MCPcopy
hub / github.com/minio/minio-go / signV4

Function signV4

pkg/signer/request-signature-v4.go:308–381  ·  view source on GitHub ↗

Internal function called for different service types.

(req http.Request, accessKeyID, secretAccessKey, sessionToken, location, serviceType string, trailer http.Header)

Source from the content-addressed store, hash-verified

306
307// Internal function called for different service types.
308func signV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, location, serviceType string, trailer http.Header) *http.Request {
309 // Signature calculation is not needed for anonymous credentials.
310 if accessKeyID == "" || secretAccessKey == "" {
311 return &req
312 }
313
314 // Initial time.
315 t := time.Now().UTC()
316
317 // Set x-amz-date.
318 req.Header.Set("X-Amz-Date", t.Format(iso8601DateFormat))
319
320 // Set session token if available.
321 if sessionToken != "" {
322 // S3 Express token if not set then set sessionToken
323 // with older x-amz-security-token header.
324 if v := req.Header.Get("x-amz-s3session-token"); v == "" {
325 req.Header.Set("X-Amz-Security-Token", sessionToken)
326 }
327 }
328
329 if len(trailer) > 0 {
330 for k := range trailer {
331 req.Header.Add("X-Amz-Trailer", strings.ToLower(k))
332 }
333
334 req.Header.Set("Content-Encoding", "aws-chunked")
335 req.Header.Set("x-amz-decoded-content-length", strconv.FormatInt(req.ContentLength, 10))
336 }
337
338 hashedPayload := getHashedPayload(req)
339 if serviceType == ServiceTypeSTS {
340 // Content sha256 header is not sent with the request
341 // but it is expected to have sha256 of payload for signature
342 // in STS service type request.
343 req.Header.Del("X-Amz-Content-Sha256")
344 }
345
346 // Get canonical request.
347 canonicalRequest := getCanonicalRequest(req, v4IgnoredHeaders, hashedPayload)
348
349 // Get string to sign from canonical request.
350 stringToSign := getStringToSignV4(t, location, canonicalRequest, serviceType)
351
352 // Get hmac signing key.
353 signingKey := getSigningKey(secretAccessKey, location, t, serviceType)
354
355 // Get credential string.
356 credential := GetCredential(accessKeyID, location, t, serviceType)
357
358 // Get all signed headers.
359 signedHeaders := getSignedHeaders(req, v4IgnoredHeaders)
360
361 // Calculate signature.
362 signature := getSignature(signingKey, stringToSign)
363
364 // If regular request, construct the final authorization header.
365 parts := []string{

Callers 8

SignV4STSFunction · 0.85
SignV4Function · 0.85
SignV4ExpressFunction · 0.85
SignV4TrailerExpressFunction · 0.85
SignV4TrailerFunction · 0.85
SignV4OutpostsFunction · 0.85
SignV4WithServiceTypeFunction · 0.85
SignV4TrailerOutpostsFunction · 0.85

Calls 11

getHashedPayloadFunction · 0.85
getCanonicalRequestFunction · 0.85
getStringToSignV4Function · 0.85
getSigningKeyFunction · 0.85
GetCredentialFunction · 0.85
getSignedHeadersFunction · 0.85
getSignatureFunction · 0.85
StreamingUnsignedV4Function · 0.85
SetMethod · 0.45
GetMethod · 0.45
AddMethod · 0.45

Tested by

no test coverage detected