// Copyright (c) 2015-2021 MinIO, Inc. // // This file is part of MinIO Object Storage stack // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package condition import ( "fmt" "net/http" "sort" "github.com/minio/minio-go/v7/pkg/s3utils" "github.com/minio/minio-go/v7/pkg/set" ) func toStringEqualsFuncString(n name, key Key, values set.StringSet) string { valueStrings := values.ToSlice() sort.Strings(valueStrings) return fmt.Sprintf("%v:%v:%v", n, key, valueStrings) } // stringEqualsFunc - String equals function. It checks whether value by Key in given // values map is in condition values. // For example, // - if values = ["mybucket/foo"], at evaluate() it returns whether string // in value map for Key is in values. type stringEqualsFunc struct { k Key values set.StringSet } // evaluate() - evaluates to check whether value by Key in given values is in // condition values. func (f stringEqualsFunc) evaluate(values map[string][]string) bool { requestValue, ok := values[http.CanonicalHeaderKey(f.k.Name())] if !ok { requestValue = values[f.k.Name()] } fvalues := f.values.ApplyFunc(substFuncFromValues(values)) return !fvalues.Intersection(set.CreateStringSet(requestValue...)).IsEmpty() } // key() - returns condition key which is used by this condition function. func (f stringEqualsFunc) key() Key { return f.k } // name() - returns "StringEquals" condition name. func (f stringEqualsFunc) name() name { return stringEquals } func (f stringEqualsFunc) String() string { return toStringEqualsFuncString(stringEquals, f.k, f.values) } // toMap - returns map representation of this function. func (f stringEqualsFunc) toMap() map[Key]ValueSet { if !f.k.IsValid() { return nil } values := NewValueSet() for _, value := range f.values.ToSlice() { values.Add(NewStringValue(value)) } return map[Key]ValueSet{ f.k: values, } } // stringNotEqualsFunc - String not equals function. It checks whether value by Key in // given values is NOT in condition values. // For example, // - if values = ["mybucket/foo"], at evaluate() it returns whether string // in value map for Key is NOT in values. type stringNotEqualsFunc struct { stringEqualsFunc } // evaluate() - evaluates to check whether value by Key in given values is NOT in // condition values. func (f stringNotEqualsFunc) evaluate(values map[string][]string) bool { return !f.stringEqualsFunc.evaluate(values) } // name() - returns "StringNotEquals" condition name. func (f stringNotEqualsFunc) name() name { return stringNotEquals } func (f stringNotEqualsFunc) String() string { return toStringEqualsFuncString(stringNotEquals, f.stringEqualsFunc.k, f.stringEqualsFunc.values) } func valuesToStringSlice(n name, values ValueSet) ([]string, error) { valueStrings := []string{} for value := range values { s, err := value.GetString() if err != nil { return nil, fmt.Errorf("value must be a string for %v condition", n) } valueStrings = append(valueStrings, s) } return valueStrings, nil } func validateStringEqualsValues(n name, key Key, values set.StringSet) error { for _, s := range values.ToSlice() { switch key { case S3XAmzCopySource: bucket, object := path2BucketAndObject(s) if object == "" { return fmt.Errorf("invalid value '%v' for '%v' for %v condition", s, S3XAmzCopySource, n) } if err := s3utils.CheckValidBucketName(bucket); err != nil { return err } case S3XAmzServerSideEncryption, S3XAmzServerSideEncryptionCustomerAlgorithm: if s != "AES256" { return fmt.Errorf("invalid value '%v' for '%v' for %v condition", s, S3XAmzServerSideEncryption, n) } case S3XAmzMetadataDirective: if s != "COPY" && s != "REPLACE" { return fmt.Errorf("invalid value '%v' for '%v' for %v condition", s, S3XAmzMetadataDirective, n) } case S3XAmzContentSha256: if s == "" { return fmt.Errorf("invalid empty value for '%v' for %v condition", S3XAmzContentSha256, n) } } } return nil } // newStringEqualsFunc - returns new StringEquals function. func newStringEqualsFunc(key Key, values ValueSet) (Function, error) { valueStrings, err := valuesToStringSlice(stringEquals, values) if err != nil { return nil, err } return NewStringEqualsFunc(key, valueStrings...) } // NewStringEqualsFunc - returns new StringEquals function. func NewStringEqualsFunc(key Key, values ...string) (Function, error) { sset := set.CreateStringSet(values...) if err := validateStringEqualsValues(stringEquals, key, sset); err != nil { return nil, err } return &stringEqualsFunc{key, sset}, nil } // newStringNotEqualsFunc - returns new StringNotEquals function. func newStringNotEqualsFunc(key Key, values ValueSet) (Function, error) { valueStrings, err := valuesToStringSlice(stringNotEquals, values) if err != nil { return nil, err } return NewStringNotEqualsFunc(key, valueStrings...) } // NewStringNotEqualsFunc - returns new StringNotEquals function. func NewStringNotEqualsFunc(key Key, values ...string) (Function, error) { sset := set.CreateStringSet(values...) if err := validateStringEqualsValues(stringNotEquals, key, sset); err != nil { return nil, err } return &stringNotEqualsFunc{stringEqualsFunc{key, sset}}, nil }