Add extended checksum support (#15433)

2022-08-30 01:57:16 +02:00
parent 929b9e164e
commit a9f1ad7924
44 changed files with 1560 additions and 554 deletions
--- a/cmd/object-api-options.go
+++ b/cmd/object-api-options.go
@@ -28,6 +28,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/minio/minio-go/v7/pkg/encrypt"
 	"github.com/minio/minio/internal/crypto"
+	"github.com/minio/minio/internal/hash"
 	xhttp "github.com/minio/minio/internal/http"
 	"github.com/minio/minio/internal/logger"
 )
@@ -231,6 +232,7 @@ func putOpts(ctx context.Context, r *http.Request, bucket, object string, metada
 			}
 		}
 	}
+
 	mtimeStr := strings.TrimSpace(r.Header.Get(xhttp.MinIOSourceMTime))
 	mtime := UTCNow()
 	if mtimeStr != "" {
@@ -289,6 +291,15 @@ func putOpts(ctx context.Context, r *http.Request, bucket, object string, metada
 		metadata["etag"] = etag
 	}

+	wantCRC, err := hash.GetContentChecksum(r)
+	if err != nil {
+		return opts, InvalidArgument{
+			Bucket: bucket,
+			Object: object,
+			Err:    fmt.Errorf("invalid/unknown checksum sent: %v", err),
+		}
+	}
+
 	// In the case of multipart custom format, the metadata needs to be checked in addition to header to see if it
 	// is SSE-S3 encrypted, primarily because S3 protocol does not require SSE-S3 headers in PutObjectPart calls
 	if GlobalGatewaySSE.SSES3() && (crypto.S3.IsRequested(r.Header) || crypto.S3.IsEncrypted(metadata)) {
@@ -299,6 +310,7 @@ func putOpts(ctx context.Context, r *http.Request, bucket, object string, metada
 			Versioned:            versioned,
 			VersionSuspended:     versionSuspended,
 			MTime:                mtime,
+			WantChecksum:         wantCRC,
 		}, nil
 	}
 	if GlobalGatewaySSE.SSEC() && crypto.SSEC.IsRequested(r.Header) {
@@ -307,6 +319,7 @@ func putOpts(ctx context.Context, r *http.Request, bucket, object string, metada
 		opts.Versioned = versioned
 		opts.VersionSuspended = versionSuspended
 		opts.UserDefined = metadata
+		opts.WantChecksum = wantCRC
 		return
 	}
 	if crypto.S3KMS.IsRequested(r.Header) {
@@ -325,6 +338,7 @@ func putOpts(ctx context.Context, r *http.Request, bucket, object string, metada
 			Versioned:            versioned,
 			VersionSuspended:     versionSuspended,
 			MTime:                mtime,
+			WantChecksum:         wantCRC,
 		}, nil
 	}
 	// default case of passing encryption headers and UserDefined metadata to backend
@@ -339,6 +353,8 @@ func putOpts(ctx context.Context, r *http.Request, bucket, object string, metada
 	opts.ReplicationSourceLegalholdTimestamp = lholdtimestmp
 	opts.ReplicationSourceRetentionTimestamp = retaintimestmp
 	opts.ReplicationSourceTaggingTimestamp = taggingtimestmp
+	opts.WantChecksum = wantCRC
+
 	return opts, nil
 }

@@ -389,6 +405,14 @@ func completeMultipartOpts(ctx context.Context, r *http.Request, bucket, object
 			}
 		}
 	}
+	opts.WantChecksum, err = hash.GetContentChecksum(r)
+	if err != nil {
+		return opts, InvalidArgument{
+			Bucket: bucket,
+			Object: object,
+			Err:    fmt.Errorf("invalid/unknown checksum sent: %v", err),
+		}
+	}
 	opts.MTime = mtime
 	opts.UserDefined = make(map[string]string)
 	return opts, nil