-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(middleware-ssec): add logic to handle string input as specified b… #5676
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fix commit metadata
d41374e
to
7402486
Compare
7402486
to
4efdb7e
Compare
@@ -1,4 +1,6 @@ | |||
import { S3 } from "@aws-sdk/client-s3"; | |||
import * as crypto from "crypto"; | |||
import { isMainThread } from "worker_threads"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this
let valueForHash: Uint8Array; | ||
if (typeof value === "string") { | ||
const isBase64Encoded = /^(?:[A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(value); | ||
if (isBase64Encoded) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the value is a valid base64 string, but isn't actually a base64 encoded value?
I think probably the best way to check this would be to look at the length of the string. If the length of the string is 44 characters, then it is probably a base64 encoded value (for 32 bytes of data). Assuming that AES256 is the encryption algorithm.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread. |
Background:
middleware-ssec was ported over from v2, however the implementation prevents from customer to supply
SSECustomerKey
in a string format which is problematic asputObject#SSECustomerKey
as modeled as a string. Instead customer are required to provideSSECustomerKey
as binary. The middleware logic does not cover cases in which customers want to supplySSECustomerKey
as a base 64 string directly as the S3 docs suggest.Issue
#5651 #4736
Reproduction:
Will Result in:
Changes Made:
Middleware Logic Update:
Non-base64 strings are decoded to binary, encoded to base64, and their MD5 hashes are calculated.
Test Suite Enhancement:
Behavior after change
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.