v4

package
v1.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// EmptyStringSHA256 is the hex encoded sha256 value of an empty string
	EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`

	// UnsignedPayload indicates that the request payload body is unsigned
	UnsignedPayload = "UNSIGNED-PAYLOAD"

	// AmzAlgorithmKey indicates the signing algorithm
	AmzAlgorithmKey = "X-Amz-Algorithm"

	// AmzSecurityTokenKey indicates the security token to be used with temporary credentials
	AmzSecurityTokenKey = "X-Amz-Security-Token"

	// AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z'
	AmzDateKey = "X-Amz-Date"

	// AmzCredentialKey is the access key ID and credential scope
	AmzCredentialKey = "X-Amz-Credential"

	// AmzSignedHeadersKey is the set of headers signed for the request
	AmzSignedHeadersKey = "X-Amz-SignedHeaders"

	// AmzSignatureKey is the query parameter to store the SigV4 signature
	AmzSignatureKey = "X-Amz-Signature"

	// TimeFormat is the time format to be used in the X-Amz-Date header or query parameter
	TimeFormat = "20060102T150405Z"

	// ShortTimeFormat is the shorten time format used in the credential scope
	ShortTimeFormat = "20060102"

	// ContentSHAKey is the SHA256 of request body
	ContentSHAKey = "X-Amz-Content-Sha256"

	// StreamingEventsPayload indicates that the request payload body is a signed event stream.
	StreamingEventsPayload = "STREAMING-AWS4-HMAC-SHA256-EVENTS"
)

Signature Version 4 (SigV4) Constants

Variables

View Source 
var AllowedQueryHoisting = InclusiveRules{
	ExcludeList{RequiredSignedHeaders},
	Patterns{"X-Amz-"},
}

AllowedQueryHoisting is a allowed list for Build query headers. The boolean value represents whether or not it is a pattern.

View Source 
var IgnoredHeaders = Rules{
	ExcludeList{
		MapRule{
			"Authorization":   struct{}{},
			"User-Agent":      struct{}{},
			"X-Amzn-Trace-Id": struct{}{},
			"Expect":          struct{}{},
		},
	},
}

IgnoredHeaders is a list of headers that are ignored during signing

View Source 
var RequiredSignedHeaders = Rules{
	AllowList{
		MapRule{
			"Cache-Control":                         struct{}{},
			"Content-Disposition":                   struct{}{},
			"Content-Encoding":                      struct{}{},
			"Content-Language":                      struct{}{},
			"Content-Md5":                           struct{}{},
			"Content-Type":                          struct{}{},
			"Expires":                               struct{}{},
			"If-Match":                              struct{}{},
			"If-Modified-Since":                     struct{}{},
			"If-None-Match":                         struct{}{},
			"If-Unmodified-Since":                   struct{}{},
			"Range":                                 struct{}{},
			"X-Amz-Acl":                             struct{}{},
			"X-Amz-Copy-Source":                     struct{}{},
			"X-Amz-Copy-Source-If-Match":            struct{}{},
			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
			"X-Amz-Copy-Source-Range":               struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
			"X-Amz-Expected-Bucket-Owner":                                 struct{}{},
			"X-Amz-Grant-Full-control":                                    struct{}{},
			"X-Amz-Grant-Read":                                            struct{}{},
			"X-Amz-Grant-Read-Acp":                                        struct{}{},
			"X-Amz-Grant-Write":                                           struct{}{},
			"X-Amz-Grant-Write-Acp":                                       struct{}{},
			"X-Amz-Metadata-Directive":                                    struct{}{},
			"X-Amz-Mfa":                                                   struct{}{},
			"X-Amz-Request-Payer":                                         struct{}{},
			"X-Amz-Server-Side-Encryption":                                struct{}{},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
			"X-Amz-Server-Side-Encryption-Context":                        struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
			"X-Amz-Storage-Class":                                         struct{}{},
			"X-Amz-Website-Redirect-Location":                             struct{}{},
			"X-Amz-Content-Sha256":                                        struct{}{},
			"X-Amz-Tagging":                                               struct{}{},
		},
	},
	Patterns{"X-Amz-Object-Lock-"},
	Patterns{"X-Amz-Meta-"},
}

RequiredSignedHeaders is a allow list for Build canonical headers.

Functions

func BuildCredentialScope added in v1.11.0 

func BuildCredentialScope(signingTime SigningTime, region, service string) string

BuildCredentialScope builds the Signature Version 4 (SigV4) signing scope

func GetURIPath 

func GetURIPath(u *url.URL) string

GetURIPath returns the escaped URI component from the provided URL.

func HMACSHA256 added in v0.25.0 

func HMACSHA256(key []byte, data []byte) []byte

HMACSHA256 computes a HMAC-SHA256 of data given the provided key.

func SanitizeHostForHeader added in v0.25.0 

func SanitizeHostForHeader(r *http.Request)

SanitizeHostForHeader removes default port from host and updates request.Host

func StripExcessSpaces 

func StripExcessSpaces(str string) string

StripExcessSpaces will rewrite the passed in slice's string values to not contain multiple side-by-side spaces.

Types

type AllowList added in v1.7.0 

type AllowList struct {
	Rule
}

AllowList is a generic Rule for include listing

func (AllowList) IsValid added in v1.7.0 

func (w AllowList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type ExcludeList added in v1.7.0 

type ExcludeList struct {
	Rule
}

ExcludeList is a generic Rule for exclude listing

func (ExcludeList) IsValid added in v1.7.0 

func (b ExcludeList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type InclusiveRules 

type InclusiveRules []Rule

InclusiveRules rules allow for rules to depend on one another

func (InclusiveRules) IsValid 

func (r InclusiveRules) IsValid(value string) bool

IsValid will return true if all rules are true

type MapRule 

type MapRule map[string]struct{}

MapRule generic Rule for maps

func (MapRule) IsValid 

func (m MapRule) IsValid(value string) bool

IsValid for the map Rule satisfies whether it exists in the map

type Patterns 

type Patterns []string

Patterns is a list of strings to match against

func (Patterns) IsValid 

func (p Patterns) IsValid(value string) bool

IsValid for Patterns checks each pattern and returns if a match has been found

type Rule 

type Rule interface {
	IsValid(value string) bool
}

Rule interface allows for more flexible rules and just simply checks whether or not a value adheres to that Rule

type Rules 

type Rules []Rule

Rules houses a set of Rule needed for validation of a string value

func (Rules) IsValid 

func (r Rules) IsValid(value string) bool

IsValid will iterate through all rules and see if any rules apply to the value and supports nested rules

type SigningKeyDeriver added in v0.25.0 

type SigningKeyDeriver struct {
	// contains filtered or unexported fields
}

SigningKeyDeriver derives a signing key from a set of credentials

func NewSigningKeyDeriver added in v0.25.0 

func NewSigningKeyDeriver() *SigningKeyDeriver

NewSigningKeyDeriver returns a new SigningKeyDeriver

func (*SigningKeyDeriver) DeriveKey added in v0.25.0 

func (k *SigningKeyDeriver) DeriveKey(credential aws.Credentials, service, region string, signingTime SigningTime) []byte

DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.

type SigningTime added in v0.25.0 

type SigningTime struct {
	time.Time
	// contains filtered or unexported fields
}

SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing.

func NewSigningTime added in v0.25.0 

func NewSigningTime(t time.Time) SigningTime

NewSigningTime creates a new SigningTime given a time.Time

func (*SigningTime) ShortTimeFormat added in v0.25.0 

func (m *SigningTime) ShortTimeFormat() string

ShortTimeFormat provides a time formatted of 20060102.

func (*SigningTime) TimeFormat added in v0.25.0 

func (m *SigningTime) TimeFormat() string

TimeFormat provides a time formatted in the X-Amz-Date format.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.