MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Generate and use access/secret keys properly (#3498)

Browse Source
This commit is contained in:
Bala FA
2016-12-26 23:51:23 +05:30
committed by Harshavardhana
parent 6ee27daac1
commit e8ce3b64ed
42 changed files with 429 additions and 447 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cmd/signature-v2.go
View File

@@ -67,12 +67,12 @@ var resourceList = []string{
func doesPolicySignatureV2Match(formValues map[string]string) APIErrorCode {
cred := serverConfig.GetCredential()
accessKey := formValues["Awsaccesskeyid"]
if accessKey != cred.AccessKeyID {
if accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
signature := formValues["Signature"]
policy := formValues["Policy"]
if signature != calculateSignatureV2(policy, cred.SecretAccessKey) {
if signature != calculateSignatureV2(policy, cred.SecretKey) {
return ErrSignatureDoesNotMatch
}
return ErrNone
@@ -126,7 +126,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
}
// Validate if access key id same.
if accessKey != cred.AccessKeyID {
if accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@@ -150,7 +150,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
}
// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
// Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) );
// Signature = Base64( HMAC-SHA1( YourSecretKey, UTF-8-Encoding-Of( StringToSign ) ) );
//
// StringToSign = HTTP-Verb + "\n" +
// Content-Md5 + "\n" +
@@ -193,7 +193,7 @@ func validateV2AuthHeader(v2Auth string) APIErrorCode {
// Access credentials.
cred := serverConfig.GetCredential()
if keySignFields[0] != cred.AccessKeyID {
if keySignFields[0] != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@@ -239,15 +239,15 @@ func calculateSignatureV2(stringToSign string, secret string) string {
func preSignatureV2(method string, encodedResource string, encodedQuery string, headers http.Header, expires string) string {
cred := serverConfig.GetCredential()
stringToSign := presignV2STS(method, encodedResource, encodedQuery, headers, expires)
return calculateSignatureV2(stringToSign, cred.SecretAccessKey)
return calculateSignatureV2(stringToSign, cred.SecretKey)
}
// Return signature-v2 authrization header.
func signatureV2(method string, encodedResource string, encodedQuery string, headers http.Header) string {
cred := serverConfig.GetCredential()
stringToSign := signV2STS(method, encodedResource, encodedQuery, headers)
signature := calculateSignatureV2(stringToSign, cred.SecretAccessKey)
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKeyID, signature)
signature := calculateSignatureV2(stringToSign, cred.SecretKey)
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKey, signature)
}
// Return canonical headers.