aws_signing_helper

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2023 License: Apache-2.0 Imports: 34 Imported by: 6

Documentation

Index

Constants

View Source 
const AwsSharedCredentialsFileEnvVarName = "AWS_SHARED_CREDENTIALS_FILE"
View Source 
const DEFAULT_TOKEN_TTL_SECONDS = "21600"
View Source 
const DefaultPort = 9911
View Source 
const EC2_METADATA_TOKEN_HEADER = "x-aws-ec2-metadata-token"
View Source 
const EC2_METADATA_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds"
View Source 
const LocalHostAddress = "127.0.0.1"
View Source 
const MAX_TOKENS = 256
View Source 
const REFRESHABLE_CRED_CODE = "Success"
View Source 
const REFRESHABLE_CRED_TYPE = "AWS-HMAC"
View Source 
const SECURITY_CREDENTIALS_RESOURCE_PATH = "/latest/meta-data/iam/security-credentials/"
View Source 
const TOKEN_RESOURCE_PATH = "/latest/api/token"
View Source 
const UpdateRefreshTime = time.Minute * time.Duration(5)
View Source 
const X_FORWARDED_FOR_HEADER = "X-Forwarded-For"

Variables

View Source 
var RefreshTime = time.Minute * time.Duration(5)

Functions

func AllIssuesHandlers added in v1.0.3 

func AllIssuesHandlers(cred *RefreshableCred, roleName string, opts *CredentialsOpts) (http.HandlerFunc, http.HandlerFunc, http.HandlerFunc)

func BuildAuthorizationHeader 

func BuildAuthorizationHeader(request *http.Request, body io.ReadSeeker, signedHeadersString string, signature string, certificate x509.Certificate, signerParams SignerParams) string

Builds the complete authorization header

func CheckValidToken added in v1.0.3 

func CheckValidToken(w http.ResponseWriter, r *http.Request) error

Helper function that checks to see whether the token provided in the request is valid

func CreateSignFunction 

func CreateSignFunction(privateKey crypto.PrivateKey, certificate x509.Certificate, certificateChain []x509.Certificate) func(*request.Request)

Create a function that will sign requests, given the signing certificate, optional certificate chain, and the private key

func CreateStringToSign 

func CreateStringToSign(canonicalRequest string, signerParams SignerParams) string

Create the string to sign.

func FindTokenTTLSeconds added in v1.0.4 

func FindTokenTTLSeconds(r *http.Request) (string, error)

Helper function that finds a token's TTL in seconds

func GenerateToken added in v1.0.3 

func GenerateToken(length int) (string, error)

Generates a random string with the specified length

func GetCredentialsFileContents added in v1.0.3 

func GetCredentialsFileContents() ([]string, error)

Assume that the credentials file is located in the default path: `~/.aws/credentials`

func GetWriteOnlyCredentialsFile added in v1.0.3 

func GetWriteOnlyCredentialsFile() (*os.File, error)

Assume that the credentials file exists already and open it for write operations

func InsertToken added in v1.0.3 

func InsertToken(token string, expirationTime time.Time) error

Removes the token that expires the earliest

func ReadCertificateBundleData 

func ReadCertificateBundleData(certificateBundleId string) ([]*x509.Certificate, error)

Reads certificate bundle data from a file, whose path is provided

func ReadPrivateKeyData 

func ReadPrivateKeyData(privateKeyId string) (crypto.PrivateKey, error)

Load the private key referenced by `privateKeyId`.

func Serve added in v1.0.3 

func Serve(port int, credentialsOptions CredentialsOpts)

func Update added in v1.0.3 

func Update(credentialsOptions CredentialsOpts, profile string, once bool)

Updates credentials in the credentials file for the specified profile

func WriteTo added in v1.0.3 

func WriteTo(profileName string, writeLines []string, cred *TemporaryCredential) error

Function to write existing credentials and newly-created credentials to a destination file

Types

type CertificateData 

type CertificateData struct {
	// Type for the key contained in the certificate.
	// Passed back to the `sign-string` command
	KeyType string `json:"keyType"`
	// Certificate, as base64-encoded DER; used in the `x-amz-x509`
	// header in the API request.
	CertificateData string `json:"certificateData"`
	// Serial number of the certificate. Used in the credential
	// field of the Authorization header
	SerialNumber string `json:"serialNumber"`
	// Supported signing algorithms based on the KeyType
	Algorithms []string `json:"supportedAlgorithms"`
}

Container for certificate data returned to the SDK as JSON.

func ReadCertificateData 

func ReadCertificateData(certificateId string) (CertificateData, error)

Load the certificate referenced by `certificateId` and extract details required by the SDK to construct the StringToSign.

type CredentialProcessOutput 

type CredentialProcessOutput struct {
	// This field should be hard-coded to 1 for now.
	Version int `json:"Version"`
	// AWS Access Key ID
	AccessKeyId string `json:"AccessKeyId"`
	// AWS Secret Access Key
	SecretAccessKey string `json:"SecretAccessKey"`
	// AWS Session Token for temporary credentials
	SessionToken string `json:"SessionToken"`
	// ISO8601 timestamp for when the credentials expire
	Expiration string `json:"Expiration"`
}

Container that adheres to the format of credential_process output as specified by AWS.

func GenerateCredentials 

func GenerateCredentials(opts *CredentialsOpts) (CredentialProcessOutput, error)

Function to create session and generate credentials

type CredentialsOpts 

type CredentialsOpts struct {
	PrivateKeyId        string
	CertificateId       string
	CertificateBundleId string
	RoleArn             string
	ProfileArnStr       string
	TrustAnchorArnStr   string
	SessionDuration     int
	Region              string
	Endpoint            string
	NoVerifySSL         bool
	WithProxy           bool
	Debug               bool
	Version             string
}

type Endpoint added in v1.0.3 

type Endpoint struct {
	PortNum int
	Server  *http.Server
	TmpCred RefreshableCred
}

type RefreshableCred added in v1.0.3 

type RefreshableCred struct {
	AccessKeyId     string
	SecretAccessKey string
	Token           string
	Code            string
	Type            string
	Expiration      time.Time
	LastUpdated     time.Time
}

type RequestHeaderOpts 

type RequestHeaderOpts struct {
	// Certificate, as base64-encoded DER; used in the `x-amz-x509`
	// header in the API request.
	CertificateData string
}

type RequestOpts 

type RequestOpts struct {
	// ARN of the Role to assume in the CreateSession call.
	RoleArn string
	// ARN of the Configuration to use in the CreateSession call.
	ConfigurationArn string
	// Certificate, as base64-encoded DER; used in the `x-amz-x509`
	// header in the API request.
	CertificateData string
	// Duration of the session that will be returned by CreateSession.
	DurationSeconds int
}

Container for data that will be sent in a request to CreateSession.

type RequestQueryStringOpts 

type RequestQueryStringOpts struct {
	// ARN of the Role to assume in the CreateSession call.
	RoleArn string
	// ARN of the Configuration to use in the CreateSession call.
	ConfigurationArn string
}

type RolesAnywhereSigner 

type RolesAnywhereSigner struct {
	PrivateKey       crypto.PrivateKey
	Certificate      x509.Certificate
	CertificateChain []x509.Certificate
}

func (RolesAnywhereSigner) SignWithCurrTime 

func (v4x509 RolesAnywhereSigner) SignWithCurrTime(req *request.Request) error

Sign the request using the current time

type SessionToken added in v1.0.3 

type SessionToken struct {
	Expiration time.Time
}

type SignerParams 

type SignerParams struct {
	OverriddenDate   time.Time
	RegionName       string
	ServiceName      string
	SigningAlgorithm string
}

func (*SignerParams) GetFormattedShortSigningDateTime 

func (signerParams *SignerParams) GetFormattedShortSigningDateTime() string

Obtain the short date-time, formatted as specified by SigV4

func (*SignerParams) GetFormattedSigningDateTime 

func (signerParams *SignerParams) GetFormattedSigningDateTime() string

Obtain the date-time, formatted as specified by SigV4

func (*SignerParams) GetScope 

func (signerParams *SignerParams) GetScope() string

Obtain the scope as part of the SigV4-X509 signature

type SigningOpts 

type SigningOpts struct {
	// Private key to use for the signing operation.
	PrivateKey crypto.PrivateKey
	// Digest to use in the signing operation. For example, SHA256
	Digest crypto.Hash
}

type SigningResult 

type SigningResult struct {
	// Signature encoded in hex.
	Signature string `json:"signature"`
}

Container for data returned after performing a signing operation.

func Sign 

func Sign(payload []byte, opts SigningOpts) (SigningResult, error)

Sign the provided payload with the specified options.

type TemporaryCredential added in v1.0.3 

type TemporaryCredential struct {
	AccessKeyId     string
	SecretAccessKey string
	SessionToken    string
	Expiration      time.Time
}

Structure to contain a temporary credential

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.