Struct: v4.Signer

import "../ibm-cos-sdk-go-v2/aws/signer/v4"

Overview

Signer applies AWS v4 signing to given request. Use this to sign requests that need to be signed with AWS V4 Signatures.

Implemented Interfaces

types.AnalyticsFilter, v4.HTTPPresigner, s3.HTTPPresignerV4, v4.HTTPSigner, s3.HTTPSignerV4, kms.HTTPSignerV4, types.MetricsFilter, s3.PresignPost, arn.S3ObjectLambdaARN, types.SelectObjectContentEventStream

Method Summary collapse

func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(options *SignerOptions)) error

SignHTTP signs AWS v4 requests with the provided payload hash, service name, region the request is made to, and time the request is signed at.

Method Details

func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(options SignerOptions)) error

SignHTTP signs AWS v4 requests with the provided payload hash, service name, region the request is made to, and time the request is signed at. The signTime allows you to specify that a request is signed for the future, and cannot be used until then.

The payloadHash is the hex encoded SHA-256 hash of the request payload, and must be provided. Even if the request has no payload (aka body). If the request has no payload you should use the hex encoded SHA-256 of an empty string as the payloadHash value.

"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

Some services such as Amazon S3 accept alternative values for the payload hash, such as “UNSIGNED-PAYLOAD” for requests where the body will not be included in the request signature.

docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

Sign differs from Presign in that it will sign the request using HTTP header values. This type of signing is intended for http.Request values that will not be shared, or are shared in a way the header values on the request will not be lost.

The passed in request will be modified in place.

// File 'aws/signer/v4/v4.go', line 274

func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(options *SignerOptions)) error {
	options := s.options

	for _, fn := range optFns {
		fn(&options)
	}

	signer := &httpSigner{
		Request:                r,
		PayloadHash:            payloadHash,
		ServiceName:            service,
		Region:                 region,
		Credentials:            credentials,
		Time:                   v4Internal.NewSigningTime(signingTime.UTC()),
		DisableHeaderHoisting:  options.DisableHeaderHoisting,
		DisableURIPathEscaping: options.DisableURIPathEscaping,
		DisableSessionToken:    options.DisableSessionToken,
		KeyDerivator:           s.keyDerivator,
	}

	if ibmIam.IBMProvider.IsValid(credentials.Source) {
		ibmSigner := ibmiam.NewIBMCOSSigner(ibmiam.WithLogger(options.Logger))
		err := ibmSigner.SignHTTP(ctx, credentials, r, payloadHash, service, region, signingTime)
		if err != nil {
			return fmt.Errorf("signing failed: %w", err)
		}
		return nil
	}

	signedRequest, err := signer.Build()
	if err != nil {
		return err
	}

	logSigningInfo(ctx, options, &signedRequest, false)

	return nil
}