File: sse.go

package info (click to toggle)
golang-github-aws-aws-sdk-go 1.49.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 312,636 kB
  • sloc: makefile: 120
file content (84 lines) | stat: -rw-r--r-- 2,202 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
package s3

import (
	"crypto/md5"
	"encoding/base64"
	"net/http"

	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/request"
)

var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)

func validateSSERequiresSSL(r *request.Request) {
	if r.HTTPRequest.URL.Scheme == "https" {
		return
	}

	if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
		if len(iface.getSSECustomerKey()) > 0 {
			r.Error = errSSERequiresSSL
			return
		}
	}

	if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
		if len(iface.getCopySourceSSECustomerKey()) > 0 {
			r.Error = errSSERequiresSSL
			return
		}
	}
}

const (
	sseKeyHeader    = "x-amz-server-side-encryption-customer-key"
	sseKeyMD5Header = sseKeyHeader + "-md5"
)

func computeSSEKeyMD5(r *request.Request) {
	var key string
	if g, ok := r.Params.(sseCustomerKeyGetter); ok {
		key = g.getSSECustomerKey()
	}

	computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
}

const (
	copySrcSSEKeyHeader    = "x-amz-copy-source-server-side-encryption-customer-key"
	copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
)

func computeCopySourceSSEKeyMD5(r *request.Request) {
	var key string
	if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
		key = g.getCopySourceSSECustomerKey()
	}

	computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
}

func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
	if len(key) == 0 {
		// Backwards compatiablity where user just set the header value instead
		// of using the API parameter, or setting the header value for an
		// operation without the parameters modeled.
		key = r.Header.Get(keyHeader)
		if len(key) == 0 {
			return
		}

		// In backwards compatible, the header's value is not base64 encoded,
		// and needs to be encoded and updated by the SDK's customizations.
		b64Key := base64.StdEncoding.EncodeToString([]byte(key))
		r.Header.Set(keyHeader, b64Key)
	}

	// Only update Key's MD5 if not already set.
	if len(r.Header.Get(keyMD5Header)) == 0 {
		sum := md5.Sum([]byte(key))
		keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
		r.Header.Set(keyMD5Header, keyMD5)
	}
}