[#218] Add check content sha256 header

The X-Amz-Content-Sha256 header check is done only for unencrypted payload.

Signed-off-by: Roman Loginov <r.loginov@yadro.com>

api/handler/put_test.go

@@ -208,6 +208,63 @@ func TestPutObjectWithEnabledMD5(t *testing.T) {
 	require.Equal(t, data.Quote(hex.EncodeToString(md5Hash.Sum(nil))), w.Header().Get(api.ETag))
 }
 
+func TestPutObjectCheckContentSHA256(t *testing.T) {
+	hc := prepareHandlerContext(t)
+
+	bktName, objName := "bucket-for-put", "object-for-put"
+	createTestBucket(hc, bktName)
+
+	for _, tc := range []struct {
+		name    string
+		hash    string
+		content []byte
+		error   bool
+	}{
+		{
+			name:    "invalid hash value",
+			hash:    "d1b2a59fbea7e20077af9f91b27e95e865061b270be03ff539ab3b73587882e8",
+			content: []byte("content"),
+			error:   true,
+		},
+		{
+			name:    "correct hash for empty payload",
+			hash:    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+			content: []byte(""),
+			error:   false,
+		},
+		{
+			name:    "unsigned payload",
+			hash:    "UNSIGNED-PAYLOAD",
+			content: []byte("content"),
+			error:   false,
+		},
+		{
+			name:    "correct hash",
+			hash:    "ed7002b439e9ac845f22357d822bac1444730fbdb6016d3ec9432297b9ec9f73",
+			content: []byte("content"),
+			error:   false,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			w, r := prepareTestPayloadRequest(hc, bktName, objName, bytes.NewReader(tc.content))
+			r.Header.Set("X-Amz-Content-Sha256", tc.hash)
+			hc.Handler().PutObjectHandler(w, r)
+
+			if tc.error {
+				assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrContentSHA256Mismatch))
+
+				w, r := prepareTestRequest(hc, bktName, objName, nil)
+				hc.Handler().GetObjectHandler(w, r)
+
+				assertStatus(t, w, http.StatusNotFound)
+				return
+			}
+
+			assertStatus(t, w, http.StatusOK)
+		})
+	}
+}
+
 func TestPutObjectWithStreamBodyAWSExample(t *testing.T) {
 	hc := prepareHandlerContext(t)