awssigner

package
v0.21.226 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2024 License: Apache-2.0, MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const AmzAlgorithmKey = "X-Amz-Algorithm"
View Source
const AmzCredentialKey = "X-Amz-Credential"

AmzCredentialKey is the access key ID and credential scope

View Source
const AmzDateKey = "X-Amz-Date"
View Source
const AmzSecurityTokenKey = "X-Amz-Security-Token"

AmzSecurityTokenKey indicates the security token to be used with temporary credentials

View Source
const AmzSignedHeadersKey = "X-Amz-SignedHeaders"

AmzSignedHeadersKey is the set of headers signed for the request

View Source
const AuthorizationHeader = "Authorization"
View Source
const ShortTimeFormat = "20060102"

ShortTimeFormat is the shorten time format used in the credential scope

View Source
const SigningAlgorithm = "AWS4-HMAC-SHA256"
View Source
const TimeFormat = "20060102T150405Z"

TimeFormat is the time format to be used in the X-Amz-Date header or query parameter

Variables

View Source
var AllowedQueryHoisting = InclusiveRules{
	DenyList{RequiredSignedHeaders},
	Patterns{"X-Amz-"},
}

AllowedQueryHoisting is a whitelist for Build query headers. The boolean value represents whether or not it is a pattern.

View Source
var IgnoredHeaders = Rules{
	ExcludeList{
		MapRule{
			"Authorization":   struct{}{},
			"User-Agent":      struct{}{},
			"X-Amzn-Trace-Id": struct{}{},
			"Expect":          struct{}{},
		},
	},
}
View Source
var RequiredSignedHeaders = Rules{
	AllowList{
		MapRule{
			"Cache-Control":                         struct{}{},
			"Content-Disposition":                   struct{}{},
			"Content-Encoding":                      struct{}{},
			"Content-Language":                      struct{}{},
			"Content-Md5":                           struct{}{},
			"Content-Type":                          struct{}{},
			"Expires":                               struct{}{},
			"If-Match":                              struct{}{},
			"If-Modified-Since":                     struct{}{},
			"If-None-Match":                         struct{}{},
			"If-Unmodified-Since":                   struct{}{},
			"Range":                                 struct{}{},
			"X-Amz-Acl":                             struct{}{},
			"X-Amz-Copy-Source":                     struct{}{},
			"X-Amz-Copy-Source-If-Match":            struct{}{},
			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
			"X-Amz-Copy-Source-Range":               struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
			"X-Amz-Grant-Full-control":                                    struct{}{},
			"X-Amz-Grant-Read":                                            struct{}{},
			"X-Amz-Grant-Read-Acp":                                        struct{}{},
			"X-Amz-Grant-Write":                                           struct{}{},
			"X-Amz-Grant-Write-Acp":                                       struct{}{},
			"X-Amz-Metadata-Directive":                                    struct{}{},
			"X-Amz-Mfa":                                                   struct{}{},
			"X-Amz-Request-Payer":                                         struct{}{},
			"X-Amz-Server-Side-Encryption":                                struct{}{},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
			"X-Amz-Storage-Class":                                         struct{}{},
			"X-Amz-Website-Redirect-Location":                             struct{}{},
			"X-Amz-Content-Sha256":                                        struct{}{},
			"X-Amz-Tagging":                                               struct{}{},
		},
	},
	Patterns{"X-Amz-Meta-"},
}

RequiredSignedHeaders is a whitelist for Build canonical headers.

Functions

func BuildCanonicalHeaders

func BuildCanonicalHeaders(host string, rule Rule, header http.Header, length int64) (signed http.Header, signedHeaders, canonicalHeadersStr string)

func BuildCredentialScope

func BuildCredentialScope(signingTime SigningTime, region, service string) string

BuildCredentialScope builds part of credential string to be used as X-Amz-Credential header or query parameter.

func EscapePath

func EscapePath(path string, encodeSep bool) string

EscapePath escapes part of a URL path in Amazon style.

func GetURIPath

func GetURIPath(u *url.URL) string

func HMACSHA256

func HMACSHA256(key []byte, data []byte) []byte

func HasPrefixFold

func HasPrefixFold(s, prefix string) bool

func InitializeEscape

func InitializeEscape()

func SanitizeHostForHeader

func SanitizeHostForHeader(r *http.Request)

SanitizeHostForHeader removes default port from host and updates request.Host

func StripExcessSpaces

func StripExcessSpaces(str string) string

Types

type AllowList

type AllowList struct {
	Rule
}

func (AllowList) IsValid

func (w AllowList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type Credentials

type Credentials struct {
	// AccessKeyID is AWS Access key ID
	AccessKeyID string

	// SecretAccessKey is AWS Secret Access Key
	SecretAccessKey string

	// SessionToken is AWS Session Token
	SessionToken string

	// Source of the AWS credentials
	Source string

	// CanExpire states if the AWS credentials can expire or not.
	CanExpire bool

	// Expires is the time the AWS credentials will expire at. Should be ignored if CanExpire is false.
	Expires time.Time
}

Credentials is the type to represent AWS credentials

type DenyList

type DenyList struct {
	Rule
}

DenyList is a generic Rule for blacklisting

func (DenyList) IsValid

func (b DenyList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type ExcludeList

type ExcludeList struct {
	Rule
}

func (ExcludeList) IsValid

func (b ExcludeList) IsValid(value string) bool

IsValid for ExcludeList checks if the value is not within the ExcludeList

type InclusiveRules

type InclusiveRules []Rule

InclusiveRules rules allow for rules to depend on one another

func (InclusiveRules) IsValid

func (r InclusiveRules) IsValid(value string) bool

IsValid will return true if all rules are true

type MapRule

type MapRule map[string]struct{}

MapRule generic Rule for maps

func (MapRule) IsValid

func (m MapRule) IsValid(value string) bool

IsValid for the MapRule satisfies whether it exists in the map

type Patterns

type Patterns []string

Patterns is a list of strings to match against

func (Patterns) IsValid

func (p Patterns) IsValid(value string) bool

IsValid for Patterns checks each pattern and returns if a match has been found

type Rule

type Rule interface {
	IsValid(value string) bool
}

type Rules

type Rules []Rule

func (Rules) IsValid

func (r Rules) IsValid(value string) bool

IsValid will iterate through all rules and see if any rules apply to the value and supports nested rules

type SigningKeyDeriver

type SigningKeyDeriver struct {
	// contains filtered or unexported fields
}

SigningKeyDeriver derives a signing key from a set of credentials

func NewSigningKeyDeriver

func NewSigningKeyDeriver() *SigningKeyDeriver

func (*SigningKeyDeriver) DeriveKey

func (k *SigningKeyDeriver) DeriveKey(credential Credentials, service, region string, signingTime SigningTime) []byte

DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.

type SigningTime

type SigningTime struct {
	time.Time
	// contains filtered or unexported fields
}

func NewSigningTime

func NewSigningTime(t time.Time) SigningTime

func (*SigningTime) ShortTimeFormat

func (m *SigningTime) ShortTimeFormat() string

ShortTimeFormat provides a time formatted of 20060102.

func (*SigningTime) TimeFormat

func (m *SigningTime) TimeFormat() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL