Documentation
¶
Index ¶
- Constants
- func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignHTTPRequestMiddleware) (err error)
- type Credentials
- type CredentialsAdapter
- type CredentialsProvider
- type CredentialsProviderAdapter
- type HTTPPresigner
- type HTTPSigner
- type PresignHTTPRequestMiddleware
- type PresignHTTPRequestMiddlewareOptions
- type SignHTTPRequestMiddleware
- type SignHTTPRequestMiddlewareOptions
- type Signer
- type SignerAdapter
- type SignerOptions
- type SigningError
- type SymmetricCredentialAdaptor
Constants ¶
const ( // AmzRegionSetKey represents the region set header used for sigv4a AmzRegionSetKey = "X-Amz-Region-Set" // EmptyStringSHA256 is a hex encoded SHA-256 hash of an empty string EmptyStringSHA256 = v4Internal.EmptyStringSHA256 // Version of signing v4a Version = "SigV4A" )
Variables ¶
This section is empty.
Functions ¶
func RegisterSigningMiddleware ¶
func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignHTTPRequestMiddleware) (err error)
RegisterSigningMiddleware registers the SigV4a signing middleware to the stack. If a signing middleware is already present, this provided middleware will be swapped. Otherwise the middleware will be added at the tail of the finalize step.
Types ¶
type Credentials ¶
type Credentials struct {
Context string
PrivateKey *ecdsa.PrivateKey
SessionToken string
// Time the credentials will expire.
CanExpire bool
Expires time.Time
}
Credentials is Context, ECDSA, and Optional Session Token that can be used to sign requests using SigV4a
func (Credentials) Expired ¶
func (v Credentials) Expired() bool
Expired returns if the credentials have expired.
func (Credentials) HasKeys ¶
func (v Credentials) HasKeys() bool
HasKeys returns if the credentials keys are set.
type CredentialsAdapter ¶ added in v1.2.3
type CredentialsAdapter struct {
Credentials Credentials
}
CredentialsAdapter adapts v4a.Credentials to smithy auth.Identity.
func (*CredentialsAdapter) Expiration ¶ added in v1.2.3
func (v *CredentialsAdapter) Expiration() time.Time
Expiration returns the time of expiration for the credentials.
type CredentialsProvider ¶
type CredentialsProvider interface {
RetrievePrivateKey(context.Context) (Credentials, error)
}
CredentialsProvider is the interface for a provider to retrieve credentials to sign requests with.
type CredentialsProviderAdapter ¶ added in v1.2.3
type CredentialsProviderAdapter struct {
Provider CredentialsProvider
}
CredentialsProviderAdapter adapts v4a.CredentialsProvider to auth.IdentityResolver.
func (*CredentialsProviderAdapter) GetIdentity ¶ added in v1.2.3
func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) ( auth.Identity, error, )
GetIdentity retrieves v4a credentials using the underlying provider.
type HTTPPresigner ¶
type HTTPPresigner interface {
PresignHTTP(
ctx context.Context, credentials Credentials, r *http.Request,
payloadHash string, service string, regionSet []string, signingTime time.Time,
optFns ...func(*SignerOptions),
) (url string, signedHeader http.Header, err error)
}
HTTPPresigner is an interface to a SigV4a signer that can sign create a presigned URL for a HTTP requests.
type HTTPSigner ¶
type HTTPSigner interface {
SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optfns ...func(*SignerOptions)) error
}
HTTPSigner is SigV4a HTTP signer implementation
type PresignHTTPRequestMiddleware ¶
type PresignHTTPRequestMiddleware struct {
// contains filtered or unexported fields
}
PresignHTTPRequestMiddleware provides the Finalize middleware for creating a presigned URL for an HTTP request.
Will short circuit the middleware stack and not forward onto the next Finalize handler.
func NewPresignHTTPRequestMiddleware ¶
func NewPresignHTTPRequestMiddleware(options PresignHTTPRequestMiddlewareOptions) *PresignHTTPRequestMiddleware
NewPresignHTTPRequestMiddleware returns a new PresignHTTPRequestMiddleware initialized with the presigner.
func (*PresignHTTPRequestMiddleware) HandleFinalize ¶
func (s *PresignHTTPRequestMiddleware) HandleFinalize( ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, ) ( out middleware.FinalizeOutput, metadata middleware.Metadata, err error, )
HandleFinalize will take the provided input and create a presigned url for the http request using the SigV4 presign authentication scheme.
func (*PresignHTTPRequestMiddleware) ID ¶
func (*PresignHTTPRequestMiddleware) ID() string
ID provides the middleware ID.
type PresignHTTPRequestMiddlewareOptions ¶
type PresignHTTPRequestMiddlewareOptions struct {
CredentialsProvider CredentialsProvider
Presigner HTTPPresigner
LogSigning bool
}
PresignHTTPRequestMiddlewareOptions is the options for the PresignHTTPRequestMiddleware middleware.
type SignHTTPRequestMiddleware ¶
type SignHTTPRequestMiddleware struct {
// contains filtered or unexported fields
}
SignHTTPRequestMiddleware is a middleware for signing an HTTP request using SigV4a.
func NewSignHTTPRequestMiddleware ¶
func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *SignHTTPRequestMiddleware
NewSignHTTPRequestMiddleware constructs a SignHTTPRequestMiddleware using the given SignHTTPRequestMiddlewareOptions.
func (*SignHTTPRequestMiddleware) HandleFinalize ¶
func (s *SignHTTPRequestMiddleware) HandleFinalize( ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, ) ( out middleware.FinalizeOutput, metadata middleware.Metadata, err error, )
HandleFinalize signs an HTTP request using SigV4a.
func (*SignHTTPRequestMiddleware) ID ¶
func (s *SignHTTPRequestMiddleware) ID() string
ID the middleware identifier.
type SignHTTPRequestMiddlewareOptions ¶
type SignHTTPRequestMiddlewareOptions struct {
Credentials CredentialsProvider
Signer HTTPSigner
LogSigning bool
}
SignHTTPRequestMiddlewareOptions is the middleware options for constructing a SignHTTPRequestMiddleware.
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer is a SigV4a HTTP signing implementation
func NewSigner ¶
func NewSigner(optFns ...func(*SignerOptions)) *Signer
NewSigner constructs a SigV4a Signer.
func (*Signer) PresignHTTP ¶
func (s *Signer) PresignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) (signedURI string, signedHeaders http.Header, err error)
PresignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and presigns using SigV4a Returns the presigned URL along with the headers that were signed with the request.
PresignHTTP will not set the expires time of the presigned request automatically. To specify the expire duration for a request add the "X-Amz-Expires" query parameter on the request with the value as the duration in seconds the presigned URL should be considered valid for. This parameter is not used by all AWS services, and is most notable used by Amazon S3 APIs.
func (*Signer) SignHTTP ¶
func (s *Signer) SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error
SignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and signs using SigV4a. The passed in request will be modified in place.
type SignerAdapter ¶ added in v1.2.3
type SignerAdapter struct {
Signer HTTPSigner
Logger logging.Logger
LogSigning bool
}
SignerAdapter adapts v4a.HTTPSigner to smithy http.Signer.
func (*SignerAdapter) SignRequest ¶ added in v1.2.3
func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error
SignRequest signs the request with the provided identity.
type SignerOptions ¶
type SignerOptions struct {
Logger logging.Logger
LogSigning bool
// Disables the Signer's moving HTTP header key/value pairs from the HTTP
// request header to the request's query string. This is most commonly used
// with pre-signed requests preventing headers from being added to the
// request's query string.
DisableHeaderHoisting bool
// Disables the automatic escaping of the URI path of the request for the
// siganture's canonical string's path. For services that do not need additional
// escaping then use this to disable the signer escaping the path.
//
// S3 is an example of a service that does not need additional escaping.
//
// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
DisableURIPathEscaping bool
}
SignerOptions is the SigV4a signing options for constructing a Signer.
type SigningError ¶
type SigningError struct {
Err error
}
SigningError indicates an error condition occurred while performing SigV4a signing
func (*SigningError) Error ¶
func (e *SigningError) Error() string
func (*SigningError) Unwrap ¶
func (e *SigningError) Unwrap() error
Unwrap returns the underlying error cause
type SymmetricCredentialAdaptor ¶
type SymmetricCredentialAdaptor struct {
SymmetricProvider aws.CredentialsProvider
// contains filtered or unexported fields
}
SymmetricCredentialAdaptor wraps a SigV4 AccessKey/SecretKey provider and adapts the credentials to a ECDSA PrivateKey for signing with SiV4a
func (*SymmetricCredentialAdaptor) Retrieve ¶
func (s *SymmetricCredentialAdaptor) Retrieve(ctx context.Context) (aws.Credentials, error)
Retrieve retrieves symmetric credentials from the underlying provider.
func (*SymmetricCredentialAdaptor) RetrievePrivateKey ¶
func (s *SymmetricCredentialAdaptor) RetrievePrivateKey(ctx context.Context) (Credentials, error)
RetrievePrivateKey returns credentials suitable for SigV4a signing
Source Files
Directories