|
Packit |
63bb0d |
package s3
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
import (
|
|
Packit |
63bb0d |
"crypto/md5"
|
|
Packit |
63bb0d |
"encoding/base64"
|
|
Packit |
63bb0d |
"net/http"
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
Packit |
63bb0d |
"github.com/aws/aws-sdk-go/aws/request"
|
|
Packit |
63bb0d |
)
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
func validateSSERequiresSSL(r *request.Request) {
|
|
Packit |
63bb0d |
if r.HTTPRequest.URL.Scheme == "https" {
|
|
Packit |
63bb0d |
return
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
|
|
Packit |
63bb0d |
if len(iface.getSSECustomerKey()) > 0 {
|
|
Packit |
63bb0d |
r.Error = errSSERequiresSSL
|
|
Packit |
63bb0d |
return
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
|
|
Packit |
63bb0d |
if len(iface.getCopySourceSSECustomerKey()) > 0 {
|
|
Packit |
63bb0d |
r.Error = errSSERequiresSSL
|
|
Packit |
63bb0d |
return
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
const (
|
|
Packit |
63bb0d |
sseKeyHeader = "x-amz-server-side-encryption-customer-key"
|
|
Packit |
63bb0d |
sseKeyMD5Header = sseKeyHeader + "-md5"
|
|
Packit |
63bb0d |
)
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
func computeSSEKeyMD5(r *request.Request) {
|
|
Packit |
63bb0d |
var key string
|
|
Packit |
63bb0d |
if g, ok := r.Params.(sseCustomerKeyGetter); ok {
|
|
Packit |
63bb0d |
key = g.getSSECustomerKey()
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
const (
|
|
Packit |
63bb0d |
copySrcSSEKeyHeader = "x-amz-copy-source-server-side-encryption-customer-key"
|
|
Packit |
63bb0d |
copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
|
|
Packit |
63bb0d |
)
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
func computeCopySourceSSEKeyMD5(r *request.Request) {
|
|
Packit |
63bb0d |
var key string
|
|
Packit |
63bb0d |
if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
|
|
Packit |
63bb0d |
key = g.getCopySourceSSECustomerKey()
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
|
|
Packit |
63bb0d |
if len(key) == 0 {
|
|
Packit |
63bb0d |
// Backwards compatiablity where user just set the header value instead
|
|
Packit |
63bb0d |
// of using the API parameter, or setting the header value for an
|
|
Packit |
63bb0d |
// operation without the parameters modeled.
|
|
Packit |
63bb0d |
key = r.Header.Get(keyHeader)
|
|
Packit |
63bb0d |
if len(key) == 0 {
|
|
Packit |
63bb0d |
return
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
// In backwards compatiable, the header's value is not base64 encoded,
|
|
Packit |
63bb0d |
// and needs to be encoded and updated by the SDK's customizations.
|
|
Packit |
63bb0d |
b64Key := base64.StdEncoding.EncodeToString([]byte(key))
|
|
Packit |
63bb0d |
r.Header.Set(keyHeader, b64Key)
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
|
|
Packit |
63bb0d |
// Only update Key's MD5 if not already set.
|
|
Packit |
63bb0d |
if len(r.Header.Get(keyMD5Header)) == 0 {
|
|
Packit |
63bb0d |
sum := md5.Sum([]byte(key))
|
|
Packit |
63bb0d |
keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
|
|
Packit |
63bb0d |
r.Header.Set(keyMD5Header, keyMD5)
|
|
Packit |
63bb0d |
}
|
|
Packit |
63bb0d |
}
|