signature/v2: Fix presigned requests.

This commit is contained in:
Harshavardhana 2016-09-30 14:58:03 -07:00
parent 5885ffc8ae
commit db3da97a50

View File

@ -69,6 +69,22 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
return ErrExpiredPresignRequest
}
// Save incoming siganture to be validated later.
incomingSignature := req.URL.Query().Get("Signature")
// Set the expires header for string to sign.
req.Header.Set("Expires", strconv.FormatInt(expired, 10))
/// Empty out the query params, we only need to validate signature.
query := req.URL.Query()
// Remove all the query params added for signature alone, we need
// a proper URL for string to sign.
query.Del("Expires")
query.Del("AWSAccessKeyId")
query.Del("Signature")
// Query encode whatever is left back to RawQuery.
req.URL.RawQuery = queryEncode(query)
// Get presigned string to sign.
stringToSign := preStringifyHTTPReq(req)
hm := hmac.New(sha1.New, []byte(cred.SecretAccessKey))
@ -76,7 +92,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
// Calculate signature and validate.
signature := base64.StdEncoding.EncodeToString(hm.Sum(nil))
if req.URL.Query().Get("Signature") != signature {
if incomingSignature != signature {
return ErrSignatureDoesNotMatch
}