|
@ -32,6 +32,7 @@ import ( |
|
|
"strconv" |
|
|
"strconv" |
|
|
"strings" |
|
|
"strings" |
|
|
"sync" |
|
|
"sync" |
|
|
|
|
|
"sync/atomic" |
|
|
"time" |
|
|
"time" |
|
|
"unicode/utf8" |
|
|
"unicode/utf8" |
|
|
|
|
|
|
|
@ -463,36 +464,67 @@ func (iam *IdentityAccessManagement) doesPresignedSignatureMatch(hashedPayload s |
|
|
return identity, s3err.ErrNone |
|
|
return identity, s3err.ErrNone |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
// getSignature
|
|
|
|
|
|
func (iam *IdentityAccessManagement) getSignature(secretKey string, t time.Time, region string, service string, stringToSign string) string { |
|
|
func (iam *IdentityAccessManagement) getSignature(secretKey string, t time.Time, region string, service string, stringToSign string) string { |
|
|
|
|
|
pool := iam.getSignatureHashPool(secretKey, t, region, service) |
|
|
|
|
|
h := pool.Get().(hash.Hash) |
|
|
|
|
|
defer pool.Put(h) |
|
|
|
|
|
|
|
|
|
|
|
h.Reset() |
|
|
|
|
|
h.Write([]byte(stringToSign)) |
|
|
|
|
|
sig := hex.EncodeToString(h.Sum(nil)) |
|
|
|
|
|
|
|
|
|
|
|
return sig |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (iam *IdentityAccessManagement) getSignatureHashPool(secretKey string, t time.Time, region string, service string) *sync.Pool { |
|
|
|
|
|
// Build a caching key for the pool.
|
|
|
date := t.Format(yyyymmdd) |
|
|
date := t.Format(yyyymmdd) |
|
|
hashID := "AWS4" + secretKey + "/" + date + "/" + region + "/" + service + "/" + "aws4_request" |
|
|
hashID := "AWS4" + secretKey + "/" + date + "/" + region + "/" + service + "/" + "aws4_request" |
|
|
|
|
|
|
|
|
|
|
|
// Try to find an existing pool and return it.
|
|
|
iam.hashMu.RLock() |
|
|
iam.hashMu.RLock() |
|
|
pool, ok := iam.hashes[hashID] |
|
|
pool, ok := iam.hashes[hashID] |
|
|
iam.hashMu.RUnlock() |
|
|
iam.hashMu.RUnlock() |
|
|
|
|
|
|
|
|
if !ok { |
|
|
if !ok { |
|
|
iam.hashMu.Lock() |
|
|
iam.hashMu.Lock() |
|
|
if pool, ok = iam.hashes[hashID]; !ok { |
|
|
defer iam.hashMu.Unlock() |
|
|
pool = &sync.Pool{ |
|
|
pool, ok = iam.hashes[hashID] |
|
|
New: func() any { |
|
|
} |
|
|
signingKey := getSigningKey(secretKey, date, region, service) |
|
|
if ok { |
|
|
return hmac.New(sha256.New, signingKey) |
|
|
atomic.StoreInt32(iam.hashCounters[hashID], 1) |
|
|
}, |
|
|
return pool |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Create a pool that returns HMAC hashers for the requested parameters to avoid expensive re-initializing
|
|
|
|
|
|
// of new instances on every request.
|
|
|
|
|
|
iam.hashes[hashID] = &sync.Pool{ |
|
|
|
|
|
New: func() any { |
|
|
|
|
|
signingKey := getSigningKey(secretKey, date, region, service) |
|
|
|
|
|
return hmac.New(sha256.New, signingKey) |
|
|
|
|
|
}, |
|
|
|
|
|
} |
|
|
|
|
|
iam.hashCounters[hashID] = new(int32) |
|
|
|
|
|
|
|
|
|
|
|
// Clean up unused pools automatically after one hour of inactivity
|
|
|
|
|
|
ticker := time.NewTicker(time.Hour) |
|
|
|
|
|
go func() { |
|
|
|
|
|
for range ticker.C { |
|
|
|
|
|
old := atomic.SwapInt32(iam.hashCounters[hashID], 0) |
|
|
|
|
|
if old == 0 { |
|
|
|
|
|
break |
|
|
} |
|
|
} |
|
|
iam.hashes[hashID] = pool |
|
|
|
|
|
} |
|
|
} |
|
|
iam.hashMu.Unlock() |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
h := pool.Get().(hash.Hash) |
|
|
ticker.Stop() |
|
|
h.Reset() |
|
|
iam.hashMu.Lock() |
|
|
h.Write([]byte(stringToSign)) |
|
|
delete(iam.hashes, hashID) |
|
|
sig := hex.EncodeToString(h.Sum(nil)) |
|
|
delete(iam.hashCounters, hashID) |
|
|
pool.Put(h) |
|
|
iam.hashMu.Unlock() |
|
|
|
|
|
}() |
|
|
|
|
|
|
|
|
return sig |
|
|
return iam.hashes[hashID] |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
func contains(list []string, elem string) bool { |
|
|
func contains(list []string, elem string) bool { |
|
|
xxxxxxxxxx