-
Notifications
You must be signed in to change notification settings - Fork 3
/
utils.go
149 lines (123 loc) · 3.22 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
package base
import (
"crypto/md5"
"encoding/base64"
"encoding/hex"
"encoding/json"
"fmt"
"math/rand"
"net/http"
"net/url"
"strings"
"time"
"github.com/google/uuid"
)
var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
func init() {
rand.Seed(time.Now().Unix())
}
func createTempAKSK() (accessKeyId string, plainSk string, err error) {
if accessKeyId, err = generateAccessKeyId("AKTP"); err != nil {
return
}
plainSk, err = generateSecretKey()
if err != nil {
return
}
return
}
func generateAccessKeyId(prefix string) (string, error) {
uuid := uuid.New()
uidBase64 := base64.StdEncoding.EncodeToString([]byte(strings.Replace(uuid.String(), "-", "", -1)))
s := strings.Replace(uidBase64, "=", "", -1)
s = strings.Replace(s, "/", "", -1)
s = strings.Replace(s, "+", "", -1)
s = strings.Replace(s, "-", "", -1)
return prefix + s, nil
}
func randStringRunes(n int) string {
b := make([]rune, n)
for i := range b {
b[i] = letterRunes[rand.Intn(len(letterRunes))]
}
return string(b)
}
func generateSecretKey() (string, error) {
randString32 := randStringRunes(32)
return aesEncryptCBCWithBase64([]byte(randString32), []byte("bytedance-isgood"))
}
func createInnerToken(credentials Credentials, sts *SecurityToken2, inlinePolicy *Policy, t int64) (*InnerToken, error) {
var err error
innerToken := new(InnerToken)
innerToken.LTAccessKeyId = credentials.AccessKeyID
innerToken.AccessKeyId = sts.AccessKeyID
innerToken.ExpiredTime = t
key := md5.Sum([]byte(credentials.SecretAccessKey))
innerToken.SignedSecretAccessKey, err = aesEncryptCBCWithBase64([]byte(sts.SecretAccessKey), key[:])
if err != nil {
return nil, err
}
if inlinePolicy != nil {
b, _ := json.Marshal(inlinePolicy)
innerToken.PolicyString = string(b)
}
signStr := fmt.Sprintf("%s|%s|%d|%s|%s", innerToken.LTAccessKeyId, innerToken.AccessKeyId, innerToken.ExpiredTime, innerToken.SignedSecretAccessKey, innerToken.PolicyString)
innerToken.Signature = hex.EncodeToString(hmacSHA256(key[:], signStr))
return innerToken, nil
}
func getTimeout(serviceTimeout, apiTimeout time.Duration) time.Duration {
timeout := time.Second
if serviceTimeout != time.Duration(0) {
timeout = serviceTimeout
}
if apiTimeout != time.Duration(0) {
timeout = apiTimeout
}
return timeout
}
func mergeQuery(query1, query2 url.Values) (query url.Values) {
query = url.Values{}
if query1 != nil {
for k, vv := range query1 {
for _, v := range vv {
query.Add(k, v)
}
}
}
if query2 != nil {
for k, vv := range query2 {
for _, v := range vv {
query.Add(k, v)
}
}
}
return
}
func mergeHeader(header1, header2 http.Header) (header http.Header) {
header = http.Header{}
if header1 != nil {
for k, v := range header1 {
header.Set(k, strings.Join(v, ";"))
}
}
if header2 != nil {
for k, v := range header2 {
header.Set(k, strings.Join(v, ";"))
}
}
return
}
func NewAllowStatement(actions, resources []string) *Statement {
sts := new(Statement)
sts.Effect = "Allow"
sts.Action = actions
sts.Resource = resources
return sts
}
func NewDenyStatement(actions, resources []string) *Statement {
sts := new(Statement)
sts.Effect = "Deny"
sts.Action = actions
sts.Resource = resources
return sts
}