signed

package
v1.70.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2024 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Overview

Package signed provides verification of requests signed with AWS Signature Version 4 machinery. Signed requests enable the usage of non-public access grants while requesting an object.

The parsing part of the package (parseSigningInfo and child types/functions) used MinIO's parsing code [0] as an edge-case reference.

The verification/re-signing part of the package (VerifySigningInfo and child types/functions) strictly follows Signature Version 4 signing process [1].

Some parts of the signing process are tuned specifically for linksharing. For example, we always assume an empty request body as we only allow HEAD and GET requests.

[0]:

[1]:

Index

Constants

This section is empty.

Variables

View Source
var ErrMissingAuthorizationHeader = errs.New("missing Authorization header")

ErrMissingAuthorizationHeader indicates that the Authorization header for a particular request was not found. It's used to differentiate between signed requests that have invalid signing info and unsigned requests trying to use non-public access grant.

Functions

func VerifySigningInfo

func VerifySigningInfo(r *http.Request, secretAccessKey string, currentTime time.Time, validityTolerance time.Duration) error

VerifySigningInfo reports whether r's signature is valid and constructed with secretAccessKey. The function additionally performs signature time validity check using currentTime as the current time. Signature time skewed backward or onwards up to validityTolerance will be tolerated.

TODO(artur): add fuzz test for VerifySigningInfo vide https://pkg.go.dev/testing@master#hdr-Fuzzing.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL