From fa5a1cebd986e8e47b839d4498eb9aa8ea888c89 Mon Sep 17 00:00:00 2001
From: Ashish Kumar Sinha <ashi.sinha.87@gmail.com>
Date: Tue, 1 Oct 2019 02:25:37 +0530
Subject: [PATCH] support space character in access key (#8335)

---
 cmd/signature-v4-parser.go      |  4 +++-
 cmd/signature-v4-parser_test.go | 30 ++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/cmd/signature-v4-parser.go b/cmd/signature-v4-parser.go
index 7655bcb96..ad8df3981 100644
--- a/cmd/signature-v4-parser.go
+++ b/cmd/signature-v4-parser.go
@@ -250,6 +250,8 @@ func parsePreSignV4(query url.Values, region string, stype serviceType) (psv pre
 //            SignedHeaders=signedHeaders, Signature=signature
 //
 func parseSignV4(v4Auth string, region string, stype serviceType) (sv signValues, aec APIErrorCode) {
+	// credElement is fetched first to skip replacing the space in access key.
+	credElement := strings.TrimPrefix(strings.Split(strings.TrimSpace(v4Auth), ",")[0], signV4Algorithm)
 	// Replace all spaced strings, some clients can send spaced
 	// parameters and some won't. So we pro-actively remove any spaces
 	// to make parsing easier.
@@ -275,7 +277,7 @@ func parseSignV4(v4Auth string, region string, stype serviceType) (sv signValues
 
 	var err APIErrorCode
 	// Save credentail values.
-	signV4Values.Credential, err = parseCredentialHeader(authFields[0], region, stype)
+	signV4Values.Credential, err = parseCredentialHeader(strings.TrimSpace(credElement), region, stype)
 	if err != ErrNone {
 		return sv, err
 	}
diff --git a/cmd/signature-v4-parser_test.go b/cmd/signature-v4-parser_test.go
index b64c51707..240e87544 100644
--- a/cmd/signature-v4-parser_test.go
+++ b/cmd/signature-v4-parser_test.go
@@ -462,6 +462,36 @@ func TestParseSignV4(t *testing.T) {
 			},
 			expectedErrCode: ErrNone,
 		},
+		// Test case - 8.
+		{
+			inputV4AuthStr: signV4Algorithm +
+				strings.Join([]string{
+					// generating a valid credential.
+					generateCredentialStr(
+						"access key",
+						sampleTimeStr,
+						"us-west-1",
+						"s3",
+						"aws4_request"),
+					// valid SignedHeader.
+					"SignedHeaders=host;x-amz-content-sha256;x-amz-date",
+					// valid Signature field.
+					// a valid signature is of form "Signature="
+					"Signature=abcd",
+				}, ","),
+			expectedAuthField: signValues{
+				Credential: generateCredentials(
+					t,
+					"access key",
+					sampleTimeStr,
+					"us-west-1",
+					"s3",
+					"aws4_request"),
+				SignedHeaders: []string{"host", "x-amz-content-sha256", "x-amz-date"},
+				Signature:     "abcd",
+			},
+			expectedErrCode: ErrNone,
+		},
 	}
 
 	for i, testCase := range testCases {