| package s3 |
| |
| import ( |
| "crypto/md5" |
| "encoding/base64" |
| |
| "github.com/aws/aws-sdk-go/aws/awserr" |
| "github.com/aws/aws-sdk-go/aws/request" |
| ) |
| |
| var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil) |
| |
| func validateSSERequiresSSL(r *request.Request) { |
| if r.HTTPRequest.URL.Scheme == "https" { |
| return |
| } |
| |
| if iface, ok := r.Params.(sseCustomerKeyGetter); ok { |
| if len(iface.getSSECustomerKey()) > 0 { |
| r.Error = errSSERequiresSSL |
| return |
| } |
| } |
| |
| if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok { |
| if len(iface.getCopySourceSSECustomerKey()) > 0 { |
| r.Error = errSSERequiresSSL |
| return |
| } |
| } |
| } |
| |
| func computeSSEKeys(r *request.Request) { |
| headers := []string{ |
| "x-amz-server-side-encryption-customer-key", |
| "x-amz-copy-source-server-side-encryption-customer-key", |
| } |
| |
| for _, h := range headers { |
| md5h := h + "-md5" |
| if key := r.HTTPRequest.Header.Get(h); key != "" { |
| // Base64-encode the value |
| b64v := base64.StdEncoding.EncodeToString([]byte(key)) |
| r.HTTPRequest.Header.Set(h, b64v) |
| |
| // Add MD5 if it wasn't computed |
| if r.HTTPRequest.Header.Get(md5h) == "" { |
| sum := md5.Sum([]byte(key)) |
| b64sum := base64.StdEncoding.EncodeToString(sum[:]) |
| r.HTTPRequest.Header.Set(md5h, b64sum) |
| } |
| } |
| } |
| } |