forked from TrueCloudLab/distribution
77e69b9cf3
Signed-off-by: Olivier Gambier <olivier@docker.com>
120 lines
3 KiB
Go
120 lines
3 KiB
Go
package s3
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha1"
|
|
"encoding/base64"
|
|
"github.com/docker/goamz/aws"
|
|
"log"
|
|
"sort"
|
|
"strings"
|
|
)
|
|
|
|
var b64 = base64.StdEncoding
|
|
|
|
// ----------------------------------------------------------------------------
|
|
// S3 signing (http://goo.gl/G1LrK)
|
|
|
|
var s3ParamsToSign = map[string]bool{
|
|
"acl": true,
|
|
"location": true,
|
|
"logging": true,
|
|
"notification": true,
|
|
"partNumber": true,
|
|
"policy": true,
|
|
"requestPayment": true,
|
|
"torrent": true,
|
|
"uploadId": true,
|
|
"uploads": true,
|
|
"versionId": true,
|
|
"versioning": true,
|
|
"versions": true,
|
|
"response-content-type": true,
|
|
"response-content-language": true,
|
|
"response-expires": true,
|
|
"response-cache-control": true,
|
|
"response-content-disposition": true,
|
|
"response-content-encoding": true,
|
|
"website": true,
|
|
"delete": true,
|
|
}
|
|
|
|
func sign(auth aws.Auth, method, canonicalPath string, params, headers map[string][]string) {
|
|
var md5, ctype, date, xamz string
|
|
var xamzDate bool
|
|
var keys, sarray []string
|
|
xheaders := make(map[string]string)
|
|
for k, v := range headers {
|
|
k = strings.ToLower(k)
|
|
switch k {
|
|
case "content-md5":
|
|
md5 = v[0]
|
|
case "content-type":
|
|
ctype = v[0]
|
|
case "date":
|
|
if !xamzDate {
|
|
date = v[0]
|
|
}
|
|
default:
|
|
if strings.HasPrefix(k, "x-amz-") {
|
|
keys = append(keys, k)
|
|
xheaders[k] = strings.Join(v, ",")
|
|
if k == "x-amz-date" {
|
|
xamzDate = true
|
|
date = ""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if len(keys) > 0 {
|
|
sort.StringSlice(keys).Sort()
|
|
for i := range keys {
|
|
key := keys[i]
|
|
value := xheaders[key]
|
|
sarray = append(sarray, key+":"+value)
|
|
}
|
|
xamz = strings.Join(sarray, "\n") + "\n"
|
|
}
|
|
|
|
expires := false
|
|
if v, ok := params["Expires"]; ok {
|
|
// Query string request authentication alternative.
|
|
expires = true
|
|
date = v[0]
|
|
params["AWSAccessKeyId"] = []string{auth.AccessKey}
|
|
}
|
|
|
|
sarray = sarray[0:0]
|
|
for k, v := range params {
|
|
if s3ParamsToSign[k] {
|
|
for _, vi := range v {
|
|
if vi == "" {
|
|
sarray = append(sarray, k)
|
|
} else {
|
|
// "When signing you do not encode these values."
|
|
sarray = append(sarray, k+"="+vi)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if len(sarray) > 0 {
|
|
sort.StringSlice(sarray).Sort()
|
|
canonicalPath = canonicalPath + "?" + strings.Join(sarray, "&")
|
|
}
|
|
|
|
payload := method + "\n" + md5 + "\n" + ctype + "\n" + date + "\n" + xamz + canonicalPath
|
|
hash := hmac.New(sha1.New, []byte(auth.SecretKey))
|
|
hash.Write([]byte(payload))
|
|
signature := make([]byte, b64.EncodedLen(hash.Size()))
|
|
b64.Encode(signature, hash.Sum(nil))
|
|
|
|
if expires {
|
|
params["Signature"] = []string{string(signature)}
|
|
} else {
|
|
headers["Authorization"] = []string{"AWS " + auth.AccessKey + ":" + string(signature)}
|
|
}
|
|
if debug {
|
|
log.Printf("Signature payload: %q", payload)
|
|
log.Printf("Signature: %q", signature)
|
|
}
|
|
}
|