SigV4: Allow specifying Host header as config

org.eclipse.jgit.lfs.server/src/org/eclipse/jgit/lfs/server/s3/S3Config.java

@@ -16,6 +16,7 @@
  * @since 4.3
  */
 public class S3Config {
+	private final String signatureHostname;
 	private final String hostname;
 	private final String region;
 	private final String bucket;
@@ -30,6 +31,8 @@ public class S3Config {
 	 * Constructor for S3Config.
 	 * </p>
 	 *
+	 * @param signatureHostname
+	 *            Hostname to use for the SigV4 signature
 	 * @param hostname
 	 *            S3 API host
 	 * @param region
@@ -50,9 +53,10 @@ public class S3Config {
 	 *            verification
 	 * @since 5.8
 	 */
-	public S3Config(String hostname, String region, String bucket, String storageClass,
+	public S3Config(String signatureHostname, String hostname, String region, String bucket, String storageClass,
 			String accessKey, String secretKey, int expirationSeconds,
 			boolean disableSslVerify) {
+		this.signatureHostname = signatureHostname;
 		this.hostname = hostname;
 		this.region = region;
 		this.bucket = bucket;
@@ -63,6 +67,37 @@ public S3Config(String hostname, String region, String bucket, String storageCla
 		this.disableSslVerify = disableSslVerify;
 	}
 
+	/**
+	 * <p>
+	 * Constructor for S3Config.
+	 * </p>
+	 *
+	 * @param hostname
+	 *            S3 API host
+	 * @param region
+	 *            AWS region
+	 * @param bucket
+	 *            S3 storage bucket
+	 * @param storageClass
+	 *            S3 storage class
+	 * @param accessKey
+	 *            access key for authenticating to AWS
+	 * @param secretKey
+	 *            secret key for authenticating to AWS
+	 * @param expirationSeconds
+	 *            period in seconds after which requests signed for this bucket
+	 *            will expire
+	 * @param disableSslVerify
+	 *            if {@code true} disable Amazon server certificate and hostname
+	 *            verification
+	 * @since 5.8
+	 */
+	public S3Config(String hostname, String region, String bucket, String storageClass,
+			String accessKey, String secretKey, int expirationSeconds,
+			boolean disableSslVerify) {
+		this(hostname, hostname, region, bucket, storageClass, accessKey, secretKey, expirationSeconds, disableSslVerify);
+	}
+
 	/**
 	 * <p>Constructor for S3Config.</p>
 	 *
@@ -91,6 +126,16 @@ public S3Config(String region, String bucket, String storageClass,
 				disableSslVerify);
 	}
 
+	/**
+	 * Get the <code>hostname</code>.
+	 *
+	 * @return Get the hostname to use for SigV4 signature calculation
+	 * @since 5.8
+	 */
+	public String getSignatureHostname() {
+		return signatureHostname;
+	}
+
 	/**
 	 * Get the <code>hostname</code>.
 	 *

org.eclipse.jgit.lfs.server/src/org/eclipse/jgit/lfs/server/s3/SignerV4.java

@@ -13,6 +13,8 @@
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.eclipse.jgit.util.HttpSupport.HDR_AUTHORIZATION;
 
+import com.google.common.base.Strings;
+
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
 import java.net.URLEncoder;
@@ -92,7 +94,12 @@ class SignerV4 {
 	static String createAuthorizationQuery(S3Config bucketConfig, URL url,
 			String httpMethod, Map<String, String> headers,
 			Map<String, String> queryParameters, String bodyHash) {
-		addHostHeader(url, headers);
+
+		if (!Strings.isNullOrEmpty(bucketConfig.getSignatureHostname())) {
+			headers.put("Host", bucketConfig.getSignatureHostname()); //$NON-NLS-1$
+		} else {
+			addHostHeader(url, headers);
+		}
 
 		queryParameters.put(X_AMZ_ALGORITHM, SCHEME + "-" + ALGORITHM); //$NON-NLS-1$
 
@@ -161,7 +168,12 @@ private static void appendQuery(StringBuilder s, String key,
 	static Map<String, String> createHeaderAuthorization(
 			S3Config bucketConfig, URL url, String httpMethod,
 			Map<String, String> headers, String bodyHash) {
-		addHostHeader(url, headers);
+
+		if (!Strings.isNullOrEmpty(bucketConfig.getSignatureHostname())) {
+			headers.put("Host", bucketConfig.getSignatureHostname()); //$NON-NLS-1$
+		} else {
+			addHostHeader(url, headers);
+		}
 
 		Date now = new Date();
 		String dateTimeStamp = dateTimeStampISO8601(now);