Generate and use access/secret keys properly (#3498)

master
Bala FA 8 years ago committed by Harshavardhana
parent 6ee27daac1
commit e8ce3b64ed
  1. 91
      cmd/access-key.go
  2. 2
      cmd/admin-handlers_test.go
  3. 4
      cmd/admin-rpc-client.go
  4. 2
      cmd/admin-rpc-server_test.go
  5. 23
      cmd/api-headers.go
  6. 2
      cmd/api-headers_test.go
  7. 2
      cmd/auth-handler_test.go
  8. 2
      cmd/auth-rpc-client.go
  9. 4
      cmd/browser-peer-rpc.go
  10. 8
      cmd/browser-peer-rpc_test.go
  11. 62
      cmd/bucket-handlers_test.go
  12. 8
      cmd/bucket-notification-handlers_test.go
  13. 62
      cmd/bucket-policy-handlers_test.go
  14. 4
      cmd/config-migrate.go
  15. 8
      cmd/config-migrate_test.go
  16. 12
      cmd/config-old.go
  17. 2
      cmd/config-v11.go
  18. 74
      cmd/credential.go
  19. 2
      cmd/lock-instrument.go
  20. 2
      cmd/lock-rpc-server_test.go
  21. 6
      cmd/login-server_test.go
  22. 8
      cmd/main.go
  23. 4
      cmd/namespace-lock.go
  24. 230
      cmd/object-handlers_test.go
  25. 58
      cmd/post-policy_test.go
  26. 2
      cmd/prepare-storage-msg.go
  27. 4
      cmd/s3-peer-client.go
  28. 8
      cmd/server-startup-msg.go
  29. 10
      cmd/server_test.go
  30. 16
      cmd/signature-jwt.go
  31. 6
      cmd/signature-jwt_test.go
  32. 16
      cmd/signature-v2.go
  33. 16
      cmd/signature-v2_test.go
  34. 2
      cmd/signature-v4-parser.go
  35. 14
      cmd/signature-v4.go
  36. 6
      cmd/signature-v4_test.go
  37. 4
      cmd/storage-rpc-client.go
  38. 4
      cmd/storage-rpc-server_test.go
  39. 6
      cmd/streaming-signature-v4.go
  40. 20
      cmd/test-utils_test.go
  41. 22
      cmd/web-handlers.go
  42. 38
      cmd/web-handlers_test.go

@ -1,91 +0,0 @@
/*
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package cmd
import (
"crypto/rand"
"encoding/base64"
)
// credential container for access and secret keys.
type credential struct {
AccessKeyID string `json:"accessKey"`
SecretAccessKey string `json:"secretKey"`
}
const (
accessKeyMinLen = 5
accessKeyMaxLen = 20
secretKeyMinLen = 8
secretKeyMaxLen = 40
)
// isValidAccessKey - validate access key for right length.
func isValidAccessKey(accessKey string) bool {
return len(accessKey) >= accessKeyMinLen && len(accessKey) <= accessKeyMaxLen
}
// isValidSecretKey - validate secret key for right length.
func isValidSecretKey(secretKey string) bool {
return len(secretKey) >= secretKeyMinLen && len(secretKey) <= secretKeyMaxLen
}
// mustGenAccessKeys - must generate access credentials.
func mustGenAccessKeys() (creds credential) {
creds, err := genAccessKeys()
fatalIf(err, "Unable to generate access keys.")
return creds
}
// genAccessKeys - generate access credentials.
func genAccessKeys() (credential, error) {
accessKeyID, err := genAccessKeyID()
if err != nil {
return credential{}, err
}
secretAccessKey, err := genSecretAccessKey()
if err != nil {
return credential{}, err
}
creds := credential{
AccessKeyID: string(accessKeyID),
SecretAccessKey: string(secretAccessKey),
}
return creds, nil
}
// genAccessKeyID - generate random alpha numeric value using only uppercase characters
// takes input as size in integer
func genAccessKeyID() ([]byte, error) {
alpha := make([]byte, accessKeyMaxLen)
if _, err := rand.Read(alpha); err != nil {
return nil, err
}
for i := 0; i < accessKeyMaxLen; i++ {
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
}
return alpha, nil
}
// genSecretAccessKey - generate random base64 numeric value from a random seed.
func genSecretAccessKey() ([]byte, error) {
rb := make([]byte, secretKeyMaxLen)
if _, err := rand.Read(rb); err != nil {
return nil, err
}
return []byte(base64.StdEncoding.EncodeToString(rb))[:secretKeyMaxLen], nil
}

@ -83,7 +83,7 @@ func getAdminCmdRequest(cmd cmdType, cred credential) (*http.Request, error) {
return nil, err
}
req.Header.Set(minioAdminOpHeader, cmd.String())
err = signRequestV4(req, cred.AccessKeyID, cred.SecretAccessKey)
err = signRequestV4(req, cred.AccessKey, cred.SecretKey)
if err != nil {
return nil, err
}

@ -109,8 +109,8 @@ func makeAdminPeers(eps []*url.URL) adminPeers {
// Check if the remote host has been added already
if !seenAddr[ep.Host] {
cfg := authConfig{
accessKey: serverConfig.GetCredential().AccessKeyID,
secretKey: serverConfig.GetCredential().SecretAccessKey,
accessKey: serverConfig.GetCredential().AccessKey,
secretKey: serverConfig.GetCredential().SecretKey,
address: ep.Host,
secureConn: isSSL(),
path: path.Join(reservedBucket, servicePath),

@ -31,7 +31,7 @@ func testAdminCmd(cmd cmdType, t *testing.T) {
adminServer := serviceCmd{}
creds := serverConfig.GetCredential()
reply := RPCLoginReply{}
args := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey}
args := RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey}
err = adminServer.LoginHandler(&args, &reply)
if err != nil {
t.Fatalf("Failed to login to admin server - %v", err)

@ -25,23 +25,26 @@ import (
"strconv"
)
// Static alphanumeric table used for generating unique request ids
var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
const requestIDLen = 16
// newRequestID generates and returns request ID string.
func newRequestID() string {
alpha := make([]byte, 16)
rand.Read(alpha)
for i := 0; i < 16; i++ {
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
// mustGetRequestID generates and returns request ID string.
func mustGetRequestID() string {
reqBytes := make([]byte, requestIDLen)
if _, err := rand.Read(reqBytes); err != nil {
panic(err)
}
return string(alpha)
for i := 0; i < requestIDLen; i++ {
reqBytes[i] = alphaNumericTable[reqBytes[i]%alphaNumericTableLen]
}
return string(reqBytes)
}
// Write http common headers
func setCommonHeaders(w http.ResponseWriter) {
// Set unique request ID for each reply.
w.Header().Set("X-Amz-Request-Id", newRequestID())
w.Header().Set("X-Amz-Request-Id", mustGetRequestID())
w.Header().Set("Server", ("Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"))
w.Header().Set("Accept-Ranges", "bytes")
}

@ -22,7 +22,7 @@ import (
func TestNewRequestID(t *testing.T) {
// Ensure that it returns an alphanumeric result of length 16.
var id = newRequestID()
var id = mustGetRequestID()
if len(id) != 16 {
t.Fail()

@ -301,7 +301,7 @@ func mustNewRequest(method string, urlStr string, contentLength int64, body io.R
func mustNewSignedRequest(method string, urlStr string, contentLength int64, body io.ReadSeeker, t *testing.T) *http.Request {
req := mustNewRequest(method, urlStr, contentLength, body, t)
cred := serverConfig.GetCredential()
if err := signRequestV4(req, cred.AccessKeyID, cred.SecretAccessKey); err != nil {
if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
t.Fatalf("Unable to inititalized new signed http request %s", err)
}
return req

@ -74,7 +74,7 @@ func isRPCTokenValid(tokenStr string) bool {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(jwt.SecretAccessKey), nil
return []byte(jwt.SecretKey), nil
})
if err != nil {
errorIf(err, "Unable to parse JWT token string")

@ -103,8 +103,8 @@ func updateCredsOnPeers(creds credential) map[string]error {
// Initialize client
client := newAuthClient(&authConfig{
accessKey: serverConfig.GetCredential().AccessKeyID,
secretKey: serverConfig.GetCredential().SecretAccessKey,
accessKey: serverConfig.GetCredential().AccessKey,
secretKey: serverConfig.GetCredential().SecretKey,
address: peers[ix],
secureConn: isSSL(),
path: path.Join(reservedBucket, browserPeerPath),

@ -63,8 +63,8 @@ func TestBrowserPeerRPC(t *testing.T) {
func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
// Construct RPC call arguments.
creds := credential{
AccessKeyID: "abcd1",
SecretAccessKey: "abcd1234",
AccessKey: "abcd1",
SecretKey: "abcd1234",
}
// Validate for invalid token.
@ -105,8 +105,8 @@ func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
// Validate for success in loing handled with valid credetnails.
rargs = &RPCLoginArgs{
Username: creds.AccessKeyID,
Password: creds.SecretAccessKey,
Username: creds.AccessKey,
Password: creds.SecretKey,
}
rreply = &RPCLoginReply{}
err = rclient.Call("BrowserPeer.LoginHandler", rargs, rreply)

@ -50,8 +50,8 @@ func testGetBucketLocationHandler(obj ObjectLayer, instanceType, bucketName stri
// Tests for authenticated request and proper response.
{
bucketName: bucketName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
locationResponse: []byte(`<?xml version="1.0" encoding="UTF-8"?>
<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></LocationConstraint>`),
@ -192,16 +192,16 @@ func testHeadBucketHandler(obj ObjectLayer, instanceType, bucketName string, api
// Bucket exists.
{
bucketName: bucketName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
},
// Test case - 2.
// Non-existent bucket name.
{
bucketName: "2333",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
// Test case - 3.
@ -311,8 +311,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "",
maxUploads: "0",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
shouldPass: false,
},
@ -325,8 +325,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "",
maxUploads: "0",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
shouldPass: false,
},
@ -339,8 +339,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "-",
maxUploads: "0",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotImplemented,
shouldPass: false,
},
@ -353,8 +353,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "",
maxUploads: "0",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotImplemented,
shouldPass: false,
},
@ -367,8 +367,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "abc",
delimiter: "",
maxUploads: "0",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotImplemented,
shouldPass: false,
},
@ -381,8 +381,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "",
maxUploads: "-1",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
shouldPass: false,
},
@ -396,8 +396,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "/",
maxUploads: "100",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
shouldPass: true,
},
@ -410,8 +410,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "",
delimiter: "",
maxUploads: "100",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
shouldPass: true,
},
@ -535,8 +535,8 @@ func testListBucketsHandler(obj ObjectLayer, instanceType, bucketName string, ap
// Validate a good case request succeeds.
{
bucketName: bucketName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
},
// Test case - 2.
@ -684,7 +684,7 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
bucket: bucketName,
objects: successRequest0,
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedContent: nil,
expectedRespStatus: http.StatusForbidden,
},
@ -693,8 +693,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
{
bucket: bucketName,
objects: successRequest0,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodedSuccessResponse0,
expectedRespStatus: http.StatusOK,
},
@ -703,8 +703,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
{
bucket: bucketName,
objects: successRequest1,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodedSuccessResponse1,
expectedRespStatus: http.StatusOK,
},
@ -713,8 +713,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
{
bucket: bucketName,
objects: successRequest1,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodedErrorResponse,
expectedRespStatus: http.StatusOK,
},

@ -209,7 +209,7 @@ func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName
}
rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
}
@ -222,7 +222,7 @@ func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName
}
rec = httptest.NewRecorder()
req, err = newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
}
@ -268,7 +268,7 @@ func testListenBucketNotificationNilHandler(obj ObjectLayer, instanceType, bucke
[]string{"*.jpg"}, []string{
"s3:ObjectCreated:*",
"s3:ObjectRemoved:*",
}), 0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
}), 0, nil, credentials.AccessKey, credentials.SecretKey)
if tErr != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, tErr)
}
@ -294,7 +294,7 @@ func testRemoveNotificationConfig(obj ObjectLayer, instanceType, bucketName stri
testRec := httptest.NewRecorder()
testReq, tErr := newTestSignedRequestV4("PUT", getPutBucketNotificationURL("", randBucket),
int64(len(sampleNotificationBytes)), bytes.NewReader(sampleNotificationBytes),
credentials.AccessKeyID, credentials.SecretAccessKey)
credentials.AccessKey, credentials.SecretKey)
if tErr != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for PutBucketNotification: <ERROR> %v", instanceType, tErr)
}

@ -277,8 +277,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent,
},
// Test case - 2.
@ -289,8 +289,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: maxAccessPolicySize + 1,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 3.
@ -301,8 +301,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: 0,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusLengthRequired,
},
// Test case - 4.
@ -312,8 +312,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: nil,
policyLen: 10,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 5.
@ -336,8 +336,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte("dummy-policy")),
policyLen: len([]byte("dummy-policy")),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 7.
@ -348,8 +348,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 8.
@ -361,8 +361,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, "non-existent-bucket", "non-existent-bucket"))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
// Test case - 9.
@ -374,8 +374,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, ".invalid-bucket", ".invalid-bucket"))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
}
@ -469,7 +469,7 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// expected Response.
expectedRespStatus int
}{
{bucketName, credentials.AccessKeyID, credentials.SecretAccessKey, http.StatusNoContent},
{bucketName, credentials.AccessKey, credentials.SecretKey, http.StatusNoContent},
}
// Iterating over the cases and writing the bucket policy.
@ -520,8 +520,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// Case which valid inputs, expected to return success status of 200OK.
{
bucketName: bucketName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedBucketPolicy: bucketPolicyTemplate,
expectedRespStatus: http.StatusOK,
},
@ -529,8 +529,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// Case with non-existent bucket name.
{
bucketName: "non-existent-bucket",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedBucketPolicy: bucketPolicyTemplate,
expectedRespStatus: http.StatusNotFound,
},
@ -538,8 +538,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// Case with invalid bucket name.
{
bucketName: ".invalid-bucket-name",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedBucketPolicy: "",
expectedRespStatus: http.StatusBadRequest,
},
@ -693,8 +693,8 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
}{
{
bucketName: bucketName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent,
},
}
@ -731,24 +731,24 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
// Test case - 1.
{
bucketName: bucketName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent,
},
// Test case - 2.
// Case with non-existent-bucket.
{
bucketName: "non-existent-bucket",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
// Test case - 3.
// Case with invalid bucket name.
{
bucketName: ".invalid-bucket-name",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
}

@ -112,8 +112,8 @@ func migrateV2ToV3() error {
srvConfig.Version = "3"
srvConfig.Addr = ":9000"
srvConfig.Credential = credential{
AccessKeyID: cv2.Credentials.AccessKeyID,
SecretAccessKey: cv2.Credentials.SecretAccessKey,
AccessKey: cv2.Credentials.AccessKey,
SecretKey: cv2.Credentials.SecretKey,
}
srvConfig.Region = cv2.Credentials.Region
if srvConfig.Region == "" {

@ -148,11 +148,11 @@ func TestServerConfigMigrateV2toV11(t *testing.T) {
}
// Check if accessKey and secretKey are not altered during migration
if serverConfig.Credential.AccessKeyID != accessKey {
t.Fatalf("Access key lost during migration, expected: %v, found:%v", accessKey, serverConfig.Credential.AccessKeyID)
if serverConfig.Credential.AccessKey != accessKey {
t.Fatalf("Access key lost during migration, expected: %v, found:%v", accessKey, serverConfig.Credential.AccessKey)
}
if serverConfig.Credential.SecretAccessKey != secretKey {
t.Fatalf("Secret key lost during migration, expected: %v, found: %v", secretKey, serverConfig.Credential.SecretAccessKey)
if serverConfig.Credential.SecretKey != secretKey {
t.Fatalf("Secret key lost during migration, expected: %v, found: %v", secretKey, serverConfig.Credential.SecretKey)
}
// Initialize server config and check again if everything is fine

@ -10,9 +10,9 @@ import (
/////////////////// Config V1 ///////////////////
type configV1 struct {
Version string `json:"version"`
AccessKeyID string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"`
Version string `json:"version"`
AccessKey string `json:"accessKeyId"`
SecretKey string `json:"secretAccessKey"`
}
// loadConfigV1 load config
@ -41,9 +41,9 @@ func loadConfigV1() (*configV1, error) {
type configV2 struct {
Version string `json:"version"`
Credentials struct {
AccessKeyID string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"`
Region string `json:"region"`
AccessKey string `json:"accessKeyId"`
SecretKey string `json:"secretAccessKey"`
Region string `json:"region"`
} `json:"credentials"`
MongoLogger struct {
Addr string `json:"addr"`

@ -50,7 +50,7 @@ func initConfig() (bool, error) {
srvCfg := &serverConfigV11{}
srvCfg.Version = globalMinioConfigVersion
srvCfg.Region = "us-east-1"
srvCfg.Credential = mustGenAccessKeys()
srvCfg.Credential = newCredential()
// Enable console logger by default on a fresh run.
srvCfg.Logger.Console = consoleLogger{

@ -0,0 +1,74 @@
/*
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package cmd
import (
"crypto/rand"
"encoding/base64"
)
const (
accessKeyMinLen = 5
accessKeyMaxLen = 20
secretKeyMinLen = 8
secretKeyMaxLen = 40
alphaNumericTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
alphaNumericTableLen = byte(len(alphaNumericTable))
)
func mustGetAccessKey() string {
keyBytes := make([]byte, accessKeyMaxLen)
if _, err := rand.Read(keyBytes); err != nil {
panic(err)
}
for i := 0; i < accessKeyMaxLen; i++ {
keyBytes[i] = alphaNumericTable[keyBytes[i]%alphaNumericTableLen]
}
return string(keyBytes)
}
func mustGetSecretKey() string {
keyBytes := make([]byte, secretKeyMaxLen)
if _, err := rand.Read(keyBytes); err != nil {
panic(err)
}
return string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen])
}
// isAccessKeyValid - validate access key for right length.
func isAccessKeyValid(accessKey string) bool {
return len(accessKey) >= accessKeyMinLen && len(accessKey) <= accessKeyMaxLen
}
// isSecretKeyValid - validate secret key for right length.
func isSecretKeyValid(secretKey string) bool {
return len(secretKey) >= secretKeyMinLen && len(secretKey) <= secretKeyMaxLen
}
// credential container for access and secret keys.
type credential struct {
AccessKey string `json:"accessKey"`
SecretKey string `json:"secretKey"`
}
func newCredential() credential {
return credential{mustGetAccessKey(), mustGetSecretKey()}
}

@ -268,5 +268,5 @@ func (n *nsLockMap) deleteLockInfoEntryForOps(param nsParam, opsID string) error
// Return randomly generated string ID
func getOpsID() string {
return newRequestID()
return mustGetRequestID()
}

@ -55,7 +55,7 @@ func createLockTestServer(t *testing.T) (string, *lockServer, string) {
lockMap: make(map[string][]lockRequesterInfo),
}
creds := serverConfig.GetCredential()
loginArgs := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey}
loginArgs := RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey}
loginReply := RPCLoginReply{}
err = locker.LoginHandler(&loginArgs, &loginReply)
if err != nil {

@ -32,7 +32,7 @@ func TestLoginHandler(t *testing.T) {
}{
// Valid username and password
{
args: RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey},
args: RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey},
expectedErr: nil,
},
// Invalid username length
@ -47,12 +47,12 @@ func TestLoginHandler(t *testing.T) {
},
// Invalid username
{
args: RPCLoginArgs{Username: "aaaaa", Password: creds.SecretAccessKey},
args: RPCLoginArgs{Username: "aaaaa", Password: creds.SecretKey},
expectedErr: errInvalidAccessKeyID,
},
// Invalid password
{
args: RPCLoginArgs{Username: creds.AccessKeyID, Password: "aaaaaaaa"},
args: RPCLoginArgs{Username: creds.AccessKey, Password: "aaaaaaaa"},
expectedErr: errAuthentication,
},
}

@ -189,14 +189,14 @@ func minioInit() {
if accessKey != "" && secretKey != "" {
// Set new credentials.
serverConfig.SetCredential(credential{
AccessKeyID: accessKey,
SecretAccessKey: secretKey,
AccessKey: accessKey,
SecretKey: secretKey,
})
}
if !isValidAccessKey(serverConfig.GetCredential().AccessKeyID) {
if !isAccessKeyValid(serverConfig.GetCredential().AccessKey) {
fatalIf(errInvalidArgument, "Invalid access key. Accept only a string starting with a alphabetic and containing from 5 to 20 characters.")
}
if !isValidSecretKey(serverConfig.GetCredential().SecretAccessKey) {
if !isSecretKeyValid(serverConfig.GetCredential().SecretKey) {
fatalIf(errInvalidArgument, "Invalid secret key. Accept only a string containing from 8 to 40 characters.")
}

@ -40,8 +40,8 @@ func initDsyncNodes(eps []*url.URL) error {
return errInvalidArgument
}
clnts[index] = newAuthClient(&authConfig{
accessKey: cred.AccessKeyID,
secretKey: cred.SecretAccessKey,
accessKey: cred.AccessKey,
secretKey: cred.SecretKey,
// Construct a new dsync server addr.
secureConn: isSSL(),
address: ep.Host,

@ -97,8 +97,8 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
{
bucketName: bucketName,
objectName: objectName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
},
// Test case - 2.
@ -106,8 +106,8 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
{
bucketName: bucketName,
objectName: "abcd",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
// Test case - 3.
@ -117,7 +117,7 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName,
objectName: objectName,
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden,
},
}
@ -248,8 +248,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName,
objectName: objectName,
byteRange: "",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: bytesData[0].byteData,
expectedRespStatus: http.StatusOK,
@ -260,8 +260,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName,
objectName: "abcd",
byteRange: "",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey), getGetObjectURL("", bucketName, "abcd"))),
expectedRespStatus: http.StatusNotFound,
@ -272,8 +272,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName,
objectName: objectName,
byteRange: "bytes=10-100",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: bytesData[0].byteData[10:101],
expectedRespStatus: http.StatusPartialContent,
@ -284,8 +284,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName,
objectName: objectName,
byteRange: "bytes=-0",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidRange), getGetObjectURL("", bucketName, objectName))),
expectedRespStatus: http.StatusRequestedRangeNotSatisfiable,
@ -297,8 +297,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName,
objectName: objectName,
byteRange: "bytes=10-1000000000000000",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: bytesData[0].byteData[10:],
expectedRespStatus: http.StatusPartialContent,
@ -311,7 +311,7 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName,
byteRange: "",
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), getGetObjectURL("", bucketName, objectName))),
expectedRespStatus: http.StatusForbidden,
@ -470,8 +470,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 64 * humanize.KiByte,
expectedContent: []byte{},
expectedRespStatus: http.StatusOK,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: true,
},
// Test case - 2
@ -484,8 +484,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1 * humanize.KiByte,
expectedContent: []byte{},
expectedRespStatus: http.StatusOK,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: true,
},
// Test case - 3
@ -512,8 +512,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 64 * humanize.KiByte,
expectedContent: []byte{},
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
removeAuthHeader: true,
},
@ -527,8 +527,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 100 * humanize.KiByte,
expectedContent: []byte{},
expectedRespStatus: http.StatusOK,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
},
// Test case - 6
@ -541,8 +541,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024,
expectedContent: []byte{},
expectedRespStatus: http.StatusInternalServerError,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
fault: malformedEncoding,
},
@ -556,8 +556,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024,
expectedContent: []byte{},
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
fault: unexpectedEOF,
},
@ -571,8 +571,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024,
expectedContent: []byte{},
expectedRespStatus: http.StatusForbidden,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
fault: signatureMismatch,
},
@ -587,8 +587,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024,
expectedContent: []byte{},
expectedRespStatus: http.StatusForbidden,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
fault: chunkDateMismatch,
},
@ -602,8 +602,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024,
expectedContent: []byte{},
expectedRespStatus: http.StatusInternalServerError,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
shouldPass: false,
fault: tooBigDecodedLength,
},
@ -733,8 +733,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName,
data: bytesData,
dataLen: len(bytesData),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
},
@ -746,7 +746,7 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
data: bytesData,
dataLen: len(bytesData),
accessKey: "Wrong-AcessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden,
},
@ -758,8 +758,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
headers: copySourceHeader,
data: bytesData,
dataLen: len(bytesData),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 4.
@ -770,8 +770,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
headers: invalidMD5Header,
data: bytesData,
dataLen: len(bytesData),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 5.
@ -781,8 +781,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName,
data: bytesData,
dataLen: len(bytesData),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
fault: TooBigObject,
expectedRespStatus: http.StatusBadRequest,
},
@ -793,8 +793,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName,
data: bytesData,
dataLen: len(bytesData),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
fault: MissingContentLength,
expectedRespStatus: http.StatusLengthRequired,
},
@ -991,8 +991,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName,
newObjectName: "newObject1",
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK,
},
@ -1003,8 +1003,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName,
newObjectName: "newObject1",
copySourceHeader: url.QueryEscape("/"),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
@ -1014,8 +1014,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName,
newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
@ -1027,8 +1027,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName,
newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + "non-existent-object"),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
@ -1040,19 +1040,19 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: "non-existent-destination-bucket",
newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
// Test case - 6.
// Case with invalid AccessKeyID.
// Case with invalid AccessKey.
{
bucketName: bucketName,
newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden,
},
@ -1175,7 +1175,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
rec := httptest.NewRecorder()
// construct HTTP request for NewMultipart upload.
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1208,7 +1208,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
// construct HTTP request for NewMultipart upload.
// Setting an invalid accessID.
req, err = newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, "Invalid-AccessID", credentials.SecretAccessKey)
0, nil, "Invalid-AccessID", credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1227,7 +1227,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
recV2 := httptest.NewRecorder()
// construct HTTP request for NewMultipartUpload endpoint.
reqV2, err := newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1260,7 +1260,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
// construct HTTP request for NewMultipartUpload endpoint.
// Setting invalid AccessID.
reqV2, err = newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, "Invalid-AccessID", credentials.SecretAccessKey)
0, nil, "Invalid-AccessID", credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1331,7 +1331,7 @@ func testAPINewMultipartHandlerParallel(obj ObjectLayer, instanceType, bucketNam
defer wg.Done()
rec := httptest.NewRecorder()
// construct HTTP request NewMultipartUpload.
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), 0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart request: <ERROR> %v", err)
@ -1527,8 +1527,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: uploadIDs[0],
parts: inputParts[0].parts,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(BadDigest{})),
getGetObjectURL("", bucketName, objectName))),
@ -1542,8 +1542,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: uploadIDs[0],
parts: []completePart{},
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrMalformedXML),
getGetObjectURL("", bucketName, objectName))),
@ -1557,8 +1557,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: "abc",
parts: inputParts[0].parts,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidUploadID{UploadID: "abc"})),
getGetObjectURL("", bucketName, objectName))),
@ -1571,8 +1571,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: uploadIDs[0],
parts: inputParts[1].parts,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(completeMultipartAPIError{int64(4), int64(5242880), 1, "e2fc714c4727ee9395f324cd2e7f331f",
getAPIErrorResponse(getAPIError(toAPIErrorCode(PartTooSmall{PartNumber: 1})),
@ -1586,8 +1586,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: uploadIDs[0],
parts: inputParts[2].parts,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidPart{})),
getGetObjectURL("", bucketName, objectName))),
@ -1601,8 +1601,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: uploadIDs[0],
parts: inputParts[3].parts,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidPartOrder),
getGetObjectURL("", bucketName, objectName))),
@ -1617,7 +1617,7 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
uploadID: uploadIDs[0],
parts: inputParts[4].parts,
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID),
getGetObjectURL("", bucketName, objectName))),
@ -1631,8 +1631,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName,
uploadID: uploadIDs[0],
parts: inputParts[4].parts,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedContent: encodedSuccessResponse,
expectedRespStatus: http.StatusOK,
@ -1813,8 +1813,8 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
bucket: bucketName,
object: objectName,
uploadID: uploadIDs[0],
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent,
},
// Test case - 2.
@ -1823,8 +1823,8 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
bucket: bucketName,
object: objectName,
uploadID: "nonexistent-upload-id",
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound,
},
// Test case - 3.
@ -1834,7 +1834,7 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
object: objectName,
uploadID: uploadIDs[0],
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden,
},
}
@ -1957,8 +1957,8 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
{
bucketName: bucketName,
objectName: objectName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent,
},
@ -1968,8 +1968,8 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
{
bucketName: bucketName,
objectName: objectName,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent,
},
@ -1980,7 +1980,7 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
bucketName: bucketName,
objectName: objectName,
accessKey: "Invalid-AccessKey",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden,
},
@ -2070,7 +2070,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
testObject := "testobject"
rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err)
@ -2096,7 +2096,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err)
}
err = preSignV2(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
err = preSignV2(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil {
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err)
@ -2113,7 +2113,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err)
}
err = preSignV4(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
err = preSignV4(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil {
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err)
@ -2136,7 +2136,7 @@ func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketN
testObject := "testobject"
rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err)
@ -2171,7 +2171,7 @@ func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketN
rec = httptest.NewRecorder()
req, err = newTestStreamingSignedRequest("PUT",
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
5, 1, bytes.NewReader([]byte("hello")), credentials.AccessKeyID, credentials.SecretAccessKey)
5, 1, bytes.NewReader([]byte("hello")), credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create new streaming signed HTTP request: <ERROR> %v.", err)
@ -2273,8 +2273,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "1",
fault: None,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: noAPIErr,
},
@ -2285,8 +2285,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "9999999999999999999",
fault: None,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: invalidPart,
},
@ -2297,8 +2297,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: strconv.Itoa(maxPartID + 1),
fault: None,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: invalidMaxParts,
},
@ -2309,8 +2309,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "1",
fault: MissingContentLength,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: missingContent,
},
@ -2321,8 +2321,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "1",
fault: TooBigObject,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: entityTooLarge,
},
@ -2333,8 +2333,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "1",
fault: BadSignature,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: badSigning,
},
@ -2346,8 +2346,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "1",
fault: BadMD5,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: badChecksum,
},
@ -2358,8 +2358,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")),
partNumber: "1",
fault: MissingUploadID,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: noSuchUploadID,
},
@ -2372,7 +2372,7 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
partNumber: "1",
fault: None,
accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey,
secretKey: credentials.SecretKey,
expectedAPIError: invalidAccessID,
},
@ -2541,7 +2541,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
testObject := "testobject"
rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, testObject),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err)
@ -2564,7 +2564,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
rec = httptest.NewRecorder()
req, err = newTestSignedRequestV4("PUT",
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
int64(len("hello")), bytes.NewReader([]byte("hello")), credentials.AccessKeyID, credentials.SecretAccessKey)
int64(len("hello")), bytes.NewReader([]byte("hello")), credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err)
@ -2584,7 +2584,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
instanceType, bucketName, mpartResp.UploadID)
}
err = preSignV2(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
err = preSignV2(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil {
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
instanceType, bucketName, mpartResp.UploadID)
@ -2604,7 +2604,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
instanceType, bucketName, mpartResp.UploadID)
}
err = preSignV4(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
err = preSignV4(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil {
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
instanceType, bucketName, mpartResp.UploadID)
@ -2724,7 +2724,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
// constructing a v4 signed HTTP request for ListMultipartUploads.
reqV4, err = newTestSignedRequestV4("GET",
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create a V4 signed request to list object parts for %s/%s: <ERROR> %v.",
@ -2734,7 +2734,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
// construct HTTP request for PutObject Part Object endpoint.
reqV2, err = newTestSignedRequestV2("GET",
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatalf("Failed to create a V2 signed request to list object parts for %s/%s: <ERROR> %v.",

@ -154,9 +154,9 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
accessKey string
secretKey string
}{
{http.StatusForbidden, "invalidaccesskey", credentials.SecretAccessKey},
{http.StatusForbidden, credentials.AccessKeyID, "invalidsecretkey"},
{http.StatusNoContent, credentials.AccessKeyID, credentials.SecretAccessKey},
{http.StatusForbidden, "invalidaccesskey", credentials.SecretKey},
{http.StatusForbidden, credentials.AccessKey, "invalidsecretkey"},
{http.StatusNoContent, credentials.AccessKey, credentials.SecretKey},
}
for i, test := range testCasesV2 {
@ -190,8 +190,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
data: []byte("Hello, World"),
expectedRespStatus: http.StatusNoContent,
expectedHeaders: map[string]string{"X-Amz-Meta-Uuid": "1234"},
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
malformedBody: false,
},
// Bad case invalid request.
@ -208,8 +208,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
malformedBody: true,
},
}
@ -262,20 +262,20 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: []byte("Hello, World"),
expectedRespStatus: http.StatusNoContent,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
},
// Corrupted Base 64 result
{
objectName: "test",
data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
corruptedBase64: true,
},
// Corrupted Multipart body
@ -283,10 +283,10 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
corruptedMultipart: true,
},
@ -305,18 +305,18 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
dates: []interface{}{curTime.Add(-1 * time.Minute * 5).Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
},
// Corrupted policy document
{
objectName: "test",
data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"3/aws4_request"]]}`,
},
@ -354,8 +354,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: bytes.Repeat([]byte("a"), 1025),
expectedRespStatus: http.StatusNoContent,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
malformedBody: false,
},
// Failed with entity too small.
@ -363,8 +363,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: bytes.Repeat([]byte("a"), 1023),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
malformedBody: false,
},
// Failed with entity too large.
@ -372,8 +372,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test",
data: bytes.Repeat([]byte("a"), (1*humanize.MiByte)+1),
expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID,
secretKey: credentials.SecretAccessKey,
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
malformedBody: false,
},
}
@ -444,14 +444,14 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
rec := httptest.NewRecorder()
dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`
// Generate the final policy document
policy = fmt.Sprintf(policy, dates...)
// Create a new POST request with success_action_redirect field specified
req, perr := newPostRequestV4Generic("", bucketName, keyName, []byte("objData"),
credentials.AccessKeyID, credentials.SecretAccessKey, curTime,
credentials.AccessKey, credentials.SecretKey, curTime,
[]byte(policy), map[string]string{"success_action_redirect": redirectURL}, false, false)
if perr != nil {

@ -103,7 +103,7 @@ func getHealMsg(endpoints []*url.URL, storageDisks []StorageAPI) string {
// msg += "MINIO_SECRET_KEY=%s "
// msg += "minio control heal %s"
// creds := serverConfig.GetCredential()
// msg = fmt.Sprintf(msg, creds.AccessKeyID, creds.SecretAccessKey, getHealEndpoint(isSSL(), endpoints[0]))
// msg = fmt.Sprintf(msg, creds.AccessKey, creds.SecretKey, getHealEndpoint(isSSL(), endpoints[0]))
disksInfo, _, _ := getDisksInfo(storageDisks)
for i, info := range disksInfo {
if storageDisks[i] == nil {

@ -62,8 +62,8 @@ func makeS3Peers(eps []*url.URL) s3Peers {
// Check if the remote host has been added already
if !seenAddr[ep.Host] {
cfg := authConfig{
accessKey: serverConfig.GetCredential().AccessKeyID,
secretKey: serverConfig.GetCredential().SecretAccessKey,
accessKey: serverConfig.GetCredential().AccessKey,
secretKey: serverConfig.GetCredential().SecretKey,
address: ep.Host,
secureConn: isSSL(),
path: path.Join(reservedBucket, s3Path),

@ -75,8 +75,8 @@ func printServerCommonMsg(endPoints []string) {
endPointStr := strings.Join(endPoints, " ")
// Colorize the message and print.
console.Println(colorBlue("\nEndpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(endPointStr), 1), endPointStr)))
console.Println(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKeyID)))
console.Println(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretAccessKey)))
console.Println(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey)))
console.Println(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey)))
console.Println(colorBlue("Region: ") + colorBold(fmt.Sprintf(getFormatStr(len(region), 3), region)))
printEventNotifiers()
@ -109,10 +109,10 @@ func printCLIAccessMsg(endPoint string) {
// Configure 'mc', following block prints platform specific information for minio client.
console.Println(colorBlue("\nCommand-line Access: ") + mcQuickStartGuide)
if runtime.GOOS == "windows" {
mcMessage := fmt.Sprintf("$ mc.exe config host add myminio %s %s %s", endPoint, cred.AccessKeyID, cred.SecretAccessKey)
mcMessage := fmt.Sprintf("$ mc.exe config host add myminio %s %s %s", endPoint, cred.AccessKey, cred.SecretKey)
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
} else {
mcMessage := fmt.Sprintf("$ mc config host add myminio %s %s %s", endPoint, cred.AccessKeyID, cred.SecretAccessKey)
mcMessage := fmt.Sprintf("$ mc config host add myminio %s %s %s", endPoint, cred.AccessKey, cred.SecretKey)
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
}
}

@ -94,14 +94,10 @@ func (s *TestSuiteCommon) TearDownSuite(c *C) {
}
func (s *TestSuiteCommon) TestAuth(c *C) {
secretID, err := genSecretAccessKey()
c.Assert(err, IsNil)
accessID, err := genAccessKeyID()
c.Assert(err, IsNil)
cred := newCredential()
c.Assert(len(secretID), Equals, secretKeyMaxLen)
c.Assert(len(accessID), Equals, accessKeyMaxLen)
c.Assert(len(cred.AccessKey), Equals, accessKeyMaxLen)
c.Assert(len(cred.SecretKey), Equals, secretKeyMaxLen)
}
func (s *TestSuiteCommon) TestBucketSQSNotification(c *C) {

@ -43,10 +43,10 @@ const (
// newJWT - returns new JWT object.
func newJWT(expiry time.Duration, cred credential) (*JWT, error) {
if !isValidAccessKey(cred.AccessKeyID) {
if !isAccessKeyValid(cred.AccessKey) {
return nil, errInvalidAccessKeyLength
}
if !isValidSecretKey(cred.SecretAccessKey) {
if !isSecretKeyValid(cred.SecretKey) {
return nil, errInvalidSecretKeyLength
}
return &JWT{cred, expiry}, nil
@ -60,7 +60,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
// Trim spaces.
accessKey = strings.TrimSpace(accessKey)
if !isValidAccessKey(accessKey) {
if !isAccessKeyValid(accessKey) {
return "", errInvalidAccessKeyLength
}
@ -71,7 +71,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
"iat": tUTCNow.Unix(),
"sub": accessKey,
})
return token.SignedString([]byte(jwt.SecretAccessKey))
return token.SignedString([]byte(jwt.SecretKey))
}
var errInvalidAccessKeyID = errors.New("The access key ID you provided does not exist in our records")
@ -82,18 +82,18 @@ func (jwt *JWT) Authenticate(accessKey, secretKey string) error {
// Trim spaces.
accessKey = strings.TrimSpace(accessKey)
if !isValidAccessKey(accessKey) {
if !isAccessKeyValid(accessKey) {
return errInvalidAccessKeyLength
}
if !isValidSecretKey(secretKey) {
if !isSecretKeyValid(secretKey) {
return errInvalidSecretKeyLength
}
if accessKey != jwt.AccessKeyID {
if accessKey != jwt.AccessKey {
return errInvalidAccessKeyID
}
hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretAccessKey), bcrypt.DefaultCost)
hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretKey), bcrypt.DefaultCost)
if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil {
return errAuthentication
}

@ -190,11 +190,11 @@ func TestAuthenticate(t *testing.T) {
// Authentication error.
{"myuser", "mypassword", errInvalidAccessKeyID},
// Authentication error.
{serverConfig.GetCredential().AccessKeyID, "mypassword", errAuthentication},
{serverConfig.GetCredential().AccessKey, "mypassword", errAuthentication},
// Success.
{serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey, nil},
{serverConfig.GetCredential().AccessKey, serverConfig.GetCredential().SecretKey, nil},
// Success when access key contains leading/trailing spaces.
{" " + serverConfig.GetCredential().AccessKeyID + " ", serverConfig.GetCredential().SecretAccessKey, nil},
{" " + serverConfig.GetCredential().AccessKey + " ", serverConfig.GetCredential().SecretKey, nil},
}
// Run tests.

@ -67,12 +67,12 @@ var resourceList = []string{
func doesPolicySignatureV2Match(formValues map[string]string) APIErrorCode {
cred := serverConfig.GetCredential()
accessKey := formValues["Awsaccesskeyid"]
if accessKey != cred.AccessKeyID {
if accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
signature := formValues["Signature"]
policy := formValues["Policy"]
if signature != calculateSignatureV2(policy, cred.SecretAccessKey) {
if signature != calculateSignatureV2(policy, cred.SecretKey) {
return ErrSignatureDoesNotMatch
}
return ErrNone
@ -126,7 +126,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
}
// Validate if access key id same.
if accessKey != cred.AccessKeyID {
if accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@ -150,7 +150,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
}
// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
// Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) );
// Signature = Base64( HMAC-SHA1( YourSecretKey, UTF-8-Encoding-Of( StringToSign ) ) );
//
// StringToSign = HTTP-Verb + "\n" +
// Content-Md5 + "\n" +
@ -193,7 +193,7 @@ func validateV2AuthHeader(v2Auth string) APIErrorCode {
// Access credentials.
cred := serverConfig.GetCredential()
if keySignFields[0] != cred.AccessKeyID {
if keySignFields[0] != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@ -239,15 +239,15 @@ func calculateSignatureV2(stringToSign string, secret string) string {
func preSignatureV2(method string, encodedResource string, encodedQuery string, headers http.Header, expires string) string {
cred := serverConfig.GetCredential()
stringToSign := presignV2STS(method, encodedResource, encodedQuery, headers, expires)
return calculateSignatureV2(stringToSign, cred.SecretAccessKey)
return calculateSignatureV2(stringToSign, cred.SecretKey)
}
// Return signature-v2 authrization header.
func signatureV2(method string, encodedResource string, encodedQuery string, headers http.Header) string {
cred := serverConfig.GetCredential()
stringToSign := signV2STS(method, encodedResource, encodedQuery, headers)
signature := calculateSignatureV2(stringToSign, cred.SecretAccessKey)
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKeyID, signature)
signature := calculateSignatureV2(stringToSign, cred.SecretKey)
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKey, signature)
}
// Return canonical headers.

@ -55,7 +55,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{
"Expires": "60s",
"Signature": "badsignature",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
},
expected: ErrMalformedExpires,
},
@ -64,7 +64,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{
"Expires": "60",
"Signature": "badsignature",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
},
expected: ErrExpiredPresignRequest,
},
@ -73,7 +73,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{
"Expires": fmt.Sprintf("%d", now.Unix()+60),
"Signature": "badsignature",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
},
expected: ErrSignatureDoesNotMatch,
},
@ -82,7 +82,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{
"Expires": fmt.Sprintf("%d", now.Unix()),
"Signature": "zOM2YrY/yAQe15VWmT78OlBrK6g=",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
},
expected: ErrSignatureDoesNotMatch,
},
@ -126,7 +126,7 @@ func TestValidateV2AuthHeader(t *testing.T) {
if err := serverConfig.Save(); err != nil {
t.Fatal(err)
}
accessID := serverConfig.GetCredential().AccessKeyID
accessID := serverConfig.GetCredential().AccessKey
testCases := []struct {
authString string
@ -207,9 +207,9 @@ func TestDoesPolicySignatureV2Match(t *testing.T) {
signature string
errCode APIErrorCode
}{
{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretAccessKey), ErrInvalidAccessKeyID},
{creds.AccessKeyID, policy, calculateSignatureV2("random", creds.SecretAccessKey), ErrSignatureDoesNotMatch},
{creds.AccessKeyID, policy, calculateSignatureV2(policy, creds.SecretAccessKey), ErrNone},
{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID},
{creds.AccessKey, policy, calculateSignatureV2("random", creds.SecretKey), ErrSignatureDoesNotMatch},
{creds.AccessKey, policy, calculateSignatureV2(policy, creds.SecretKey), ErrNone},
}
for i, test := range testCases {
formValues := make(map[string]string)

@ -47,7 +47,7 @@ func parseCredentialHeader(credElement string) (credentialHeader, APIErrorCode)
if len(credElements) != 5 {
return credentialHeader{}, ErrCredMalformed
}
if !isValidAccessKey(credElements[0]) {
if !isAccessKeyValid(credElements[0]) {
return credentialHeader{}, ErrInvalidAccessKeyID
}
// Save access key id.

@ -171,7 +171,7 @@ func doesPolicySignatureV4Match(formValues map[string]string) APIErrorCode {
}
// Verify if the access key id matches.
if credHeader.accessKey != cred.AccessKeyID {
if credHeader.accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@ -188,7 +188,7 @@ func doesPolicySignatureV4Match(formValues map[string]string) APIErrorCode {
}
// Get signing key.
signingKey := getSigningKey(cred.SecretAccessKey, t, region)
signingKey := getSigningKey(cred.SecretKey, t, region)
// Get signature.
newSignature := getSignature(signingKey, formValues["Policy"])
@ -217,7 +217,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
}
// Verify if the access key id matches.
if pSignValues.Credential.accessKey != cred.AccessKeyID {
if pSignValues.Credential.accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@ -268,7 +268,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
query.Set("X-Amz-Date", t.Format(iso8601Format))
query.Set("X-Amz-Expires", strconv.Itoa(expireSeconds))
query.Set("X-Amz-SignedHeaders", getSignedHeaders(extractedSignedHeaders))
query.Set("X-Amz-Credential", cred.AccessKeyID+"/"+getScope(t, sRegion))
query.Set("X-Amz-Credential", cred.AccessKey+"/"+getScope(t, sRegion))
// Save other headers available in the request parameters.
for k, v := range req.URL.Query() {
@ -313,7 +313,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, region)
// Get hmac presigned signing key.
presignedSigningKey := getSigningKey(cred.SecretAccessKey, t, region)
presignedSigningKey := getSigningKey(cred.SecretKey, t, region)
// Get new signature.
newSignature := getSignature(presignedSigningKey, presignedStringToSign)
@ -369,7 +369,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
}
// Verify if the access key id matches.
if signV4Values.Credential.accessKey != cred.AccessKeyID {
if signV4Values.Credential.accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID
}
@ -410,7 +410,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
stringToSign := getStringToSign(canonicalRequest, t, region)
// Get hmac signing key.
signingKey := getSigningKey(cred.SecretAccessKey, t, region)
signingKey := getSigningKey(cred.SecretKey, t, region)
// Calculate signature.
newSignature := getSignature(signingKey, stringToSign)

@ -36,7 +36,7 @@ func niceError(code APIErrorCode) string {
func TestDoesPolicySignatureMatch(t *testing.T) {
credentialTemplate := "%s/%s/%s/s3/aws4_request"
now := time.Now().UTC()
accessKey := serverConfig.GetCredential().AccessKeyID
accessKey := serverConfig.GetCredential().AccessKey
testCases := []struct {
form map[string]string
@ -83,7 +83,7 @@ func TestDoesPolicySignatureMatch(t *testing.T) {
form: map[string]string{
"X-Amz-Credential": fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), "us-east-1"),
"X-Amz-Date": now.Format(iso8601Format),
"X-Amz-Signature": getSignature(getSigningKey(serverConfig.GetCredential().SecretAccessKey, now, "us-east-1"), "policy"),
"X-Amz-Signature": getSignature(getSigningKey(serverConfig.GetCredential().SecretKey, now, "us-east-1"), "policy"),
"Policy": "policy",
},
expected: ErrNone,
@ -112,7 +112,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
credentialTemplate := "%s/%s/%s/s3/aws4_request"
region := serverConfig.GetRegion()
accessKeyID := serverConfig.GetCredential().AccessKeyID
accessKeyID := serverConfig.GetCredential().AccessKey
testCases := []struct {
queryParams map[string]string
headers map[string]string

@ -104,8 +104,8 @@ func newStorageRPC(ep *url.URL) (StorageAPI, error) {
rpcAddr := ep.Host
// Initialize rpc client with network address and rpc path.
accessKeyID := serverConfig.GetCredential().AccessKeyID
secretAccessKey := serverConfig.GetCredential().SecretAccessKey
accessKeyID := serverConfig.GetCredential().AccessKey
secretAccessKey := serverConfig.GetCredential().SecretKey
if ep.User != nil {
accessKeyID = ep.User.Username()
if key, set := ep.User.Password(); set {

@ -45,12 +45,12 @@ func createTestStorageServer(t *testing.T) *testStorageRPCServer {
t.Fatalf("unable to get new JWT, %s", err)
}
err = jwt.Authenticate(serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey)
err = jwt.Authenticate(serverConfig.GetCredential().AccessKey, serverConfig.GetCredential().SecretKey)
if err != nil {
t.Fatalf("unable for JWT to authenticate, %s", err)
}
token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKeyID)
token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKey)
if err != nil {
t.Fatalf("unable for JWT to generate token, %s", err)
}

@ -56,7 +56,7 @@ func getChunkSignature(seedSignature string, date time.Time, hashedChunk string)
hashedChunk
// Get hmac signing key.
signingKey := getSigningKey(cred.SecretAccessKey, date, region)
signingKey := getSigningKey(cred.SecretKey, date, region)
// Calculate signature.
newSignature := getSignature(signingKey, stringToSign)
@ -101,7 +101,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
return "", time.Time{}, errCode
}
// Verify if the access key id matches.
if signV4Values.Credential.accessKey != cred.AccessKeyID {
if signV4Values.Credential.accessKey != cred.AccessKey {
return "", time.Time{}, ErrInvalidAccessKeyID
}
@ -138,7 +138,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
stringToSign := getStringToSign(canonicalRequest, date, region)
// Get hmac signing key.
signingKey := getSigningKey(cred.SecretAccessKey, date, region)
signingKey := getSigningKey(cred.SecretKey, date, region)
// Calculate signature.
newSignature := getSignature(signingKey, stringToSign)

@ -199,8 +199,8 @@ func UnstartedTestServer(t TestErrHandler, instanceType string) TestServer {
if err != nil {
t.Fatalf("Unexpected error %s", err)
}
testServer.AccessKey = credentials.AccessKeyID
testServer.SecretKey = credentials.SecretAccessKey
testServer.AccessKey = credentials.AccessKey
testServer.SecretKey = credentials.SecretKey
objLayer, storageDisks, err := initObjectLayer(testServer.Disks)
if err != nil {
@ -361,8 +361,8 @@ func StartTestStorageRPCServer(t TestErrHandler, instanceType string, diskN int)
testRPCServer.Root = root
testRPCServer.Disks = endpoints
testRPCServer.AccessKey = credentials.AccessKeyID
testRPCServer.SecretKey = credentials.SecretAccessKey
testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretKey
// Run TestServer.
testRPCServer.Server = httptest.NewServer(initTestStorageRPCEndPoint(serverCmdConfig{
@ -396,8 +396,8 @@ func StartTestPeersRPCServer(t TestErrHandler, instanceType string) TestServer {
testRPCServer.Root = root
testRPCServer.Disks = endpoints
testRPCServer.AccessKey = credentials.AccessKeyID
testRPCServer.SecretKey = credentials.SecretAccessKey
testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretKey
// create temporary backend for the test server.
objLayer, storageDisks, err := initObjectLayer(endpoints)
@ -2131,8 +2131,8 @@ func StartTestBrowserPeerRPCServer(t TestErrHandler, instanceType string) TestSe
credentials := serverConfig.GetCredential()
testRPCServer.Root = root
testRPCServer.AccessKey = credentials.AccessKeyID
testRPCServer.SecretKey = credentials.SecretAccessKey
testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretKey
// Initialize and run the TestServer.
testRPCServer.Server = httptest.NewServer(initTestBrowserPeerRPCEndPoint())
@ -2152,8 +2152,8 @@ func StartTestS3PeerRPCServer(t TestErrHandler) (TestServer, []string) {
credentials := serverConfig.GetCredential()
testRPCServer.Root = root
testRPCServer.AccessKey = credentials.AccessKeyID
testRPCServer.SecretKey = credentials.SecretAccessKey
testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretKey
// init disks
objLayer, fsDirs, err := prepareXL()

@ -52,7 +52,7 @@ func isJWTReqAuthenticated(req *http.Request) bool {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(jwt.SecretAccessKey), nil
return []byte(jwt.SecretKey), nil
}
token, err := jwtreq.ParseFromRequest(req, jwtreq.AuthorizationHeaderExtractor, reqCallback)
if err != nil {
@ -347,9 +347,9 @@ func (web webAPIHandlers) GenerateAuth(r *http.Request, args *WebGenericArgs, re
if !isJWTReqAuthenticated(r) {
return toJSONError(errAuthentication)
}
cred := mustGenAccessKeys()
reply.AccessKey = cred.AccessKeyID
reply.SecretKey = cred.SecretAccessKey
cred := newCredential()
reply.AccessKey = cred.AccessKey
reply.SecretKey = cred.SecretKey
reply.UIVersion = miniobrowser.UIVersion
return nil
}
@ -375,8 +375,8 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
// Initialize jwt with the new access keys, fail if not possible.
jwt, err := newJWT(defaultJWTExpiry, credential{
AccessKeyID: args.AccessKey,
SecretAccessKey: args.SecretKey,
AccessKey: args.AccessKey,
SecretKey: args.SecretKey,
}) // JWT Expiry set to 24Hrs.
if err != nil {
return toJSONError(err)
@ -460,8 +460,8 @@ func (web *webAPIHandlers) GetAuth(r *http.Request, args *WebGenericArgs, reply
return toJSONError(errAuthentication)
}
creds := serverConfig.GetCredential()
reply.AccessKey = creds.AccessKeyID
reply.SecretKey = creds.SecretAccessKey
reply.AccessKey = creds.AccessKey
reply.SecretKey = creds.SecretKey
reply.UIVersion = miniobrowser.UIVersion
return nil
}
@ -531,7 +531,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(jwt.SecretAccessKey), nil
return []byte(jwt.SecretKey), nil
})
if e != nil || !token.Valid {
writeWebErrorResponse(w, errAuthentication)
@ -760,8 +760,8 @@ func presignedGet(host, bucket, object string, expiry int64) string {
cred := serverConfig.GetCredential()
region := serverConfig.GetRegion()
accessKey := cred.AccessKeyID
secretKey := cred.SecretAccessKey
accessKey := cred.AccessKey
secretKey := cred.SecretKey
date := time.Now().UTC()
dateStr := date.Format(iso8601Format)

@ -149,7 +149,7 @@ func testLoginWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler)
{"", "foo", false},
{"azerty", "", false},
{"azerty", "foo", false},
{credentials.AccessKeyID, credentials.SecretAccessKey, true},
{credentials.AccessKey, credentials.SecretKey, true},
}
// Iterating over the test cases, calling the function under test and asserting the response.
@ -186,7 +186,7 @@ func testStorageInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -232,7 +232,7 @@ func testServerInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -278,7 +278,7 @@ func testMakeBucketWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -338,7 +338,7 @@ func testListBucketsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -397,7 +397,7 @@ func testListObjectsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -468,7 +468,7 @@ func testRemoveObjectWebHandler(obj ObjectLayer, instanceType string, t TestErrH
credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -544,7 +544,7 @@ func testGenerateAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrH
credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -590,7 +590,7 @@ func testSetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -651,7 +651,7 @@ func testGetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -670,7 +670,7 @@ func testGetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
if err != nil {
t.Fatalf("Failed, %v", err)
}
if getAuthReply.AccessKey != credentials.AccessKeyID || getAuthReply.SecretKey != credentials.SecretAccessKey {
if getAuthReply.AccessKey != credentials.AccessKey || getAuthReply.SecretKey != credentials.SecretKey {
t.Fatalf("Failed to get correct auth keys")
}
}
@ -696,7 +696,7 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler
credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -760,7 +760,7 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -815,7 +815,7 @@ func testWebPresignedGetHandler(obj ObjectLayer, instanceType string, t TestErrH
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -928,7 +928,7 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -1011,7 +1011,7 @@ func testWebListAllBucketPoliciesHandler(obj ObjectLayer, instanceType string, t
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -1117,7 +1117,7 @@ func testWebSetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
@ -1278,7 +1278,7 @@ func TestWebObjectLayerNotReady(t *testing.T) {
rec := httptest.NewRecorder()
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate", err)
}
@ -1382,7 +1382,7 @@ func TestWebObjectLayerFaultyDisks(t *testing.T) {
rec := httptest.NewRecorder()
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil {
t.Fatal("Cannot authenticate", err)
}

Loading…
Cancel
Save