signer

package
v1.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package signer provides AWS Signature Version 4 and Version 2 signing implementations.

This package provides HTTP request signing functionality for S3-compatible storage services.

Example usage: 

req, _ := http.NewRequest("GET", "https://s3.amazonaws.com/bucket/key", nil)
signedReq := signer.SignV4(req, "access-key", "secret-key", "", "us-east-1", "s3")

Package signer internal/signer/signer.go Provides internal signer interfaces and implementations

Package signer internal/signer/streaming.go

Package signer internal/signer/utils.go

Package signer internal/signer/v4.go

Index

Constants

View Source 
const (
	// StreamingSignAlgorithm AWS streaming signing algorithm
	StreamingSignAlgorithm = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"

	// PayloadChunkSize default chunk size (64KB)
	PayloadChunkSize = 64 * 1024

	// EmptySHA256 SHA256 hash of empty content
	EmptySHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
)

Streaming signing related constants

View Source 
const (
	UnsignedPayload = "UNSIGNED-PAYLOAD"
)

Constants for unsigned payload

Variables

This section is empty.

Functions

func GetCredential 

func GetCredential(accessKeyID, region string, t time.Time) string

GetCredential builds the credential string for SigV4.

func GetStreamLength added in v1.0.1 

func GetStreamLength(dataLen int64, chunkSize int64) int64

GetStreamLength calculates total length after streaming signature

func PostPresignSignatureV2 

func PostPresignSignatureV2(policyBase64, secretAccessKey string) string

PostPresignSignatureV2 generates a SigV2 signature for POST policies.

func PostPresignSignatureV4 

func PostPresignSignatureV4(policyBase64 string, t time.Time, secretAccessKey, region string) string

PostPresignSignatureV4 generates a SigV4 signature for POST policies.

func PrepareStreamingRequest added in v1.0.1 

func PrepareStreamingRequest(req *http.Request, sessionToken string, dataLen int64)

PrepareStreamingRequest prepares streaming signed request

func SignV4STS 

func SignV4STS(req http.Request, accessKeyID, secretAccessKey, location string) *http.Request

SignV4STS signs STS requests (e.g., AssumeRole) Convenience helper dedicated to STS

Types

type AnonymousSigner added in v1.0.1 

type AnonymousSigner struct{}

AnonymousSigner signs anonymously

func (*AnonymousSigner) Presign added in v1.0.1 

func (s *AnonymousSigner) Presign(req *http.Request, accessKey, secretKey, sessionToken, region string, expires time.Duration) *http.Request

Presign presigns request anonymously

func (*AnonymousSigner) Sign added in v1.0.1 

func (s *AnonymousSigner) Sign(req *http.Request, accessKey, secretKey, sessionToken, region string) *http.Request

Sign signs request anonymously

type Signer added in v1.0.1 

type Signer interface {
	// Sign signs a request
	Sign(req *http.Request, accessKey, secretKey, sessionToken, region string) *http.Request

	// Presign generates a presigned request
	Presign(req *http.Request, accessKey, secretKey, sessionToken, region string, expires time.Duration) *http.Request
}

Signer defines signer interface

func NewSigner added in v1.0.1 

func NewSigner(signerType SignerType) Signer

NewSigner creates a signer instance

type SignerType added in v1.0.1 

type SignerType int

SignerType represents signer type 

const (
	SignerV4 SignerType = iota
	SignerV2
	SignerAnonymous
)

type StreamingReader 

type StreamingReader struct {
	// contains filtered or unexported fields
}

StreamingReader implements chunked upload signing io.Reader

func NewStreamingReader added in v1.0.1 

func NewStreamingReader(
	reader io.ReadCloser,
	accessKey, secretKey, sessionToken, region string,
	contentLen int64,
	reqTime time.Time,
	seedSignature string,
) *StreamingReader

NewStreamingReader creates a new streaming signing reader

func (*StreamingReader) Close 

func (s *StreamingReader) Close() error

Close closes underlying reader

func (*StreamingReader) Read 

func (s *StreamingReader) Read(p []byte) (n int, err error)

Read implements io.Reader

type V2Signer added in v1.0.1 

type V2Signer struct {
	// contains filtered or unexported fields
}

V2Signer implements AWS Signature Version 2 signing

func (*V2Signer) Presign added in v1.0.1 

func (s *V2Signer) Presign(req *http.Request, accessKey, secretKey, sessionToken, region string, expires time.Duration) *http.Request

Presign generates presigned URL using V2 algorithm https://${S3_BUCKET}.s3.amazonaws.com/${S3_OBJECT}?AWSAccessKeyId=${S3_ACCESS_KEY}&Expires=${TIMESTAMP}&Signature=${SIGNATURE}

func (*V2Signer) Sign added in v1.0.1 

func (s *V2Signer) Sign(req *http.Request, accessKey, secretKey, sessionToken, region string) *http.Request

Sign signs request using V2 algorithm Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) )

type V4Signer added in v1.0.1 

type V4Signer struct{}

V4Signer AWS Signature Version 4 signer

func (*V4Signer) Presign added in v1.0.1 

func (s *V4Signer) Presign(req *http.Request, accessKey, secretKey, sessionToken, region string, expires time.Duration) *http.Request

Presign generates a Signature V4 presigned request Reference: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

func (*V4Signer) Sign added in v1.0.1 

func (s *V4Signer) Sign(req *http.Request, accessKey, secretKey, sessionToken, region string) *http.Request

Sign signs a request with Signature V4

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.