8 "github.com/aws/aws-sdk-go/aws/awserr"
9 "github.com/aws/aws-sdk-go/aws/request"
12 var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
14 func validateSSERequiresSSL(r *request.Request) {
15 if r.HTTPRequest.URL.Scheme == "https" {
19 if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
20 if len(iface.getSSECustomerKey()) > 0 {
21 r.Error = errSSERequiresSSL
26 if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
27 if len(iface.getCopySourceSSECustomerKey()) > 0 {
28 r.Error = errSSERequiresSSL
35 sseKeyHeader = "x-amz-server-side-encryption-customer-key"
36 sseKeyMD5Header = sseKeyHeader + "-md5"
39 func computeSSEKeyMD5(r *request.Request) {
41 if g, ok := r.Params.(sseCustomerKeyGetter); ok {
42 key = g.getSSECustomerKey()
45 computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
49 copySrcSSEKeyHeader = "x-amz-copy-source-server-side-encryption-customer-key"
50 copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
53 func computeCopySourceSSEKeyMD5(r *request.Request) {
55 if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
56 key = g.getCopySourceSSECustomerKey()
59 computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
62 func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
64 // Backwards compatiablity where user just set the header value instead
65 // of using the API parameter, or setting the header value for an
66 // operation without the parameters modeled.
67 key = r.Header.Get(keyHeader)
72 // In backwards compatiable, the header's value is not base64 encoded,
73 // and needs to be encoded and updated by the SDK's customizations.
74 b64Key := base64.StdEncoding.EncodeToString([]byte(key))
75 r.Header.Set(keyHeader, b64Key)
78 // Only update Key's MD5 if not already set.
79 if len(r.Header.Get(keyMD5Header)) == 0 {
80 sum := md5.Sum([]byte(key))
81 keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
82 r.Header.Set(keyMD5Header, keyMD5)