From e11f9110b63ea8cb7142b23bfb83e54dac75e42b Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Thu, 21 May 2015 19:20:23 -0700
Subject: [PATCH] add missing validate access keys after being extracted from
 AuthHeader

---
 pkg/api/api_generic_handlers.go |  4 ++++
 pkg/utils/crypto/keys/common.go | 34 +++++++++++++++------------------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/pkg/api/api_generic_handlers.go b/pkg/api/api_generic_handlers.go
index 2da6ef53f..139a12cc3 100644
--- a/pkg/api/api_generic_handlers.go
+++ b/pkg/api/api_generic_handlers.go
@@ -23,6 +23,7 @@ import (
 	"time"
 
 	"github.com/minio/minio/pkg/api/config"
+	"github.com/minio/minio/pkg/utils/crypto/keys"
 )
 
 type contentTypeHandler struct {
@@ -78,6 +79,9 @@ func stripAuth(r *http.Request) (*auth, error) {
 	a.signedheaders = strings.Split(signedheaders, "=")[1]
 	a.signature = strings.Split(signature, "=")[1]
 	a.accessKey = strings.Split(a.credential, "/")[0]
+	if !keys.IsValidAccessKey(a.accessKey) {
+		return nil, errors.New("Invalid access key")
+	}
 	return a, nil
 }
 
diff --git a/pkg/utils/crypto/keys/common.go b/pkg/utils/crypto/keys/common.go
index 42410e004..9f94f08b7 100644
--- a/pkg/utils/crypto/keys/common.go
+++ b/pkg/utils/crypto/keys/common.go
@@ -16,6 +16,8 @@
 
 package keys
 
+import "regexp"
+
 // AccessID and SecretID length in bytes
 const (
 	MinioAccessID = 20
@@ -24,26 +26,20 @@ const (
 
 /// helpers
 
-// Is alphanumeric?
-func isalnum(c byte) bool {
-	return '0' <= c && c <= '9' || 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z'
+// IsValidSecretKey - validate secret key
+func IsValidSecretKey(secretAccessKey string) bool {
+	if secretAccessKey == "" {
+		return true
+	}
+	regex := regexp.MustCompile("^.{40}$")
+	return regex.MatchString(secretAccessKey)
 }
 
-// IsValidAccessKey - validate access key for only alphanumeric characters
-func IsValidAccessKey(key []byte) bool {
-	for _, char := range key {
-		if isalnum(char) {
-			continue
-		}
-		switch char {
-		case '-':
-		case '.':
-		case '_':
-		case '~':
-			continue
-		default:
-			return false
-		}
+// IsValidAccessKey - validate access key
+func IsValidAccessKey(accessKeyID string) bool {
+	if accessKeyID == "" {
+		return true
 	}
-	return true
+	regex := regexp.MustCompile("^[A-Z0-9\\-\\.\\_\\~]{20}$")
+	return regex.MatchString(accessKeyID)
 }