Exemplo n.º 1
0
func sign(auth *aws.Auth, method, path string, params map[string]string, host string) {
	accessKey, secretKey, token := auth.Credentials()
	params["AWSAccessKeyId"] = accessKey
	params["SignatureVersion"] = "2"
	params["SignatureMethod"] = "HmacSHA256"
	if token != "" {
		params["SecurityToken"] = token
	}

	// AWS specifies that the parameters in a signed request must
	// be provided in the natural order of the keys. This is distinct
	// from the natural order of the encoded value of key=value.
	// Percent and equals affect the sorting order.
	var keys, sarray []string
	for k, _ := range params {
		keys = append(keys, k)
	}
	sort.Strings(keys)
	for _, k := range keys {
		sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(params[k]))
	}
	joined := strings.Join(sarray, "&")
	payload := method + "\n" + host + "\n" + path + "\n" + joined
	hash := hmac.New(sha256.New, []byte(secretKey))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))

	params["Signature"] = string(signature)
}
Exemplo n.º 2
0
// Sign SES request as dictated by Amazon's Version 3 signature method.
func sign(auth *aws.Auth, method string, headers map[string][]string) string {
	accessKey, secretKey, _ := auth.Credentials()
	date := time.Now().UTC().Format(AMZ_DATE_STYLE)
	h := hmac.New(sha256.New, []byte(secretKey))
	h.Write([]byte(date))
	signature := base64.StdEncoding.EncodeToString(h.Sum(nil))
	authHeader := fmt.Sprintf("AWS3-HTTPS AWSAccessKeyId=%s, Algorithm=HmacSHA256, Signature=%s", accessKey, signature)
	headers["Date"] = []string{date}
	headers["X-Amzn-Authorization"] = []string{authHeader}
	return accessKey
}
Exemplo n.º 3
0
// ----------------------------------------------------------------------------
// Mechanical Turk signing (http://goo.gl/wrzfn)
func sign(auth *aws.Auth, service, method, timestamp string, params map[string]string) {
	accessKey, secretKey, _ := auth.Credentials()
	params["AWSAccessKeyId"] = accessKey

	payload := service + method + timestamp
	hash := hmac.New(sha1.New, []byte(secretKey))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))

	params["Signature"] = string(signature)
}
Exemplo n.º 4
0
func sign(auth *aws.Auth, method, path string, params url.Values, headers http.Header) {
	var host string
	for k, v := range headers {
		k = strings.ToLower(k)
		switch k {
		case "host":
			host = v[0]
		}
	}

	accessKey, secretKey, token := auth.Credentials()

	// set up some defaults used for signing the request
	params["AWSAccessKeyId"] = []string{accessKey}
	params["SignatureVersion"] = []string{"2"}
	params["SignatureMethod"] = []string{"HmacSHA256"}
	if token != "" {
		params["SecurityToken"] = []string{token}
	}

	// join up all the incoming params
	var sarray []string
	for k, v := range params {
		sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(v[0]))
	}
	sort.StringSlice(sarray).Sort()
	joined := strings.Join(sarray, "&")

	// create the payload, sign it and create the signature
	payload := strings.Join([]string{method, host, "/", joined}, "\n")
	hash := hmac.New(sha256.New, []byte(secretKey))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))

	// add the signature to the outgoing params
	params["Signature"] = []string{string(signature)}
}
Exemplo n.º 5
0
func sign(auth *aws.Auth, method, path string, params map[string]string, host string) {
	accessKey, secretKey, _ := auth.Credentials()
	params["AWSAccessKeyId"] = accessKey
	params["SignatureVersion"] = "2"
	params["SignatureMethod"] = "HmacSHA256"

	var keys, sarray []string
	for k := range params {
		keys = append(keys, k)
	}
	sort.Strings(keys)
	for _, k := range keys {
		sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(params[k]))
	}
	joined := strings.Join(sarray, "&")
	payload := method + "\n" + host + "\n" + path + "\n" + joined
	hash := hmac.New(sha256.New, []byte(secretKey))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))

	params["Signature"] = string(signature)
}
Exemplo n.º 6
0
func sign(auth *aws.Auth, method, path string, params map[string]string, host string) {
	accessKey, secretKey, token := auth.Credentials()
	params["AWSAccessKeyId"] = accessKey
	if token != "" {
		params["SecurityToken"] = token
	}
	params["SignatureVersion"] = "2"
	params["SignatureMethod"] = "HmacSHA256"

	var sarray []string
	for k, v := range params {
		sarray = append(sarray, aws.Encode(k)+"="+aws.Encode(v))
	}
	sort.StringSlice(sarray).Sort()
	joined := strings.Join(sarray, "&")
	payload := method + "\n" + host + "\n" + path + "\n" + joined
	hash := hmac.New(sha256.New, []byte(secretKey))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))

	params["Signature"] = string(signature)
}
Exemplo n.º 7
0
func sign(auth *aws.Auth, method, canonicalPath string, params, headers map[string][]string) {
	accessKey, secretKey, token := auth.Credentials()
	if token != "" {
		headers["X-Amz-Security-Token"] = []string{token}
	}

	var md5, ctype, date, xamz string
	var xamzDate bool
	var sarray keySortableTupleList
	for k, v := range headers {
		k = strings.ToLower(k)
		switch k {
		case "content-md5":
			md5 = v[0]
		case "content-type":
			ctype = v[0]
		case "date":
			if !xamzDate {
				date = v[0]
			}
		default:
			if strings.HasPrefix(k, "x-amz-") {
				vall := strings.Join(v, ",")
				sarray = append(sarray, keySortableTuple{k, k + ":" + vall})
				if k == "x-amz-date" {
					xamzDate = true
					date = ""
				}
			}
		}
	}
	if len(sarray) > 0 {
		sort.Sort(sarray)
		xamz = strings.Join(sarray.StringSlice(), "\n") + "\n"
	}

	expires := false
	if v, ok := params["Expires"]; ok {
		// Query string request authentication alternative.
		expires = true
		date = v[0]
		params["AWSAccessKeyId"] = []string{accessKey}
	}

	sarray = sarray[0:0]
	for k, v := range params {
		if s3ParamsToSign[k] {
			for _, vi := range v {
				if vi == "" {
					sarray = append(sarray, keySortableTuple{k, k})
				} else {
					// "When signing you do not encode these values."
					sarray = append(sarray, keySortableTuple{k, k + "=" + vi})
				}
			}
		}
	}
	if len(sarray) > 0 {
		sort.Sort(sarray)
		canonicalPath = canonicalPath + "?" + strings.Join(sarray.StringSlice(), "&")
	}

	payload := method + "\n" + md5 + "\n" + ctype + "\n" + date + "\n" + xamz + canonicalPath
	hash := hmac.New(sha1.New, []byte(secretKey))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))

	if expires {
		params["Signature"] = []string{string(signature)}
	} else {
		headers["Authorization"] = []string{"AWS " + accessKey + ":" + string(signature)}
	}
	if debug {
		log.Printf("Signature payload: %q", payload)
		log.Printf("Signature: %q", signature)
	}
}