sig

package
v0.1.7-test Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package cmd This file implements helper functions to validate Streaming AWS Signature Version '4' authorization header.

Index

Constants

View Source
const (
	V4authHeaderName        = "Authorization"
	V4authHeaderPrefix      = "AWS4-HMAC-SHA256"
	AmzDecodedContentLength = "X-Amz-Decoded-Content-Length"
)
View Source
const (
	SlashSeparator = "/"
)

Streaming AWS Signature Version '4' constants.

Variables

View Source
var (
	V4AuthHeaderRegexp      = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<AccessKeyId>.{3,20})/(?P<Date>\d{8})/(?P<Region>[\w\-]+)/(?P<Service>[\w\-]+)/aws4_request,\s*SignedHeaders=(?P<SignatureHeaders>[\w\-\;]+),\s*Signature=(?P<Signature>[abcdef0123456789]{64})`)
	V4CredentialScopeRegexp = regexp.MustCompile(`(?P<AccessKeyId>.{3,20})/(?P<Date>\d{8})/(?P<Region>[\w\-]+)/(?P<Service>[\w\-]+)/aws4_request`)
)
View Source
var (
	ErrInvalidByte   = errors.New("invalid byte in chunk length")
	ErrChunkTooLarge = errors.New("http chunk length too large")
)
View Source
var (
	ErrHeaderMalformed = errors.New("header malformed")
)
View Source
var (
	V2AuthHeaderRegexp = regexp.MustCompile(`AWS (?P<AccessKeyId>.{3,20}):(?P<Signature>[A-Za-z0-9+/=]+)`)
)

Functions

func EncodePath

func EncodePath(pathName string) string

taken from https://github.com/minio/minio-go/blob/master/pkg/s3utils/utils.go

  • MinIO Go Library for Amazon S3 Compatible Cloud Storage
  • Copyright 2015-2017 MinIO, Inc. *
  • Licensed under the Apache License, Version 2.0 (the "License");
  • you may not use this file except in compliance with the License.
  • You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

EncodePath encode the strings from UTF-8 byte representations to HTML hex escape sequences This is necessary since regular url.Parse() and url.Encode() functions do not support UTF-8 non english characters cannot be parsed due to the nature in which url.Encode() is written This function on the other hand is a direct replacement for url.Encode() technique to support pretty much every UTF-8 character.

func Equal

func Equal(sig1, sig2 []byte) bool

func IsAWSSignedRequest added in v0.48.0

func IsAWSSignedRequest(req *http.Request) bool

func NewSha265Reader

func NewSha265Reader(src io.ReadCloser, sha256Hex string) (io.ReadCloser, error)

func V4Verify

func V4Verify(auth V4Auth, credentials *model.Credential, r *http.Request) error

Types

type Sha256Reader

type Sha256Reader struct {
	// contains filtered or unexported fields
}

func (*Sha256Reader) Close

func (r *Sha256Reader) Close() error

func (*Sha256Reader) Read

func (r *Sha256Reader) Read(p []byte) (int, error)

func (*Sha256Reader) Verify

func (r *Sha256Reader) Verify() error

type SigAuthenticator

type SigAuthenticator interface {
	Parse() (SigContext, error)
	Verify(*model.Credential, string) error
}

func ChainedAuthenticator

func ChainedAuthenticator(methods ...SigAuthenticator) SigAuthenticator

func NewV4Authenticator

func NewV4Authenticator(r *http.Request) SigAuthenticator

type SigContext

type SigContext interface {
	GetAccessKeyID() string
}

type V2SigAuthenticator

type V2SigAuthenticator struct {
	// contains filtered or unexported fields
}

func NewV2SigAuthenticator

func NewV2SigAuthenticator(r *http.Request) *V2SigAuthenticator

func (*V2SigAuthenticator) Parse

func (a *V2SigAuthenticator) Parse() (SigContext, error)

func (*V2SigAuthenticator) String

func (a *V2SigAuthenticator) String() string

func (*V2SigAuthenticator) Verify

func (a *V2SigAuthenticator) Verify(creds *model.Credential, bareDomain string) error

type V4Auth

type V4Auth struct {
	AccessKeyID         string
	Date                string
	Region              string
	Service             string
	SignedHeaders       []string
	SignedHeadersString string
	Signature           string
}

func ParseV4AuthContext

func ParseV4AuthContext(r *http.Request) (V4Auth, error)

func (V4Auth) GetAccessKeyID

func (a V4Auth) GetAccessKeyID() string

type V4Authenticator

type V4Authenticator struct {
	// contains filtered or unexported fields
}

func (*V4Authenticator) Parse

func (a *V4Authenticator) Parse() (SigContext, error)

func (*V4Authenticator) String

func (a *V4Authenticator) String() string

func (*V4Authenticator) Verify

func (a *V4Authenticator) Verify(creds *model.Credential, _ string) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL