From 0528eed7b61d76e05cdf5e0568786237792b8dee Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Wed, 19 Aug 2020 16:28:17 +0300 Subject: [PATCH] [#19] Bug with AccessKey Closes #19. Signed-off-by: Pavel Korotkov --- auth/center.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/auth/center.go b/auth/center.go index 42c385498..f47582a77 100644 --- a/auth/center.go +++ b/auth/center.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "crypto/ecdsa" + "fmt" "io/ioutil" "net/http" "regexp" @@ -22,7 +23,7 @@ import ( "go.uber.org/zap" ) -var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P[^/]+)/(?P[^/]+)/(?P[^/]*)/(?P[^/]+)/aws4_request,\s*SignedHeaders=(?P.+),\s*Signature=(?P.+)`) +var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P[^/]+)/(?P[^/]+)/(?P[^/]+)/(?P[^/]*)/(?P[^/]+)/aws4_request,\s*SignedHeaders=(?P.+),\s*Signature=(?P.+)`) const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` @@ -84,7 +85,7 @@ func (center *Center) AuthenticationPassed(request *http.Request) (*service.Bear return nil, errors.New("unsupported request: wrong length of Authorization header field") } sms1 := center.submatcher.getSubmatches(authHeaderField[0]) - if len(sms1) != 6 { + if len(sms1) != 7 { return nil, errors.New("bad Authorization header field") } signedHeaderFieldsNames := strings.Split(sms1["signed_header_fields"], ";") @@ -95,7 +96,7 @@ func (center *Center) AuthenticationPassed(request *http.Request) (*service.Bear if err != nil { return nil, errors.Wrap(err, "failed to parse x-amz-date header field") } - accessKeyID := sms1["access_key_id"] + accessKeyID := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) bearerToken, secretAccessKey, err := center.fetchBearerToken(accessKeyID) if err != nil { return nil, errors.Wrap(err, "failed to fetch bearer token")