github.com/weaviate/weaviate@v1.24.6/modules/text2vec-aws/clients/signer.go (about) 1 // _ _ 2 // __ _____ __ ___ ___ __ _| |_ ___ 3 // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \ 4 // \ V V / __/ (_| |\ V /| | (_| | || __/ 5 // \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___| 6 // 7 // Copyright © 2016 - 2024 Weaviate B.V. All rights reserved. 8 // 9 // CONTACT: hello@weaviate.io 10 // 11 12 package clients 13 14 import ( 15 "crypto/hmac" 16 "crypto/sha256" 17 "encoding/hex" 18 "fmt" 19 "net/http" 20 "sort" 21 "strings" 22 "time" 23 ) 24 25 const ( 26 contentType = "application/json" 27 algorithm = "AWS4-HMAC-SHA256" 28 ) 29 30 func getAuthHeader(awsAccessKey string, awsSecretKey string, host string, service string, region string, path string, body []byte, headers map[string]string) (string, map[string]string, string) { 31 t := time.Now().UTC() 32 amzDate := t.Format("20060102T150405Z") 33 shortDate := t.Format("20060102") 34 35 hashedPayload := sha256Hash(body) 36 canonicalHeaders, signedHeaders := getCanonicalHeaders(headers) 37 38 canonicalRequest := strings.Join([]string{ 39 http.MethodPost, 40 path, 41 "", 42 canonicalHeaders, 43 signedHeaders, 44 hashedPayload, 45 }, "\n") 46 47 hashedCanonicalRequest := sha256Hash([]byte(canonicalRequest)) 48 49 credentialScope := strings.Join([]string{shortDate, region, service, "aws4_request"}, "/") 50 51 stringToSign := strings.Join([]string{ 52 algorithm, 53 amzDate, 54 credentialScope, 55 hashedCanonicalRequest, 56 }, "\n") 57 58 signingKey := getSigningKey(awsSecretKey, shortDate, region, service) 59 60 signature := hmacSHA256(signingKey, stringToSign) 61 62 authorizationHeader := fmt.Sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", algorithm, awsAccessKey, credentialScope, signedHeaders, signature) 63 return amzDate, headers, authorizationHeader 64 } 65 66 func getCanonicalHeaders(headers map[string]string) (string, string) { 67 var canonicalHeaders []string 68 var signedHeaders []string 69 70 keys := make([]string, 0, len(headers)) 71 for k := range headers { 72 keys = append(keys, k) 73 } 74 75 sort.Strings(keys) 76 77 for _, k := range keys { 78 canonicalHeaders = append(canonicalHeaders, fmt.Sprintf("%s:%s\n", strings.ToLower(k), headers[k])) 79 signedHeaders = append(signedHeaders, strings.ToLower(k)) 80 } 81 82 return strings.Join(canonicalHeaders, ""), strings.Join(signedHeaders, ";") 83 } 84 85 func hmacSHA256(key []byte, message string) string { 86 mac := hmac.New(sha256.New, key) 87 mac.Write([]byte(message)) 88 return hex.EncodeToString(mac.Sum(nil)) 89 } 90 91 func getSigningKey(secretKey, date, region, service string) []byte { 92 key := "AWS4" + secretKey 93 kDate := hmacSHA256Bytes([]byte(key), date) 94 kRegion := hmacSHA256Bytes(kDate, region) 95 kService := hmacSHA256Bytes(kRegion, service) 96 kSigning := hmacSHA256Bytes(kService, "aws4_request") 97 return kSigning 98 } 99 100 func hmacSHA256Bytes(key []byte, message string) []byte { 101 mac := hmac.New(sha256.New, key) 102 mac.Write([]byte(message)) 103 return mac.Sum(nil) 104 } 105 106 func sha256Hash(body []byte) string { 107 hash := sha256.Sum256(body) 108 return hex.EncodeToString(hash[:]) 109 }