Documentation
¶
Index ¶
- func BuildAuthorizationHeader(request *http.Request, body io.ReadSeeker, signedHeadersString string, ...) string
- func CreateSignFunction(privateKey crypto.PrivateKey, certificate x509.Certificate, ...) func(*request.Request)
- func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string
- func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error)
- func ReadPrivateKeyData(privateKeyId string) (crypto.PrivateKey, error)
- type CertificateData
- type CredentialProcessOutput
- type CredentialsOpts
- type RequestHeaderOpts
- type RequestOpts
- type RequestQueryStringOpts
- type RolesAnywhereSigner
- type Signer
- type SignerParams
- type SigningOpts
- type SigningResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildAuthorizationHeader ¶
func BuildAuthorizationHeader(request *http.Request, body io.ReadSeeker, signedHeadersString string, signature string, certificate x509.Certificate, signerParams SignerParams) string
Builds the complete authorization header
func CreateSignFunction ¶
func CreateSignFunction(privateKey crypto.PrivateKey, certificate x509.Certificate, certificateChain []x509.Certificate) func(*request.Request)
Create a function that will sign requests, given the signing certificate, optional certificate chain, and the private key
func CreateStringToSign ¶
func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string
Create the string to sign.
func ReadCertificateBundleData ¶
func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error)
Reads certificate bundle data from a file, whose path is provided
func ReadPrivateKeyData ¶
func ReadPrivateKeyData(privateKeyId string) (crypto.PrivateKey, error)
Load the private key referenced by `privateKeyId`.
Types ¶
type CertificateData ¶
type CertificateData struct {
// Type for the key contained in the certificate.
// Passed back to the `sign-string` command
KeyType string `json:"keyType"`
// Certificate, as base64-encoded DER; used in the `x-amz-x509`
// header in the API request.
CertificateData string `json:"certificateData"`
// Serial number of the certificate. Used in the credential
// field of the Authorization header
SerialNumber string `json:"serialNumber"`
// Supported signing algorithms based on the KeyType
Algorithms []string `json:"supportedAlgorithms"`
}
Container for certificate data returned to the SDK as JSON.
func ReadCertificateData ¶
func ReadCertificateData(certificateId string) (CertificateData, error)
Load the certificate referenced by `certificateId` and extract details required by the SDK to construct the StringToSign.
type CredentialProcessOutput ¶
type CredentialProcessOutput struct {
// This field should be hard-coded to 1 for now.
Version int `json:"Version"`
// AWS Access Key ID
AccessKeyId string `json:"AccessKeyId"`
// AWS Secret Access Key
SecretAccessKey string `json:"SecretAccessKey"`
// AWS Session Token for temporary credentials
SessionToken string `json:"SessionToken"`
// ISO8601 timestamp for when the credentials expire
Expiration string `json:"Expiration"`
}
Container that adheres to the format of credential_process output as specified by AWS.
func GenerateCredentials ¶
func GenerateCredentials(opts *CredentialsOpts) (CredentialProcessOutput, error)
Function to create session and generate credentials
type CredentialsOpts ¶
type RequestHeaderOpts ¶
type RequestHeaderOpts struct {
// Certificate, as base64-encoded DER; used in the `x-amz-x509`
// header in the API request.
CertificateData string
}
type RequestOpts ¶
type RequestOpts struct {
// ARN of the Role to assume in the CreateSession call.
RoleArn string
// ARN of the Configuration to use in the CreateSession call.
ConfigurationArn string
// Certificate, as base64-encoded DER; used in the `x-amz-x509`
// header in the API request.
CertificateData string
// Duration of the session that will be returned by CreateSession.
DurationSeconds int
}
Container for data that will be sent in a request to CreateSession.
type RequestQueryStringOpts ¶
type RolesAnywhereSigner ¶
type RolesAnywhereSigner struct {
PrivateKey crypto.PrivateKey
Certificate x509.Certificate
CertificateChain []x509.Certificate
}
func (RolesAnywhereSigner) SignWithCurrTime ¶
func (v4x509 RolesAnywhereSigner) SignWithCurrTime(req *request.Request) error
Sign the request using the current time
type SignerParams ¶
type SignerParams struct {
OverriddenDate time.Time
RegionName string
ServiceName string
SigningAlgorithm string
}
func (*SignerParams) GetFormattedShortSigningDateTime ¶
func (signerParams *SignerParams) GetFormattedShortSigningDateTime() string
Obtain the short date-time, formatted as specified by SigV4
func (*SignerParams) GetFormattedSigningDateTime ¶
func (signerParams *SignerParams) GetFormattedSigningDateTime() string
Obtain the date-time, formatted as specified by SigV4
func (*SignerParams) GetScope ¶
func (signerParams *SignerParams) GetScope() string
Obtain the scope as part of the SigV4-X509 signature
type SigningOpts ¶
type SigningOpts struct {
// Private key to use for the signing operation.
PrivateKey crypto.PrivateKey
// Digest to use in the signing operation. For example, SHA256
Digest crypto.Hash
}
type SigningResult ¶
type SigningResult struct {
// Signature encoded in hex.
Signature string `json:"signature"`
}
Container for data returned after performing a signing operation.
func Sign ¶
func Sign(payload []byte, opts SigningOpts) (SigningResult, error)
Sign the provided payload with the specified options.
Source Files
Click to show internal directories.
Click to hide internal directories.