File: smithy.go

package info (click to toggle)
golang-github-aws-aws-sdk-go-v2 1.24.1-2~bpo12%2B1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-backports
  • size: 554,032 kB
  • sloc: java: 15,941; makefile: 419; sh: 175
file content (86 lines) | stat: -rw-r--r-- 2,374 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
package v4a

import (
	"context"
	"fmt"
	"time"

	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
	"github.com/aws/aws-sdk-go-v2/internal/sdk"
	"github.com/aws/smithy-go"
	"github.com/aws/smithy-go/auth"
	"github.com/aws/smithy-go/logging"
	smithyhttp "github.com/aws/smithy-go/transport/http"
)

// CredentialsAdapter adapts v4a.Credentials to smithy auth.Identity.
type CredentialsAdapter struct {
	Credentials Credentials
}

var _ auth.Identity = (*CredentialsAdapter)(nil)

// Expiration returns the time of expiration for the credentials.
func (v *CredentialsAdapter) Expiration() time.Time {
	return v.Credentials.Expires
}

// CredentialsProviderAdapter adapts v4a.CredentialsProvider to
// auth.IdentityResolver.
type CredentialsProviderAdapter struct {
	Provider CredentialsProvider
}

var _ (auth.IdentityResolver) = (*CredentialsProviderAdapter)(nil)

// GetIdentity retrieves v4a credentials using the underlying provider.
func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) (
	auth.Identity, error,
) {
	creds, err := v.Provider.RetrievePrivateKey(ctx)
	if err != nil {
		return nil, fmt.Errorf("get credentials: %w", err)
	}

	return &CredentialsAdapter{Credentials: creds}, nil
}

// SignerAdapter adapts v4a.HTTPSigner to smithy http.Signer.
type SignerAdapter struct {
	Signer     HTTPSigner
	Logger     logging.Logger
	LogSigning bool
}

var _ (smithyhttp.Signer) = (*SignerAdapter)(nil)

// SignRequest signs the request with the provided identity.
func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error {
	ca, ok := identity.(*CredentialsAdapter)
	if !ok {
		return fmt.Errorf("unexpected identity type: %T", identity)
	}

	name, ok := smithyhttp.GetSigV4SigningName(&props)
	if !ok {
		return fmt.Errorf("sigv4a signing name is required")
	}

	regions, ok := smithyhttp.GetSigV4ASigningRegions(&props)
	if !ok {
		return fmt.Errorf("sigv4a signing region is required")
	}

	hash := v4.GetPayloadHash(ctx)
	err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, regions, sdk.NowTime(), func(o *SignerOptions) {
		o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)

		o.Logger = v.Logger
		o.LogSigning = v.LogSigning
	})
	if err != nil {
		return fmt.Errorf("sign http: %w", err)
	}

	return nil
}