InputMiddlewareOptions provides the options for the request
checksum middleware setup.
Enables support for computing the SHA256 checksum of input payloads
along with the algorithm specified checksum. Prevents downstream
middleware handlers (computePayloadSHA256) re-reading the payload.
The SHA256 payload checksum will only be used for computed for requests
that are not TLS, or do not enable trailing checksums.
The SHA256 payload hash will not be computed, if the Algorithm's header
is already set on the request.
Enables support for setting the aws-chunked decoded content length
header for the decoded length of the underlying stream. Will only be set
when used with trailing checksums, and aws-chunked content-encoding.
Enables support for wrapping the serialized input payload with a
content-encoding: aws-check wrapper, and including a trailer for the
algorithm's checksum value.
The checksum will not be computed, nor added as trailing checksum, if
the Algorithm's header is already set on the request.
GetAlgorithm is a function to get the checksum algorithm of the
input payload from the input parameters.
Given the input parameter value, the function must return the algorithm
and true, or false if no algorithm is specified.
Forces the middleware to compute the input payload's checksum. The
request will fail if the algorithm is not specified or unable to compute
the checksum.
func AddInputMiddleware(stack *middleware.Stack, options InputMiddlewareOptions) (err error)
OutputMiddlewareOptions provides options for configuring output checksum
validation middleware.
GetValidationMode is a function to get the checksum validation
mode of the output payload from the input parameters.
Given the input parameter value, the function must return the validation
mode and true, or false if no mode is specified.
If set the middleware will ignore output multipart checksums. Otherwise
an checksum format error will be returned by the middleware.
When set the middleware will log when the output contains a multipart
checksum that was, skipped and not validated.
When set the middleware will log when output does not have checksum or
algorithm to validate.
The set of checksum algorithms that should be used for response payload
checksum validation. The algorithm(s) used will be a union of the
output's returned algorithms and this set.
Only the first algorithm in the union is currently used.
func AddOutputMiddleware(stack *middleware.Stack, options OutputMiddlewareOptions) error
awsChunkedEncoding provides a reader that wraps the payload such that
payload is read as a single aws-chunk payload. This reader can only be used
if the content length of payload is known. Content-Length is used as size of
the single payload chunk. The final chunk and trailing checksum is appended
at the end.
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html#sigv4-chunked-body-definition
Here is the aws-chunked payload stream as read from the awsChunkedEncoding
if original request stream is "Hello world", and checksum hash used is SHA256
<b>\r\n
Hello world\r\n
0\r\n
x-amz-checksum-sha256:ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=\r\n
\r\n
encodedStreamio.ReaderoptionsawsChunkedEncodingOptionstrailerEncodedLengthint
EncodedLength returns the final length of the aws-chunked content encoded
stream if it can be determined without reading the underlying stream or lazy
header values, otherwise -1 is returned.
HTTPHeaders returns the set of headers that must be included the request for
aws-chunked to work. This includes the content-encoding: aws-chunked header.
If there are multiple layered content encoding, the aws-chunked encoding
must be appended to the previous layers the stream's encoding. The best way
to do this is to append all header values returned to the HTTP request's set
of headers.
(*awsChunkedEncoding) Read(b []byte) (n int, err error)
*awsChunkedEncoding : io.Reader
func newUnsignedAWSChunkedEncoding(stream io.Reader, optFns ...func(*awsChunkedEncodingOptions)) *awsChunkedEncoding
The maximum size of each chunk to be sent. Default value of -1, signals
that optimal chunk length will be used automatically. ChunkSize must be
at least 8KB.
If ChunkLength and StreamLength are both specified, the stream will be
broken up into ChunkLength chunks. The encoded length of the aws-chunked
encoding can still be determined as long as all trailers, if any, have a
fixed length.
The total size of the stream. For unsigned encoding this implies that
there will only be a single chunk containing the underlying payload,
unless ChunkLength is also specified.
Set of trailer key:value pairs that will be appended to the end of the
payload after the end chunk has been written.
awsChunkedTrailerReader provides a lazy reader for reading of aws-chunked
content encoded trailers. The trailer values will not be retrieved until the
reader is read from.
reader*bytes.BuffertrailerEncodedLengthinttrailersmap[string]awsChunkedTrailerValue
EncodedLength returns the length of the encoded trailers if the length could
be determined without retrieving the header values. Returns -1 if length is
unknown.
Read populates the passed in byte slice with bytes from the encoded
trailers. Will lazy read header values first time Read is called.
*awsChunkedTrailerReader : io.Reader
func newAWSChunkedTrailerReader(trailers map[string]awsChunkedTrailerValue) *awsChunkedTrailerReader
Function to retrieve the value of the trailer. Will only be called after
the underlying stream returns EOF error.
If the length of the value can be pre-determined, and is constant
specify the length. A value of -1 means the length is unknown, or
cannot be pre-determined.
func newAWSChunkedTrailerReader(trailers map[string]awsChunkedTrailerValue) *awsChunkedTrailerReader
func trailerEncodedLength(trailers map[string]awsChunkedTrailerValue) (length int)
Provides a buffered aws-chunked chunk encoder of an underlying io.Reader.
Will include end chunk, but not the aws-chunked final `crlf` segment so
trailers can be added.
Note does not implement support for chunk extensions, e.g. chunk signing.
chunkBuffer*bytes.BufferchunkSizeintchunkSizeStrstringendChunkDoneboolheaderBuffer*bytes.BuffermultiReaderio.ReadermultiReaderLenintreaderio.Reader
Read attempts to read from the underlying io.Reader writing aws-chunked
chunk encoded bytes to p. When the underlying io.Reader has been completed
read the end chunk will be available. Once the end chunk is read, the reader
will return EOF.
newMultiReader returns a new io.Reader for wrapping the next chunk. Will
return an error if the underlying reader can not be read from. Will never
return io.EOF.
*bufferedAWSChunkReader : io.Reader
func newBufferedAWSChunkReader(reader io.Reader, chunkSize int) *bufferedAWSChunkReader
computeChecksumReader provides a reader wrapping an underlying io.Reader to
compute the checksum of the stream's bytes.
algorithmAlgorithmbase64ChecksumLeninthasherhash.HashlockedChecksumstringlockedErrerrormuxsync.RWMutexstreamio.Reader(*computeChecksumReader) Algorithm() Algorithm
Base64Checksum returns the base64 checksum for the algorithm, or error if
the underlying reader returned a non-EOF error.
Safe to be called concurrently, but will return an error until after the
underlying reader is returns EOF.
Base64ChecksumLength returns the base64 encoded length of the checksum for
algorithm.
Read wraps the underlying reader. When the underlying reader returns EOF,
the checksum of the reader will be computed, and can be retrieved with
ChecksumBase64String.
*computeChecksumReader : io.Reader
func newComputeChecksumReader(stream io.Reader, algorithm Algorithm) (*computeChecksumReader, error)
computedInputChecksumsKey is the metadata key for recording the algorithm the
checksum was computed for and the checksum value.
computeInputPayloadChecksum middleware computes payload checksum
Enables support for computing the SHA256 checksum of input payloads
along with the algorithm specified checksum. Prevents downstream
middleware handlers (computePayloadSHA256) re-reading the payload.
The SHA256 payload hash will only be used for computed for requests
that are not TLS, or do not enable trailing checksums.
The SHA256 payload hash will not be computed, if the Algorithm's header
is already set on the request.
Enables support for setting the aws-chunked decoded content length
header for the decoded length of the underlying stream. Will only be set
when used with trailing checksums, and aws-chunked content-encoding.
Enables support for wrapping the serialized input payload with a
content-encoding: aws-check wrapper, and including a trailer for the
algorithm's checksum value.
The checksum will not be computed, nor added as trailing checksum, if
the Algorithm's header is already set on the request.
States that a checksum is required to be included for the operation. If
Input does not specify a checksum, fallback to built in MD5 checksum is
used.
Replaces smithy-go's ContentChecksum middleware.
buildHandlerRunbooldeferToFinalizeHandlerbool
HandleBuild handles computing the payload's checksum, in the following cases:
- Is HTTP, not HTTPS
- RequireChecksum is true, and no checksums were specified via the Input
- Trailing checksums are not supported
The build handler must be inserted in the stack before ContentPayloadHash
and after ComputeContentLength.
HandleFinalize handles computing the payload's checksum, in the following cases:
- Is HTTPS, not HTTP
- A checksum was specified via the Input
- Trailing checksums are supported.
The finalize handler must be inserted in the stack before Signing, and after Retry.
ID provides the middleware's identifier.
*computeInputPayloadChecksum : github.com/aws/smithy-go/middleware.BuildMiddleware
*computeInputPayloadChecksum : github.com/aws/smithy-go/middleware.FinalizeMiddleware
*computeInputPayloadChecksum : github.com/aws/smithy-go/middleware.ider
inputAlgorithmKey is the key set on context used to identify, retrieves the
request checksum algorithm if present on the context.
outputValidationAlgorithmsUsedKey is the metadata key for indexing the algorithms
that were used, by the middleware's validation.
outputValidationModeKey is the key set on context used to identify if
output checksum validation is enabled.
setupChecksumContext is the initial middleware that looks up the input
used to configure checksum behavior. This middleware must be executed before
input validation step or any other checksum middleware.
GetAlgorithm is a function to get the checksum algorithm of the
input payload from the input parameters.
Given the input parameter value, the function must return the algorithm
and true, or false if no algorithm is specified.
HandleInitialize initialization middleware that setups up the checksum
context based on the input parameters provided in the stack.
ID for the middleware
*setupInputContext : github.com/aws/smithy-go/middleware.InitializeMiddleware
*setupInputContext : github.com/aws/smithy-go/middleware.ider
GetValidationMode is a function to get the checksum validation
mode of the output payload from the input parameters.
Given the input parameter value, the function must return the validation
mode and true, or false if no mode is specified.
HandleInitialize initialization middleware that setups up the checksum
context based on the input parameters provided in the stack.
ID for the middleware
*setupOutputContext : github.com/aws/smithy-go/middleware.InitializeMiddleware
*setupOutputContext : github.com/aws/smithy-go/middleware.ider
validateChecksumReader implements io.ReadCloser interface. The wrapper
performs checksum validation when the underlying reader has been fully read.
algorithmAlgorithmbodyio.ReaderexpectChecksumstringhasherhash.HashoriginalBodyio.ReadCloser
Close closes the underlying reader, returning any error that occurred in the
underlying reader.
Read attempts to read from the underlying stream while also updating the
running hash. If the underlying stream returns with an EOF error, the
checksum of the stream will be collected, and compared against the expected
checksum. If the checksums do not match, an error will be returned.
If a non-EOF error occurs when reading the underlying stream, that error
will be returned and the checksum for the stream will be discarded.
(*validateChecksumReader) validateChecksum() error
*validateChecksumReader : io.Closer
*validateChecksumReader : io.ReadCloser
*validateChecksumReader : io.Reader
func newValidateChecksumReader(body io.ReadCloser, algorithm Algorithm, expectChecksum string) (*validateChecksumReader, error)
validateOutputPayloadChecksum middleware computes payload checksum of the
received response and validates with checksum returned by the service.
Algorithms represents a priority-ordered list of valid checksum
algorithm that should be validated when present in HTTP response
headers.
IgnoreMultipartValidation indicates multipart checksums ending with "-#"
will be ignored.
When set the middleware will log when the output contains a multipart
checksum that was, skipped and not validated.
When set the middleware will log when output does not have checksum or
algorithm to validate.
HandleDeserialize is a Deserialize middleware that wraps the HTTP response
body with an io.ReadCloser that will validate the its checksum.
(*validateOutputPayloadChecksum) ID() string
*validateOutputPayloadChecksum : github.com/aws/smithy-go/middleware.DeserializeMiddleware
*validateOutputPayloadChecksum : github.com/aws/smithy-go/middleware.ider
Package-Level Functions (total 32, in which 13 are exported)
AddInputMiddleware adds the middleware for performing checksum computing
of request payloads, and checksum validation of response payloads.
AddOutputMiddleware adds the middleware for validating response payload's
checksum.
AlgorithmChecksumLength returns the length of the algorithm's checksum in
bytes. If the algorithm is not known, an error is returned.
AlgorithmHTTPHeader returns the HTTP header for the algorithm's hash.
FilterSupportedAlgorithms filters the set of algorithms, returning a slice
of algorithms that are supported.
GetComputedInputChecksums returns the map of checksum algorithm to their
computed value stored in the middleware Metadata. Returns false if no values
were stored in the Metadata.
GetOutputValidationAlgorithmsUsed returns the checksum algorithms used
stored in the middleware Metadata. Returns false if no algorithms were
stored in the Metadata.
NewAlgorithmHash returns a hash.Hash for the checksum algorithm. Error is
returned if the algorithm is unknown.
ParseAlgorithm attempts to parse the provided value into a checksum
algorithm, matching without case. Returns the algorithm matched, or an error
if the algorithm wasn't matched.
RemoveInputMiddleware Removes the compute input payload checksum middleware
handlers from the stack.
RemoveOutputMiddleware Removes the compute input payload checksum middleware
handlers from the stack.
SetComputedInputChecksums stores the map of checksum algorithm to their
computed value in the middleware Metadata. Overwrites any values that
currently exist in the metadata.
SetOutputValidationAlgorithmsUsed stores the checksum algorithms used in the
middleware Metadata.
base64EncodeHashSum computes base64 encoded checksum of a given running
hash. The running hash must already have content written to it. Returns the
byte slice of checksum and an error
computeMD5Checksum computes base64 MD5 checksum of an io.Reader's contents.
Returns the byte slice of MD5 checksum and an error.
getContextInputAlgorithm returns the checksum algorithm from the context if
one was specified. Empty string is returned if one is not specified.
Scoped to stack values.
getContextOutputValidationMode returns response checksum validation state,
if one was specified. Empty string is returned if one is not specified.
Scoped to stack values.
hexEncodeHashSum computes hex encoded checksum of a given running hash. The
running hash must already have content written to it. Returns the byte slice
of checksum and an error
newAWSChunkedTrailerReader returns an initialized awsChunkedTrailerReader to
lazy reading aws-chunk content encoded trailers.
newBufferedAWSChunkReader returns an bufferedAWSChunkReader for reading
aws-chunked encoded chunks.
newComputeChecksumReader returns a computeChecksumReader for the stream and
algorithm specified. Returns error if unable to create the reader, or
algorithm is unknown.
newUnsignedAWSChunkedEncoding returns a new awsChunkedEncoding configured
for unsigned aws-chunked content encoding. Any additional trailers that need
to be appended after the end chunk must be included as via Trailer
callbacks.
newUnsignedChunkReader returns an io.Reader encoding the underlying reader
as unsigned aws-chunked chunks. The returned reader will also include the
end chunk, but not the aws-chunked final `crlf` segment so trailers can be
added.
If the payload size is -1 for unknown length the content will be buffered in
defaultChunkLength chunks before wrapped in aws-chunked chunk encoding.
newValidateChecksumReader returns a configured io.ReadCloser that performs
checksum validation when the underlying reader has been fully read.
setContextInputAlgorithm sets the request checksum algorithm on the context.
Scoped to stack values.
setContextOutputValidationMode sets the request checksum
algorithm on the context.
Scoped to stack values.
setMD5Checksum computes the MD5 of the request payload and sets it to the
Content-MD5 header. Returning the MD5 base64 encoded string or error.
If the MD5 is already set as the Content-MD5 header, that value will be
returned, and nothing else will be done.
If the payload is empty, no MD5 will be computed. No error will be returned.
Empty payloads do not have an MD5 value.
Replaces the smithy-go middleware for httpChecksum trait.