You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
346 lines
11 KiB
346 lines
11 KiB
package oss
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/hmac"
|
|
"crypto/sha1"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"hash"
|
|
"io"
|
|
"net/http"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// headerSorter defines the key-value structure for storing the sorted data in signHeader.
|
|
type headerSorter struct {
|
|
Keys []string
|
|
Vals []string
|
|
}
|
|
|
|
// getAdditionalHeaderKeys get exist key in http header
|
|
func (conn Conn) getAdditionalHeaderKeys(req *http.Request) ([]string, map[string]string) {
|
|
var keysList []string
|
|
keysMap := make(map[string]string)
|
|
srcKeys := make(map[string]string)
|
|
|
|
for k := range req.Header {
|
|
srcKeys[strings.ToLower(k)] = ""
|
|
}
|
|
|
|
for _, v := range conn.config.AdditionalHeaders {
|
|
if _, ok := srcKeys[strings.ToLower(v)]; ok {
|
|
keysMap[strings.ToLower(v)] = ""
|
|
}
|
|
}
|
|
|
|
for k := range keysMap {
|
|
keysList = append(keysList, k)
|
|
}
|
|
sort.Strings(keysList)
|
|
return keysList, keysMap
|
|
}
|
|
|
|
// getAdditionalHeaderKeysV4 get exist key in http header
|
|
func (conn Conn) getAdditionalHeaderKeysV4(req *http.Request) ([]string, map[string]string) {
|
|
var keysList []string
|
|
keysMap := make(map[string]string)
|
|
srcKeys := make(map[string]string)
|
|
|
|
for k := range req.Header {
|
|
srcKeys[strings.ToLower(k)] = ""
|
|
}
|
|
|
|
for _, v := range conn.config.AdditionalHeaders {
|
|
if _, ok := srcKeys[strings.ToLower(v)]; ok {
|
|
if !strings.EqualFold(v, HTTPHeaderContentMD5) && !strings.EqualFold(v, HTTPHeaderContentType) {
|
|
keysMap[strings.ToLower(v)] = ""
|
|
}
|
|
}
|
|
}
|
|
|
|
for k := range keysMap {
|
|
keysList = append(keysList, k)
|
|
}
|
|
sort.Strings(keysList)
|
|
return keysList, keysMap
|
|
}
|
|
|
|
// signHeader signs the header and sets it as the authorization header.
|
|
func (conn Conn) signHeader(req *http.Request, canonicalizedResource string) {
|
|
akIf := conn.config.GetCredentials()
|
|
authorizationStr := ""
|
|
if conn.config.AuthVersion == AuthV4 {
|
|
strDay := ""
|
|
strDate := req.Header.Get(HttpHeaderOssDate)
|
|
if strDate == "" {
|
|
strDate = req.Header.Get(HTTPHeaderDate)
|
|
t, _ := time.Parse(http.TimeFormat, strDate)
|
|
strDay = t.Format("20060102")
|
|
} else {
|
|
t, _ := time.Parse(iso8601DateFormatSecond, strDate)
|
|
strDay = t.Format("20060102")
|
|
}
|
|
|
|
signHeaderProduct := conn.config.GetSignProduct()
|
|
signHeaderRegion := conn.config.GetSignRegion()
|
|
|
|
additionalList, _ := conn.getAdditionalHeaderKeysV4(req)
|
|
if len(additionalList) > 0 {
|
|
authorizationFmt := "OSS4-HMAC-SHA256 Credential=%v/%v/%v/" + signHeaderProduct + "/aliyun_v4_request,AdditionalHeaders=%v,Signature=%v"
|
|
additionnalHeadersStr := strings.Join(additionalList, ";")
|
|
authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), strDay, signHeaderRegion, additionnalHeadersStr, conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret()))
|
|
} else {
|
|
authorizationFmt := "OSS4-HMAC-SHA256 Credential=%v/%v/%v/" + signHeaderProduct + "/aliyun_v4_request,Signature=%v"
|
|
authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), strDay, signHeaderRegion, conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret()))
|
|
}
|
|
} else if conn.config.AuthVersion == AuthV2 {
|
|
additionalList, _ := conn.getAdditionalHeaderKeys(req)
|
|
if len(additionalList) > 0 {
|
|
authorizationFmt := "OSS2 AccessKeyId:%v,AdditionalHeaders:%v,Signature:%v"
|
|
additionnalHeadersStr := strings.Join(additionalList, ";")
|
|
authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), additionnalHeadersStr, conn.getSignedStr(req, canonicalizedResource, akIf.GetAccessKeySecret()))
|
|
} else {
|
|
authorizationFmt := "OSS2 AccessKeyId:%v,Signature:%v"
|
|
authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), conn.getSignedStr(req, canonicalizedResource, akIf.GetAccessKeySecret()))
|
|
}
|
|
} else {
|
|
// Get the final authorization string
|
|
authorizationStr = "OSS " + akIf.GetAccessKeyID() + ":" + conn.getSignedStr(req, canonicalizedResource, akIf.GetAccessKeySecret())
|
|
}
|
|
|
|
// Give the parameter "Authorization" value
|
|
req.Header.Set(HTTPHeaderAuthorization, authorizationStr)
|
|
}
|
|
|
|
func (conn Conn) getSignedStr(req *http.Request, canonicalizedResource string, keySecret string) string {
|
|
// Find out the "x-oss-"'s address in header of the request
|
|
ossHeadersMap := make(map[string]string)
|
|
additionalList, additionalMap := conn.getAdditionalHeaderKeys(req)
|
|
for k, v := range req.Header {
|
|
if strings.HasPrefix(strings.ToLower(k), "x-oss-") {
|
|
ossHeadersMap[strings.ToLower(k)] = v[0]
|
|
} else if conn.config.AuthVersion == AuthV2 {
|
|
if _, ok := additionalMap[strings.ToLower(k)]; ok {
|
|
ossHeadersMap[strings.ToLower(k)] = v[0]
|
|
}
|
|
}
|
|
}
|
|
hs := newHeaderSorter(ossHeadersMap)
|
|
|
|
// Sort the ossHeadersMap by the ascending order
|
|
hs.Sort()
|
|
|
|
// Get the canonicalizedOSSHeaders
|
|
canonicalizedOSSHeaders := ""
|
|
for i := range hs.Keys {
|
|
canonicalizedOSSHeaders += hs.Keys[i] + ":" + hs.Vals[i] + "\n"
|
|
}
|
|
|
|
// Give other parameters values
|
|
// when sign URL, date is expires
|
|
date := req.Header.Get(HTTPHeaderDate)
|
|
contentType := req.Header.Get(HTTPHeaderContentType)
|
|
contentMd5 := req.Header.Get(HTTPHeaderContentMD5)
|
|
|
|
// default is v1 signature
|
|
signStr := req.Method + "\n" + contentMd5 + "\n" + contentType + "\n" + date + "\n" + canonicalizedOSSHeaders + canonicalizedResource
|
|
h := hmac.New(func() hash.Hash { return sha1.New() }, []byte(keySecret))
|
|
|
|
// v2 signature
|
|
if conn.config.AuthVersion == AuthV2 {
|
|
signStr = req.Method + "\n" + contentMd5 + "\n" + contentType + "\n" + date + "\n" + canonicalizedOSSHeaders + strings.Join(additionalList, ";") + "\n" + canonicalizedResource
|
|
h = hmac.New(func() hash.Hash { return sha256.New() }, []byte(keySecret))
|
|
}
|
|
|
|
if conn.config.LogLevel >= Debug {
|
|
conn.config.WriteLog(Debug, "[Req:%p]signStr:%s\n", req, EscapeLFString(signStr))
|
|
}
|
|
|
|
io.WriteString(h, signStr)
|
|
signedStr := base64.StdEncoding.EncodeToString(h.Sum(nil))
|
|
|
|
return signedStr
|
|
}
|
|
|
|
func (conn Conn) getSignedStrV4(req *http.Request, canonicalizedResource string, keySecret string) string {
|
|
// Find out the "x-oss-"'s address in header of the request
|
|
ossHeadersMap := make(map[string]string)
|
|
additionalList, additionalMap := conn.getAdditionalHeaderKeysV4(req)
|
|
for k, v := range req.Header {
|
|
if strings.HasPrefix(strings.ToLower(k), "x-oss-") {
|
|
ossHeadersMap[strings.ToLower(k)] = strings.Trim(v[0], " ")
|
|
} else {
|
|
if _, ok := additionalMap[strings.ToLower(k)]; ok {
|
|
ossHeadersMap[strings.ToLower(k)] = strings.Trim(v[0], " ")
|
|
}
|
|
}
|
|
}
|
|
|
|
// Required parameters
|
|
signDate := ""
|
|
dateFormat := ""
|
|
date := req.Header.Get(HTTPHeaderDate)
|
|
if date != "" {
|
|
signDate = date
|
|
dateFormat = http.TimeFormat
|
|
}
|
|
|
|
ossDate := req.Header.Get(HttpHeaderOssDate)
|
|
_, ok := ossHeadersMap[strings.ToLower(HttpHeaderOssDate)]
|
|
if ossDate != "" {
|
|
signDate = ossDate
|
|
dateFormat = iso8601DateFormatSecond
|
|
if !ok {
|
|
ossHeadersMap[strings.ToLower(HttpHeaderOssDate)] = strings.Trim(ossDate, " ")
|
|
}
|
|
}
|
|
|
|
contentType := req.Header.Get(HTTPHeaderContentType)
|
|
_, ok = ossHeadersMap[strings.ToLower(HTTPHeaderContentType)]
|
|
if contentType != "" && !ok {
|
|
ossHeadersMap[strings.ToLower(HTTPHeaderContentType)] = strings.Trim(contentType, " ")
|
|
}
|
|
|
|
contentMd5 := req.Header.Get(HTTPHeaderContentMD5)
|
|
_, ok = ossHeadersMap[strings.ToLower(HTTPHeaderContentMD5)]
|
|
if contentMd5 != "" && !ok {
|
|
ossHeadersMap[strings.ToLower(HTTPHeaderContentMD5)] = strings.Trim(contentMd5, " ")
|
|
}
|
|
|
|
hs := newHeaderSorter(ossHeadersMap)
|
|
|
|
// Sort the ossHeadersMap by the ascending order
|
|
hs.Sort()
|
|
|
|
// Get the canonicalizedOSSHeaders
|
|
canonicalizedOSSHeaders := ""
|
|
for i := range hs.Keys {
|
|
canonicalizedOSSHeaders += hs.Keys[i] + ":" + hs.Vals[i] + "\n"
|
|
}
|
|
|
|
signStr := ""
|
|
|
|
// v4 signature
|
|
hashedPayload := req.Header.Get(HttpHeaderOssContentSha256)
|
|
|
|
// subResource
|
|
resource := canonicalizedResource
|
|
subResource := ""
|
|
subPos := strings.LastIndex(canonicalizedResource, "?")
|
|
if subPos != -1 {
|
|
subResource = canonicalizedResource[subPos+1:]
|
|
resource = canonicalizedResource[0:subPos]
|
|
}
|
|
|
|
// get canonical request
|
|
canonicalReuqest := req.Method + "\n" + resource + "\n" + subResource + "\n" + canonicalizedOSSHeaders + "\n" + strings.Join(additionalList, ";") + "\n" + hashedPayload
|
|
rh := sha256.New()
|
|
io.WriteString(rh, canonicalReuqest)
|
|
hashedRequest := hex.EncodeToString(rh.Sum(nil))
|
|
|
|
if conn.config.LogLevel >= Debug {
|
|
conn.config.WriteLog(Debug, "[Req:%p]signStr:%s\n", req, EscapeLFString(canonicalReuqest))
|
|
}
|
|
|
|
// get day,eg 20210914
|
|
t, _ := time.Parse(dateFormat, signDate)
|
|
strDay := t.Format("20060102")
|
|
|
|
signedStrV4Product := conn.config.GetSignProduct()
|
|
signedStrV4Region := conn.config.GetSignRegion()
|
|
|
|
signStr = "OSS4-HMAC-SHA256" + "\n" + signDate + "\n" + strDay + "/" + signedStrV4Region + "/" + signedStrV4Product + "/aliyun_v4_request" + "\n" + hashedRequest
|
|
if conn.config.LogLevel >= Debug {
|
|
conn.config.WriteLog(Debug, "[Req:%p]signStr:%s\n", req, EscapeLFString(signStr))
|
|
}
|
|
|
|
h1 := hmac.New(func() hash.Hash { return sha256.New() }, []byte("aliyun_v4"+keySecret))
|
|
io.WriteString(h1, strDay)
|
|
h1Key := h1.Sum(nil)
|
|
|
|
h2 := hmac.New(func() hash.Hash { return sha256.New() }, h1Key)
|
|
io.WriteString(h2, signedStrV4Region)
|
|
h2Key := h2.Sum(nil)
|
|
|
|
h3 := hmac.New(func() hash.Hash { return sha256.New() }, h2Key)
|
|
io.WriteString(h3, signedStrV4Product)
|
|
h3Key := h3.Sum(nil)
|
|
|
|
h4 := hmac.New(func() hash.Hash { return sha256.New() }, h3Key)
|
|
io.WriteString(h4, "aliyun_v4_request")
|
|
h4Key := h4.Sum(nil)
|
|
|
|
h := hmac.New(func() hash.Hash { return sha256.New() }, h4Key)
|
|
io.WriteString(h, signStr)
|
|
return fmt.Sprintf("%x", h.Sum(nil))
|
|
}
|
|
|
|
func (conn Conn) getRtmpSignedStr(bucketName, channelName, playlistName string, expiration int64, keySecret string, params map[string]interface{}) string {
|
|
if params[HTTPParamAccessKeyID] == nil {
|
|
return ""
|
|
}
|
|
|
|
canonResource := fmt.Sprintf("/%s/%s", bucketName, channelName)
|
|
canonParamsKeys := []string{}
|
|
for key := range params {
|
|
if key != HTTPParamAccessKeyID && key != HTTPParamSignature && key != HTTPParamExpires && key != HTTPParamSecurityToken {
|
|
canonParamsKeys = append(canonParamsKeys, key)
|
|
}
|
|
}
|
|
|
|
sort.Strings(canonParamsKeys)
|
|
canonParamsStr := ""
|
|
for _, key := range canonParamsKeys {
|
|
canonParamsStr = fmt.Sprintf("%s%s:%s\n", canonParamsStr, key, params[key].(string))
|
|
}
|
|
|
|
expireStr := strconv.FormatInt(expiration, 10)
|
|
signStr := expireStr + "\n" + canonParamsStr + canonResource
|
|
|
|
h := hmac.New(func() hash.Hash { return sha1.New() }, []byte(keySecret))
|
|
io.WriteString(h, signStr)
|
|
signedStr := base64.StdEncoding.EncodeToString(h.Sum(nil))
|
|
return signedStr
|
|
}
|
|
|
|
// newHeaderSorter is an additional function for function SignHeader.
|
|
func newHeaderSorter(m map[string]string) *headerSorter {
|
|
hs := &headerSorter{
|
|
Keys: make([]string, 0, len(m)),
|
|
Vals: make([]string, 0, len(m)),
|
|
}
|
|
|
|
for k, v := range m {
|
|
hs.Keys = append(hs.Keys, k)
|
|
hs.Vals = append(hs.Vals, v)
|
|
}
|
|
return hs
|
|
}
|
|
|
|
// Sort is an additional function for function SignHeader.
|
|
func (hs *headerSorter) Sort() {
|
|
sort.Sort(hs)
|
|
}
|
|
|
|
// Len is an additional function for function SignHeader.
|
|
func (hs *headerSorter) Len() int {
|
|
return len(hs.Vals)
|
|
}
|
|
|
|
// Less is an additional function for function SignHeader.
|
|
func (hs *headerSorter) Less(i, j int) bool {
|
|
return bytes.Compare([]byte(hs.Keys[i]), []byte(hs.Keys[j])) < 0
|
|
}
|
|
|
|
// Swap is an additional function for function SignHeader.
|
|
func (hs *headerSorter) Swap(i, j int) {
|
|
hs.Vals[i], hs.Vals[j] = hs.Vals[j], hs.Vals[i]
|
|
hs.Keys[i], hs.Keys[j] = hs.Keys[j], hs.Keys[i]
|
|
}
|