Skip to content

Instantly share code, notes, and snippets.

@akesling
Last active Jul 1, 2020
Embed
What would you like to do?
#!/usr/bin/env bash
set -e
# Many thanks to https://czak.pl/2015/09/15/s3-rest-api-with-curl.html
_key_and_secret=($(echo $1 | tr ':' ' '))
_key="${_key_and_secret[0]}"
_secret="${_key_and_secret[1]}"
_bucket_name="$2"
_digital_ocean_host="nyc3.digitaloceanspaces.com"
_bucket_region='us-east-1'
_request_date_time=$(date -u "+%Y%m%dT%H%M%SZ")
_request_date=$(date -u "+%Y%m%d")
# Canonical request:
# <HTTPMethod>
# <CanonicalURI>
# <CanonicalQueryString>
# <CanonicalHeaders>
# <SignedHeaders>
# <HashedPayload>
_http_method="GET"
_canonical_uri="/${_bucket_name}"
_canonical_query_string=""
_hashed_payload=$(echo -n '' | openssl dgst -sha256 | cut -d = -f 2 | tr -d ' ')
_content_hash_header="x-amz-content-sha256:${_hashed_payload}"
_request_date_time_header="x-amz-date:${_request_date_time}"
_canonical_headers="host:${_digital_ocean_host}
${_content_hash_header}
${_request_date_time_header}"
_signed_headers="host;x-amz-content-sha256;x-amz-date"
_request="${_http_method}
${_canonical_uri}
${_canonical_query_string}
${_canonical_headers}
${_signed_headers}
${_hashed_payload}"
echo
echo "Request ==="
echo "${_request}"
echo "==========="
echo
# HMAC Signature input format:
# AWS4-HMAC-SHA256
# <Timestamp>
# <Scope>
# <CanonicalRequestHash>
_request_signing_algorithm="AWS4-HMAC-SHA256"
_request_scope="${_request_date}/${_bucket_region}/s3/aws4_request"
_hmac="${_request_signing_algorithm}
${_request_date_time}
${_request_scope}
$(echo -n "${_request}" | openssl dgst -sha256 | cut -d = -f 2 | tr -d ' ')"
echo
echo "HMAC Data ="
echo "${_hmac}"
echo "==========="
echo
function hmac_sha256 {
_hmac_key="$1"
_hmac_data="$2"
echo -n $(echo -n "${_hmac_data}" | openssl dgst -sha256 -mac "HMAC" -macopt "${_hmac_key}" | cut -d = -f 2 | tr -d ' ')
}
# AWS Signing Key Calculation
_date_key=$(hmac_sha256 "key:AWS4${_secret}" "${_request_date}")
_date_region_key=$(hmac_sha256 "hexkey:${_date_key}" "${_bucket_region}")
_date_region_service_key=$(hmac_sha256 "hexkey:${_date_region_key}" 's3')
_signing_key=$(hmac_sha256 "hexkey:${_date_region_service_key}" 'aws4_request')
echo
echo "Signing chain ==="
echo "${_date_key} Date '${_request_date}'
${_date_region_key} Region '${_bucket_region}'
${_date_region_service_key} Service 's3'
${_signing_key} Signing Key 'aws4_request'"
echo "================="
echo
_request_signature=$(hmac_sha256 "hexkey:${_signing_key}" "${_hmac}")
echo
echo "Signature ="
echo "${_request_signature}"
echo "==========="
echo
_auth_header="Authorization: "${_request_signing_algorithm}" Credential=${_key}/${_request_scope}, SignedHeaders=${_signed_headers}, Signature=${_request_signature}"
curl -v "https://${_digital_ocean_host}${_canonical_uri}?${_canonical_query_string}" -H "${_auth_header}" -H "${_content_hash_header}" -H "${_request_date_time_header}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment