s3proxy: add intial implementation

INSECURE! The proxy intercepts GetObject and PutObject. A manual deployment guide is included. The decryption only relies on a hardcoded, static key. Do not use with sensitive data; testing only. * Ticket to track ranged GetObject: AB#3466.
2025-05-06 08:15:48 -04:00 · 2023-09-27 11:40:32 +02:00 · 2023-09-27 11:40:32 +02:00 · a7ceda37ea
commit a7ceda37ea
parent 957f8ad203
13 changed files with 1233 additions and 0 deletions
--- a/s3proxy/internal/router/router_test.go
+++ b/s3proxy/internal/router/router_test.go
@ -0,0 +1,48 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+package router
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateContentMD5(t *testing.T) {
+	tests := map[string]struct {
+		contentMD5     string
+		body           []byte
+		expectedErrMsg string
+	}{
+		"empty content-md5": {
+			contentMD5: "",
+			body:       []byte("hello, world"),
+		},
+		// https://datatracker.ietf.org/doc/html/rfc1864#section-2
+		"valid content-md5": {
+			contentMD5: "Q2hlY2sgSW50ZWdyaXR5IQ==",
+			body:       []byte("Check Integrity!"),
+		},
+		"invalid content-md5": {
+			contentMD5:     "invalid base64",
+			body:           []byte("hello, world"),
+			expectedErrMsg: "decoding base64",
+		},
+	}
+
+	// Iterate over the test cases
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			// Call the validateContentMD5 function
+			err := validateContentMD5(tc.contentMD5, tc.body)
+
+			// Check the result against the expected value
+			if tc.expectedErrMsg != "" {
+				assert.ErrorContains(t, err, tc.expectedErrMsg)
+			}
+		})
+	}
+}