Skip to content

HDDS-10633. Support Content-MD5 header for checking object integrity when uploading object #9612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hevinhsu wants to merge 10 commits into
base: master
Choose a base branch
from
Open

HDDS-10633. Support Content-MD5 header for checking object integrity when uploading object #9612

hevinhsu wants to merge 10 commits into from

Conversation

@hevinhsu
Copy link
Contributor

@hevinhsu hevinhsu commented Jan 9, 2026

What changes were proposed in this pull request?

Add support for the Content-MD5 header to verify object integrity during object uploads.

Please describe your PR in detail:

  • Validate the Content-MD5 header using pre-commit hooks before the key is committed.
  • Add unit tests, integration tests, and end-to-end tests covering:
    • PUT object with Content-MD5
    • Multipart upload with Content-MD5
  • Add no-argument constructors to KeyDataStreamOutput to simplify unit test setup.

What is the link to the Apache JIRA?

https://issues.apache.org/jira/browse/HDDS-10633

How was this patch tested?

https://github.com/hevinhsu/ozone/actions/runs/20842334193

@ivandika3 ivandika3 added the s3 S3 Gateway label Jan 12, 2026
@ivandika3 ivandika3 self-requested a review January 12, 2026 01:42
@jojochuang
Copy link
Contributor

jojochuang commented Jan 13, 2026

Note:
https://docs.aws.amazon.com/AmazonS3/latest/API/API_Object.html

The ETag may or may not be an MD5 digest of the object data.

@hevinhsu
Copy link
Contributor Author

hevinhsu commented Jan 14, 2026

Thanks @jojochuang for pointing this out.

I agree that the final ETag may not always be an MD5 (especially for multipart or encrypted objects). However, this patch focuses on in-transit integrity checking via the Content-MD5 header.

During the upload, S3G calculates the MD5 of the incoming data stream to verify it against the client-provided Content-MD5. This verification happens before the object is committed. The document you shared refers to the ETag's behavior after the commit, which is independent of the Content-MD5 validation logic at the ingestion stage. Therefore, the ETag's final format does not affect this check.

@hevinhsu
Merge remote-tracking branch 'origin/master' into HDDS-10633
395292f 
# Conflicts:
#	hadoop-ozone/integration-test-s3/src/test/java/org/apache/hadoop/ozone/s3/awssdk/v2/AbstractS3SDKV2Tests.java
#	hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/ObjectEndpoint.java
ivandika3
ivandika3 reviewed Jan 17, 2026
View reviewed changes
Copy link
Contributor

@ivandika3 ivandika3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @hevinhsu for the patch and the extensive tests. Overall LGTM. Just left a few comments.

@ivandika3
Copy link
Contributor

ivandika3 commented Jan 17, 2026

The ETag may or may not be an MD5 digest of the object data.

Yes, ETag can technically be any hash that based on the object data so it doesn't need to be MD5. Moreover, object uploaded using multipart upload ETag is a hash of all the ETag of all the parts with the "-<num_parts>" prefix, see S3MultipartUploadCompleteRequest#multipartUploadedKeyHash.

If we decide in the future to change ETag to not be md5 hash, then we need to setup a new MD5 MessageDigest. However, since ETag is currently already using MD5, we can piggy back that.

@hevinhsu
Copy link
Contributor Author

hevinhsu commented Jan 21, 2026

Thanks @ivandika3 for the reviews.

I’ve fixed the merge-related issue you pointed out and addressed the nits, including renaming eTag to md5Hash.

I agree with the rename. As you pointed out, ETag is not guaranteed to be an MD5 hash (especially for multipart uploads), so using md5Hash avoids conflating ETag semantics with an MD5 digest.

ivandika3
ivandika3 reviewed Jan 21, 2026
View reviewed changes
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/ObjectEndpoint.java
Comment on lines +475 to +478
String md5Hash = keyDetails.getMetadata().get(OzoneConsts.ETAG);
if (md5Hash != null) {
responseBuilder.header(HttpHeaders.ETAG, wrapInQuotes(md5Hash));
String partsCount = extractPartsCount(md5Hash);
Copy link
Contributor

@ivandika3 ivandika3 Jan 21, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: This should still be ETag since we are actually getting the key ETag which may not be MD5. We should only use md5Hash if we are actually calculating MD5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ivandika3 ivandika3 ivandika3 left review comments

@peterxcli peterxcli Awaiting requested review from peterxcli

@chungen0126 chungen0126 Awaiting requested review from chungen0126

Assignees

No one assigned

Labels

s3 S3 Gateway

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hevinhsu @jojochuang @ivandika3