unboundsoftware/nginx-s3-upload
Archived
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Change SHA-implementation and make sure signature is correctly generated

Browse Source
This commit is contained in:
Joakim Olsson
2019-08-02 10:27:54 +02:00
parent cd38b8b25e
commit fc9269f362
10 changed files with 436 additions and 807 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+1 -1
View File
@@ -10,7 +10,7 @@ image: registry.gitlab.com/sparetimecoders/build-tools:master
build:
stage: build
services:
- docker:dind
- docker:18.06-dind
script:
- build
- push
Dockerfile
+2 -2
View File
@@ -2,7 +2,7 @@ FROM ubuntu
# Install prerequisites for Nginx compile
RUN apt-get update && \
apt-get install -y wget tar gcc libpcre3-dev zlib1g-dev make libssl-dev liblua5.1-0 libluajit-5.1-dev curl jq
apt-get install -y wget tar gcc libpcre3-dev zlib1g-dev make libssl-dev liblua5.1-0 lua-bit32 libluajit-5.1-dev curl jq
# Download Nginx
WORKDIR /tmp
@@ -56,7 +56,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
# Apply Nginx config
ADD nginx.conf /etc/nginx/nginx.conf
ADD sign.lua sha256.lua /tmp/lua/
ADD sign.lua hmac.lua sha2.lua /tmp/lua/
ADD start.sh /start.sh
# Set default command
deployment_files/deploy.yaml
+4
View File
@@ -52,6 +52,10 @@ spec:
env:
- name: S3_BUCKET_NAME
value: upload.unbound.se
- name: AWS_REGION
value: eu-west-1
- name: RETURN_URL
value: uploads.unbound.se
ports:
- containerPort: 80
hmac.lua
+133
View File
@@ -0,0 +1,133 @@
local _M = {}
_M.to_bin = function (str)
local data = ''
str:lower():gsub('([a-z0-9])([a-z0-9])', function (d1, d2)
d1 = _M.hexdigit2int(d1)
d2 = _M.hexdigit2int(d2)
data = (data .. string.char(d1 * 16 + d2))
end)
return data
end
_M.to_hex = function (str)
local data = ''
for i=1,#str,1 do
data = (data .. ("%02x"):format(str:byte(i)))
end
return data
end
_M.hexdigit2int = function (ch)
local b = ch:byte()
if b >= ('a'):byte() then
return 10 + (b - ('a'):byte())
elseif b >= ('0'):byte() then
return b - ('0'):byte()
else
_M.assert(false)
end
end
_M.b64 = (function ()
-- character table string
local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
-- encoding
local function enc(data)
return ((data:gsub('.', function(x)
local r,b='',x:byte()
for i=8,1,-1 do r=r..(b%2^i-b%2^(i-1)>0 and '1' or '0') end
return r;
end)..'0000'):gsub('%d%d%d?%d?%d?%d?', function(x)
if (#x < 6) then return '' end
local c=0
for i=1,6 do c=c+(x:sub(i,i)=='1' and 2^(6-i) or 0) end
return b:sub(c+1,c+1)
end)..({ '', '==', '=' })[#data%3+1])
end
-- decoding
local function dec(data)
data = string.gsub(data, '[^'..b..'=]', '')
return (data:gsub('.', function(x)
if (x == '=') then return '' end
local r,f='',(b:find(x)-1)
for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0') end
return r;
end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x)
if (#x ~= 8) then return '' end
local c=0
for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end
return string.char(c)
end))
end
return {
encode = enc,
decode = dec,
}
end)()
_M.sha2 = require("sha2")
_M.hmac = (function ()
--local hmac = require 'hmac'
local sha2 = _M.sha2
-- these hmac-ize routine is from https://github.com/bjc/prosody/blob/master/util/hmac.lua.
-- thanks!
local s_char = string.char;
local s_gsub = string.gsub;
local s_rep = string.rep;
local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;};
local function xor(x, y)
local lowx, lowy = x % 16, y % 16;
local hix, hiy = (x - lowx) / 16, (y - lowy) / 16;
local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1];
local r = hir * 16 + lowr;
return r;
end
local opadc, ipadc = s_char(0x5c), s_char(0x36);
local ipad_map = {};
local opad_map = {};
for i=0,255 do
ipad_map[s_char(i)] = s_char(xor(0x36, i));
opad_map[s_char(i)] = s_char(xor(0x5c, i));
end
local function hmac(key, message, hash, blocksize)
if #key > blocksize then
key = hash(key)
end
local padding = blocksize - #key;
local ipad = s_gsub(key, ".", ipad_map)..s_rep(ipadc, padding);
local opad = s_gsub(key, ".", opad_map)..s_rep(opadc, padding);
return hash(opad..hash(ipad..message))
end
local sha256 = function (data)
local text = sha2.hash256(data)
return _M.to_bin(text)
end
local digest_routines = {
hex = _M.to_hex,
base64 = _M.b64.encode
}
local hmac_sha256 = function (key, data, digest)
local bin = hmac(key, data, sha256, 64)
-- print(_M.to_hex(bin))
--local bin = _M.to_bin("8BDD6729CE0F580B7424921D5F0CFD1F1642243762CBA71FFCC8FABCFC72608B")
return digest_routines[digest] and digest_routines[digest](bin) or bin
end
local hmac_sha1 = function (key, data, digest)
local bin = sha1.sha1_bin(key, data)
return digest_routines[digest] and digest_routines[digest](bin) or bin
end
_M.hmac_by = {
sha256 = hmac_sha256,
sha1 = hmac_sha1,
}
return hmac_sha256
end)()
return _M
nginx.conf
+22 -12
View File
@@ -1,6 +1,8 @@
env AWS_ACCESS_KEY_ID;
env AWS_SECRET_ACCESS_KEY;
env S3_BUCKET_NAME;
env AWS_REGION;
env RETURN_URL;
worker_processes 1;
@@ -11,10 +13,15 @@ events {
http {
lua_load_resty_core off;
lua_package_path "/tmp/lua-resty-core/lib/?.lua;/tmp/lua/?.lua;;";
client_max_body_size 100m;
lua_package_cpath '/usr/lib/x86_64-linux-gnu/lua/5.1/?.so;;';
proxy_max_temp_file_size 0;
proxy_buffering off;
server_names_hash_bucket_size 256;
client_body_buffer_size 128k;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
lua_need_request_body on;
lua_socket_buffer_size 128k;
@@ -47,34 +54,37 @@ http {
set_secure_random_alphanum $prefix 64;
set_sha1 $prefixsha $prefix;
set_by_lua $time "os.time()";
set_by_lua $timestamp "return os.date('%Y%m%dT%H%M%SZ', tonumber(ngx.var.time))";
set_by_lua $date "return os.date('%a, %d %b %Y %H:%M:%S GMT', tonumber(ngx.var.time))";
set_by_lua $day "return os.date('%Y%m%d', tonumber(ngx.var.time))";
set_sha1 $datesha $date;
set $key $prefixsha$datesha;
set_by_lua $bucket "return os.getenv('S3_BUCKET_NAME')";
set $url https://$bucket.s3-eu-west-1.amazonaws.com/$day/$key;
set $returnurl https://uploads.paidit.se/$day/$key;
set_by_lua $baseurl "return os.getenv('RETURN_URL')";
set_by_lua $region "return os.getenv('AWS_REGION')";
set $phost $bucket.s3-$region.amazonaws.com;
set $ppath /$day/$key;
set $url https://$phost$ppath;
set $returnurl https://$baseurl$ppath;
set $acl public-read;
set $contentSha256 "";
set $authorization "";
access_by_lua_block {
local sha256 = require("sha256")
local sha2 = require("sha2")
ngx.req.read_body()
local body = ngx.req.get_body_data()
local contentSha256 = sha256.sha256(body)
local contentSha256 = sha2.hash256(body)
ngx.var.contentSha256 = contentSha256
}
set_by_lua_block $authorization {
local sign = require("sign")
local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.date, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com"}
local region = "eu-west-1"
return sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), "upload.unbound.se", ngx.var.request_uri, headers, ngx.var.contentSha256, region)
local headers = {["x-amz-acl"] = ngx.var.acl, ["x-amz-date"] = ngx.var.timestamp, ["x-amz-content-sha256"] = ngx.var.contentSha256, ["date"] = ngx.var.date, ["host"] = ngx.var.phost }
ngx.var.authorization = sign.sign(os.getenv("AWS_ACCESS_KEY_ID"), os.getenv("AWS_SECRET_ACCESS_KEY"), os.time(), ngx.var.ppath, headers, ngx.var.region)
}
proxy_set_header date $date;
proxy_set_header host $phost;
proxy_set_header x-amz-acl $acl;
proxy_set_header x-amz-date $date;
proxy_set_header x-amz-date $timestamp;
proxy_set_header x-amz-content-sha256 $contentSha256;
proxy_set_header Authorization $authorization;
proxy_hide_header x-amz-id-2;
sha2.lua
+242
View File
@@ -0,0 +1,242 @@
-- SHA-256 code in Lua 5.2; based on the pseudo-code from
-- Wikipedia (http://en.wikipedia.org/wiki/SHA-2)
local bit32 = require("bit32")
local band, rrotate, bxor, rshift, bnot =
bit32.band, bit32.rrotate, bit32.bxor, bit32.rshift, bit32.bnot
local string, setmetatable, assert = string, setmetatable, assert
_ENV = nil
-- Initialize table of round constants
-- (first 32 bits of the fractional parts of the cube roots of the first
-- 64 primes 2..311):
local k = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
}
-- transform a string of bytes in a string of hexadecimal digits
local function str2hexa (s)
local h = string.gsub(s, ".", function(c)
return string.format("%02x", string.byte(c))
end)
return h
end
-- transform number 'l' in a big-endian sequence of 'n' bytes
-- (coded as a string)
local function num2s (l, n)
local s = ""
for i = 1, n do
local rem = l % 256
s = string.char(rem) .. s
l = (l - rem) / 256
end
return s
end
-- transform the big-endian sequence of four bytes starting at
-- index 'i' in 's' into a number
local function s232num (s, i)
local n = 0
for i = i, i + 3 do
n = n*256 + string.byte(s, i)
end
return n
end
-- append the bit '1' to the message
-- append k bits '0', where k is the minimum number >= 0 such that the
-- resulting message length (in bits) is congruent to 448 (mod 512)
-- append length of message (before pre-processing), in bits, as 64-bit
-- big-endian integer
local function preproc (msg, len)
local extra = -(len + 1 + 8) % 64
len = num2s(8 * len, 8) -- original len in bits, coded
msg = msg .. "\128" .. string.rep("\0", extra) .. len
assert(#msg % 64 == 0)
return msg
end
local function initH224 (H)
-- (second 32 bits of the fractional parts of the square roots of the
-- 9th through 16th primes 23..53)
H[1] = 0xc1059ed8
H[2] = 0x367cd507
H[3] = 0x3070dd17
H[4] = 0xf70e5939
H[5] = 0xffc00b31
H[6] = 0x68581511
H[7] = 0x64f98fa7
H[8] = 0xbefa4fa4
return H
end
local function initH256 (H)
-- (first 32 bits of the fractional parts of the square roots of the
-- first 8 primes 2..19):
H[1] = 0x6a09e667
H[2] = 0xbb67ae85
H[3] = 0x3c6ef372
H[4] = 0xa54ff53a
H[5] = 0x510e527f
H[6] = 0x9b05688c
H[7] = 0x1f83d9ab
H[8] = 0x5be0cd19
return H
end
local function digestblock (msg, i, H)
-- break chunk into sixteen 32-bit big-endian words w[1..16]
local w = {}
for j = 1, 16 do
w[j] = s232num(msg, i + (j - 1)*4)
end
-- Extend the sixteen 32-bit words into sixty-four 32-bit words:
for j = 17, 64 do
local v = w[j - 15]
local s0 = bxor(rrotate(v, 7), rrotate(v, 18), rshift(v, 3))
v = w[j - 2]
local s1 = bxor(rrotate(v, 17), rrotate(v, 19), rshift(v, 10))
w[j] = w[j - 16] + s0 + w[j - 7] + s1
end
-- Initialize hash value for this chunk:
local a, b, c, d, e, f, g, h =
H[1], H[2], H[3], H[4], H[5], H[6], H[7], H[8]
-- Main loop:
for i = 1, 64 do
local s0 = bxor(rrotate(a, 2), rrotate(a, 13), rrotate(a, 22))
local maj = bxor(band(a, b), band(a, c), band(b, c))
local t2 = s0 + maj
local s1 = bxor(rrotate(e, 6), rrotate(e, 11), rrotate(e, 25))
local ch = bxor (band(e, f), band(bnot(e), g))
local t1 = h + s1 + ch + k[i] + w[i]
h = g
g = f
f = e
e = d + t1
d = c
c = b
b = a
a = t1 + t2
end
-- Add (mod 2^32) this chunk's hash to result so far:
H[1] = band(H[1] + a)
H[2] = band(H[2] + b)
H[3] = band(H[3] + c)
H[4] = band(H[4] + d)
H[5] = band(H[5] + e)
H[6] = band(H[6] + f)
H[7] = band(H[7] + g)
H[8] = band(H[8] + h)
end
local function finalresult224 (H)
-- Produce the final hash value (big-endian):
return
str2hexa(num2s(H[1], 4)..num2s(H[2], 4)..num2s(H[3], 4)..num2s(H[4], 4)..
num2s(H[5], 4)..num2s(H[6], 4)..num2s(H[7], 4))
end
local function finalresult256 (H)
-- Produce the final hash value (big-endian):
return
str2hexa(num2s(H[1], 4)..num2s(H[2], 4)..num2s(H[3], 4)..num2s(H[4], 4)..
num2s(H[5], 4)..num2s(H[6], 4)..num2s(H[7], 4)..num2s(H[8], 4))
end
----------------------------------------------------------------------
local HH = {} -- to reuse
local function hash224 (msg)
msg = preproc(msg, #msg)
local H = initH224(HH)
-- Process the message in successive 512-bit (64 bytes) chunks:
for i = 1, #msg, 64 do
digestblock(msg, i, H)
end
return finalresult224(H)
end
local function hash256 (msg)
msg = preproc(msg, #msg)
local H = initH256(HH)
-- Process the message in successive 512-bit (64 bytes) chunks:
for i = 1, #msg, 64 do
digestblock(msg, i, H)
end
return finalresult256(H)
end
----------------------------------------------------------------------
local mt = {}
local function new256 ()
local o = {H = initH256({}), msg = "", len = 0}
setmetatable(o, mt)
return o
end
mt.__index = mt
function mt:add (m)
self.msg = self.msg .. m
self.len = self.len + #m
local t = 0
while #self.msg - t >= 64 do
digestblock(self.msg, t + 1, self.H)
t = t + 64
end
self.msg = self.msg:sub(t + 1, -1)
end
function mt:close ()
self.msg = preproc(self.msg, self.len)
self:add("")
return finalresult256(self.H)
end
----------------------------------------------------------------------
return {
hash224 = hash224,
hash256 = hash256,
new256 = new256,
}
sha256.lua
-745
View File
@@ -1,745 +0,0 @@
--
-- SHA-256 secure hash computation, and HMAC-SHA256 signature computation
--
-- Copyright 2017 Jqqqi
--
local sha256 = { }
local MOD = 2 ^ 32
local MODM = MOD - 1
local function memoize(f)
local mt = { }
local t = setmetatable( { }, mt)
function mt:__index(k)
local v = f(k)
t[k] = v
return v
end
return t
end
local function make_bitop_uncached(t, m)
local function bitop(a, b)
local res, p = 0, 1
while a ~= 0 and b ~= 0 do
local am, bm = a % m, b % m
res = res + t[am][bm] * p
a =(a - am) / m
b =(b - bm) / m
p = p * m
end
res = res +(a + b) * p
return res
end
return bitop
end
local function make_bitop(t)
local op1 = make_bitop_uncached(t, 2 ^ 1)
local op2 = memoize( function(a) return memoize( function(b) return op1(a, b) end) end)
return make_bitop_uncached(op2, 2 ^(t.n or 1))
end
local bxor1 = make_bitop( { [0] = { [0] = 0, [1] = 1 }, [1] = { [0] = 1, [1] = 0 }, n = 4 })
local function bxor(a, b, c, ...)
local z = nil
if b then
a = a % MOD
b = b % MOD
z = bxor1(a, b)
if c then z = bxor(z, c, ...) end
return z
elseif a then
return a % MOD
else
return 0
end
end
local function band(a, b, c, ...)
local z
if b then
a = a % MOD
b = b % MOD
z =((a + b) - bxor1(a, b)) / 2
if c then z = bit32_band(z, c, ...) end
return z
elseif a then
return a % MOD
else
return MODM
end
end
local function bnot(x) return(-1 - x) % MOD end
local function rshift1(a, disp)
if disp < 0 then return lshift(a, - disp) end
return math.floor(a % 2 ^ 32 / 2 ^ disp)
end
local function rshift(x, disp)
if disp > 31 or disp < -31 then return 0 end
return rshift1(x % MOD, disp)
end
local function lshift(a, disp)
if disp < 0 then return rshift(a, - disp) end
return(a * 2 ^ disp) % 2 ^ 32
end
local function rrotate(x, disp)
x = x % MOD
disp = disp % 32
local low = band(x, 2 ^ disp - 1)
return rshift(x, disp) + lshift(low, 32 - disp)
end
local k = {
0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,
0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,
0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,
0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,
0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,
0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,
0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,
0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,
0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2,
}
local function str2hexa(s)
return(string.gsub(s, ".", function(c) return string.format("%02x", string.byte(c)) end))
end
local function num2s(l, n)
local s = ""
for i = 1, n do
local rem = l % 256
s = string.char(rem) .. s
l =(l - rem) / 256
end
return s
end
local function s232num(s, i)
local n = 0
for i = i, i + 3 do n = n * 256 + string.byte(s, i) end
return n
end
local function preproc(msg, len)
local extra = 64 -((len + 9) % 64)
len = num2s(8 * len, 8)
msg = msg .. "\128" .. string.rep("\0", extra) .. len
assert(#msg % 64 == 0)
return msg
end
local function initH256(H)
H[1] = 0x6a09e667
H[2] = 0xbb67ae85
H[3] = 0x3c6ef372
H[4] = 0xa54ff53a
H[5] = 0x510e527f
H[6] = 0x9b05688c
H[7] = 0x1f83d9ab
H[8] = 0x5be0cd19
return H
end
local function digestblock(msg, i, H)
local w = { }
for j = 1, 16 do w[j] = s232num(msg, i +(j - 1) * 4) end
for j = 17, 64 do
local v = w[j - 15]
local s0 = bxor(rrotate(v, 7), rrotate(v, 18), rshift(v, 3))
v = w[j - 2]
w[j] = w[j - 16] + s0 + w[j - 7] + bxor(rrotate(v, 17), rrotate(v, 19), rshift(v, 10))
end
local a, b, c, d, e, f, g, h = H[1], H[2], H[3], H[4], H[5], H[6], H[7], H[8]
for i = 1, 64 do
local s0 = bxor(rrotate(a, 2), rrotate(a, 13), rrotate(a, 22))
local maj = bxor(band(a, b), band(a, c), band(b, c))
local t2 = s0 + maj
local s1 = bxor(rrotate(e, 6), rrotate(e, 11), rrotate(e, 25))
local ch = bxor(band(e, f), band(bnot(e), g))
local t1 = h + s1 + ch + k[i] + w[i]
h, g, f, e, d, c, b, a = g, f, e, d + t1, c, b, a, t1 + t2
end
H[1] = band(H[1] + a)
H[2] = band(H[2] + b)
H[3] = band(H[3] + c)
H[4] = band(H[4] + d)
H[5] = band(H[5] + e)
H[6] = band(H[6] + f)
H[7] = band(H[7] + g)
H[8] = band(H[8] + h)
end
local function hex_to_binary(hex)
return hex:gsub('..', function(hexval)
return string.char(tonumber(hexval, 16))
end )
end
local blocksize = 64 -- 512 bits
local xor_with_0x5c = {
[string.char(0)] = string.char(92),
[string.char(1)] = string.char(93),
[string.char(2)] = string.char(94),
[string.char(3)] = string.char(95),
[string.char(4)] = string.char(88),
[string.char(5)] = string.char(89),
[string.char(6)] = string.char(90),
[string.char(7)] = string.char(91),
[string.char(8)] = string.char(84),
[string.char(9)] = string.char(85),
[string.char(10)] = string.char(86),
[string.char(11)] = string.char(87),
[string.char(12)] = string.char(80),
[string.char(13)] = string.char(81),
[string.char(14)] = string.char(82),
[string.char(15)] = string.char(83),
[string.char(16)] = string.char(76),
[string.char(17)] = string.char(77),
[string.char(18)] = string.char(78),
[string.char(19)] = string.char(79),
[string.char(20)] = string.char(72),
[string.char(21)] = string.char(73),
[string.char(22)] = string.char(74),
[string.char(23)] = string.char(75),
[string.char(24)] = string.char(68),
[string.char(25)] = string.char(69),
[string.char(26)] = string.char(70),
[string.char(27)] = string.char(71),
[string.char(28)] = string.char(64),
[string.char(29)] = string.char(65),
[string.char(30)] = string.char(66),
[string.char(31)] = string.char(67),
[string.char(32)] = string.char(124),
[string.char(33)] = string.char(125),
[string.char(34)] = string.char(126),
[string.char(35)] = string.char(127),
[string.char(36)] = string.char(120),
[string.char(37)] = string.char(121),
[string.char(38)] = string.char(122),
[string.char(39)] = string.char(123),
[string.char(40)] = string.char(116),
[string.char(41)] = string.char(117),
[string.char(42)] = string.char(118),
[string.char(43)] = string.char(119),
[string.char(44)] = string.char(112),
[string.char(45)] = string.char(113),
[string.char(46)] = string.char(114),
[string.char(47)] = string.char(115),
[string.char(48)] = string.char(108),
[string.char(49)] = string.char(109),
[string.char(50)] = string.char(110),
[string.char(51)] = string.char(111),
[string.char(52)] = string.char(104),
[string.char(53)] = string.char(105),
[string.char(54)] = string.char(106),
[string.char(55)] = string.char(107),
[string.char(56)] = string.char(100),
[string.char(57)] = string.char(101),
[string.char(58)] = string.char(102),
[string.char(59)] = string.char(103),
[string.char(60)] = string.char(96),
[string.char(61)] = string.char(97),
[string.char(62)] = string.char(98),
[string.char(63)] = string.char(99),
[string.char(64)] = string.char(28),
[string.char(65)] = string.char(29),
[string.char(66)] = string.char(30),
[string.char(67)] = string.char(31),
[string.char(68)] = string.char(24),
[string.char(69)] = string.char(25),
[string.char(70)] = string.char(26),
[string.char(71)] = string.char(27),
[string.char(72)] = string.char(20),
[string.char(73)] = string.char(21),
[string.char(74)] = string.char(22),
[string.char(75)] = string.char(23),
[string.char(76)] = string.char(16),
[string.char(77)] = string.char(17),
[string.char(78)] = string.char(18),
[string.char(79)] = string.char(19),
[string.char(80)] = string.char(12),
[string.char(81)] = string.char(13),
[string.char(82)] = string.char(14),
[string.char(83)] = string.char(15),
[string.char(84)] = string.char(8),
[string.char(85)] = string.char(9),
[string.char(86)] = string.char(10),
[string.char(87)] = string.char(11),
[string.char(88)] = string.char(4),
[string.char(89)] = string.char(5),
[string.char(90)] = string.char(6),
[string.char(91)] = string.char(7),
[string.char(92)] = string.char(0),
[string.char(93)] = string.char(1),
[string.char(94)] = string.char(2),
[string.char(95)] = string.char(3),
[string.char(96)] = string.char(60),
[string.char(97)] = string.char(61),
[string.char(98)] = string.char(62),
[string.char(99)] = string.char(63),
[string.char(100)] = string.char(56),
[string.char(101)] = string.char(57),
[string.char(102)] = string.char(58),
[string.char(103)] = string.char(59),
[string.char(104)] = string.char(52),
[string.char(105)] = string.char(53),
[string.char(106)] = string.char(54),
[string.char(107)] = string.char(55),
[string.char(108)] = string.char(48),
[string.char(109)] = string.char(49),
[string.char(110)] = string.char(50),
[string.char(111)] = string.char(51),
[string.char(112)] = string.char(44),
[string.char(113)] = string.char(45),
[string.char(114)] = string.char(46),
[string.char(115)] = string.char(47),
[string.char(116)] = string.char(40),
[string.char(117)] = string.char(41),
[string.char(118)] = string.char(42),
[string.char(119)] = string.char(43),
[string.char(120)] = string.char(36),
[string.char(121)] = string.char(37),
[string.char(122)] = string.char(38),
[string.char(123)] = string.char(39),
[string.char(124)] = string.char(32),
[string.char(125)] = string.char(33),
[string.char(126)] = string.char(34),
[string.char(127)] = string.char(35),
[string.char(128)] = string.char(220),
[string.char(129)] = string.char(221),
[string.char(130)] = string.char(222),
[string.char(131)] = string.char(223),
[string.char(132)] = string.char(216),
[string.char(133)] = string.char(217),
[string.char(134)] = string.char(218),
[string.char(135)] = string.char(219),
[string.char(136)] = string.char(212),
[string.char(137)] = string.char(213),
[string.char(138)] = string.char(214),
[string.char(139)] = string.char(215),
[string.char(140)] = string.char(208),
[string.char(141)] = string.char(209),
[string.char(142)] = string.char(210),
[string.char(143)] = string.char(211),
[string.char(144)] = string.char(204),
[string.char(145)] = string.char(205),
[string.char(146)] = string.char(206),
[string.char(147)] = string.char(207),
[string.char(148)] = string.char(200),
[string.char(149)] = string.char(201),
[string.char(150)] = string.char(202),
[string.char(151)] = string.char(203),
[string.char(152)] = string.char(196),
[string.char(153)] = string.char(197),
[string.char(154)] = string.char(198),
[string.char(155)] = string.char(199),
[string.char(156)] = string.char(192),
[string.char(157)] = string.char(193),
[string.char(158)] = string.char(194),
[string.char(159)] = string.char(195),
[string.char(160)] = string.char(252),
[string.char(161)] = string.char(253),
[string.char(162)] = string.char(254),
[string.char(163)] = string.char(255),
[string.char(164)] = string.char(248),
[string.char(165)] = string.char(249),
[string.char(166)] = string.char(250),
[string.char(167)] = string.char(251),
[string.char(168)] = string.char(244),
[string.char(169)] = string.char(245),
[string.char(170)] = string.char(246),
[string.char(171)] = string.char(247),
[string.char(172)] = string.char(240),
[string.char(173)] = string.char(241),
[string.char(174)] = string.char(242),
[string.char(175)] = string.char(243),
[string.char(176)] = string.char(236),
[string.char(177)] = string.char(237),
[string.char(178)] = string.char(238),
[string.char(179)] = string.char(239),
[string.char(180)] = string.char(232),
[string.char(181)] = string.char(233),
[string.char(182)] = string.char(234),
[string.char(183)] = string.char(235),
[string.char(184)] = string.char(228),
[string.char(185)] = string.char(229),
[string.char(186)] = string.char(230),
[string.char(187)] = string.char(231),
[string.char(188)] = string.char(224),
[string.char(189)] = string.char(225),
[string.char(190)] = string.char(226),
[string.char(191)] = string.char(227),
[string.char(192)] = string.char(156),
[string.char(193)] = string.char(157),
[string.char(194)] = string.char(158),
[string.char(195)] = string.char(159),
[string.char(196)] = string.char(152),
[string.char(197)] = string.char(153),
[string.char(198)] = string.char(154),
[string.char(199)] = string.char(155),
[string.char(200)] = string.char(148),
[string.char(201)] = string.char(149),
[string.char(202)] = string.char(150),
[string.char(203)] = string.char(151),
[string.char(204)] = string.char(144),
[string.char(205)] = string.char(145),
[string.char(206)] = string.char(146),
[string.char(207)] = string.char(147),
[string.char(208)] = string.char(140),
[string.char(209)] = string.char(141),
[string.char(210)] = string.char(142),
[string.char(211)] = string.char(143),
[string.char(212)] = string.char(136),
[string.char(213)] = string.char(137),
[string.char(214)] = string.char(138),
[string.char(215)] = string.char(139),
[string.char(216)] = string.char(132),
[string.char(217)] = string.char(133),
[string.char(218)] = string.char(134),
[string.char(219)] = string.char(135),
[string.char(220)] = string.char(128),
[string.char(221)] = string.char(129),
[string.char(222)] = string.char(130),
[string.char(223)] = string.char(131),
[string.char(224)] = string.char(188),
[string.char(225)] = string.char(189),
[string.char(226)] = string.char(190),
[string.char(227)] = string.char(191),
[string.char(228)] = string.char(184),
[string.char(229)] = string.char(185),
[string.char(230)] = string.char(186),
[string.char(231)] = string.char(187),
[string.char(232)] = string.char(180),
[string.char(233)] = string.char(181),
[string.char(234)] = string.char(182),
[string.char(235)] = string.char(183),
[string.char(236)] = string.char(176),
[string.char(237)] = string.char(177),
[string.char(238)] = string.char(178),
[string.char(239)] = string.char(179),
[string.char(240)] = string.char(172),
[string.char(241)] = string.char(173),
[string.char(242)] = string.char(174),
[string.char(243)] = string.char(175),
[string.char(244)] = string.char(168),
[string.char(245)] = string.char(169),
[string.char(246)] = string.char(170),
[string.char(247)] = string.char(171),
[string.char(248)] = string.char(164),
[string.char(249)] = string.char(165),
[string.char(250)] = string.char(166),
[string.char(251)] = string.char(167),
[string.char(252)] = string.char(160),
[string.char(253)] = string.char(161),
[string.char(254)] = string.char(162),
[string.char(255)] = string.char(163),
}
local xor_with_0x36 = {
[string.char(0)] = string.char(54),
[string.char(1)] = string.char(55),
[string.char(2)] = string.char(52),
[string.char(3)] = string.char(53),
[string.char(4)] = string.char(50),
[string.char(5)] = string.char(51),
[string.char(6)] = string.char(48),
[string.char(7)] = string.char(49),
[string.char(8)] = string.char(62),
[string.char(9)] = string.char(63),
[string.char(10)] = string.char(60),
[string.char(11)] = string.char(61),
[string.char(12)] = string.char(58),
[string.char(13)] = string.char(59),
[string.char(14)] = string.char(56),
[string.char(15)] = string.char(57),
[string.char(16)] = string.char(38),
[string.char(17)] = string.char(39),
[string.char(18)] = string.char(36),
[string.char(19)] = string.char(37),
[string.char(20)] = string.char(34),
[string.char(21)] = string.char(35),
[string.char(22)] = string.char(32),
[string.char(23)] = string.char(33),
[string.char(24)] = string.char(46),
[string.char(25)] = string.char(47),
[string.char(26)] = string.char(44),
[string.char(27)] = string.char(45),
[string.char(28)] = string.char(42),
[string.char(29)] = string.char(43),
[string.char(30)] = string.char(40),
[string.char(31)] = string.char(41),
[string.char(32)] = string.char(22),
[string.char(33)] = string.char(23),
[string.char(34)] = string.char(20),
[string.char(35)] = string.char(21),
[string.char(36)] = string.char(18),
[string.char(37)] = string.char(19),
[string.char(38)] = string.char(16),
[string.char(39)] = string.char(17),
[string.char(40)] = string.char(30),
[string.char(41)] = string.char(31),
[string.char(42)] = string.char(28),
[string.char(43)] = string.char(29),
[string.char(44)] = string.char(26),
[string.char(45)] = string.char(27),
[string.char(46)] = string.char(24),
[string.char(47)] = string.char(25),
[string.char(48)] = string.char(6),
[string.char(49)] = string.char(7),
[string.char(50)] = string.char(4),
[string.char(51)] = string.char(5),
[string.char(52)] = string.char(2),
[string.char(53)] = string.char(3),
[string.char(54)] = string.char(0),
[string.char(55)] = string.char(1),
[string.char(56)] = string.char(14),
[string.char(57)] = string.char(15),
[string.char(58)] = string.char(12),
[string.char(59)] = string.char(13),
[string.char(60)] = string.char(10),
[string.char(61)] = string.char(11),
[string.char(62)] = string.char(8),
[string.char(63)] = string.char(9),
[string.char(64)] = string.char(118),
[string.char(65)] = string.char(119),
[string.char(66)] = string.char(116),
[string.char(67)] = string.char(117),
[string.char(68)] = string.char(114),
[string.char(69)] = string.char(115),
[string.char(70)] = string.char(112),
[string.char(71)] = string.char(113),
[string.char(72)] = string.char(126),
[string.char(73)] = string.char(127),
[string.char(74)] = string.char(124),
[string.char(75)] = string.char(125),
[string.char(76)] = string.char(122),
[string.char(77)] = string.char(123),
[string.char(78)] = string.char(120),
[string.char(79)] = string.char(121),
[string.char(80)] = string.char(102),
[string.char(81)] = string.char(103),
[string.char(82)] = string.char(100),
[string.char(83)] = string.char(101),
[string.char(84)] = string.char(98),
[string.char(85)] = string.char(99),
[string.char(86)] = string.char(96),
[string.char(87)] = string.char(97),
[string.char(88)] = string.char(110),
[string.char(89)] = string.char(111),
[string.char(90)] = string.char(108),
[string.char(91)] = string.char(109),
[string.char(92)] = string.char(106),
[string.char(93)] = string.char(107),
[string.char(94)] = string.char(104),
[string.char(95)] = string.char(105),
[string.char(96)] = string.char(86),
[string.char(97)] = string.char(87),
[string.char(98)] = string.char(84),
[string.char(99)] = string.char(85),
[string.char(100)] = string.char(82),
[string.char(101)] = string.char(83),
[string.char(102)] = string.char(80),
[string.char(103)] = string.char(81),
[string.char(104)] = string.char(94),
[string.char(105)] = string.char(95),
[string.char(106)] = string.char(92),
[string.char(107)] = string.char(93),
[string.char(108)] = string.char(90),
[string.char(109)] = string.char(91),
[string.char(110)] = string.char(88),
[string.char(111)] = string.char(89),
[string.char(112)] = string.char(70),
[string.char(113)] = string.char(71),
[string.char(114)] = string.char(68),
[string.char(115)] = string.char(69),
[string.char(116)] = string.char(66),
[string.char(117)] = string.char(67),
[string.char(118)] = string.char(64),
[string.char(119)] = string.char(65),
[string.char(120)] = string.char(78),
[string.char(121)] = string.char(79),
[string.char(122)] = string.char(76),
[string.char(123)] = string.char(77),
[string.char(124)] = string.char(74),
[string.char(125)] = string.char(75),
[string.char(126)] = string.char(72),
[string.char(127)] = string.char(73),
[string.char(128)] = string.char(182),
[string.char(129)] = string.char(183),
[string.char(130)] = string.char(180),
[string.char(131)] = string.char(181),
[string.char(132)] = string.char(178),
[string.char(133)] = string.char(179),
[string.char(134)] = string.char(176),
[string.char(135)] = string.char(177),
[string.char(136)] = string.char(190),
[string.char(137)] = string.char(191),
[string.char(138)] = string.char(188),
[string.char(139)] = string.char(189),
[string.char(140)] = string.char(186),
[string.char(141)] = string.char(187),
[string.char(142)] = string.char(184),
[string.char(143)] = string.char(185),
[string.char(144)] = string.char(166),
[string.char(145)] = string.char(167),
[string.char(146)] = string.char(164),
[string.char(147)] = string.char(165),
[string.char(148)] = string.char(162),
[string.char(149)] = string.char(163),
[string.char(150)] = string.char(160),
[string.char(151)] = string.char(161),
[string.char(152)] = string.char(174),
[string.char(153)] = string.char(175),
[string.char(154)] = string.char(172),
[string.char(155)] = string.char(173),
[string.char(156)] = string.char(170),
[string.char(157)] = string.char(171),
[string.char(158)] = string.char(168),
[string.char(159)] = string.char(169),
[string.char(160)] = string.char(150),
[string.char(161)] = string.char(151),
[string.char(162)] = string.char(148),
[string.char(163)] = string.char(149),
[string.char(164)] = string.char(146),
[string.char(165)] = string.char(147),
[string.char(166)] = string.char(144),
[string.char(167)] = string.char(145),
[string.char(168)] = string.char(158),
[string.char(169)] = string.char(159),
[string.char(170)] = string.char(156),
[string.char(171)] = string.char(157),
[string.char(172)] = string.char(154),
[string.char(173)] = string.char(155),
[string.char(174)] = string.char(152),
[string.char(175)] = string.char(153),
[string.char(176)] = string.char(134),
[string.char(177)] = string.char(135),
[string.char(178)] = string.char(132),
[string.char(179)] = string.char(133),
[string.char(180)] = string.char(130),
[string.char(181)] = string.char(131),
[string.char(182)] = string.char(128),
[string.char(183)] = string.char(129),
[string.char(184)] = string.char(142),
[string.char(185)] = string.char(143),
[string.char(186)] = string.char(140),
[string.char(187)] = string.char(141),
[string.char(188)] = string.char(138),
[string.char(189)] = string.char(139),
[string.char(190)] = string.char(136),
[string.char(191)] = string.char(137),
[string.char(192)] = string.char(246),
[string.char(193)] = string.char(247),
[string.char(194)] = string.char(244),
[string.char(195)] = string.char(245),
[string.char(196)] = string.char(242),
[string.char(197)] = string.char(243),
[string.char(198)] = string.char(240),
[string.char(199)] = string.char(241),
[string.char(200)] = string.char(254),
[string.char(201)] = string.char(255),
[string.char(202)] = string.char(252),
[string.char(203)] = string.char(253),
[string.char(204)] = string.char(250),
[string.char(205)] = string.char(251),
[string.char(206)] = string.char(248),
[string.char(207)] = string.char(249),
[string.char(208)] = string.char(230),
[string.char(209)] = string.char(231),
[string.char(210)] = string.char(228),
[string.char(211)] = string.char(229),
[string.char(212)] = string.char(226),
[string.char(213)] = string.char(227),
[string.char(214)] = string.char(224),
[string.char(215)] = string.char(225),
[string.char(216)] = string.char(238),
[string.char(217)] = string.char(239),
[string.char(218)] = string.char(236),
[string.char(219)] = string.char(237),
[string.char(220)] = string.char(234),
[string.char(221)] = string.char(235),
[string.char(222)] = string.char(232),
[string.char(223)] = string.char(233),
[string.char(224)] = string.char(214),
[string.char(225)] = string.char(215),
[string.char(226)] = string.char(212),
[string.char(227)] = string.char(213),
[string.char(228)] = string.char(210),
[string.char(229)] = string.char(211),
[string.char(230)] = string.char(208),
[string.char(231)] = string.char(209),
[string.char(232)] = string.char(222),
[string.char(233)] = string.char(223),
[string.char(234)] = string.char(220),
[string.char(235)] = string.char(221),
[string.char(236)] = string.char(218),
[string.char(237)] = string.char(219),
[string.char(238)] = string.char(216),
[string.char(239)] = string.char(217),
[string.char(240)] = string.char(198),
[string.char(241)] = string.char(199),
[string.char(242)] = string.char(196),
[string.char(243)] = string.char(197),
[string.char(244)] = string.char(194),
[string.char(245)] = string.char(195),
[string.char(246)] = string.char(192),
[string.char(247)] = string.char(193),
[string.char(248)] = string.char(206),
[string.char(249)] = string.char(207),
[string.char(250)] = string.char(204),
[string.char(251)] = string.char(205),
[string.char(252)] = string.char(202),
[string.char(253)] = string.char(203),
[string.char(254)] = string.char(200),
[string.char(255)] = string.char(201),
}
-------------------------------------------------------------------------
function sha256.sha256(msg)
msg = preproc(msg, #msg)
local H = initH256( { })
for i = 1, #msg, 64 do digestblock(msg, i, H) end
return str2hexa(num2s(H[1], 4) .. num2s(H[2], 4) .. num2s(H[3], 4) .. num2s(H[4], 4) ..
num2s(H[5], 4) .. num2s(H[6], 4) .. num2s(H[7], 4) .. num2s(H[8], 4))
end
function sha256.sha256_binary(msg)
return hex_to_binary(sha256.sha256(msg))
end
function sha256.hmac_sha256(key, text)
assert(type(key) == 'string', "key passed to hmac_sha256 should be a string")
assert(type(text) == 'string', "text passed to hmac_sha256 should be a string")
if #key > blocksize then
key = sha256.sha256_binary(key)
end
local key_xord_with_0x36 = key:gsub('.', xor_with_0x36) .. string.rep(string.char(0x36), blocksize - #key)
local key_xord_with_0x5c = key:gsub('.', xor_with_0x5c) .. string.rep(string.char(0x5c), blocksize - #key)
return sha256.sha256(key_xord_with_0x5c .. sha256.sha256_binary(key_xord_with_0x36 .. text))
end
return sha256
sign.lua
+11 -26
View File
@@ -1,32 +1,23 @@
local sign = {}
local sha256 = require("sha256")
local hmac = require("hmac")
local sha2 = require("sha2")
function sign.sign(key, secret, time, host, path, headers, contentSha256, region)
function sign.sign(key, secret, time, path, headers, region)
local day = os.date("%Y%m%d", time)
local date = os.date("%a, %d %b %Y %H:%M:%S GMT", time)
local timestamp = os.date("%Y%m%dT%H%M%SZ", time)
local dateKey = sha256.hmac_sha256("AWS4" .. secret, day)
local dateRegionKey = sha256.hmac_sha256(dateKey, region)
local dateRegionSvcKey = sha256.hmac_sha256(dateRegionKey, 's3')
local signingKey = sha256.hmac_sha256(dateRegionSvcKey, 'aws4_request')
print("DateKey: " .. dateKey)
print("DateRegionKey: " .. dateRegionKey)
print("DateRegionSvcKey: " .. dateRegionSvcKey)
print("SigningKey: " .. signingKey)
headers["x-amz-content-sha256"] = contentSha256
headers["date"] = date
headers["host"] = host
local dateKey = hmac.hmac("AWS4" .. secret, day, 'buffer')
local dateRegionKey = hmac.hmac(dateKey, region, 'buffer')
local dateRegionSvcKey = hmac.hmac(dateRegionKey, 's3', 'buffer')
local signingKey = hmac.hmac(dateRegionSvcKey, 'aws4_request', 'buffer')
local keys = {}
for k in pairs(headers) do
for k, v in pairs(headers) do
table.insert(keys, k)
end
table.sort(keys)
local signedHeaders = ""
local request = "PUT\n" .. path .. "\n"
for _, k in ipairs(keys) do
request = request .. "\n" .. k .. ":" .. headers[k]
@@ -34,15 +25,9 @@ function sign.sign(key, secret, time, host, path, headers, contentSha256, region
end
signedHeaders = string.sub(signedHeaders, 2)
request = request .. "\n\n" .. signedHeaders .. "\n" .. contentSha256
print("Request:\n" .. request)
print("-------")
local stringToSign = "AWS4-HMAC-SHA256\n" .. timestamp .. "\n" .. day .. "/" .. region .. "/s3/aws4_request\n" .. sha256.sha256(request)
print("String to sign:\n" .. stringToSign)
print("-------")
local signature = sha256.hmac_sha256(signingKey, stringToSign)
print("Signature:\n" .. signature)
print("-------")
request = request .. "\n\n" .. signedHeaders .. "\n" .. (headers["x-amz-content-sha256"])
local stringToSign = "AWS4-HMAC-SHA256\n" .. timestamp .. "\n" .. day .. "/" .. region .. "/s3/aws4_request\n" .. sha2.hash256(request)
local signature = hmac.hmac(signingKey, stringToSign, 'hex')
local result = "AWS4-HMAC-SHA256 Credential=" .. key .. "/" .. day .. "/" .. region .. "/s3/aws4_request,SignedHeaders=" .. signedHeaders
result = result .. ",Signature=" .. signature
start.sh
+2
View File
@@ -12,6 +12,8 @@ fi
set -euo pipefail
: ${S3_BUCKET_NAME:?"S3_BUCKET_NAME must be set"}
: ${AWS_REGION:?"AWS_REGION must be set"}
: ${RETURN_URL:?"RETURN_URL must be set"}
: ${AWS_ACCESS_KEY_ID:?"AWS_ACCESS_KEY_ID must be set or be possible to fetch from meta-data service on AWS"}
: ${AWS_SECRET_ACCESS_KEY:?"AWS_ACCESS_KEY_ID must be set or be possible to fetch from meta-data service on AWS"}
test.lua
+19 -21
View File
@@ -1,35 +1,33 @@
lu = require('luaunit')
local sign = require("sign")
local sha256 = require("sha256")
local sha2 = require("sha2")
--local key = os.getenv("AWS_ACCESS_KEY_ID")
--local secret = os.getenv("AWS_SECRET_ACCESS_KEY")
-- local headers = {["x-amz-acl"] = acl, ["x-amz-date"] = date, ["x-amz-content-sha256"] = "UNSIGNED-PAYLOAD"}
function TestPut()
function TestPutAWSExample()
local key = "AKIAIOSFODNN7EXAMPLE"
local secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
local time = os.time({year = 2013, month = 5, day = 24, hour = 0})
local headers = {["x-amz-storage-class"] = "REDUCED_REDUNDANCY", ["x-amz-date"] = "20130524T000000Z" }
local contentSha256 = sha256.sha256("Welcome to Amazon S3.")
local signature = sign.sign(key, secret, time, "examplebucket.s3.amazonaws.com", "/test%24file.text", headers, contentSha256, "us-east-1")
print(signature)
local date = os.date('%a, %d %b %Y %H:%M:%S GMT', time)
local path = "/test%24file.text"
local region = "us-east-1"
local contentSha256 = sha2.hash256("Welcome to Amazon S3.")
local headers = {["x-amz-storage-class"] = "REDUCED_REDUNDANCY", ["x-amz-date"] = "20130524T000000Z", ["x-amz-content-sha256"] = contentSha256, ["host"] = "examplebucket.s3.amazonaws.com", ["date"] = date }
local signature = sign.sign(key, secret, time,path, headers, region)
lu.assertEquals( type(signature), 'string' )
lu.assertEquals( signature, "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd" )
end
function TestPut2()
local key = "AKIAI2BOGUMMDPX2WKSQ"
local secret = "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"
local time = os.time({year = 2019, month = 6, day = 28, hour = 15, min = 56, sec = 16})
local headers = {["x-amz-acl"] = "public-read", ["x-amz-date"] = "20190628T135616Z" }
local contentSha256 = sha256.sha256("fluff2")
local signature = sign.sign(key, secret, time, "upload.unbound.se.s3-eu-west-1.amazonaws.com", "/20190628/d25f1855e0cab108cb898ca2bebbb35ed228c1134f9d89492f2c705d5b3c6c355767d37a823ccb31", headers, contentSha256, "eu-west-1")
print(signature)
function TestPut()
local key = "AKIAIOSFODNN7EXAMPLE"
local secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
local time = os.time({year = 2019, month = 6, day = 28, hour = 23, min = 50, sec = 58})
local date = os.date('%a, %d %b %Y %H:%M:%S GMT', time)
local path = "/20190628/d98e63986091dc0eb0fa24cff9fffaf17b90c464c2b1f05685bc91e7585267cb0d09c645e69ef2b7"
local region = "eu-west-1"
local contentSha256 = sha2.hash256("fluff2")
local headers = {["x-amz-acl"] = "public-read", ["x-amz-date"] = "20190628T235058Z", ["x-amz-content-sha256"] = contentSha256, ["host"] = "upload.unbound.se.s3-eu-west-1.amazonaws.com", ["date"] = date }
local signature = sign.sign(key, secret, time,path, headers, region)
lu.assertEquals( type(signature), 'string' )
lu.assertEquals( signature, "AWS4-HMAC-SHA256 Credential=AKIAI2BOGUMMDPX2WKSQ/20190628/eu-west-1/s3/aws4_request,SignedHeaders=date;host;x-amz-acl;x-amz-content-sha256;x-amz-date,Signature=38683969ed1a023aedbd0e14bf4beae48a6430c6e13c93f59257c5596578721d" )
lu.assertEquals( signature, "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20190628/eu-west-1/s3/aws4_request,SignedHeaders=date;host;x-amz-acl;x-amz-content-sha256;x-amz-date,Signature=6dd94b1ff7fd29251dbec629b813ea974323aa6509b6a3db94744aef386914af" )
end
-- class TestSign