func sign(auth *aws.Auth, method, path string, params map[string]string, host string) {
accessKey, secretKey, token := auth.Credentials()
params["AWSAccessKeyId"] = accessKey
params["SignatureVersion"] = "2"
params["SignatureMethod"] = "HmacSHA256"
if token != "" {
params["SecurityToken"] = token
}
// AWS specifies that the parameters in a signed request must
// be provided in the natural order of the keys. This is distinct
// from the natural order of the encoded value of key=value.
// Percent and equals affect the sorting order.
var keys, sarray []string
for k, _ := range params {
keys = append(keys, k)
}
sort.Strings(keys)
for _, k := range keys {
sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(params[k]))
}
joined := strings.Join(sarray, "&")
payload := method + "\n" + host + "\n" + path + "\n" + joined
hash := hmac.New(sha256.New, []byte(secretKey))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
params["Signature"] = string(signature)
}
// Sign SES request as dictated by Amazon's Version 3 signature method.
func sign(auth *aws.Auth, method string, headers map[string][]string) string {
accessKey, secretKey, _ := auth.Credentials()
date := time.Now().UTC().Format(AMZ_DATE_STYLE)
h := hmac.New(sha256.New, []byte(secretKey))
h.Write([]byte(date))
signature := base64.StdEncoding.EncodeToString(h.Sum(nil))
authHeader := fmt.Sprintf("AWS3-HTTPS AWSAccessKeyId=%s, Algorithm=HmacSHA256, Signature=%s", accessKey, signature)
headers["Date"] = []string{date}
headers["X-Amzn-Authorization"] = []string{authHeader}
return accessKey
}
// ----------------------------------------------------------------------------
// Mechanical Turk signing (http://goo.gl/wrzfn)
func sign(auth *aws.Auth, service, method, timestamp string, params map[string]string) {
accessKey, secretKey, _ := auth.Credentials()
params["AWSAccessKeyId"] = accessKey
payload := service + method + timestamp
hash := hmac.New(sha1.New, []byte(secretKey))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
params["Signature"] = string(signature)
}
func sign(auth *aws.Auth, method, path string, params url.Values, headers http.Header) {
var host string
for k, v := range headers {
k = strings.ToLower(k)
switch k {
case "host":
host = v[0]
}
}
accessKey, secretKey, token := auth.Credentials()
// set up some defaults used for signing the request
params["AWSAccessKeyId"] = []string{accessKey}
params["SignatureVersion"] = []string{"2"}
params["SignatureMethod"] = []string{"HmacSHA256"}
if token != "" {
params["SecurityToken"] = []string{token}
}
// join up all the incoming params
var sarray []string
for k, v := range params {
sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(v[0]))
}
sort.StringSlice(sarray).Sort()
joined := strings.Join(sarray, "&")
// create the payload, sign it and create the signature
payload := strings.Join([]string{method, host, "/", joined}, "\n")
hash := hmac.New(sha256.New, []byte(secretKey))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
// add the signature to the outgoing params
params["Signature"] = []string{string(signature)}
}
func sign(auth *aws.Auth, method, path string, params map[string]string, host string) {
accessKey, secretKey, _ := auth.Credentials()
params["AWSAccessKeyId"] = accessKey
params["SignatureVersion"] = "2"
params["SignatureMethod"] = "HmacSHA256"
var keys, sarray []string
for k := range params {
keys = append(keys, k)
}
sort.Strings(keys)
for _, k := range keys {
sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(params[k]))
}
joined := strings.Join(sarray, "&")
payload := method + "\n" + host + "\n" + path + "\n" + joined
hash := hmac.New(sha256.New, []byte(secretKey))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
params["Signature"] = string(signature)
}
func sign(auth *aws.Auth, method, path string, params map[string]string, host string) {
accessKey, secretKey, token := auth.Credentials()
params["AWSAccessKeyId"] = accessKey
if token != "" {
params["SecurityToken"] = token
}
params["SignatureVersion"] = "2"
params["SignatureMethod"] = "HmacSHA256"
var sarray []string
for k, v := range params {
sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(v))
}
sort.StringSlice(sarray).Sort()
joined := strings.Join(sarray, "&")
payload := method + "\n" + host + "\n" + path + "\n" + joined
hash := hmac.New(sha256.New, []byte(secretKey))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
params["Signature"] = string(signature)
}
func sign(auth *aws.Auth, method, canonicalPath string, params, headers map[string][]string) {
accessKey, secretKey, token := auth.Credentials()
if token != "" {
headers["X-Amz-Security-Token"] = []string{token}
}
var md5, ctype, date, xamz string
var xamzDate bool
var sarray keySortableTupleList
for k, v := range headers {
k = strings.ToLower(k)
switch k {
case "content-md5":
md5 = v[0]
case "content-type":
ctype = v[0]
case "date":
if !xamzDate {
date = v[0]
}
default:
if strings.HasPrefix(k, "x-amz-") {
vall := strings.Join(v, ",")
sarray = append(sarray, keySortableTuple{k, k + ":" + vall})
if k == "x-amz-date" {
xamzDate = true
date = ""
}
}
}
}
if len(sarray) > 0 {
sort.Sort(sarray)
xamz = strings.Join(sarray.StringSlice(), "\n") + "\n"
}
expires := false
if v, ok := params["Expires"]; ok {
// Query string request authentication alternative.
expires = true
date = v[0]
params["AWSAccessKeyId"] = []string{accessKey}
}
sarray = sarray[0:0]
for k, v := range params {
if s3ParamsToSign[k] {
for _, vi := range v {
if vi == "" {
sarray = append(sarray, keySortableTuple{k, k})
} else {
// "When signing you do not encode these values."
sarray = append(sarray, keySortableTuple{k, k + "=" + vi})
}
}
}
}
if len(sarray) > 0 {
sort.Sort(sarray)
canonicalPath = canonicalPath + "?" + strings.Join(sarray.StringSlice(), "&")
}
payload := method + "\n" + md5 + "\n" + ctype + "\n" + date + "\n" + xamz + canonicalPath
hash := hmac.New(sha1.New, []byte(secretKey))
hash.Write([]byte(payload))
signature := make([]byte, b64.EncodedLen(hash.Size()))
b64.Encode(signature, hash.Sum(nil))
if expires {
params["Signature"] = []string{string(signature)}
} else {
headers["Authorization"] = []string{"AWS " + accessKey + ":" + string(signature)}
}
if debug {
log.Printf("Signature payload: %q", payload)
log.Printf("Signature: %q", signature)
}
}
