mirror of
https://github.com/minio/mc.git
synced 2025-11-10 13:42:32 +03:00
fix: make sure to set the right sse-kms key (#4967)
This commit is contained in:
Harshavardhana
GitHub
@@ -200,26 +200,25 @@ func parseSSEKey(sseKey string, keyType sseKeyType) (
|
|||||||
|
|
||||||
separatorIndex := bytes.LastIndex(sseKeyBytes, []byte("="))
|
separatorIndex := bytes.LastIndex(sseKeyBytes, []byte("="))
|
||||||
if separatorIndex < 0 {
|
if separatorIndex < 0 {
|
||||||
|
if keyType == sseS3 {
|
||||||
|
alias, prefix = splitKey(sseKey)
|
||||||
|
return
|
||||||
|
}
|
||||||
err = errSSEKeyMissing().Trace(sseKey)
|
err = errSSEKeyMissing().Trace(sseKey)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
encodedKey := string(sseKeyBytes[separatorIndex+1:])
|
|
||||||
if separatorIndex == len(sseKeyBytes)-1 {
|
if separatorIndex == len(sseKeyBytes)-1 {
|
||||||
err = errSSEKeyMissing().Trace(sseKey)
|
err = errSSEKeyMissing().Trace(sseKey)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
encodedKey := string(sseKeyBytes[separatorIndex+1:])
|
||||||
alias, prefix = splitKey(string(sseKeyBytes[:separatorIndex]))
|
alias, prefix = splitKey(string(sseKeyBytes[:separatorIndex]))
|
||||||
|
|
||||||
if keyType == sseS3 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
if keyType == sseKMS {
|
if keyType == sseKMS {
|
||||||
if !validKMSKeyName(encodedKey) {
|
if !validKMSKeyName(encodedKey) {
|
||||||
err = errSSEKMSKeyFormat(fmt.Sprintf("Key (%s) is badly formatted.", encodedKey)).Trace(sseKey)
|
err = errSSEKMSKeyFormat(fmt.Sprintf("Key (%s) is badly formatted.", encodedKey)).Trace(sseKey)
|
||||||
}
|
}
|
||||||
|
key = encodedKey
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -26,6 +26,8 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
baseAlias := "mintest"
|
baseAlias := "mintest"
|
||||||
basePrefix := "two/layer/prefix"
|
basePrefix := "two/layer/prefix"
|
||||||
baseObject := "object_name"
|
baseObject := "object_name"
|
||||||
|
sseKeyKMS := "my-default-key"
|
||||||
|
sseKeyKMSInvalid := "my@default@key"
|
||||||
sseKey := "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDA"
|
sseKey := "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDA"
|
||||||
sseKeyPlain := "01234567890123456789012345678900"
|
sseKeyPlain := "01234567890123456789012345678900"
|
||||||
sseHexKey := "3031323334353637383930313233343536373839303132333435363738393030"
|
sseHexKey := "3031323334353637383930313233343536373839303132333435363738393030"
|
||||||
@@ -52,6 +54,7 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
alias: baseAlias,
|
alias: baseAlias,
|
||||||
prefix: basePrefix,
|
prefix: basePrefix,
|
||||||
object: baseObject,
|
object: baseObject,
|
||||||
|
sseType: sseC,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -60,6 +63,7 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
alias: baseAlias,
|
alias: baseAlias,
|
||||||
prefix: basePrefix,
|
prefix: basePrefix,
|
||||||
object: baseObject,
|
object: baseObject,
|
||||||
|
sseType: sseC,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -68,6 +72,7 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
alias: baseAlias + "=",
|
alias: baseAlias + "=",
|
||||||
prefix: basePrefix + "=",
|
prefix: basePrefix + "=",
|
||||||
object: baseObject + "=",
|
object: baseObject + "=",
|
||||||
|
sseType: sseC,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -76,6 +81,7 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
alias: baseAlias + "/",
|
alias: baseAlias + "/",
|
||||||
prefix: basePrefix + "/",
|
prefix: basePrefix + "/",
|
||||||
object: baseObject + "/",
|
object: baseObject + "/",
|
||||||
|
sseType: sseC,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -84,6 +90,7 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
alias: baseAlias,
|
alias: baseAlias,
|
||||||
prefix: basePrefix,
|
prefix: basePrefix,
|
||||||
object: baseObject + "=",
|
object: baseObject + "=",
|
||||||
|
sseType: sseC,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -92,36 +99,67 @@ func TestParseEncryptionKeys(t *testing.T) {
|
|||||||
alias: baseAlias,
|
alias: baseAlias,
|
||||||
prefix: basePrefix,
|
prefix: basePrefix,
|
||||||
object: baseObject + "!@_==_$^&*",
|
object: baseObject + "!@_==_$^&*",
|
||||||
|
sseType: sseC,
|
||||||
success: true,
|
success: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
encryptionKey: fmt.Sprintf("%s/%s/%s=%sXXXXX", baseAlias, basePrefix, baseObject, sseKey),
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%sXXXXX", baseAlias, basePrefix, baseObject, sseKey),
|
||||||
|
sseType: sseC,
|
||||||
success: false,
|
success: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidShort),
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidShort),
|
||||||
|
sseType: sseC,
|
||||||
success: false,
|
success: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSymbols),
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSymbols),
|
||||||
|
sseType: sseC,
|
||||||
success: false,
|
success: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSpaces),
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSpaces),
|
||||||
|
sseType: sseC,
|
||||||
success: false,
|
success: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidPrefixSpace),
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidPrefixSpace),
|
||||||
|
sseType: sseC,
|
||||||
success: false,
|
success: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
encryptionKey: fmt.Sprintf("%s/%s/%s==%s", baseAlias, basePrefix, baseObject, sseKeyInvalidOneShort),
|
encryptionKey: fmt.Sprintf("%s/%s/%s==%s", baseAlias, basePrefix, baseObject, sseKeyInvalidOneShort),
|
||||||
|
sseType: sseC,
|
||||||
success: false,
|
success: false,
|
||||||
},
|
},
|
||||||
|
// sse-type KMS
|
||||||
|
{
|
||||||
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyKMS),
|
||||||
|
keyPlain: sseKeyKMS,
|
||||||
|
alias: baseAlias,
|
||||||
|
prefix: basePrefix,
|
||||||
|
object: baseObject,
|
||||||
|
sseType: sseKMS,
|
||||||
|
success: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyKMSInvalid),
|
||||||
|
sseType: sseKMS,
|
||||||
|
success: false,
|
||||||
|
},
|
||||||
|
// sse-type S3
|
||||||
|
{
|
||||||
|
encryptionKey: fmt.Sprintf("%s/%s/%s", baseAlias, basePrefix, baseObject),
|
||||||
|
alias: baseAlias,
|
||||||
|
prefix: basePrefix,
|
||||||
|
object: baseObject,
|
||||||
|
sseType: sseS3,
|
||||||
|
success: true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, tc := range testCases {
|
for i, tc := range testCases {
|
||||||
alias, prefix, key, err := parseSSEKey(tc.encryptionKey, sseC)
|
alias, prefix, key, err := parseSSEKey(tc.encryptionKey, tc.sseType)
|
||||||
if tc.success {
|
if tc.success {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Test %d: Expected success, got %s", i+1, err)
|
t.Fatalf("Test %d: Expected success, got %s", i+1, err)
|
||||||
|
|||||||
Reference in New Issue
Block a user