From cdaea629326ee6254ca62db74c80d8b33210ff8b Mon Sep 17 00:00:00 2001
From: Louis Koo <zhucan.k8s@gmail.com>
Date: Wed, 27 Jan 2021 22:43:02 +0800
Subject: [PATCH] s3: fix copy multipart with v2 auth failing with
 'SignatureDoesNotMatch'

Signed-off-by: zhuc <zhucan.k8s@gmail.com>
---
 backend/s3/v2sign.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/backend/s3/v2sign.go b/backend/s3/v2sign.go
index 2c22378e3..d31cbeb71 100644
--- a/backend/s3/v2sign.go
+++ b/backend/s3/v2sign.go
@@ -53,6 +53,7 @@ func sign(AccessKey, SecretKey string, req *http.Request) {
 	var md5 string
 	var contentType string
 	var headersToSign []string
+	tmpHeadersToSign := make(map[string][]string)
 	for k, v := range req.Header {
 		k = strings.ToLower(k)
 		switch k {
@@ -62,15 +63,24 @@ func sign(AccessKey, SecretKey string, req *http.Request) {
 			contentType = v[0]
 		default:
 			if strings.HasPrefix(k, "x-amz-") {
-				vall := strings.Join(v, ",")
-				headersToSign = append(headersToSign, k+":"+vall)
+				tmpHeadersToSign[k] = v
 			}
 		}
 	}
+	var keys []string
+	for k := range tmpHeadersToSign {
+		keys = append(keys, k)
+	}
+	// https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
+	sort.Strings(keys)
+
+	for _, key := range keys {
+		vall := strings.Join(tmpHeadersToSign[key], ",")
+		headersToSign = append(headersToSign, key+":"+vall)
+	}
 	// Make headers of interest into canonical string
 	var joinedHeadersToSign string
 	if len(headersToSign) > 0 {
-		sort.StringSlice(headersToSign).Sort()
 		joinedHeadersToSign = strings.Join(headersToSign, "\n") + "\n"
 	}