signature-v4: Support for transfer-encoding request header

fixes minio#4039

cmd/signature-v4-utils.go

@@ -107,7 +107,8 @@ func getURLEncodedName(name string) string {
 }
 
 // extractSignedHeaders extract signed headers from Authorization header
-func extractSignedHeaders(signedHeaders []string, reqHeaders http.Header) (http.Header, APIErrorCode) {
+func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header, APIErrorCode) {
+	reqHeaders := r.Header
 	// find whether "host" is part of list of signed headers.
 	// if not return ErrUnsignedHeaders. "host" is mandatory.
 	if !contains(signedHeaders, "host") {
@@ -145,6 +146,10 @@ func extractSignedHeaders(signedHeaders []string, reqHeaders http.Header) (http.
 			if header == "host" {
 				continue
 			}
+			if header == "transfer-encoding" {
+				extractedSignedHeaders[header] = r.TransferEncoding
+				continue
+			}
 			// If not found continue, we will stop here.
 			return nil, ErrUnsignedHeaders
 		}

cmd/signature-v4-utils_test.go

@@ -141,13 +141,17 @@ func TestExtractSignedHeaders(t *testing.T) {
 	expectedContentSha256 := "1234abcd"
 	expectedTime := UTCNow().Format(iso8601Format)
 
+	r, err := http.NewRequest("GET", "http://localhost", nil)
+	if err != nil {
+		t.Fatal("Unable to create http.Request :", err)
+	}
 	// Creating input http header.
-	inputHeader := make(http.Header)
+	inputHeader := r.Header
 	inputHeader.Set(signedHeaders[0], expectedHost)
 	inputHeader.Set(signedHeaders[1], expectedContentSha256)
 	inputHeader.Set(signedHeaders[2], expectedTime)
 	// calling the function being tested.
-	extractedSignedHeaders, errCode := extractSignedHeaders(signedHeaders, inputHeader)
+	extractedSignedHeaders, errCode := extractSignedHeaders(signedHeaders, r)
 	if errCode != ErrNone {
 		t.Fatalf("Expected the APIErrorCode to be %d, but got %d", ErrNone, errCode)
 	}
@@ -179,15 +183,15 @@ func TestExtractSignedHeaders(t *testing.T) {
 	// case where the headers doesn't contain the one of the signed header in the signed headers list.
 	signedHeaders = append(signedHeaders, " X-Amz-Credential")
 	// expected to fail with `ErrUnsignedHeaders`.
-	_, errCode = extractSignedHeaders(signedHeaders, inputHeader)
+	_, errCode = extractSignedHeaders(signedHeaders, r)
 	if errCode != ErrUnsignedHeaders {
 		t.Fatalf("Expected the APIErrorCode to %d, but got %d", ErrUnsignedHeaders, errCode)
 	}
 
 	// case where the list of signed headers doesn't contain the host field.
 	signedHeaders = signedHeaders[1:]
 	// expected to fail with `ErrUnsignedHeaders`.
-	_, errCode = extractSignedHeaders(signedHeaders, inputHeader)
+	_, errCode = extractSignedHeaders(signedHeaders, r)
 	if errCode != ErrUnsignedHeaders {
 		t.Fatalf("Expected the APIErrorCode to %d, but got %d", ErrUnsignedHeaders, errCode)
 	}

cmd/signature-v4.go

@@ -235,7 +235,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
 	}
 
 	// Extract all the signed headers along with its values.
-	extractedSignedHeaders, errCode := extractSignedHeaders(pSignValues.SignedHeaders, req.Header)
+	extractedSignedHeaders, errCode := extractSignedHeaders(pSignValues.SignedHeaders, r)
 	if errCode != ErrNone {
 		return errCode
 	}
@@ -360,7 +360,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
 	}
 
 	// Extract all the signed headers along with its values.
-	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, header)
+	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, r)
 	if errCode != ErrNone {
 		return errCode
 	}

cmd/streaming-signature-v4.go

@@ -97,7 +97,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
 	}
 
 	// Extract all the signed headers along with its values.
-	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, req.Header)
+	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, r)
 	if errCode != ErrNone {
 		return "", time.Time{}, errCode
 	}