]>
Commit | Line | Data |
---|---|---|
bae9f6d2 JC |
1 | package s3 |
2 | ||
3 | import ( | |
4 | "crypto/md5" | |
5 | "encoding/base64" | |
6 | ||
7 | "github.com/aws/aws-sdk-go/aws/awserr" | |
8 | "github.com/aws/aws-sdk-go/aws/awsutil" | |
9 | "github.com/aws/aws-sdk-go/aws/request" | |
10 | ) | |
11 | ||
12 | var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil) | |
13 | ||
14 | func validateSSERequiresSSL(r *request.Request) { | |
15 | if r.HTTPRequest.URL.Scheme != "https" { | |
16 | p, _ := awsutil.ValuesAtPath(r.Params, "SSECustomerKey||CopySourceSSECustomerKey") | |
17 | if len(p) > 0 { | |
18 | r.Error = errSSERequiresSSL | |
19 | } | |
20 | } | |
21 | } | |
22 | ||
23 | func computeSSEKeys(r *request.Request) { | |
24 | headers := []string{ | |
25 | "x-amz-server-side-encryption-customer-key", | |
26 | "x-amz-copy-source-server-side-encryption-customer-key", | |
27 | } | |
28 | ||
29 | for _, h := range headers { | |
30 | md5h := h + "-md5" | |
31 | if key := r.HTTPRequest.Header.Get(h); key != "" { | |
32 | // Base64-encode the value | |
33 | b64v := base64.StdEncoding.EncodeToString([]byte(key)) | |
34 | r.HTTPRequest.Header.Set(h, b64v) | |
35 | ||
36 | // Add MD5 if it wasn't computed | |
37 | if r.HTTPRequest.Header.Get(md5h) == "" { | |
38 | sum := md5.Sum([]byte(key)) | |
39 | b64sum := base64.StdEncoding.EncodeToString(sum[:]) | |
40 | r.HTTPRequest.Header.Set(md5h, b64sum) | |
41 | } | |
42 | } | |
43 | } | |
44 | } |