vendor/github.com/aws/aws-sdk-go/service/s3/sse.go

   1 package s3
   2
   3 import (
   4         "crypto/md5"
   5         "encoding/base64"
   6         "net/http"
   7
   8         "github.com/aws/aws-sdk-go/aws/awserr"
   9         "github.com/aws/aws-sdk-go/aws/request"
  10 )
  11
  12 var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
  13
  14 func validateSSERequiresSSL(r *request.Request) {
  15         if r.HTTPRequest.URL.Scheme == "https" {
  16                 return
  17         }
  18
  19         if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
  20                 if len(iface.getSSECustomerKey()) > 0 {
  21                         r.Error = errSSERequiresSSL
  22                         return
  23                 }
  24         }
  25
  26         if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
  27                 if len(iface.getCopySourceSSECustomerKey()) > 0 {
  28                         r.Error = errSSERequiresSSL
  29                         return
  30                 }
  31         }
  32 }
  33
  34 const (
  35         sseKeyHeader    = "x-amz-server-side-encryption-customer-key"
  36         sseKeyMD5Header = sseKeyHeader + "-md5"
  37 )
  38
  39 func computeSSEKeyMD5(r *request.Request) {
  40         var key string
  41         if g, ok := r.Params.(sseCustomerKeyGetter); ok {
  42                 key = g.getSSECustomerKey()
  43         }
  44
  45         computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
  46 }
  47
  48 const (
  49         copySrcSSEKeyHeader    = "x-amz-copy-source-server-side-encryption-customer-key"
  50         copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
  51 )
  52
  53 func computeCopySourceSSEKeyMD5(r *request.Request) {
  54         var key string
  55         if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
  56                 key = g.getCopySourceSSECustomerKey()
  57         }
  58
  59         computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
  60 }
  61
  62 func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
  63         if len(key) == 0 {
  64                 // Backwards compatiablity where user just set the header value instead
  65                 // of using the API parameter, or setting the header value for an
  66                 // operation without the parameters modeled.
  67                 key = r.Header.Get(keyHeader)
  68                 if len(key) == 0 {
  69                         return
  70                 }
  71
  72                 // In backwards compatiable, the header's value is not base64 encoded,
  73                 // and needs to be encoded and updated by the SDK's customizations.
  74                 b64Key := base64.StdEncoding.EncodeToString([]byte(key))
  75                 r.Header.Set(keyHeader, b64Key)
  76         }
  77
  78         // Only update Key's MD5 if not already set.
  79         if len(r.Header.Get(keyMD5Header)) == 0 {
  80                 sum := md5.Sum([]byte(key))
  81                 keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
  82                 r.Header.Set(keyMD5Header, keyMD5)
  83         }
  84 }