v4a

package

v0.32.5 Latest Latest Go to latest Published: Feb 4, 2025 License: AGPL-3.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.frostfs.info/TrueCloudLab/frostfs-s3-gw

Documentation ¶

Index ¶

Constants
type Credentials
- func (v Credentials) Expired() bool
- func (v Credentials) HasKeys() bool
type CredentialsProvider
type EventStreamSigner
type Signer
- func NewSigner(optFns ...func(*SignerOptions)) *Signer
type SignerOptions
type StreamSigner
- func NewStreamSigner(credentials Credentials, service string, seedSignature []byte, ...) *StreamSigner
- func (s *StreamSigner) VerifySignature(headers, payload []byte, signingTime time.Time, signature []byte, ...) error
- func (s *StreamSigner) VerifyTrailerSignature(payload []byte, signingTime time.Time, signature []byte) error
type StreamSignerOptions
type SymmetricCredentialAdaptor
- func (s *SymmetricCredentialAdaptor) Retrieve(ctx context.Context) (aws.Credentials, error)
- func (s *SymmetricCredentialAdaptor) RetrievePrivateKey(ctx context.Context) (Credentials, error)

Constants ¶

View Source

const (
	// AmzRegionSetKey represents the region set header used for sigv4a
	AmzRegionSetKey = "X-Amz-Region-Set"

	// EmptyStringSHA256 is a hex encoded SHA-256 hash of an empty string
	EmptyStringSHA256 = v4Internal.EmptyStringSHA256

	// Version of signing v4a
	Version = "SigV4A"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Credentials ¶

type Credentials struct {
	Context      string
	PrivateKey   *ecdsa.PrivateKey
	SessionToken string

	// Time the credentials will expire.
	CanExpire bool
	Expires   time.Time
}

Credentials is Context, ECDSA, and Optional Session Token that can be used to sign requests using SigV4a

func (Credentials) Expired ¶

func (v Credentials) Expired() bool

Expired returns if the credentials have expired.

func (Credentials) HasKeys ¶

func (v Credentials) HasKeys() bool

HasKeys returns if the credentials keys are set.

type CredentialsProvider ¶

type CredentialsProvider interface {
	RetrievePrivateKey(context.Context) (Credentials, error)
}

CredentialsProvider is the interface for a provider to retrieve credentials to sign requests with.

type EventStreamSigner ¶

type EventStreamSigner interface {
	GetSignature(ctx context.Context, headers, payload []byte, signingTime time.Time, optFns ...func(*StreamSignerOptions)) ([]byte, error)
}

EventStreamSigner is an AWS EventStream protocol signer.

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a SigV4a HTTP signing implementation

func (*Signer) PresignHTTP ¶

func (s *Signer) PresignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) (signedURI string, signedHeaders http.Header, err error)

PresignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and presigns using SigV4a Returns the presigned URL along with the headers that were signed with the request.

PresignHTTP will not set the expires time of the presigned request automatically. To specify the expire duration for a request add the "X-Amz-Expires" query parameter on the request with the value as the duration in seconds the presigned URL should be considered valid for. This parameter is not used by all AWS services, and is most notable used by Amazon S3 APIs.

func (*Signer) SignHTTP ¶

func (s *Signer) SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error

SignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and signs using SigV4a. The passed in request will be modified in place.

func (*Signer) VerifyPresigned ¶

func (s *Signer) VerifyPresigned(credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, signature string, optFns ...func(*SignerOptions)) error

VerifyPresigned checks sigv4a.

func (*Signer) VerifySignature ¶

func (s *Signer) VerifySignature(credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, signature string, optFns ...func(*SignerOptions)) error

VerifySignature checks sigv4a.

type SignerOptions ¶

type SignerOptions struct {
	Logger     *zap.Logger
	LogSigning bool

	// Disables the Signer's moving HTTP header key/value pairs from the HTTP
	// request header to the request's query string. This is most commonly used
	// with pre-signed requests preventing headers from being added to the
	// request's query string.
	DisableHeaderHoisting bool

	// Disables the automatic escaping of the URI path of the request for the
	// siganture's canonical string's path. For services that do not need additional
	// escaping then use this to disable the signer escaping the path.
	//
	// S3 is an example of a service that does not need additional escaping.
	//
	// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
	DisableURIPathEscaping bool
}

SignerOptions is the SigV4a signing options for constructing a Signer.

type StreamSigner ¶

type StreamSigner struct {
	// contains filtered or unexported fields
}

StreamSigner implements Signature Version 4 (SigV4) signing of event stream encoded payloads.

func NewStreamSigner ¶

func NewStreamSigner(credentials Credentials, service string, seedSignature []byte, optFns ...func(*StreamSignerOptions)) *StreamSigner

NewStreamSigner returns a new AWS EventStream protocol signer.

func (*StreamSigner) VerifySignature ¶

func (s *StreamSigner) VerifySignature(headers, payload []byte, signingTime time.Time, signature []byte, optFns ...func(*StreamSignerOptions)) error

func (*StreamSigner) VerifyTrailerSignature ¶ added in v0.32.5

func (s *StreamSigner) VerifyTrailerSignature(payload []byte, signingTime time.Time, signature []byte) error

type StreamSignerOptions ¶

type StreamSignerOptions struct{}

StreamSignerOptions is the configuration options for StreamSigner.

type SymmetricCredentialAdaptor ¶

type SymmetricCredentialAdaptor struct {
	SymmetricProvider aws.CredentialsProvider
	// contains filtered or unexported fields
}

SymmetricCredentialAdaptor wraps a SigV4 AccessKey/SecretKey provider and adapts the credentials to a ECDSA PrivateKey for signing with SiV4a

func (*SymmetricCredentialAdaptor) Retrieve ¶

func (s *SymmetricCredentialAdaptor) Retrieve(ctx context.Context) (aws.Credentials, error)

Retrieve retrieves symmetric credentials from the underlying provider.

func (*SymmetricCredentialAdaptor) RetrievePrivateKey ¶

func (s *SymmetricCredentialAdaptor) RetrievePrivateKey(ctx context.Context) (Credentials, error)

RetrievePrivateKey returns credentials suitable for SigV4a signing

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
crypto
v4

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL