package awsauth import ( "encoding/base64" "net/http" "sort" "strconv" "strings" "time" ) func signatureS3(stringToSign string, keys Credentials) string { hashed := hmacSHA1([]byte(keys.SecretAccessKey), stringToSign) return base64.StdEncoding.EncodeToString(hashed) } func stringToSignS3(request *http.Request) string { str := request.Method + "\n" if request.Header.Get("Content-Md5") != "" { str += request.Header.Get("Content-Md5") } str += "\n" str += request.Header.Get("Content-Type") + "\n" if request.Header.Get("Date") != "" { str += request.Header.Get("Date") } else { str += timestampS3() } str += "\n" canonicalHeaders := canonicalAmzHeadersS3(request) if canonicalHeaders != "" { str += canonicalHeaders } str += canonicalResourceS3(request) return str } func stringToSignS3Url(method string, expire time.Time, path string) string { return method + "\n\n\n" + timeToUnixEpochString(expire) + "\n" + path } func timeToUnixEpochString(t time.Time) string { return strconv.FormatInt(t.Unix(), 10) } func canonicalAmzHeadersS3(request *http.Request) string { var headers []string for header := range request.Header { standardized := strings.ToLower(strings.TrimSpace(header)) if strings.HasPrefix(standardized, "x-amz") { headers = append(headers, standardized) } } sort.Strings(headers) for i, header := range headers { headers[i] = header + ":" + strings.Replace(request.Header.Get(header), "\n", " ", -1) } if len(headers) > 0 { return strings.Join(headers, "\n") + "\n" } else { return "" } } func canonicalResourceS3(request *http.Request) string { res := "" if isS3VirtualHostedStyle(request) { bucketname := strings.Split(request.Host, ".")[0] res += "/" + bucketname } uri := request.URL.Opaque if uri != "" { uri = "/" + strings.Join(strings.Split(uri, "/")[3:], "/") } else { uri = request.URL.Path } if uri == "" { uri = "/" } res += uri for _, subres := range strings.Split(subresourcesS3, ",") { if strings.HasPrefix(request.URL.RawQuery, subres) { res += "?" + subres } } return res } func prepareRequestS3(request *http.Request) *http.Request { request.Header.Set("Date", timestampS3()) if request.URL.Path == "" { request.URL.Path += "/" } return request } // Info: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html func isS3VirtualHostedStyle(request *http.Request) bool { service, _ := serviceAndRegion(request.Host) return service == "s3" && strings.Count(request.Host, ".") == 3 } func timestampS3() string { return now().Format(timeFormatS3) } const ( timeFormatS3 = time.RFC1123Z subresourcesS3 = "acl,lifecycle,location,logging,notification,partNumber,policy,requestPayment,torrent,uploadId,uploads,versionId,versioning,versions,website" )