1 files changed, 0 insertions, 403 deletions
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
deleted file mode 100644
index 1c2f1dc..0000000
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
+++ /dev/null
@@ -1,403 +0,0 @@
-/*
- * MinIO Go Library for Amazon S3 Compatible Cloud Storage
- * Copyright 2017 MinIO, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package signer
-import (
-        "bytes"
-        "encoding/hex"
-        "fmt"
-        "io"
-        "net/http"
-        "strconv"
-        "strings"
-        "time"
-        md5simd "github.com/minio/md5-simd"
-)
-// Reference for constants used below -
-// http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html#example-signature-calculations-streaming
-const (
-        streamingSignAlgorithm        = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
-        streamingSignTrailerAlgorithm = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER"
-        streamingPayloadHdr           = "AWS4-HMAC-SHA256-PAYLOAD"
-        streamingTrailerHdr           = "AWS4-HMAC-SHA256-TRAILER"
-        emptySHA256                   = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
-        payloadChunkSize              = 64 * 1024
-        chunkSigConstLen              = 17 // ";chunk-signature="
-        signatureStrLen               = 64 // e.g. "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2"
-        crlfLen                       = 2  // CRLF
-        trailerKVSeparator            = ":"
-        trailerSignature              = "x-amz-trailer-signature"
-)
-// Request headers to be ignored while calculating seed signature for
-// a request.
-var ignoredStreamingHeaders = map[string]bool{
-        "Authorization": true,
-        "User-Agent":    true,
-        "Content-Type":  true,
-}
-// getSignedChunkLength - calculates the length of chunk metadata
-func getSignedChunkLength(chunkDataSize int64) int64 {
-        return int64(len(fmt.Sprintf("%x", chunkDataSize))) +
-                chunkSigConstLen +
-                signatureStrLen +
-                crlfLen +
-                chunkDataSize +
-                crlfLen
-}
-// getStreamLength - calculates the length of the overall stream (data + metadata)
-func getStreamLength(dataLen, chunkSize int64, trailers http.Header) int64 {
-        if dataLen <= 0 {
-                return 0
-        }
-        chunksCount := int64(dataLen / chunkSize)
-        remainingBytes := int64(dataLen % chunkSize)
-        streamLen := int64(0)
-        streamLen += chunksCount * getSignedChunkLength(chunkSize)
-        if remainingBytes > 0 {
-                streamLen += getSignedChunkLength(remainingBytes)
-        }
-        streamLen += getSignedChunkLength(0)
-        if len(trailers) > 0 {
-                for name, placeholder := range trailers {
-                        if len(placeholder) > 0 {
-                                streamLen += int64(len(name) + len(trailerKVSeparator) + len(placeholder[0]) + 1)
-                        }
-                }
-                streamLen += int64(len(trailerSignature)+len(trailerKVSeparator)) + signatureStrLen + crlfLen + crlfLen
-        }
-        return streamLen
-}
-// buildChunkStringToSign - returns the string to sign given chunk data
-// and previous signature.
-func buildChunkStringToSign(t time.Time, region, previousSig, chunkChecksum string) string {
-        stringToSignParts := []string{
-                streamingPayloadHdr,
-                t.Format(iso8601DateFormat),
-                getScope(region, t, ServiceTypeS3),
-                previousSig,
-                emptySHA256,
-                chunkChecksum,
-        }
-        return strings.Join(stringToSignParts, "\n")
-}
-// buildTrailerChunkStringToSign - returns the string to sign given chunk data
-// and previous signature.
-func buildTrailerChunkStringToSign(t time.Time, region, previousSig, chunkChecksum string) string {
-        stringToSignParts := []string{
-                streamingTrailerHdr,
-                t.Format(iso8601DateFormat),
-                getScope(region, t, ServiceTypeS3),
-                previousSig,
-                chunkChecksum,
-        }
-        return strings.Join(stringToSignParts, "\n")
-}
-// prepareStreamingRequest - prepares a request with appropriate
-// headers before computing the seed signature.
-func prepareStreamingRequest(req *http.Request, sessionToken string, dataLen int64, timestamp time.Time) {
-        // Set x-amz-content-sha256 header.
-        if len(req.Trailer) == 0 {
-                req.Header.Set("X-Amz-Content-Sha256", streamingSignAlgorithm)
-        } else {
-                req.Header.Set("X-Amz-Content-Sha256", streamingSignTrailerAlgorithm)
-                for k := range req.Trailer {
-                        req.Header.Add("X-Amz-Trailer", strings.ToLower(k))
-                }
-                req.TransferEncoding = []string{"aws-chunked"}
-        }
-        if sessionToken != "" {
-                req.Header.Set("X-Amz-Security-Token", sessionToken)
-        }
-        req.Header.Set("X-Amz-Date", timestamp.Format(iso8601DateFormat))
-        // Set content length with streaming signature for each chunk included.
-        req.ContentLength = getStreamLength(dataLen, int64(payloadChunkSize), req.Trailer)
-        req.Header.Set("x-amz-decoded-content-length", strconv.FormatInt(dataLen, 10))
-}
-// buildChunkHeader - returns the chunk header.
-// e.g string(IntHexBase(chunk-size)) + ";chunk-signature=" + signature + \r\n + chunk-data + \r\n
-func buildChunkHeader(chunkLen int64, signature string) []byte {
-        return []byte(strconv.FormatInt(chunkLen, 16) + ";chunk-signature=" + signature + "\r\n")
-}
-// buildChunkSignature - returns chunk signature for a given chunk and previous signature.
-func buildChunkSignature(chunkCheckSum string, reqTime time.Time, region,
-        previousSignature, secretAccessKey string,
-) string {
-        chunkStringToSign := buildChunkStringToSign(reqTime, region,
-                previousSignature, chunkCheckSum)
-        signingKey := getSigningKey(secretAccessKey, region, reqTime, ServiceTypeS3)
-        return getSignature(signingKey, chunkStringToSign)
-}
-// buildChunkSignature - returns chunk signature for a given chunk and previous signature.
-func buildTrailerChunkSignature(chunkChecksum string, reqTime time.Time, region,
-        previousSignature, secretAccessKey string,
-) string {
-        chunkStringToSign := buildTrailerChunkStringToSign(reqTime, region,
-                previousSignature, chunkChecksum)
-        signingKey := getSigningKey(secretAccessKey, region, reqTime, ServiceTypeS3)
-        return getSignature(signingKey, chunkStringToSign)
-}
-// getSeedSignature - returns the seed signature for a given request.
-func (s *StreamingReader) setSeedSignature(req *http.Request) {
-        // Get canonical request
-        canonicalRequest := getCanonicalRequest(*req, ignoredStreamingHeaders, getHashedPayload(*req))
-        // Get string to sign from canonical request.
-        stringToSign := getStringToSignV4(s.reqTime, s.region, canonicalRequest, ServiceTypeS3)
-        signingKey := getSigningKey(s.secretAccessKey, s.region, s.reqTime, ServiceTypeS3)
-        // Calculate signature.
-        s.seedSignature = getSignature(signingKey, stringToSign)
-}
-// StreamingReader implements chunked upload signature as a reader on
-// top of req.Body's ReaderCloser chunk header;data;... repeat
-type StreamingReader struct {
-        accessKeyID     string
-        secretAccessKey string
-        sessionToken    string
-        region          string
-        prevSignature   string
-        seedSignature   string
-        contentLen      int64         // Content-Length from req header
-        baseReadCloser  io.ReadCloser // underlying io.Reader
-        bytesRead       int64         // bytes read from underlying io.Reader
-        buf             bytes.Buffer  // holds signed chunk
-        chunkBuf        []byte        // holds raw data read from req Body
-        chunkBufLen     int           // no. of bytes read so far into chunkBuf
-        done            bool          // done reading the underlying reader to EOF
-        reqTime         time.Time
-        chunkNum        int
-        totalChunks     int
-        lastChunkSize   int
-        trailer         http.Header
-        sh256           md5simd.Hasher
-}
-// signChunk - signs a chunk read from s.baseReader of chunkLen size.
-func (s *StreamingReader) signChunk(chunkLen int, addCrLf bool) {
-        // Compute chunk signature for next header
-        s.sh256.Reset()
-        s.sh256.Write(s.chunkBuf[:chunkLen])
-        chunckChecksum := hex.EncodeToString(s.sh256.Sum(nil))
-        signature := buildChunkSignature(chunckChecksum, s.reqTime,
-                s.region, s.prevSignature, s.secretAccessKey)
-        // For next chunk signature computation
-        s.prevSignature = signature
-        // Write chunk header into streaming buffer
-        chunkHdr := buildChunkHeader(int64(chunkLen), signature)
-        s.buf.Write(chunkHdr)
-        // Write chunk data into streaming buffer
-        s.buf.Write(s.chunkBuf[:chunkLen])
-        // Write the chunk trailer.
-        if addCrLf {
-                s.buf.Write([]byte("\r\n"))
-        }
-        // Reset chunkBufLen for next chunk read.
-        s.chunkBufLen = 0
-        s.chunkNum++
-}
-// addSignedTrailer - adds a trailer with the provided headers,
-// then signs a chunk and adds it to output.
-func (s *StreamingReader) addSignedTrailer(h http.Header) {
-        olen := len(s.chunkBuf)
-        s.chunkBuf = s.chunkBuf[:0]
-        for k, v := range h {
-                s.chunkBuf = append(s.chunkBuf, []byte(strings.ToLower(k)+trailerKVSeparator+v[0]+"\n")...)
-        }
-        s.sh256.Reset()
-        s.sh256.Write(s.chunkBuf)
-        chunkChecksum := hex.EncodeToString(s.sh256.Sum(nil))
-        // Compute chunk signature
-        signature := buildTrailerChunkSignature(chunkChecksum, s.reqTime,
-                s.region, s.prevSignature, s.secretAccessKey)
-        // For next chunk signature computation
-        s.prevSignature = signature
-        s.buf.Write(s.chunkBuf)
-        s.buf.WriteString("\r\n" + trailerSignature + trailerKVSeparator + signature + "\r\n\r\n")
-        // Reset chunkBufLen for next chunk read.
-        s.chunkBuf = s.chunkBuf[:olen]
-        s.chunkBufLen = 0
-        s.chunkNum++
-}
-// setStreamingAuthHeader - builds and sets authorization header value
-// for streaming signature.
-func (s *StreamingReader) setStreamingAuthHeader(req *http.Request) {
-        credential := GetCredential(s.accessKeyID, s.region, s.reqTime, ServiceTypeS3)
-        authParts := []string{
-                signV4Algorithm + " Credential=" + credential,
-                "SignedHeaders=" + getSignedHeaders(*req, ignoredStreamingHeaders),
-                "Signature=" + s.seedSignature,
-        }
-        // Set authorization header.
-        auth := strings.Join(authParts, ",")
-        req.Header.Set("Authorization", auth)
-}
-// StreamingSignV4 - provides chunked upload signatureV4 support by
-// implementing io.Reader.
-func StreamingSignV4(req *http.Request, accessKeyID, secretAccessKey, sessionToken,
-        region string, dataLen int64, reqTime time.Time, sh256 md5simd.Hasher,
-) *http.Request {
-        // Set headers needed for streaming signature.
-        prepareStreamingRequest(req, sessionToken, dataLen, reqTime)
-        if req.Body == nil {
-                req.Body = io.NopCloser(bytes.NewReader([]byte("")))
-        }
-        stReader := &StreamingReader{
-                baseReadCloser:  req.Body,
-                accessKeyID:     accessKeyID,
-                secretAccessKey: secretAccessKey,
-                sessionToken:    sessionToken,
-                region:          region,
-                reqTime:         reqTime,
-                chunkBuf:        make([]byte, payloadChunkSize),
-                contentLen:      dataLen,
-                chunkNum:        1,
-                totalChunks:     int((dataLen+payloadChunkSize-1)/payloadChunkSize) + 1,
-                lastChunkSize:   int(dataLen % payloadChunkSize),
-                sh256:           sh256,
-        }
-        if len(req.Trailer) > 0 {
-                stReader.trailer = req.Trailer
-                // Remove...
-                req.Trailer = nil
-        }
-        // Add the request headers required for chunk upload signing.
-        // Compute the seed signature.
-        stReader.setSeedSignature(req)
-        // Set the authorization header with the seed signature.
-        stReader.setStreamingAuthHeader(req)
-        // Set seed signature as prevSignature for subsequent
-        // streaming signing process.
-        stReader.prevSignature = stReader.seedSignature
-        req.Body = stReader
-        return req
-}
-// Read - this method performs chunk upload signature providing a
-// io.Reader interface.
-func (s *StreamingReader) Read(buf []byte) (int, error) {
-        switch {
-        // After the last chunk is read from underlying reader, we
-        // never re-fill s.buf.
-        case s.done:
-        // s.buf will be (re-)filled with next chunk when has lesser
-        // bytes than asked for.
-        case s.buf.Len() < len(buf):
-                s.chunkBufLen = 0
-                for {
-                        n1, err := s.baseReadCloser.Read(s.chunkBuf[s.chunkBufLen:])
-                        // Usually we validate `err` first, but in this case
-                        // we are validating n > 0 for the following reasons.
-                        //
-                        // 1. n > 0, err is one of io.EOF, nil (near end of stream)
-                        // A Reader returning a non-zero number of bytes at the end
-                        // of the input stream may return either err == EOF or err == nil
-                        //
-                        // 2. n == 0, err is io.EOF (actual end of stream)
-                        //
-                        // Callers should always process the n > 0 bytes returned
-                        // before considering the error err.
-                        if n1 > 0 {
-                                s.chunkBufLen += n1
-                                s.bytesRead += int64(n1)
-                                if s.chunkBufLen == payloadChunkSize ||
-                                        (s.chunkNum == s.totalChunks-1 &&
-                                                s.chunkBufLen == s.lastChunkSize) {
-                                        // Sign the chunk and write it to s.buf.
-                                        s.signChunk(s.chunkBufLen, true)
-                                        break
-                                }
-                        }
-                        if err != nil {
-                                if err == io.EOF {
-                                        // No more data left in baseReader - last chunk.
-                                        // Done reading the last chunk from baseReader.
-                                        s.done = true
-                                        // bytes read from baseReader different than
-                                        // content length provided.
-                                        if s.bytesRead != s.contentLen {
-                                                return 0, fmt.Errorf("http: ContentLength=%d with Body length %d", s.contentLen, s.bytesRead)
-                                        }
-                                        // Sign the chunk and write it to s.buf.
-                                        s.signChunk(0, len(s.trailer) == 0)
-                                        if len(s.trailer) > 0 {
-                                                // Trailer must be set now.
-                                                s.addSignedTrailer(s.trailer)
-                                        }
-                                        break
-                                }
-                                return 0, err
-                        }
-                }
-        }
-        return s.buf.Read(buf)
-}
-// Close - this method makes underlying io.ReadCloser's Close method available.
-func (s *StreamingReader) Close() error {
-        if s.sh256 != nil {
-                s.sh256.Close()
-                s.sh256 = nil
-        }
-        return s.baseReadCloser.Close()
-}

diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go deleted file mode 100644 index 1c2f1dc..0000000 --- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go +++ /dev/null
@@ -1,403 +0,0 @@
1	/*
2	* MinIO Go Library for Amazon S3 Compatible Cloud Storage
3	* Copyright 2017 MinIO, Inc.
4	*
5	* Licensed under the Apache License, Version 2.0 (the "License");
6	* you may not use this file except in compliance with the License.
7	* You may obtain a copy of the License at
8	*
9	* http://www.apache.org/licenses/LICENSE-2.0
10	*
11	* Unless required by applicable law or agreed to in writing, software
12	* distributed under the License is distributed on an "AS IS" BASIS,
13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	* See the License for the specific language governing permissions and
15	* limitations under the License.
16	*/
17
18	package signer
19
20	import (
21	"bytes"
22	"encoding/hex"
23	"fmt"
24	"io"
25	"net/http"
26	"strconv"
27	"strings"
28	"time"
29
30	md5simd "github.com/minio/md5-simd"
31	)
32
33	// Reference for constants used below -
34	// http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html#example-signature-calculations-streaming
35	const (
36	streamingSignAlgorithm = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
37	streamingSignTrailerAlgorithm = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER"
38	streamingPayloadHdr = "AWS4-HMAC-SHA256-PAYLOAD"
39	streamingTrailerHdr = "AWS4-HMAC-SHA256-TRAILER"
40	emptySHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
41	payloadChunkSize = 64 * 1024
42	chunkSigConstLen = 17 // ";chunk-signature="
43	signatureStrLen = 64 // e.g. "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2"
44	crlfLen = 2 // CRLF
45	trailerKVSeparator = ":"
46	trailerSignature = "x-amz-trailer-signature"
47	)
48
49	// Request headers to be ignored while calculating seed signature for
50	// a request.
51	var ignoredStreamingHeaders = map[string]bool{
52	"Authorization": true,
53	"User-Agent": true,
54	"Content-Type": true,
55	}
56
57	// getSignedChunkLength - calculates the length of chunk metadata
58	func getSignedChunkLength(chunkDataSize int64) int64 {
59	return int64(len(fmt.Sprintf("%x", chunkDataSize))) +
60	chunkSigConstLen +
61	signatureStrLen +
62	crlfLen +
63	chunkDataSize +
64	crlfLen
65	}
66
67	// getStreamLength - calculates the length of the overall stream (data + metadata)
68	func getStreamLength(dataLen, chunkSize int64, trailers http.Header) int64 {
69	if dataLen <= 0 {
70	return 0
71	}
72
73	chunksCount := int64(dataLen / chunkSize)
74	remainingBytes := int64(dataLen % chunkSize)
75	streamLen := int64(0)
76	streamLen += chunksCount * getSignedChunkLength(chunkSize)
77	if remainingBytes > 0 {
78	streamLen += getSignedChunkLength(remainingBytes)
79	}
80	streamLen += getSignedChunkLength(0)
81	if len(trailers) > 0 {
82	for name, placeholder := range trailers {
83	if len(placeholder) > 0 {
84	streamLen += int64(len(name) + len(trailerKVSeparator) + len(placeholder[0]) + 1)
85	}
86	}
87	streamLen += int64(len(trailerSignature)+len(trailerKVSeparator)) + signatureStrLen + crlfLen + crlfLen
88	}
89
90	return streamLen
91	}
92
93	// buildChunkStringToSign - returns the string to sign given chunk data
94	// and previous signature.
95	func buildChunkStringToSign(t time.Time, region, previousSig, chunkChecksum string) string {
96	stringToSignParts := []string{
97	streamingPayloadHdr,
98	t.Format(iso8601DateFormat),
99	getScope(region, t, ServiceTypeS3),
100	previousSig,
101	emptySHA256,
102	chunkChecksum,
103	}
104
105	return strings.Join(stringToSignParts, "\n")
106	}
107
108	// buildTrailerChunkStringToSign - returns the string to sign given chunk data
109	// and previous signature.
110	func buildTrailerChunkStringToSign(t time.Time, region, previousSig, chunkChecksum string) string {
111	stringToSignParts := []string{
112	streamingTrailerHdr,
113	t.Format(iso8601DateFormat),
114	getScope(region, t, ServiceTypeS3),
115	previousSig,
116	chunkChecksum,
117	}
118
119	return strings.Join(stringToSignParts, "\n")
120	}
121
122	// prepareStreamingRequest - prepares a request with appropriate
123	// headers before computing the seed signature.
124	func prepareStreamingRequest(req *http.Request, sessionToken string, dataLen int64, timestamp time.Time) {
125	// Set x-amz-content-sha256 header.
126	if len(req.Trailer) == 0 {
127	req.Header.Set("X-Amz-Content-Sha256", streamingSignAlgorithm)
128	} else {
129	req.Header.Set("X-Amz-Content-Sha256", streamingSignTrailerAlgorithm)
130	for k := range req.Trailer {
131	req.Header.Add("X-Amz-Trailer", strings.ToLower(k))
132	}
133	req.TransferEncoding = []string{"aws-chunked"}
134	}
135
136	if sessionToken != "" {
137	req.Header.Set("X-Amz-Security-Token", sessionToken)
138	}
139
140	req.Header.Set("X-Amz-Date", timestamp.Format(iso8601DateFormat))
141	// Set content length with streaming signature for each chunk included.
142	req.ContentLength = getStreamLength(dataLen, int64(payloadChunkSize), req.Trailer)
143	req.Header.Set("x-amz-decoded-content-length", strconv.FormatInt(dataLen, 10))
144	}
145
146	// buildChunkHeader - returns the chunk header.
147	// e.g string(IntHexBase(chunk-size)) + ";chunk-signature=" + signature + \r\n + chunk-data + \r\n
148	func buildChunkHeader(chunkLen int64, signature string) []byte {
149	return []byte(strconv.FormatInt(chunkLen, 16) + ";chunk-signature=" + signature + "\r\n")
150	}
151
152	// buildChunkSignature - returns chunk signature for a given chunk and previous signature.
153	func buildChunkSignature(chunkCheckSum string, reqTime time.Time, region,
154	previousSignature, secretAccessKey string,
155	) string {
156	chunkStringToSign := buildChunkStringToSign(reqTime, region,
157	previousSignature, chunkCheckSum)
158	signingKey := getSigningKey(secretAccessKey, region, reqTime, ServiceTypeS3)
159	return getSignature(signingKey, chunkStringToSign)
160	}
161
162	// buildChunkSignature - returns chunk signature for a given chunk and previous signature.
163	func buildTrailerChunkSignature(chunkChecksum string, reqTime time.Time, region,
164	previousSignature, secretAccessKey string,
165	) string {
166	chunkStringToSign := buildTrailerChunkStringToSign(reqTime, region,
167	previousSignature, chunkChecksum)
168	signingKey := getSigningKey(secretAccessKey, region, reqTime, ServiceTypeS3)
169	return getSignature(signingKey, chunkStringToSign)
170	}
171
172	// getSeedSignature - returns the seed signature for a given request.
173	func (s StreamingReader) setSeedSignature(req http.Request) {
174	// Get canonical request
175	canonicalRequest := getCanonicalRequest(req, ignoredStreamingHeaders, getHashedPayload(req))
176
177	// Get string to sign from canonical request.
178	stringToSign := getStringToSignV4(s.reqTime, s.region, canonicalRequest, ServiceTypeS3)
179
180	signingKey := getSigningKey(s.secretAccessKey, s.region, s.reqTime, ServiceTypeS3)
181
182	// Calculate signature.
183	s.seedSignature = getSignature(signingKey, stringToSign)
184	}
185
186	// StreamingReader implements chunked upload signature as a reader on
187	// top of req.Body's ReaderCloser chunk header;data;... repeat
188	type StreamingReader struct {
189	accessKeyID string
190	secretAccessKey string
191	sessionToken string
192	region string
193	prevSignature string
194	seedSignature string
195	contentLen int64 // Content-Length from req header
196	baseReadCloser io.ReadCloser // underlying io.Reader
197	bytesRead int64 // bytes read from underlying io.Reader
198	buf bytes.Buffer // holds signed chunk
199	chunkBuf []byte // holds raw data read from req Body
200	chunkBufLen int // no. of bytes read so far into chunkBuf
201	done bool // done reading the underlying reader to EOF
202	reqTime time.Time
203	chunkNum int
204	totalChunks int
205	lastChunkSize int
206	trailer http.Header
207	sh256 md5simd.Hasher
208	}
209
210	// signChunk - signs a chunk read from s.baseReader of chunkLen size.
211	func (s *StreamingReader) signChunk(chunkLen int, addCrLf bool) {
212	// Compute chunk signature for next header
213	s.sh256.Reset()
214	s.sh256.Write(s.chunkBuf[:chunkLen])
215	chunckChecksum := hex.EncodeToString(s.sh256.Sum(nil))
216
217	signature := buildChunkSignature(chunckChecksum, s.reqTime,
218	s.region, s.prevSignature, s.secretAccessKey)
219
220	// For next chunk signature computation
221	s.prevSignature = signature
222
223	// Write chunk header into streaming buffer
224	chunkHdr := buildChunkHeader(int64(chunkLen), signature)
225	s.buf.Write(chunkHdr)
226
227	// Write chunk data into streaming buffer
228	s.buf.Write(s.chunkBuf[:chunkLen])
229
230	// Write the chunk trailer.
231	if addCrLf {
232	s.buf.Write([]byte("\r\n"))
233	}
234
235	// Reset chunkBufLen for next chunk read.
236	s.chunkBufLen = 0
237	s.chunkNum++
238	}
239
240	// addSignedTrailer - adds a trailer with the provided headers,
241	// then signs a chunk and adds it to output.
242	func (s *StreamingReader) addSignedTrailer(h http.Header) {
243	olen := len(s.chunkBuf)
244	s.chunkBuf = s.chunkBuf[:0]
245	for k, v := range h {
246	s.chunkBuf = append(s.chunkBuf, []byte(strings.ToLower(k)+trailerKVSeparator+v[0]+"\n")...)
247	}
248
249	s.sh256.Reset()
250	s.sh256.Write(s.chunkBuf)
251	chunkChecksum := hex.EncodeToString(s.sh256.Sum(nil))
252	// Compute chunk signature
253	signature := buildTrailerChunkSignature(chunkChecksum, s.reqTime,
254	s.region, s.prevSignature, s.secretAccessKey)
255
256	// For next chunk signature computation
257	s.prevSignature = signature
258
259	s.buf.Write(s.chunkBuf)
260	s.buf.WriteString("\r\n" + trailerSignature + trailerKVSeparator + signature + "\r\n\r\n")
261
262	// Reset chunkBufLen for next chunk read.
263	s.chunkBuf = s.chunkBuf[:olen]
264	s.chunkBufLen = 0
265	s.chunkNum++
266	}
267
268	// setStreamingAuthHeader - builds and sets authorization header value
269	// for streaming signature.
270	func (s StreamingReader) setStreamingAuthHeader(req http.Request) {
271	credential := GetCredential(s.accessKeyID, s.region, s.reqTime, ServiceTypeS3)
272	authParts := []string{
273	signV4Algorithm + " Credential=" + credential,
274	"SignedHeaders=" + getSignedHeaders(*req, ignoredStreamingHeaders),
275	"Signature=" + s.seedSignature,
276	}
277
278	// Set authorization header.
279	auth := strings.Join(authParts, ",")
280	req.Header.Set("Authorization", auth)
281	}
282
283	// StreamingSignV4 - provides chunked upload signatureV4 support by
284	// implementing io.Reader.
285	func StreamingSignV4(req *http.Request, accessKeyID, secretAccessKey, sessionToken,
286	region string, dataLen int64, reqTime time.Time, sh256 md5simd.Hasher,
287	) *http.Request {
288	// Set headers needed for streaming signature.
289	prepareStreamingRequest(req, sessionToken, dataLen, reqTime)
290
291	if req.Body == nil {
292	req.Body = io.NopCloser(bytes.NewReader([]byte("")))
293	}
294
295	stReader := &StreamingReader{
296	baseReadCloser: req.Body,
297	accessKeyID: accessKeyID,
298	secretAccessKey: secretAccessKey,
299	sessionToken: sessionToken,
300	region: region,
301	reqTime: reqTime,
302	chunkBuf: make([]byte, payloadChunkSize),
303	contentLen: dataLen,
304	chunkNum: 1,
305	totalChunks: int((dataLen+payloadChunkSize-1)/payloadChunkSize) + 1,
306	lastChunkSize: int(dataLen % payloadChunkSize),
307	sh256: sh256,
308	}
309	if len(req.Trailer) > 0 {
310	stReader.trailer = req.Trailer
311	// Remove...
312	req.Trailer = nil
313	}
314
315	// Add the request headers required for chunk upload signing.
316
317	// Compute the seed signature.
318	stReader.setSeedSignature(req)
319
320	// Set the authorization header with the seed signature.
321	stReader.setStreamingAuthHeader(req)
322
323	// Set seed signature as prevSignature for subsequent
324	// streaming signing process.
325	stReader.prevSignature = stReader.seedSignature
326	req.Body = stReader
327
328	return req
329	}
330
331	// Read - this method performs chunk upload signature providing a
332	// io.Reader interface.
333	func (s *StreamingReader) Read(buf []byte) (int, error) {
334	switch {
335	// After the last chunk is read from underlying reader, we
336	// never re-fill s.buf.
337	case s.done:
338
339	// s.buf will be (re-)filled with next chunk when has lesser
340	// bytes than asked for.
341	case s.buf.Len() < len(buf):
342	s.chunkBufLen = 0
343	for {
344	n1, err := s.baseReadCloser.Read(s.chunkBuf[s.chunkBufLen:])
345	// Usually we validate `err` first, but in this case
346	// we are validating n > 0 for the following reasons.
347	//
348	// 1. n > 0, err is one of io.EOF, nil (near end of stream)
349	// A Reader returning a non-zero number of bytes at the end
350	// of the input stream may return either err == EOF or err == nil
351	//
352	// 2. n == 0, err is io.EOF (actual end of stream)
353	//
354	// Callers should always process the n > 0 bytes returned
355	// before considering the error err.
356	if n1 > 0 {
357	s.chunkBufLen += n1
358	s.bytesRead += int64(n1)
359
360	if s.chunkBufLen == payloadChunkSize \|\|
361	(s.chunkNum == s.totalChunks-1 &&
362	s.chunkBufLen == s.lastChunkSize) {
363	// Sign the chunk and write it to s.buf.
364	s.signChunk(s.chunkBufLen, true)
365	break
366	}
367	}
368	if err != nil {
369	if err == io.EOF {
370	// No more data left in baseReader - last chunk.
371	// Done reading the last chunk from baseReader.
372	s.done = true
373
374	// bytes read from baseReader different than
375	// content length provided.
376	if s.bytesRead != s.contentLen {
377	return 0, fmt.Errorf("http: ContentLength=%d with Body length %d", s.contentLen, s.bytesRead)
378	}
379
380	// Sign the chunk and write it to s.buf.
381	s.signChunk(0, len(s.trailer) == 0)
382	if len(s.trailer) > 0 {
383	// Trailer must be set now.
384	s.addSignedTrailer(s.trailer)
385	}
386	break
387	}
388	return 0, err
389	}
390
391	}
392	}
393	return s.buf.Read(buf)
394	}
395
396	// Close - this method makes underlying io.ReadCloser's Close method available.
397	func (s *StreamingReader) Close() error {
398	if s.sh256 != nil {
399	s.sh256.Close()
400	s.sh256 = nil
401	}
402	return s.baseReadCloser.Close()
403	}