Internal function called for different service types.
(req http.Request, accessKeyID, secretAccessKey, sessionToken, location, serviceType string, trailer http.Header)
| 306 | |
| 307 | // Internal function called for different service types. |
| 308 | func signV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, location, serviceType string, trailer http.Header) *http.Request { |
| 309 | // Signature calculation is not needed for anonymous credentials. |
| 310 | if accessKeyID == "" || secretAccessKey == "" { |
| 311 | return &req |
| 312 | } |
| 313 | |
| 314 | // Initial time. |
| 315 | t := time.Now().UTC() |
| 316 | |
| 317 | // Set x-amz-date. |
| 318 | req.Header.Set("X-Amz-Date", t.Format(iso8601DateFormat)) |
| 319 | |
| 320 | // Set session token if available. |
| 321 | if sessionToken != "" { |
| 322 | // S3 Express token if not set then set sessionToken |
| 323 | // with older x-amz-security-token header. |
| 324 | if v := req.Header.Get("x-amz-s3session-token"); v == "" { |
| 325 | req.Header.Set("X-Amz-Security-Token", sessionToken) |
| 326 | } |
| 327 | } |
| 328 | |
| 329 | if len(trailer) > 0 { |
| 330 | for k := range trailer { |
| 331 | req.Header.Add("X-Amz-Trailer", strings.ToLower(k)) |
| 332 | } |
| 333 | |
| 334 | req.Header.Set("Content-Encoding", "aws-chunked") |
| 335 | req.Header.Set("x-amz-decoded-content-length", strconv.FormatInt(req.ContentLength, 10)) |
| 336 | } |
| 337 | |
| 338 | hashedPayload := getHashedPayload(req) |
| 339 | if serviceType == ServiceTypeSTS { |
| 340 | // Content sha256 header is not sent with the request |
| 341 | // but it is expected to have sha256 of payload for signature |
| 342 | // in STS service type request. |
| 343 | req.Header.Del("X-Amz-Content-Sha256") |
| 344 | } |
| 345 | |
| 346 | // Get canonical request. |
| 347 | canonicalRequest := getCanonicalRequest(req, v4IgnoredHeaders, hashedPayload) |
| 348 | |
| 349 | // Get string to sign from canonical request. |
| 350 | stringToSign := getStringToSignV4(t, location, canonicalRequest, serviceType) |
| 351 | |
| 352 | // Get hmac signing key. |
| 353 | signingKey := getSigningKey(secretAccessKey, location, t, serviceType) |
| 354 | |
| 355 | // Get credential string. |
| 356 | credential := GetCredential(accessKeyID, location, t, serviceType) |
| 357 | |
| 358 | // Get all signed headers. |
| 359 | signedHeaders := getSignedHeaders(req, v4IgnoredHeaders) |
| 360 | |
| 361 | // Calculate signature. |
| 362 | signature := getSignature(signingKey, stringToSign) |
| 363 | |
| 364 | // If regular request, construct the final authorization header. |
| 365 | parts := []string{ |
no test coverage detected