]>
Commit | Line | Data |
---|---|---|
bae9f6d2 JC |
1 | package s3 |
2 | ||
3 | import ( | |
4 | "crypto/md5" | |
5 | "encoding/base64" | |
863486a6 | 6 | "net/http" |
bae9f6d2 JC |
7 | |
8 | "github.com/aws/aws-sdk-go/aws/awserr" | |
bae9f6d2 JC |
9 | "github.com/aws/aws-sdk-go/aws/request" |
10 | ) | |
11 | ||
12 | var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil) | |
13 | ||
14 | func validateSSERequiresSSL(r *request.Request) { | |
15c0b25d AP |
15 | if r.HTTPRequest.URL.Scheme == "https" { |
16 | return | |
17 | } | |
18 | ||
19 | if iface, ok := r.Params.(sseCustomerKeyGetter); ok { | |
20 | if len(iface.getSSECustomerKey()) > 0 { | |
21 | r.Error = errSSERequiresSSL | |
22 | return | |
23 | } | |
24 | } | |
25 | ||
26 | if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok { | |
27 | if len(iface.getCopySourceSSECustomerKey()) > 0 { | |
bae9f6d2 | 28 | r.Error = errSSERequiresSSL |
15c0b25d | 29 | return |
bae9f6d2 JC |
30 | } |
31 | } | |
32 | } | |
33 | ||
863486a6 AG |
34 | const ( |
35 | sseKeyHeader = "x-amz-server-side-encryption-customer-key" | |
36 | sseKeyMD5Header = sseKeyHeader + "-md5" | |
37 | ) | |
38 | ||
39 | func computeSSEKeyMD5(r *request.Request) { | |
40 | var key string | |
41 | if g, ok := r.Params.(sseCustomerKeyGetter); ok { | |
42 | key = g.getSSECustomerKey() | |
43 | } | |
44 | ||
45 | computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest) | |
46 | } | |
47 | ||
48 | const ( | |
49 | copySrcSSEKeyHeader = "x-amz-copy-source-server-side-encryption-customer-key" | |
50 | copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5" | |
51 | ) | |
52 | ||
53 | func computeCopySourceSSEKeyMD5(r *request.Request) { | |
54 | var key string | |
55 | if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok { | |
56 | key = g.getCopySourceSSECustomerKey() | |
bae9f6d2 JC |
57 | } |
58 | ||
863486a6 AG |
59 | computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest) |
60 | } | |
61 | ||
62 | func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) { | |
63 | if len(key) == 0 { | |
64 | // Backwards compatiablity where user just set the header value instead | |
65 | // of using the API parameter, or setting the header value for an | |
66 | // operation without the parameters modeled. | |
67 | key = r.Header.Get(keyHeader) | |
68 | if len(key) == 0 { | |
69 | return | |
bae9f6d2 | 70 | } |
863486a6 AG |
71 | |
72 | // In backwards compatiable, the header's value is not base64 encoded, | |
73 | // and needs to be encoded and updated by the SDK's customizations. | |
74 | b64Key := base64.StdEncoding.EncodeToString([]byte(key)) | |
75 | r.Header.Set(keyHeader, b64Key) | |
76 | } | |
77 | ||
78 | // Only update Key's MD5 if not already set. | |
79 | if len(r.Header.Get(keyMD5Header)) == 0 { | |
80 | sum := md5.Sum([]byte(key)) | |
81 | keyMD5 := base64.StdEncoding.EncodeToString(sum[:]) | |
82 | r.Header.Set(keyMD5Header, keyMD5) | |
bae9f6d2 JC |
83 | } |
84 | } |