akesling/list_bucket.sh Secret

## list_bucket.sh
#!/usr/bin/env bash
set -e

# Many thanks to https://czak.pl/2015/09/15/s3-rest-api-with-curl.html

_key_and_secret=($(echo $1 | tr ':' ' '))
_key="${_key_and_secret[0]}"
_secret="${_key_and_secret[1]}"

_bucket_name="$2"
_digital_ocean_host="nyc3.digitaloceanspaces.com"
_bucket_region='us-east-1'
_request_date_time=$(date -u "+%Y%m%dT%H%M%SZ")
_request_date=$(date -u "+%Y%m%d")

# Canonical request:
#     <HTTPMethod>
#     <CanonicalURI>
#     <CanonicalQueryString>
#     <CanonicalHeaders>
#     <SignedHeaders>
#     <HashedPayload>
_http_method="GET"
_canonical_uri="/${_bucket_name}"
_canonical_query_string=""
_hashed_payload=$(echo -n '' | openssl dgst -sha256 | cut -d = -f 2 | tr -d ' ')
_content_hash_header="x-amz-content-sha256:${_hashed_payload}"
_request_date_time_header="x-amz-date:${_request_date_time}"
_canonical_headers="host:${_digital_ocean_host}
${_content_hash_header}
${_request_date_time_header}"
_signed_headers="host;x-amz-content-sha256;x-amz-date"

_request="${_http_method}
${_canonical_uri}
${_canonical_query_string}
${_canonical_headers}

${_signed_headers}
${_hashed_payload}"

echo
echo "Request ==="
echo "${_request}"
echo "==========="
echo

# HMAC Signature input format:
#     AWS4-HMAC-SHA256
#     <Timestamp>
#     <Scope>
#     <CanonicalRequestHash>
_request_signing_algorithm="AWS4-HMAC-SHA256"
_request_scope="${_request_date}/${_bucket_region}/s3/aws4_request"
_hmac="${_request_signing_algorithm}
${_request_date_time}
${_request_scope}
$(echo -n "${_request}" | openssl dgst -sha256 | cut -d = -f 2 | tr -d ' ')"

echo
echo "HMAC Data ="
echo "${_hmac}"
echo "==========="
echo

function hmac_sha256 {
    _hmac_key="$1"
    _hmac_data="$2"
    echo -n $(echo -n "${_hmac_data}" | openssl dgst -sha256 -mac "HMAC" -macopt "${_hmac_key}" | cut -d = -f 2 | tr -d ' ')
}

# AWS Signing Key Calculation
_date_key=$(hmac_sha256 "key:AWS4${_secret}" "${_request_date}")
_date_region_key=$(hmac_sha256 "hexkey:${_date_key}" "${_bucket_region}")
_date_region_service_key=$(hmac_sha256 "hexkey:${_date_region_key}" 's3')
_signing_key=$(hmac_sha256 "hexkey:${_date_region_service_key}" 'aws4_request')

echo
echo "Signing chain ==="
echo "${_date_key} Date '${_request_date}'
${_date_region_key} Region '${_bucket_region}'
${_date_region_service_key} Service 's3'
${_signing_key} Signing Key 'aws4_request'"
echo "================="
echo

_request_signature=$(hmac_sha256 "hexkey:${_signing_key}" "${_hmac}")

echo
echo "Signature ="
echo "${_request_signature}"
echo "==========="
echo

_auth_header="Authorization: "${_request_signing_algorithm}" Credential=${_key}/${_request_scope}, SignedHeaders=${_signed_headers}, Signature=${_request_signature}"

curl -v "https://${_digital_ocean_host}${_canonical_uri}?${_canonical_query_string}" -H "${_auth_header}" -H "${_content_hash_header}" -H "${_request_date_time_header}"
	#!/usr/bin/env bash
	set -e

	# Many thanks to https://czak.pl/2015/09/15/s3-rest-api-with-curl.html

	_key_and_secret=($(echo $1 \| tr ':' ' '))
	_key="${_key_and_secret[0]}"
	_secret="${_key_and_secret[1]}"

	_bucket_name="$2"
	_digital_ocean_host="nyc3.digitaloceanspaces.com"
	_bucket_region='us-east-1'
	_request_date_time=$(date -u "+%Y%m%dT%H%M%SZ")
	_request_date=$(date -u "+%Y%m%d")

	# Canonical request:
	# <HTTPMethod>
	# <CanonicalURI>
	# <CanonicalQueryString>
	# <CanonicalHeaders>
	# <SignedHeaders>
	# <HashedPayload>
	_http_method="GET"
	_canonical_uri="/${_bucket_name}"
	_canonical_query_string=""
	_hashed_payload=$(echo -n '' \| openssl dgst -sha256 \| cut -d = -f 2 \| tr -d ' ')
	_content_hash_header="x-amz-content-sha256:${_hashed_payload}"
	_request_date_time_header="x-amz-date:${_request_date_time}"
	_canonical_headers="host:${_digital_ocean_host}
	${_content_hash_header}
	${_request_date_time_header}"
	_signed_headers="host;x-amz-content-sha256;x-amz-date"

	_request="${_http_method}
	${_canonical_uri}
	${_canonical_query_string}
	${_canonical_headers}

	${_signed_headers}
	${_hashed_payload}"

	echo
	echo "Request ==="
	echo "${_request}"
	echo "==========="
	echo

	# HMAC Signature input format:
	# AWS4-HMAC-SHA256
	# <Timestamp>
	# <Scope>
	# <CanonicalRequestHash>
	_request_signing_algorithm="AWS4-HMAC-SHA256"
	_request_scope="${_request_date}/${_bucket_region}/s3/aws4_request"
	_hmac="${_request_signing_algorithm}
	${_request_date_time}
	${_request_scope}
	$(echo -n "${_request}" \| openssl dgst -sha256 \| cut -d = -f 2 \| tr -d ' ')"

	echo
	echo "HMAC Data ="
	echo "${_hmac}"
	echo "==========="
	echo

	function hmac_sha256 {
	_hmac_key="$1"
	_hmac_data="$2"
	echo -n $(echo -n "${_hmac_data}" \| openssl dgst -sha256 -mac "HMAC" -macopt "${_hmac_key}" \| cut -d = -f 2 \| tr -d ' ')
	}

	# AWS Signing Key Calculation
	_date_key=$(hmac_sha256 "key:AWS4${_secret}" "${_request_date}")
	_date_region_key=$(hmac_sha256 "hexkey:${_date_key}" "${_bucket_region}")
	_date_region_service_key=$(hmac_sha256 "hexkey:${_date_region_key}" 's3')
	_signing_key=$(hmac_sha256 "hexkey:${_date_region_service_key}" 'aws4_request')

	echo
	echo "Signing chain ==="
	echo "${_date_key} Date '${_request_date}'
	${_date_region_key} Region '${_bucket_region}'
	${_date_region_service_key} Service 's3'
	${_signing_key} Signing Key 'aws4_request'"
	echo "================="
	echo

	_request_signature=$(hmac_sha256 "hexkey:${_signing_key}" "${_hmac}")

	echo
	echo "Signature ="
	echo "${_request_signature}"
	echo "==========="
	echo

	_auth_header="Authorization: "${_request_signing_algorithm}" Credential=${_key}/${_request_scope}, SignedHeaders=${_signed_headers}, Signature=${_request_signature}"

	curl -v "https://${_digital_ocean_host}${_canonical_uri}?${_canonical_query_string}" -H "${_auth_header}" -H "${_content_hash_header}" -H "${_request_date_time_header}"