@ -33,14 +33,13 @@ import (
)
const (
expirationDateFormat = "2006-01-02T15:04:05.999Z"
iso8601DateFormat = "20060102T150405Z"
)
func newPostPolicyBytesV4WithContentRange ( credential , bucketName , objectKey string , expiration time . Time ) [ ] byte {
t := UTCNow ( )
// Add the expiration date.
expirationStr := fmt . Sprintf ( ` "expiration": "%s" ` , expiration . Format ( expirationDat eFormat) )
expirationStr := fmt . Sprintf ( ` "expiration": "%s" ` , expiration . Format ( iso8601Tim eFormat) )
// Add the bucket condition, only accept buckets equal to the one passed.
bucketConditionStr := fmt . Sprintf ( ` ["eq", "$bucket", "%s"] ` , bucketName )
// Add the key condition, only accept keys equal to the one passed.
@ -71,7 +70,7 @@ func newPostPolicyBytesV4WithContentRange(credential, bucketName, objectKey stri
func newPostPolicyBytesV4 ( credential , bucketName , objectKey string , expiration time . Time ) [ ] byte {
t := UTCNow ( )
// Add the expiration date.
expirationStr := fmt . Sprintf ( ` "expiration": "%s" ` , expiration . Format ( expirationDat eFormat) )
expirationStr := fmt . Sprintf ( ` "expiration": "%s" ` , expiration . Format ( iso8601Tim eFormat) )
// Add the bucket condition, only accept buckets equal to the one passed.
bucketConditionStr := fmt . Sprintf ( ` ["eq", "$bucket", "%s"] ` , bucketName )
// Add the key condition, only accept keys equal to the one passed.
@ -98,7 +97,7 @@ func newPostPolicyBytesV4(credential, bucketName, objectKey string, expiration t
// newPostPolicyBytesV2 - creates a bare bones postpolicy string with key and bucket matches.
func newPostPolicyBytesV2 ( bucketName , objectKey string , expiration time . Time ) [ ] byte {
// Add the expiration date.
expirationStr := fmt . Sprintf ( ` "expiration": "%s" ` , expiration . Format ( expirationDat eFormat) )
expirationStr := fmt . Sprintf ( ` "expiration": "%s" ` , expiration . Format ( iso8601Tim eFormat) )
// Add the bucket condition, only accept buckets equal to the one passed.
bucketConditionStr := fmt . Sprintf ( ` ["eq", "$bucket", "%s"] ` , bucketName )
// Add the key condition, only accept keys equal to the one passed.
@ -264,7 +263,7 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
expectedRespStatus : http . StatusNoContent ,
accessKey : credentials . AccessKey ,
secretKey : credentials . SecretKey ,
dates : [ ] interface { } { curTimePlus5Min . Format ( expirationDat eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
dates : [ ] interface { } { curTimePlus5Min . Format ( iso8601Tim eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
policy : ` { "expiration": "%s","conditions":[["eq", "$bucket", " ` + bucketName + ` "], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", " ` + credentials . AccessKey + ` /%s/us-east-1/s3/aws4_request"],["eq", "$x-amz-meta-uuid", "1234"]]} ` ,
} ,
// Corrupted Base 64 result
@ -274,7 +273,7 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
expectedRespStatus : http . StatusBadRequest ,
accessKey : credentials . AccessKey ,
secretKey : credentials . SecretKey ,
dates : [ ] interface { } { curTimePlus5Min . Format ( expirationDat eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
dates : [ ] interface { } { curTimePlus5Min . Format ( iso8601Tim eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
policy : ` { "expiration": "%s","conditions":[["eq", "$bucket", " ` + bucketName + ` "], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", " ` + credentials . AccessKey + ` /%s/us-east-1/s3/aws4_request"]]} ` ,
corruptedBase64 : true ,
} ,
@ -285,7 +284,7 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
expectedRespStatus : http . StatusBadRequest ,
accessKey : credentials . AccessKey ,
secretKey : credentials . SecretKey ,
dates : [ ] interface { } { curTimePlus5Min . Format ( expirationDat eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
dates : [ ] interface { } { curTimePlus5Min . Format ( iso8601Tim eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
policy : ` { "expiration": "%s","conditions":[["eq", "$bucket", " ` + bucketName + ` "], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", " ` + credentials . AccessKey + ` /%s/us-east-1/s3/aws4_request"]]} ` ,
corruptedMultipart : true ,
} ,
@ -307,7 +306,7 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
expectedRespStatus : http . StatusForbidden ,
accessKey : credentials . AccessKey ,
secretKey : credentials . SecretKey ,
dates : [ ] interface { } { curTime . Add ( - 1 * time . Minute * 5 ) . Format ( expirationDat eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
dates : [ ] interface { } { curTime . Add ( - 1 * time . Minute * 5 ) . Format ( iso8601Tim eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
policy : ` { "expiration": "%s","conditions":[["eq", "$bucket", " ` + bucketName + ` "], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", " ` + credentials . AccessKey + ` /%s/us-east-1/s3/aws4_request"]]} ` ,
} ,
// Corrupted policy document
@ -317,7 +316,7 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
expectedRespStatus : http . StatusForbidden ,
accessKey : credentials . AccessKey ,
secretKey : credentials . SecretKey ,
dates : [ ] interface { } { curTimePlus5Min . Format ( expirationDat eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
dates : [ ] interface { } { curTimePlus5Min . Format ( iso8601Tim eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) } ,
policy : ` { "3/aws4_request"]]} ` ,
} ,
}
@ -460,7 +459,7 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
rec := httptest . NewRecorder ( )
dates := [ ] interface { } { curTimePlus5Min . Format ( expirationDat eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) }
dates := [ ] interface { } { curTimePlus5Min . Format ( iso8601Tim eFormat) , curTime . Format ( iso8601DateFormat ) , curTime . Format ( yyyymmdd ) }
policy := ` { "expiration": "%s","conditions":[["eq", "$bucket", " ` + bucketName + ` "], { "success_action_redirect":" ` + redirectURL . String ( ) + ` "},["starts-with", "$key", "test/"], ["eq", "$x-amz-meta-uuid", "1234"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", " ` + credentials . AccessKey + ` /%s/us-east-1/s3/aws4_request"]]} `
// Generate the final policy document