v4

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EmptyStringSHA256 is the hex encoded sha256 value of an empty string
	EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`

	// UnsignedPayload indicates that the request payload body is unsigned
	UnsignedPayload = "UNSIGNED-PAYLOAD"

	// AmzAlgorithmKey indicates the signing algorithm
	AmzAlgorithmKey = "X-Amz-Algorithm"

	// AmzSecurityTokenKey indicates the security token to be used with temporary credentials
	AmzSecurityTokenKey = "X-Amz-Security-Token"

	// AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z'
	AmzDateKey = "X-Amz-Date"

	// AmzCredentialKey is the access key ID and credential scope
	AmzCredentialKey = "X-Amz-Credential"

	// AmzSignedHeadersKey is the set of headers signed for the request
	AmzSignedHeadersKey = "X-Amz-SignedHeaders"

	// AmzSignatureKey is the query parameter to store the SigV4 signature
	AmzSignatureKey = "X-Amz-Signature"

	// TimeFormat is the time format to be used in the X-Amz-Date header or query parameter
	TimeFormat = "20060102T150405Z"

	// ShortTimeFormat is the shorten time format used in the credential scope
	ShortTimeFormat = "20060102"

	// ContentSHAKey is the SHA256 of request body
	ContentSHAKey = "X-Amz-Content-Sha256"

	// StreamingEventsPayload indicates that the request payload body is a signed event stream.
	StreamingEventsPayload = "STREAMING-AWS4-HMAC-SHA256-EVENTS"
)

Signature Version 4 (SigV4) Constants

Variables

View Source
var AllowedQueryHoisting = InclusiveRules{
	ExcludeList{RequiredSignedHeaders},
	Patterns{"X-Amz-"},
}

AllowedQueryHoisting is a allowed list for Build query headers. The boolean value represents whether or not it is a pattern.

View Source
var IgnoredHeaders = Rules{
	ExcludeList{
		MapRule{
			"Authorization":   struct{}{},
			"User-Agent":      struct{}{},
			"X-Amzn-Trace-Id": struct{}{},
			"Expect":          struct{}{},
		},
	},
}

IgnoredHeaders is a list of headers that are ignored during signing

View Source
var RequiredSignedHeaders = Rules{
	AllowList{
		MapRule{
			"Cache-Control":                         struct{}{},
			"Content-Disposition":                   struct{}{},
			"Content-Encoding":                      struct{}{},
			"Content-Language":                      struct{}{},
			"Content-Md5":                           struct{}{},
			"Content-Type":                          struct{}{},
			"Expires":                               struct{}{},
			"If-Match":                              struct{}{},
			"If-Modified-Since":                     struct{}{},
			"If-None-Match":                         struct{}{},
			"If-Unmodified-Since":                   struct{}{},
			"Range":                                 struct{}{},
			"X-Amz-Acl":                             struct{}{},
			"X-Amz-Copy-Source":                     struct{}{},
			"X-Amz-Copy-Source-If-Match":            struct{}{},
			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
			"X-Amz-Copy-Source-Range":               struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
			"X-Amz-Grant-Full-control":                                    struct{}{},
			"X-Amz-Grant-Read":                                            struct{}{},
			"X-Amz-Grant-Read-Acp":                                        struct{}{},
			"X-Amz-Grant-Write":                                           struct{}{},
			"X-Amz-Grant-Write-Acp":                                       struct{}{},
			"X-Amz-Metadata-Directive":                                    struct{}{},
			"X-Amz-Mfa":                                                   struct{}{},
			"X-Amz-Request-Payer":                                         struct{}{},
			"X-Amz-Server-Side-Encryption":                                struct{}{},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
			"X-Amz-Storage-Class":                                         struct{}{},
			"X-Amz-Website-Redirect-Location":                             struct{}{},
			"X-Amz-Content-Sha256":                                        struct{}{},
			"X-Amz-Tagging":                                               struct{}{},
		},
	},
	Patterns{"X-Amz-Object-Lock-"},
	Patterns{"X-Amz-Meta-"},
}

RequiredSignedHeaders is a allow list for Build canonical headers.

Functions

func BuildCredentialScope

func BuildCredentialScope(signingTime SigningTime, region, service string) string

BuildCredentialScope builds the Signature Version 4 (SigV4) signing scope

func GetURIPath

func GetURIPath(u *url.URL) string

GetURIPath returns the escaped URI component from the provided URL.

func HMACSHA256

func HMACSHA256(key []byte, data []byte) []byte

HMACSHA256 computes a HMAC-SHA256 of data given the provided key.

func SanitizeHostForHeader

func SanitizeHostForHeader(r *http.Request)

SanitizeHostForHeader removes default port from host and updates request.Host

func StripExcessSpaces

func StripExcessSpaces(str string) string

StripExcessSpaces will rewrite the passed in slice's string values to not contain multiple side-by-side spaces.

Types

type AllowList

type AllowList struct {
	Rule
}

AllowList is a generic Rule for include listing

func (AllowList) IsValid

func (w AllowList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type ExcludeList

type ExcludeList struct {
	Rule
}

ExcludeList is a generic Rule for exclude listing

func (ExcludeList) IsValid

func (b ExcludeList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type InclusiveRules

type InclusiveRules []Rule

InclusiveRules rules allow for rules to depend on one another

func (InclusiveRules) IsValid

func (r InclusiveRules) IsValid(value string) bool

IsValid will return true if all rules are true

type MapRule

type MapRule map[string]struct{}

MapRule generic Rule for maps

func (MapRule) IsValid

func (m MapRule) IsValid(value string) bool

IsValid for the map Rule satisfies whether it exists in the map

type Patterns

type Patterns []string

Patterns is a list of strings to match against

func (Patterns) IsValid

func (p Patterns) IsValid(value string) bool

IsValid for Patterns checks each pattern and returns if a match has been found

type Rule

type Rule interface {
	IsValid(value string) bool
}

Rule interface allows for more flexible rules and just simply checks whether or not a value adheres to that Rule

type Rules

type Rules []Rule

Rules houses a set of Rule needed for validation of a string value

func (Rules) IsValid

func (r Rules) IsValid(value string) bool

IsValid will iterate through all rules and see if any rules apply to the value and supports nested rules

type SigningKeyDeriver

type SigningKeyDeriver struct {
	// contains filtered or unexported fields
}

SigningKeyDeriver derives a signing key from a set of credentials

func NewSigningKeyDeriver

func NewSigningKeyDeriver() *SigningKeyDeriver

NewSigningKeyDeriver returns a new SigningKeyDeriver

func (*SigningKeyDeriver) DeriveKey

func (k *SigningKeyDeriver) DeriveKey(credential aws.Credentials, service, region string, signingTime SigningTime) []byte

DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.

type SigningTime

type SigningTime struct {
	time.Time
	// contains filtered or unexported fields
}

SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing.

func NewSigningTime

func NewSigningTime(t time.Time) SigningTime

NewSigningTime creates a new SigningTime given a time.Time

func (*SigningTime) ShortTimeFormat

func (m *SigningTime) ShortTimeFormat() string

ShortTimeFormat provides a time formatted of 20060102.

func (*SigningTime) TimeFormat

func (m *SigningTime) TimeFormat() string

TimeFormat provides a time formatted in the X-Amz-Date format.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL