Documentation ¶
Overview ¶
Package cmd This file implements helper functions to validate Streaming AWS Signature Version '4' authorization header.
Index ¶
- Constants
- Variables
- func EncodePath(pathName string) string
- func Equal(sig1, sig2 []byte) bool
- func IsAWSSignedRequest(req *http.Request) bool
- func NewSha265Reader(src io.ReadCloser, sha256Hex string) (io.ReadCloser, error)
- func V4Verify(auth V4Auth, credentials *model.Credential, r *http.Request) error
- type Sha256Reader
- type SigAuthenticator
- type SigContext
- type V2SigAuthenticator
- type V4Auth
- type V4Authenticator
Constants ¶
View Source
const ( V4authHeaderName = "Authorization" V4authHeaderPrefix = "AWS4-HMAC-SHA256" AmzDecodedContentLength = "X-Amz-Decoded-Content-Length" )
View Source
const (
SlashSeparator = "/"
)
Streaming AWS Signature Version '4' constants.
Variables ¶
View Source
var ( V4AuthHeaderRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<AccessKeyId>.{3,20})/(?P<Date>\d{8})/(?P<Region>[\w\-]+)/(?P<Service>[\w\-]+)/aws4_request,\s*SignedHeaders=(?P<SignatureHeaders>[\w\-\;]+),\s*Signature=(?P<Signature>[abcdef0123456789]{64})`) V4CredentialScopeRegexp = regexp.MustCompile(`(?P<AccessKeyId>.{3,20})/(?P<Date>\d{8})/(?P<Region>[\w\-]+)/(?P<Service>[\w\-]+)/aws4_request`) )
View Source
var ( ErrInvalidByte = errors.New("invalid byte in chunk length") ErrChunkTooLarge = errors.New("http chunk length too large") )
View Source
var (
ErrHeaderMalformed = errors.New("header malformed")
)
View Source
var (
V2AuthHeaderRegexp = regexp.MustCompile(`AWS (?P<AccessKeyId>.{3,20}):(?P<Signature>[A-Za-z0-9+/=]+)`)
)
Functions ¶
func EncodePath ¶
taken from https://github.com/minio/minio-go/blob/master/pkg/s3utils/utils.go
- MinIO Go Library for Amazon S3 Compatible Cloud Storage
- Copyright 2015-2017 MinIO, Inc. *
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
EncodePath encode the strings from UTF-8 byte representations to HTML hex escape sequences This is necessary since regular url.Parse() and url.Encode() functions do not support UTF-8 non english characters cannot be parsed due to the nature in which url.Encode() is written This function on the other hand is a direct replacement for url.Encode() technique to support pretty much every UTF-8 character.
func IsAWSSignedRequest ¶ added in v0.48.0
func NewSha265Reader ¶
func NewSha265Reader(src io.ReadCloser, sha256Hex string) (io.ReadCloser, error)
Types ¶
type Sha256Reader ¶
type Sha256Reader struct {
// contains filtered or unexported fields
}
func (*Sha256Reader) Close ¶
func (r *Sha256Reader) Close() error
func (*Sha256Reader) Verify ¶
func (r *Sha256Reader) Verify() error
type SigAuthenticator ¶
type SigAuthenticator interface { Parse() (SigContext, error) Verify(*model.Credential, string) error }
func ChainedAuthenticator ¶
func ChainedAuthenticator(methods ...SigAuthenticator) SigAuthenticator
func NewV4Authenticator ¶
func NewV4Authenticator(r *http.Request) SigAuthenticator
type SigContext ¶
type SigContext interface {
GetAccessKeyID() string
}
type V2SigAuthenticator ¶
type V2SigAuthenticator struct {
// contains filtered or unexported fields
}
func NewV2SigAuthenticator ¶
func NewV2SigAuthenticator(r *http.Request) *V2SigAuthenticator
func (*V2SigAuthenticator) Parse ¶
func (a *V2SigAuthenticator) Parse() (SigContext, error)
func (*V2SigAuthenticator) String ¶
func (a *V2SigAuthenticator) String() string
func (*V2SigAuthenticator) Verify ¶
func (a *V2SigAuthenticator) Verify(creds *model.Credential, bareDomain string) error
type V4Auth ¶
type V4Auth struct { AccessKeyID string Date string Region string Service string SignedHeaders []string SignedHeadersString string Signature string }
func (V4Auth) GetAccessKeyID ¶
type V4Authenticator ¶
type V4Authenticator struct {
// contains filtered or unexported fields
}
func (*V4Authenticator) Parse ¶
func (a *V4Authenticator) Parse() (SigContext, error)
func (*V4Authenticator) String ¶
func (a *V4Authenticator) String() string
func (*V4Authenticator) Verify ¶
func (a *V4Authenticator) Verify(creds *model.Credential, _ string) error
Click to show internal directories.
Click to hide internal directories.