Documentation ¶
Index ¶
- Constants
- Variables
- func BuildCredentialScope(signingTime SigningTime, region, service string) string
- func GetURIPath(u *url.URL) string
- func HMACSHA256(key []byte, data []byte) []byte
- func SanitizeHostForHeader(r *http.Request)
- func StripExcessSpaces(str string) string
- type AllowList
- type ExcludeList
- type InclusiveRules
- type MapRule
- type Patterns
- type Rule
- type Rules
- type SigningKeyDeriver
- type SigningTime
Constants ¶
const ( // EmptyStringSHA256 is the hex encoded sha256 value of an empty string EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` // UnsignedPayload indicates that the request payload body is unsigned UnsignedPayload = "UNSIGNED-PAYLOAD" // AmzAlgorithmKey indicates the signing algorithm AmzAlgorithmKey = "X-Amz-Algorithm" // AmzSecurityTokenKey indicates the security token to be used with temporary credentials AmzSecurityTokenKey = "X-Amz-Security-Token" // AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z' AmzDateKey = "X-Amz-Date" // AmzCredentialKey is the access key ID and credential scope AmzCredentialKey = "X-Amz-Credential" // AmzSignedHeadersKey is the set of headers signed for the request AmzSignedHeadersKey = "X-Amz-SignedHeaders" // AmzSignatureKey is the query parameter to store the SigV4 signature AmzSignatureKey = "X-Amz-Signature" // TimeFormat is the time format to be used in the X-Amz-Date header or query parameter TimeFormat = "20060102T150405Z" // ShortTimeFormat is the shorten time format used in the credential scope ShortTimeFormat = "20060102" // ContentSHAKey is the SHA256 of request body ContentSHAKey = "X-Amz-Content-Sha256" // StreamingEventsPayload indicates that the request payload body is a signed event stream. StreamingEventsPayload = "STREAMING-AWS4-HMAC-SHA256-EVENTS" )
Signature Version 4 (SigV4) Constants
Variables ¶
var AllowedQueryHoisting = InclusiveRules{ ExcludeList{RequiredSignedHeaders}, Patterns{"X-Amz-"}, }
AllowedQueryHoisting is a allowed list for Build query headers. The boolean value represents whether or not it is a pattern.
var IgnoredHeaders = Rules{ ExcludeList{ MapRule{ "Authorization": struct{}{}, "User-Agent": struct{}{}, "X-Amzn-Trace-Id": struct{}{}, "Expect": struct{}{}, }, }, }
IgnoredHeaders is a list of headers that are ignored during signing
var RequiredSignedHeaders = Rules{ AllowList{ MapRule{ "Cache-Control": struct{}{}, "Content-Disposition": struct{}{}, "Content-Encoding": struct{}{}, "Content-Language": struct{}{}, "Content-Md5": struct{}{}, "Content-Type": struct{}{}, "Expires": struct{}{}, "If-Match": struct{}{}, "If-Modified-Since": struct{}{}, "If-None-Match": struct{}{}, "If-Unmodified-Since": struct{}{}, "Range": struct{}{}, "X-Amz-Acl": struct{}{}, "X-Amz-Copy-Source": struct{}{}, "X-Amz-Copy-Source-If-Match": struct{}{}, "X-Amz-Copy-Source-If-Modified-Since": struct{}{}, "X-Amz-Copy-Source-If-None-Match": struct{}{}, "X-Amz-Copy-Source-If-Unmodified-Since": struct{}{}, "X-Amz-Copy-Source-Range": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, "X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{}, "X-Amz-Grant-Write": struct{}{}, "X-Amz-Grant-Write-Acp": struct{}{}, "X-Amz-Metadata-Directive": struct{}{}, "X-Amz-Mfa": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, "X-Amz-Server-Side-Encryption-Context": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, "X-Amz-Storage-Class": struct{}{}, "X-Amz-Website-Redirect-Location": struct{}{}, "X-Amz-Content-Sha256": struct{}{}, "X-Amz-Tagging": struct{}{}, }, }, Patterns{"X-Amz-Object-Lock-"}, Patterns{"X-Amz-Meta-"}, }
RequiredSignedHeaders is a allow list for Build canonical headers.
Functions ¶
func BuildCredentialScope ¶ added in v1.11.0
func BuildCredentialScope(signingTime SigningTime, region, service string) string
BuildCredentialScope builds the Signature Version 4 (SigV4) signing scope
func GetURIPath ¶
GetURIPath returns the escaped URI component from the provided URL.
func HMACSHA256 ¶ added in v0.25.0
HMACSHA256 computes a HMAC-SHA256 of data given the provided key.
func SanitizeHostForHeader ¶ added in v0.25.0
SanitizeHostForHeader removes default port from host and updates request.Host
func StripExcessSpaces ¶
StripExcessSpaces will rewrite the passed in slice's string values to not contain multiple side-by-side spaces.
Types ¶
type AllowList ¶ added in v1.7.0
type AllowList struct {
Rule
}
AllowList is a generic Rule for include listing
type ExcludeList ¶ added in v1.7.0
type ExcludeList struct {
Rule
}
ExcludeList is a generic Rule for exclude listing
func (ExcludeList) IsValid ¶ added in v1.7.0
func (b ExcludeList) IsValid(value string) bool
IsValid for AllowList checks if the value is within the AllowList
type InclusiveRules ¶
type InclusiveRules []Rule
InclusiveRules rules allow for rules to depend on one another
func (InclusiveRules) IsValid ¶
func (r InclusiveRules) IsValid(value string) bool
IsValid will return true if all rules are true
type Rule ¶
Rule interface allows for more flexible rules and just simply checks whether or not a value adheres to that Rule
type SigningKeyDeriver ¶ added in v0.25.0
type SigningKeyDeriver struct {
// contains filtered or unexported fields
}
SigningKeyDeriver derives a signing key from a set of credentials
func NewSigningKeyDeriver ¶ added in v0.25.0
func NewSigningKeyDeriver() *SigningKeyDeriver
NewSigningKeyDeriver returns a new SigningKeyDeriver
func (*SigningKeyDeriver) DeriveKey ¶ added in v0.25.0
func (k *SigningKeyDeriver) DeriveKey(credential aws.Credentials, service, region string, signingTime SigningTime) []byte
DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.
type SigningTime ¶ added in v0.25.0
SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing.
func NewSigningTime ¶ added in v0.25.0
func NewSigningTime(t time.Time) SigningTime
NewSigningTime creates a new SigningTime given a time.Time
func (*SigningTime) ShortTimeFormat ¶ added in v0.25.0
func (m *SigningTime) ShortTimeFormat() string
ShortTimeFormat provides a time formatted of 20060102.
func (*SigningTime) TimeFormat ¶ added in v0.25.0
func (m *SigningTime) TimeFormat() string
TimeFormat provides a time formatted in the X-Amz-Date format.