HDDS-6204. Cleanup handling malformed authorization header

hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/OzoneClientProducer.java

@@ -44,7 +44,7 @@
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OM_CLIENT_PROTOCOL_VERSION;
 import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OM_CLIENT_PROTOCOL_VERSION_KEY;
 import static org.apache.hadoop.ozone.s3.exception.S3ErrorTable.INTERNAL_ERROR;
-import static org.apache.hadoop.ozone.s3.exception.S3ErrorTable.MALFORMED_HEADER;
+import static org.apache.hadoop.ozone.s3.exception.S3ErrorTable.ACCESS_DENIED;
 
 /**
  * This class creates the OzoneClient for the Rest endpoints.
@@ -90,7 +90,12 @@ public S3Auth getSignature() {
       }
 
       String awsAccessId = signatureInfo.getAwsAccessId();
-      validateAccessId(awsAccessId);
+      // ONLY validate aws access id when needed.
+      if (awsAccessId == null || awsAccessId.equals("")) {
+        LOG.debug("Malformed s3 header. awsAccessID: ", awsAccessId);
+        throw ACCESS_DENIED;
+      }
+
       return new S3Auth(stringToSign,
           signatureInfo.getSignature(),
           awsAccessId);
@@ -123,14 +128,6 @@ OzoneClient createOzoneClient() throws IOException {
     }
   }
 
-  // ONLY validate aws access id when needed.
-  private void validateAccessId(String awsAccessId) throws Exception {
-    if (awsAccessId == null || awsAccessId.equals("")) {
-      LOG.error("Malformed s3 header. awsAccessID: ", awsAccessId);
-      throw wrapOS3Exception(MALFORMED_HEADER);
-    }
-  }
-
   public void setOzoneConfiguration(OzoneConfiguration config) {
     this.ozoneConfiguration = config;
   }

hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/exception/S3ErrorTable.java

@@ -26,7 +26,7 @@
 import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
 import static java.net.HttpURLConnection.HTTP_PRECON_FAILED;
 import static java.net.HttpURLConnection.HTTP_NOT_IMPLEMENTED;
-import static java.net.HttpURLConnection.HTTP_SERVER_ERROR;
+import static java.net.HttpURLConnection.HTTP_INTERNAL_ERROR;
 import static org.apache.hadoop.ozone.s3.util.S3Consts.RANGE_NOT_SATISFIABLE;
 
 /**
@@ -65,7 +65,7 @@ private S3ErrorTable() {
 
   public static final OS3Exception MALFORMED_HEADER = new OS3Exception(
       "AuthorizationHeaderMalformed", "The authorization header you provided " +
-      "is invalid.", HTTP_NOT_FOUND);
+      "is invalid.", HTTP_BAD_REQUEST);
 
   public static final OS3Exception NO_SUCH_KEY = new OS3Exception(
       "NoSuchKey", "The specified key does not exist", HTTP_NOT_FOUND);
@@ -106,7 +106,7 @@ private S3ErrorTable() {
 
   public static final OS3Exception INTERNAL_ERROR = new OS3Exception(
       "InternalError", "We encountered an internal error. Please try again.",
-      HTTP_SERVER_ERROR);
+      HTTP_INTERNAL_ERROR);
 
   public static final OS3Exception ACCESS_DENIED = new OS3Exception(
       "AccessDenied", "User doesn't have the right to access this " +

hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3/TestOzoneClientProducer.java

@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.ozone.s3;
 
+import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.core.MultivaluedHashMap;
 import javax.ws.rs.core.MultivaluedMap;
@@ -31,6 +32,9 @@
 import org.apache.hadoop.ozone.om.OMConfigKeys;
 import org.apache.hadoop.ozone.s3.signature.AWSSignatureProcessor;
 
+import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
+import static java.net.HttpURLConnection.HTTP_FORBIDDEN;
+
 import static org.apache.hadoop.ozone.s3.signature.SignatureParser.AUTHORIZATION_HEADER;
 import static org.apache.hadoop.ozone.s3.signature.SignatureProcessor.CONTENT_MD5;
 import static org.apache.hadoop.ozone.s3.signature.SignatureProcessor.CONTENT_TYPE;
@@ -118,7 +122,10 @@ public static Collection<Object[]> data() {
         },
         {
             null, null, null, null, null, null
-        }
+        },
+        {
+            "", null, null, null, null, null
+        },
     });
   }
 
@@ -132,6 +139,36 @@ public void testGetClientFailure() {
     }
   }
 
+  @Test
+  public void testGetSignature() {
+    try {
+      System.err.println("Testing: " + authHeader);
+      OzoneConfiguration configuration = new OzoneConfiguration();
+      configuration.set(OMConfigKeys.OZONE_OM_SERVICE_IDS_KEY, "ozone1");
+      configuration.set(OMConfigKeys.OZONE_OM_ADDRESS_KEY, "ozone1addr:9399");
+      producer.setOzoneConfiguration(configuration);
+      producer.getSignature();
+      if ("".equals(authHeader)) {
+        fail("Empty AuthHeader must fail");
+      }
+    } catch (WebApplicationException ex) {
+      if (authHeader == null || authHeader.equals("")) {
+        // Empty auth header should be 403
+        Assert.assertEquals(HTTP_FORBIDDEN, ex.getResponse().getStatus());
+        // TODO: Should return XML in body like this (bot not for now):
+        // <Error>
+        //   <Code>AccessDenied</Code><Message>Access Denied</Message>
+        //   <RequestId>...</RequestId><HostId>...</HostId>
+        // </Error>
+      } else {
+        // Other requests have stale timestamp and thus should fail
+        Assert.assertEquals(HTTP_BAD_REQUEST, ex.getResponse().getStatus());
+      }
+    } catch (Exception ex) {
+      fail("Unexpected exception: " + ex);
+    }
+  }
+
   @Test
   public void testGetClientFailureWithMultipleServiceIds() {
     try {