]>
Commit | Line | Data |
---|---|---|
bae9f6d2 JC |
1 | package s3 |
2 | ||
3 | import ( | |
4 | "crypto/md5" | |
5 | "encoding/base64" | |
6 | ||
7 | "github.com/aws/aws-sdk-go/aws/awserr" | |
bae9f6d2 JC |
8 | "github.com/aws/aws-sdk-go/aws/request" |
9 | ) | |
10 | ||
11 | var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil) | |
12 | ||
13 | func validateSSERequiresSSL(r *request.Request) { | |
15c0b25d AP |
14 | if r.HTTPRequest.URL.Scheme == "https" { |
15 | return | |
16 | } | |
17 | ||
18 | if iface, ok := r.Params.(sseCustomerKeyGetter); ok { | |
19 | if len(iface.getSSECustomerKey()) > 0 { | |
20 | r.Error = errSSERequiresSSL | |
21 | return | |
22 | } | |
23 | } | |
24 | ||
25 | if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok { | |
26 | if len(iface.getCopySourceSSECustomerKey()) > 0 { | |
bae9f6d2 | 27 | r.Error = errSSERequiresSSL |
15c0b25d | 28 | return |
bae9f6d2 JC |
29 | } |
30 | } | |
31 | } | |
32 | ||
33 | func computeSSEKeys(r *request.Request) { | |
34 | headers := []string{ | |
35 | "x-amz-server-side-encryption-customer-key", | |
36 | "x-amz-copy-source-server-side-encryption-customer-key", | |
37 | } | |
38 | ||
39 | for _, h := range headers { | |
40 | md5h := h + "-md5" | |
41 | if key := r.HTTPRequest.Header.Get(h); key != "" { | |
42 | // Base64-encode the value | |
43 | b64v := base64.StdEncoding.EncodeToString([]byte(key)) | |
44 | r.HTTPRequest.Header.Set(h, b64v) | |
45 | ||
46 | // Add MD5 if it wasn't computed | |
47 | if r.HTTPRequest.Header.Get(md5h) == "" { | |
48 | sum := md5.Sum([]byte(key)) | |
49 | b64sum := base64.StdEncoding.EncodeToString(sum[:]) | |
50 | r.HTTPRequest.Header.Set(md5h, b64sum) | |
51 | } | |
52 | } | |
53 | } | |
54 | } |