From bf2f213db8ea12266fa857fd2061bff4809b31c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Denis?= <clement@altirnao.com>
Date: Wed, 11 May 2016 01:10:11 +0200
Subject: [PATCH 1/2] Fix StorageImpl.signUrl with object names starting with /

---
 .../src/main/java/com/google/cloud/storage/StorageImpl.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gcloud-java-storage/src/main/java/com/google/cloud/storage/StorageImpl.java b/gcloud-java-storage/src/main/java/com/google/cloud/storage/StorageImpl.java
index f4769905d8bc..8a33f2bc4203 100644
--- a/gcloud-java-storage/src/main/java/com/google/cloud/storage/StorageImpl.java
+++ b/gcloud-java-storage/src/main/java/com/google/cloud/storage/StorageImpl.java
@@ -571,7 +571,7 @@ public URL signUrl(BlobInfo blobInfo, long duration, TimeUnit unit, SignUrlOptio
       path.append('/');
     }
     if (blobInfo.name().startsWith("/")) {
-      path.setLength(stBuilder.length() - 1);
+      path.setLength(path.length() - 1);
     }
     path.append(blobInfo.name());
     stBuilder.append(path);

From 01c5278f0c757538f21bb713f324a003b619abe2 Mon Sep 17 00:00:00 2001
From: Marco Ziccardi <marco.ziccard@gmail.com>
Date: Mon, 16 May 2016 22:25:58 +0200
Subject: [PATCH 2/2] Add test for Storage.signUrl with object names starting
 with /

---
 .../google/cloud/storage/StorageImplTest.java | 57 +++++++++++++------
 1 file changed, 40 insertions(+), 17 deletions(-)

diff --git a/gcloud-java-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java b/gcloud-java-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java
index 47f776458876..9df971721906 100644
--- a/gcloud-java-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java
+++ b/gcloud-java-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java
@@ -1136,17 +1136,42 @@ public void testSignUrl() throws NoSuchAlgorithmException, InvalidKeyException,
     storage = options.toBuilder().authCredentials(authCredentials).build().service();
     URL url = storage.signUrl(BLOB_INFO1, 14, TimeUnit.DAYS);
     String stringUrl = url.toString();
-    String expectedUrl =
-        new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append("/")
-            .append(BLOB_NAME1).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=")
-            .append(42L + 1209600).append("&Signature=").toString();
+    String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1)
+        .append('/').append(BLOB_NAME1).append("?GoogleAccessId=").append(ACCOUNT)
+        .append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
     assertTrue(stringUrl.startsWith(expectedUrl));
     String signature = stringUrl.substring(expectedUrl.length());
 
     StringBuilder signedMessageBuilder = new StringBuilder();
-    signedMessageBuilder.append(HttpMethod.GET).append('\n').append('\n').append('\n')
-        .append(42L + 1209600).append('\n').append("/").append(BUCKET_NAME1).append("/")
-        .append(BLOB_NAME1);
+    signedMessageBuilder.append(HttpMethod.GET).append("\n\n\n").append(42L + 1209600).append("\n/")
+        .append(BUCKET_NAME1).append('/').append(BLOB_NAME1);
+
+    Signature signer = Signature.getInstance("SHA256withRSA");
+    signer.initVerify(publicKey);
+    signer.update(signedMessageBuilder.toString().getBytes(UTF_8));
+    assertTrue(signer.verify(BaseEncoding.base64().decode(
+        URLDecoder.decode(signature, UTF_8.name()))));
+  }
+
+  @Test
+  public void testSignUrlLeadingSlash() throws NoSuchAlgorithmException, InvalidKeyException,
+      SignatureException, UnsupportedEncodingException {
+    String blobName = "/b1";
+    EasyMock.replay(storageRpcMock);
+    ServiceAccountAuthCredentials authCredentials =
+        ServiceAccountAuthCredentials.createFor(ACCOUNT, privateKey);
+    storage = options.toBuilder().authCredentials(authCredentials).build().service();
+    URL url = storage.signUrl(BlobInfo.builder(BUCKET_NAME1, blobName).build(), 14, TimeUnit.DAYS);
+    String stringUrl = url.toString();
+    String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1)
+        .append(blobName).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=")
+        .append(42L + 1209600).append("&Signature=").toString();
+    assertTrue(stringUrl.startsWith(expectedUrl));
+    String signature = stringUrl.substring(expectedUrl.length());
+
+    StringBuilder signedMessageBuilder = new StringBuilder();
+    signedMessageBuilder.append(HttpMethod.GET).append("\n\n\n").append(42L + 1209600).append("\n/")
+        .append(BUCKET_NAME1).append(blobName);
 
     Signature signer = Signature.getInstance("SHA256withRSA");
     signer.initVerify(publicKey);
@@ -1162,22 +1187,20 @@ public void testSignUrlWithOptions() throws NoSuchAlgorithmException, InvalidKey
     ServiceAccountAuthCredentials authCredentials =
         ServiceAccountAuthCredentials.createFor(ACCOUNT, privateKey);
     storage = options.toBuilder().authCredentials(authCredentials).build().service();
-    URL url =
-        storage.signUrl(BLOB_INFO1, 14, TimeUnit.DAYS,
-            Storage.SignUrlOption.httpMethod(HttpMethod.POST),
-            Storage.SignUrlOption.withContentType(), Storage.SignUrlOption.withMd5());
+    URL url = storage.signUrl(BLOB_INFO1, 14, TimeUnit.DAYS,
+        Storage.SignUrlOption.httpMethod(HttpMethod.POST), Storage.SignUrlOption.withContentType(),
+        Storage.SignUrlOption.withMd5());
     String stringUrl = url.toString();
-    String expectedUrl =
-        new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append("/")
-            .append(BLOB_NAME1).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=")
-            .append(42L + 1209600).append("&Signature=").toString();
+    String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1)
+        .append('/').append(BLOB_NAME1).append("?GoogleAccessId=").append(ACCOUNT)
+        .append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
     assertTrue(stringUrl.startsWith(expectedUrl));
     String signature = stringUrl.substring(expectedUrl.length());
 
     StringBuilder signedMessageBuilder = new StringBuilder();
     signedMessageBuilder.append(HttpMethod.POST).append('\n').append(BLOB_INFO1.md5()).append('\n')
-        .append(BLOB_INFO1.contentType()).append('\n').append(42L + 1209600).append('\n')
-        .append("/").append(BUCKET_NAME1).append("/").append(BLOB_NAME1);
+        .append(BLOB_INFO1.contentType()).append('\n').append(42L + 1209600).append("\n/")
+        .append(BUCKET_NAME1).append('/').append(BLOB_NAME1);
 
     Signature signer = Signature.getInstance("SHA256withRSA");
     signer.initVerify(publicKey);