From db3da97a50c3bb7efa0cb331d934ee6253645cc9 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Fri, 30 Sep 2016 14:58:03 -0700 Subject: [PATCH] signature/v2: Fix presigned requests. --- cmd/signature-v2.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/cmd/signature-v2.go b/cmd/signature-v2.go index 3eae6e0d0..a936a55e8 100644 --- a/cmd/signature-v2.go +++ b/cmd/signature-v2.go @@ -69,6 +69,22 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode { return ErrExpiredPresignRequest } + // Save incoming siganture to be validated later. + incomingSignature := req.URL.Query().Get("Signature") + + // Set the expires header for string to sign. + req.Header.Set("Expires", strconv.FormatInt(expired, 10)) + + /// Empty out the query params, we only need to validate signature. + query := req.URL.Query() + // Remove all the query params added for signature alone, we need + // a proper URL for string to sign. + query.Del("Expires") + query.Del("AWSAccessKeyId") + query.Del("Signature") + // Query encode whatever is left back to RawQuery. + req.URL.RawQuery = queryEncode(query) + // Get presigned string to sign. stringToSign := preStringifyHTTPReq(req) hm := hmac.New(sha1.New, []byte(cred.SecretAccessKey)) @@ -76,7 +92,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode { // Calculate signature and validate. signature := base64.StdEncoding.EncodeToString(hm.Sum(nil)) - if req.URL.Query().Get("Signature") != signature { + if incomingSignature != signature { return ErrSignatureDoesNotMatch }