// StripAccessKeyID - strip only access key id from auth header func StripAccessKeyID(ah string) (string, error) { if ah == "" { return "", errors.New("Missing auth header") } authFields := strings.Split(strings.TrimSpace(ah), ",") if len(authFields) != 3 { return "", errors.New("Missing fields in Auth header") } authPrefixFields := strings.Fields(authFields[0]) if len(authPrefixFields) != 2 { return "", errors.New("Missing fields in Auth header") } if authPrefixFields[0] != authHeaderPrefix { return "", errors.New("Missing fields is Auth header") } credentials := strings.Split(strings.TrimSpace(authPrefixFields[1]), "=") if len(credentials) != 2 { return "", errors.New("Missing fields in Auth header") } if len(strings.Split(strings.TrimSpace(authFields[1]), "=")) != 2 { return "", errors.New("Missing fields in Auth header") } if len(strings.Split(strings.TrimSpace(authFields[2]), "=")) != 2 { return "", errors.New("Missing fields in Auth header") } accessKeyID := strings.Split(strings.TrimSpace(credentials[1]), "/")[0] if !auth.IsValidAccessKey(accessKeyID) { return "", errors.New("Invalid access key") } return accessKeyID, nil }
// initPresignedSignatureV4 initializing presigned signature verification func initPresignedSignatureV4(req *http.Request) (*donut.Signature, *probe.Error) { credentialElements := strings.Split(strings.TrimSpace(req.URL.Query().Get("X-Amz-Credential")), "/") if len(credentialElements) != 5 { return nil, probe.NewError(errCredentialTagMalformed) } accessKeyID := credentialElements[0] if !auth.IsValidAccessKey(accessKeyID) { return nil, probe.NewError(errAccessKeyIDInvalid) } authConfig, err := auth.LoadConfig() if err != nil { return nil, err.Trace() } signedHeaders := strings.Split(strings.TrimSpace(req.URL.Query().Get("X-Amz-SignedHeaders")), ";") signature := strings.TrimSpace(req.URL.Query().Get("X-Amz-Signature")) for _, user := range authConfig.Users { if user.AccessKeyID == accessKeyID { signature := &donut.Signature{ AccessKeyID: user.AccessKeyID, SecretAccessKey: user.SecretAccessKey, Signature: signature, SignedHeaders: signedHeaders, Presigned: true, Request: req, } return signature, nil } } return nil, probe.NewError(errAccessKeyIDInvalid) }
// stripAccessKeyID - strip only access key id from auth header func stripAccessKeyID(authHeaderValue string) (string, *probe.Error) { if err := isValidRegion(authHeaderValue); err != nil { return "", err.Trace() } credentialElements, err := getCredentialsFromAuth(authHeaderValue) if err != nil { return "", err.Trace() } accessKeyID := credentialElements[0] if !auth.IsValidAccessKey(accessKeyID) { return "", probe.NewError(errAccessKeyIDInvalid) } return accessKeyID, nil }
// strip auth from authorization header func stripAuth(r *http.Request) (*authHeader, error) { ah := r.Header.Get("Authorization") if ah == "" { return nil, errors.New("Missing auth header") } a := new(authHeader) authFields := strings.Split(ah, ",") if len(authFields) != 3 { return nil, errors.New("Missing fields in Auth header") } authPrefixFields := strings.Fields(authFields[0]) if len(authPrefixFields) != 2 { return nil, errors.New("Missing fields in Auth header") } if authPrefixFields[0] != authHeaderPrefix { return nil, errors.New("Missing fields is Auth header") } credentials := strings.Split(authPrefixFields[1], "=") if len(credentials) != 2 { return nil, errors.New("Missing fields in Auth header") } signedheaders := strings.Split(authFields[1], "=") if len(signedheaders) != 2 { return nil, errors.New("Missing fields in Auth header") } signature := strings.Split(authFields[2], "=") if len(signature) != 2 { return nil, errors.New("Missing fields in Auth header") } a.credential = credentials[1] a.signedheaders = signedheaders[1] a.signature = signature[1] a.accessKey = strings.Split(a.credential, "/")[0] if !auth.IsValidAccessKey(a.accessKey) { return nil, errors.New("Invalid access key") } return a, nil }