MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

move SSE-C TLS enforcement into generic handler (#6639)

Browse Source 
This commit moves the check that SSE-C requests
must be made over TLS into a generic HTTP handler.

Since the HTTP server uses custom TCP connection handling
it is not possible to use `http.Request.TLS` to check
for TLS connections. So using `globalIsSSL` is the only
option to detect whether the request is made over TLS.
By extracting this check into a separate handler it's possible
to refactor other parts of the SSE handling code further.
This commit is contained in:
Andreas Auernhammer
2018-10-17 04:22:09 +02:00
committed by Harshavardhana
parent 88c8c2d6cd
commit fdf691fdcc
7 changed files with 54 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
cmd/generic-handlers_test.go
View File

@@ -18,6 +18,7 @@ package cmd
import (
"net/http"
"net/http/httptest"
"strconv"
"testing"
@@ -181,3 +182,39 @@ func TestContainsReservedMetadata(t *testing.T) {
}
}
}
var sseTLSHandlerTests = []struct {
Header http.Header
IsTLS, ShouldFail bool
}{
{Header: http.Header{}, IsTLS: false, ShouldFail: false}, // 0
{Header: http.Header{crypto.SSECAlgorithm: []string{"AES256"}}, IsTLS: false, ShouldFail: true}, // 1
{Header: http.Header{crypto.SSECAlgorithm: []string{"AES256"}}, IsTLS: true, ShouldFail: false}, // 2
{Header: http.Header{crypto.SSECKey: []string{""}}, IsTLS: true, ShouldFail: false}, // 3
{Header: http.Header{crypto.SSECopyAlgorithm: []string{""}}, IsTLS: false, ShouldFail: true}, // 4
}
func TestSSETLSHandler(t *testing.T) {
defer func(isSSL bool) { globalIsSSL = isSSL }(globalIsSSL) // reset globalIsSSL after test
var okHandler http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
}
for i, test := range sseTLSHandlerTests {
globalIsSSL = test.IsTLS
w := httptest.NewRecorder()
r := new(http.Request)
r.Header = test.Header
h := setSSETLSHandler(okHandler)
h.ServeHTTP(w, r)
switch {
case test.ShouldFail && w.Code == http.StatusOK:
t.Errorf("Test %d: should fail but status code is HTTP %d", i, w.Code)
case !test.ShouldFail && w.Code != http.StatusOK:
t.Errorf("Test %d: should not fail but status code is HTTP %d and not 200 OK", i, w.Code)
}
}
}