureSSECustomerRequest - case errInvalidSSEAlgorithm: + case errInvalidSSEAlgorithm, crypto.ErrInvalidCustomerAlgorithm: apiErr = ErrInvalidSSECustomerAlgorithm - case errInvalidSSEKey: + case errInvalidSSEKey, crypto.ErrInvalidCustomerKey: apiErr = ErrInvalidSSECustomerKey - case errMissingSSEKey: + case errMissingSSEKey, crypto.ErrMissingCustomerKey: apiErr = ErrMissingSSECustomerKey - case errMissingSSEKeyMD5: + case errMissingSSEKeyMD5, crypto.ErrMissingCustomerKeyMD5: apiErr = ErrMissingSSECustomerKeyMD5 - case errSSEKeyMD5Mismatch: + case errSSEKeyMD5Mismatch, crypto.ErrCustomerKeyMD5Mismatch: apiErr = ErrSSECustomerKeyMD5Mismatch case errObjectTampered: apiErr = ErrObjectTampered @@ -990,6 +1001,8 @@ func toAPIErrorCode(err error) (apiErr APIErrorCode) { apiErr = ErrUnsupportedNotification case BackendDown: apiErr = ErrBackendDown + case crypto.Error: + apiErr = ErrObjectTampered default: apiErr = ErrInternalError }