github.com/weaviate/weaviate@v1.24.6/modules/generative-aws/clients/signer.go

github.com/weaviate/weaviate@v1.24.6/modules/generative-aws/clients/signer.go (about)

     1  //                           _       _
     2  // __      _____  __ ___   ___  __ _| |_ ___
     3  // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
     4  //  \ V  V /  __/ (_| |\ V /| | (_| | ||  __/
     5  //   \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
     6  //
     7  //  Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
     8  //
     9  //  CONTACT: hello@weaviate.io
    10  //
    11  
    12  package clients
    13  
    14  import (
    15  	"crypto/hmac"
    16  	"crypto/sha256"
    17  	"encoding/hex"
    18  	"fmt"
    19  	"net/http"
    20  	"sort"
    21  	"strings"
    22  	"time"
    23  )
    24  
    25  const (
    26  	contentType = "application/json"
    27  	algorithm   = "AWS4-HMAC-SHA256"
    28  )
    29  
    30  func getAuthHeader(awsAccessKey string, awsSecretKey string, host string, service string, region string, path string, body []byte, headers map[string]string) (string, map[string]string, string) {
    31  	t := time.Now().UTC()
    32  	amzDate := t.Format("20060102T150405Z")
    33  	shortDate := t.Format("20060102")
    34  
    35  	hashedPayload := sha256Hash(body)
    36  
    37  	canonicalHeaders, signedHeaders := getCanonicalHeaders(headers)
    38  
    39  	canonicalRequest := strings.Join([]string{
    40  		http.MethodPost,
    41  		path,
    42  		"",
    43  		canonicalHeaders,
    44  		signedHeaders,
    45  		hashedPayload,
    46  	}, "\n")
    47  
    48  	hashedCanonicalRequest := sha256Hash([]byte(canonicalRequest))
    49  
    50  	credentialScope := strings.Join([]string{shortDate, region, service, "aws4_request"}, "/")
    51  
    52  	stringToSign := strings.Join([]string{
    53  		algorithm,
    54  		amzDate,
    55  		credentialScope,
    56  		hashedCanonicalRequest,
    57  	}, "\n")
    58  
    59  	signingKey := getSigningKey(awsSecretKey, shortDate, region, service)
    60  
    61  	signature := hmacSHA256(signingKey, stringToSign)
    62  
    63  	authorizationHeader := fmt.Sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", algorithm, awsAccessKey, credentialScope, signedHeaders, signature)
    64  	return amzDate, headers, authorizationHeader
    65  }
    66  
    67  func getCanonicalHeaders(headers map[string]string) (string, string) {
    68  	var canonicalHeaders []string
    69  	var signedHeaders []string
    70  
    71  	keys := make([]string, 0, len(headers))
    72  	for k := range headers {
    73  		keys = append(keys, k)
    74  	}
    75  
    76  	sort.Strings(keys)
    77  
    78  	for _, k := range keys {
    79  		canonicalHeaders = append(canonicalHeaders, fmt.Sprintf("%s:%s\n", strings.ToLower(k), headers[k]))
    80  		signedHeaders = append(signedHeaders, strings.ToLower(k))
    81  	}
    82  
    83  	return strings.Join(canonicalHeaders, ""), strings.Join(signedHeaders, ";")
    84  }
    85  
    86  func hmacSHA256(key []byte, message string) string {
    87  	mac := hmac.New(sha256.New, key)
    88  	mac.Write([]byte(message))
    89  	return hex.EncodeToString(mac.Sum(nil))
    90  }
    91  
    92  func getSigningKey(secretKey, date, region, service string) []byte {
    93  	key := "AWS4" + secretKey
    94  	kDate := hmacSHA256Bytes([]byte(key), date)
    95  	kRegion := hmacSHA256Bytes(kDate, region)
    96  	kService := hmacSHA256Bytes(kRegion, service)
    97  	kSigning := hmacSHA256Bytes(kService, "aws4_request")
    98  	return kSigning
    99  }
   100  
   101  func hmacSHA256Bytes(key []byte, message string) []byte {
   102  	mac := hmac.New(sha256.New, key)
   103  	mac.Write([]byte(message))
   104  	return mac.Sum(nil)
   105  }
   106  
   107  func sha256Hash(body []byte) string {
   108  	hash := sha256.Sum256(body)
   109  	return hex.EncodeToString(hash[:])
   110  }