set SSE headers in put-part response (#12008)

This commit fixes a bug in the put-part implementation. The SSE headers should be set as specified by AWS - See: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html Now, the MinIO server should set SSE-C headers, like `x-amz-server-side-encryption-customer-algorithm`. Fixes #11991
2021-04-07 23:50:28 +02:00 · 2021-04-07 23:50:28 +02:00 · 404d2ebe3f
parent 46964eb764
commit 404d2ebe3f
1 changed files with 14 additions and 2 deletions
--- a/cmd/object-handlers.go
+++ b/cmd/object-handlers.go
@ -2371,8 +2371,20 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
 	}

 	etag := partInfo.ETag
-	if isEncrypted {
-		etag = tryDecryptETag(objectEncryptionKey[:], partInfo.ETag, crypto.SSEC.IsRequested(r.Header))
+	switch kind, encrypted := crypto.IsEncrypted(mi.UserDefined); {
+	case encrypted:
+		switch kind {
+		case crypto.S3:
+			w.Header().Set(xhttp.AmzServerSideEncryption, xhttp.AmzEncryptionAES)
+			etag = tryDecryptETag(objectEncryptionKey[:], etag, false)
+		case crypto.SSEC:
+			w.Header().Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerAlgorithm))
+			w.Header().Set(xhttp.AmzServerSideEncryptionCustomerKeyMD5, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerKeyMD5))
+
+			if len(etag) >= 32 && strings.Count(etag, "-") != 1 {
+				etag = etag[len(etag)-32:]
+			}
+		}
 	}

 	// We must not use the http.Header().Set method here because some (broken)