sigv4

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package sigv4 implements request signing for the basic form AWS Signature Version 4.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type SignRequestInput

type SignRequestInput struct {
	// The input request, which will modified in-place during signing.
	Request *http.Request

	// The SHA256 hash of the input request body.
	//
	// This value is NOT required to sign the request, but it is recommended to
	// provide it (or provide a Body on the HTTP request that implements
	// io.Seeker such that the signer can calculate it for you). Many services
	// do not accept requests with unsigned payloads.
	//
	// If a value is not provided, and DisableImplicitPayloadHashing has not
	// been set on SignerOptions, the signer will attempt to derive the payload
	// hash itself. The request's Body MUST implement io.Seeker in order to do
	// this, if it does not, the magic value for unsigned payload is used. If
	// the body does implement io.Seeker, but a call to Seek returns an error,
	// the signer will forward that error.
	PayloadHash []byte

	// The identity used to sign the request.
	Credentials credentials.Credentials

	// The service and region for which this request is to be signed.
	//
	// The appropriate values for these fields are determined by the service
	// vendor.
	Service, Region string

	// Wall-clock time used for calculating the signature.
	//
	// If the zero-value is given (generally by the caller not setting it), the
	// signer will instead use the current system clock time for the signature.
	Time time.Time
}

SignRequestInput is the set of inputs for Sigv4 signing.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer signs requests with AWS Signature version 4.

func New

func New(opts ...v4.SignerOption) *Signer

New returns an instance of Signer with applied options.

func (*Signer) SignRequest

func (s *Signer) SignRequest(in *SignRequestInput, opts ...v4.SignerOption) error

SignRequest signs an HTTP request with AWS Signature Version 4, modifying the request in-place by adding the headers that constitute the signature.

SignRequest will modify the request by setting the following headers:

  • Host: required in general for HTTP/1.1 as well as for v4-signed requests
  • X-Amz-Date: required for v4-signed requests
  • X-Amz-Security-Token: required for v4-signed requests IF present on credentials used to sign, otherwise this header will not be set
  • Authorization: contains the v4 signature string

The request MUST have a Host value set at the time that this API is called, such that it can be included in the signature calculation. Standard library HTTP clients set this as a request header by default, meaning that a request signed without a Host value will end up transmitting with the Host header anyway, which will cause the request to be rejected by the service due to signature mismatch (the Host header is required to be signed with Sigv4).

Generally speaking, using http.NewRequest will ensure that request instances are sufficiently initialized to be used with this API, though it is not strictly required.

SignRequest may be called any number of times on an http.Request instance, the header values set as part of the signature will simply be overwritten with newer or re-calculated values (such as a new set of credentials with a new session token, which would in turn result in a different signature).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL