Signature created with S3Presigner changed in 2.21.16+ when used with endpointOverride and http address #4697
Labels
bug
This issue is a bug.
response-requested
Waiting on additional info and feedback. Will move to "closing-soon" in 10 days.
Describe the bug
We are using minio on our local dev machines and noticed that the signature of presigned URLs has changed since version 2.21.16 when used with
endpointOverride
and an http address. Minio currently rejects this new signature.We are using the following code to generate a presigned URL:
Forcing the
X-Amz-Date
to19700101T000000Z
using mocks results in the signature501491751374ffbf1170c5808aaf827f51d6cc070ac4a6776fbbf87c7ce7a160
when used with 2.21.15 or older and2683d70a5695b830615bd63e99a3cfa991596998576f0be9a010663493eeb1d0
when used with 2.21.16 or newer.Expected Behavior
Versions <= 2.21.15 and >= 2.21.16 should produce the same signature.
Current Behavior
Versions <= 2.21.15 and >= 2.21.16 produce different signatures for http endpoints.
Reproduction Steps
Possible Solution
I debugged into it and noticed that
contentHash
on line 118 in V4RequestSigner has the valuee3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
(sha256 hash of an empty byte array) when used with an http endpoint andUNSIGNED-PAYLOAD
when used with an https endpoint. I think thecontentHash
used to beUNSIGNED-PAYLOAD
for both http and https endpoints in 2.21.15 and older.Additional Information/Context
No response
AWS Java SDK version used
2.21.22
JDK version used
openjdk version "17.0.9" 2023-10-17 LTS
Operating System and version
Windows 11 with WSL
The text was updated successfully, but these errors were encountered: