github.com/aavshr/aws-sdk-go@v1.41.3/service/s3/sse.go

github.com/aavshr/aws-sdk-go@v1.41.3/service/s3/sse.go (about)

     1  package s3
     2  
     3  import (
     4  	"crypto/md5"
     5  	"encoding/base64"
     6  	"net/http"
     7  
     8  	"github.com/aavshr/aws-sdk-go/aws/awserr"
     9  	"github.com/aavshr/aws-sdk-go/aws/request"
    10  )
    11  
    12  var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
    13  
    14  func validateSSERequiresSSL(r *request.Request) {
    15  	if r.HTTPRequest.URL.Scheme == "https" {
    16  		return
    17  	}
    18  
    19  	if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
    20  		if len(iface.getSSECustomerKey()) > 0 {
    21  			r.Error = errSSERequiresSSL
    22  			return
    23  		}
    24  	}
    25  
    26  	if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
    27  		if len(iface.getCopySourceSSECustomerKey()) > 0 {
    28  			r.Error = errSSERequiresSSL
    29  			return
    30  		}
    31  	}
    32  }
    33  
    34  const (
    35  	sseKeyHeader    = "x-amz-server-side-encryption-customer-key"
    36  	sseKeyMD5Header = sseKeyHeader + "-md5"
    37  )
    38  
    39  func computeSSEKeyMD5(r *request.Request) {
    40  	var key string
    41  	if g, ok := r.Params.(sseCustomerKeyGetter); ok {
    42  		key = g.getSSECustomerKey()
    43  	}
    44  
    45  	computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
    46  }
    47  
    48  const (
    49  	copySrcSSEKeyHeader    = "x-amz-copy-source-server-side-encryption-customer-key"
    50  	copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
    51  )
    52  
    53  func computeCopySourceSSEKeyMD5(r *request.Request) {
    54  	var key string
    55  	if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
    56  		key = g.getCopySourceSSECustomerKey()
    57  	}
    58  
    59  	computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
    60  }
    61  
    62  func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
    63  	if len(key) == 0 {
    64  		// Backwards compatiablity where user just set the header value instead
    65  		// of using the API parameter, or setting the header value for an
    66  		// operation without the parameters modeled.
    67  		key = r.Header.Get(keyHeader)
    68  		if len(key) == 0 {
    69  			return
    70  		}
    71  
    72  		// In backwards compatible, the header's value is not base64 encoded,
    73  		// and needs to be encoded and updated by the SDK's customizations.
    74  		b64Key := base64.StdEncoding.EncodeToString([]byte(key))
    75  		r.Header.Set(keyHeader, b64Key)
    76  	}
    77  
    78  	// Only update Key's MD5 if not already set.
    79  	if len(r.Header.Get(keyMD5Header)) == 0 {
    80  		sum := md5.Sum([]byte(key))
    81  		keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
    82  		r.Header.Set(keyMD5Header, keyMD5)
    83  	}
    84  }