Merge pull request #20 from nspcc-dev/fix/19-fix-accesskey-regexp

[#19] Bug with AccessKey
This commit is contained in:
Evgeniy Kulikov 2020-08-19 16:56:45 +03:00 committed by GitHub
commit 4dd33ff237

View file

@ -4,6 +4,7 @@ import (
"bytes" "bytes"
"context" "context"
"crypto/ecdsa" "crypto/ecdsa"
"fmt"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"regexp" "regexp"
@ -22,7 +23,7 @@ import (
"go.uber.org/zap" "go.uber.org/zap"
) )
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`) var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)/(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
@ -84,7 +85,7 @@ func (center *Center) AuthenticationPassed(request *http.Request) (*service.Bear
return nil, errors.New("unsupported request: wrong length of Authorization header field") return nil, errors.New("unsupported request: wrong length of Authorization header field")
} }
sms1 := center.submatcher.getSubmatches(authHeaderField[0]) sms1 := center.submatcher.getSubmatches(authHeaderField[0])
if len(sms1) != 6 { if len(sms1) != 7 {
return nil, errors.New("bad Authorization header field") return nil, errors.New("bad Authorization header field")
} }
signedHeaderFieldsNames := strings.Split(sms1["signed_header_fields"], ";") signedHeaderFieldsNames := strings.Split(sms1["signed_header_fields"], ";")
@ -95,7 +96,7 @@ func (center *Center) AuthenticationPassed(request *http.Request) (*service.Bear
if err != nil { if err != nil {
return nil, errors.Wrap(err, "failed to parse x-amz-date header field") return nil, errors.Wrap(err, "failed to parse x-amz-date header field")
} }
accessKeyID := sms1["access_key_id"] accessKeyID := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
bearerToken, secretAccessKey, err := center.fetchBearerToken(accessKeyID) bearerToken, secretAccessKey, err := center.fetchBearerToken(accessKeyID)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "failed to fetch bearer token") return nil, errors.Wrap(err, "failed to fetch bearer token")