2015-05-20 15:46:21 +00:00
|
|
|
package s3
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/md5"
|
|
|
|
"encoding/base64"
|
|
|
|
|
2015-06-29 22:05:44 +00:00
|
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
2015-09-22 15:44:21 +00:00
|
|
|
"github.com/aws/aws-sdk-go/aws/request"
|
2015-05-20 15:46:21 +00:00
|
|
|
)
|
|
|
|
|
2015-06-29 22:05:44 +00:00
|
|
|
var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
|
2015-05-20 15:46:21 +00:00
|
|
|
|
2015-09-22 15:44:21 +00:00
|
|
|
func validateSSERequiresSSL(r *request.Request) {
|
2017-09-05 22:06:47 +00:00
|
|
|
if r.HTTPRequest.URL.Scheme == "https" {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
|
|
|
|
if len(iface.getSSECustomerKey()) > 0 {
|
|
|
|
r.Error = errSSERequiresSSL
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
|
|
|
|
if len(iface.getCopySourceSSECustomerKey()) > 0 {
|
2015-05-20 15:46:21 +00:00
|
|
|
r.Error = errSSERequiresSSL
|
2017-09-05 22:06:47 +00:00
|
|
|
return
|
2015-05-20 15:46:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-09-22 15:44:21 +00:00
|
|
|
func computeSSEKeys(r *request.Request) {
|
2015-05-20 15:46:21 +00:00
|
|
|
headers := []string{
|
|
|
|
"x-amz-server-side-encryption-customer-key",
|
|
|
|
"x-amz-copy-source-server-side-encryption-customer-key",
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, h := range headers {
|
|
|
|
md5h := h + "-md5"
|
|
|
|
if key := r.HTTPRequest.Header.Get(h); key != "" {
|
|
|
|
// Base64-encode the value
|
|
|
|
b64v := base64.StdEncoding.EncodeToString([]byte(key))
|
|
|
|
r.HTTPRequest.Header.Set(h, b64v)
|
|
|
|
|
|
|
|
// Add MD5 if it wasn't computed
|
|
|
|
if r.HTTPRequest.Header.Get(md5h) == "" {
|
|
|
|
sum := md5.Sum([]byte(key))
|
|
|
|
b64sum := base64.StdEncoding.EncodeToString(sum[:])
|
|
|
|
r.HTTPRequest.Header.Set(md5h, b64sum)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|