CLDSRV-898: stop treating x-amz-checksum-algorithm/type as checksum digests

leif-scality · leif-scality · commit e468700e18a8 · 2026-05-22T14:56:29.000+02:00
diff --git a/lib/api/apiUtils/integrity/validateChecksums.js b/lib/api/apiUtils/integrity/validateChecksums.js
@@ -172,7 +172,12 @@ const algorithms = Object.freeze({
  *   null on success; otherwise a ChecksumError with details.
  */
 async function validateXAmzChecksums(headers, body) {
-    const checksumHeaders = Object.keys(headers).filter(header => header.startsWith('x-amz-checksum-'));
+    const checksumHeaders = Object.keys(headers).filter(
+        header =>
+            header.startsWith('x-amz-checksum-') &&
+            header !== 'x-amz-checksum-type' &&
+            header !== 'x-amz-checksum-algorithm',
+    );
     const xAmzChecksumCnt = checksumHeaders.length;
     if (xAmzChecksumCnt > 1) {
         return { error: ChecksumError.MultipleChecksumTypes, details: { algorithms: checksumHeaders } };
@@ -256,7 +261,12 @@ function getChecksumDataFromHeaders(headers) {
         return null;
     };
 
-    const checksumHeaders = Object.keys(headers).filter(header => header.startsWith('x-amz-checksum-'));
+    const checksumHeaders = Object.keys(headers).filter(
+        header =>
+            header.startsWith('x-amz-checksum-') &&
+            header !== 'x-amz-checksum-type' &&
+            header !== 'x-amz-checksum-algorithm',
+    );
     const xAmzChecksumCnt = checksumHeaders.length;
     if (xAmzChecksumCnt > 1) {
         return { error: ChecksumError.MultipleChecksumTypes, details: { algorithms: checksumHeaders } };
diff --git a/tests/unit/api/apiUtils/integrity/validateChecksums.js b/tests/unit/api/apiUtils/integrity/validateChecksums.js
@@ -234,6 +234,40 @@ describe('validateChecksumsNoChunking CRC32, CRC32C, SHA1, SHA256, CRC64NVME', (
         assert.deepStrictEqual(result.details.algorithms, ['x-amz-checksum-sha1', 'x-amz-checksum-sha256']);
     });
 
+    it('should ignore x-amz-checksum-algorithm alongside a valid x-amz-checksum-<algo> value', async () => {
+        const body = 'sha256 data';
+        const headers = {
+            'content-type': 'application/json',
+            'x-amz-checksum-algorithm': 'SHA256',
+            'x-amz-checksum-sha256': 'jS/UevcoKxbM33kmPFujS72ior/9/i374VmGvbTAwAc=',
+        };
+        const result = await validateChecksumsNoChunking(headers, body);
+        assert.ifError(result);
+    });
+
+    it('should ignore x-amz-checksum-type alongside a valid x-amz-checksum-<algo> value', async () => {
+        const body = 'sha256 data';
+        const headers = {
+            'content-type': 'application/json',
+            'x-amz-checksum-type': 'FULL_OBJECT',
+            'x-amz-checksum-sha256': 'jS/UevcoKxbM33kmPFujS72ior/9/i374VmGvbTAwAc=',
+        };
+        const result = await validateChecksumsNoChunking(headers, body);
+        assert.ifError(result);
+    });
+
+    it('should ignore both x-amz-checksum-algorithm and x-amz-checksum-type when combined with a value', async () => {
+        const body = 'sha256 data';
+        const headers = {
+            'content-type': 'application/json',
+            'x-amz-checksum-algorithm': 'SHA256',
+            'x-amz-checksum-type': 'FULL_OBJECT',
+            'x-amz-checksum-sha256': 'jS/UevcoKxbM33kmPFujS72ior/9/i374VmGvbTAwAc=',
+        };
+        const result = await validateChecksumsNoChunking(headers, body);
+        assert.ifError(result);
+    });
+
     for (const algo of algos) {
         it('should return error AlgoNotSupported if x-amz-sdk-checksum-algorithm algo not supported', async () => {
             const headers = {
@@ -591,6 +625,31 @@ describe('getChecksumDataFromHeaders', () => {
         assert.strictEqual(result.error, ChecksumError.MultipleChecksumTypes);
     });
 
+    it('should ignore x-amz-checksum-algorithm alongside a valid x-amz-checksum-<algo> value', () => {
+        const result = getChecksumDataFromHeaders({
+            'x-amz-checksum-algorithm': 'SHA256',
+            'x-amz-checksum-sha256': validDigests.sha256,
+        });
+        assert.deepStrictEqual(result, { algorithm: 'sha256', isTrailer: false, expected: validDigests.sha256 });
+    });
+
+    it('should ignore x-amz-checksum-type alongside a valid x-amz-checksum-<algo> value', () => {
+        const result = getChecksumDataFromHeaders({
+            'x-amz-checksum-type': 'FULL_OBJECT',
+            'x-amz-checksum-sha256': validDigests.sha256,
+        });
+        assert.deepStrictEqual(result, { algorithm: 'sha256', isTrailer: false, expected: validDigests.sha256 });
+    });
+
+    it('should ignore both x-amz-checksum-algorithm and x-amz-checksum-type when combined with a value', () => {
+        const result = getChecksumDataFromHeaders({
+            'x-amz-checksum-algorithm': 'SHA256',
+            'x-amz-checksum-type': 'FULL_OBJECT',
+            'x-amz-checksum-sha256': validDigests.sha256,
+        });
+        assert.deepStrictEqual(result, { algorithm: 'sha256', isTrailer: false, expected: validDigests.sha256 });
+    });
+
     it('should return MissingCorresponding when x-amz-sdk-checksum-algorithm has no x-amz-checksum- or trailer', () => {
         const result = getChecksumDataFromHeaders({ 'x-amz-sdk-checksum-algorithm': 'crc32' });
         assert.strictEqual(result.error, ChecksumError.MissingCorresponding);
