declare local var.awsAccessKey STRING;
declare local var.awsSecretKey STRING;
declare local var.awsS3Bucket STRING;
declare local var.awsRegion STRING;
declare local var.canonicalHeaders STRING;
declare local var.signedHeaders STRING;
declare local var.canonicalRequest STRING;
declare local var.canonicalQuery STRING;
declare local var.stringToSign STRING;
declare local var.dateStamp STRING;
declare local var.signature STRING;
declare local var.scope STRING;
set var.awsAccessKey = "AKIAIYV3R5KWHXJKD4QQ";
set var.awsSecretKey = "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";
set var.awsS3Bucket = "demo-s3-fiddle-origin";
set var.awsRegion = "us-east-2";
if (req.method == "GET" && !req.backend.is_shield) {
set = digest.hash_sha256("");
set = strftime({"%Y%m%dT%H%M%SZ"}, now);
set = var.awsS3Bucket + ".s3." + var.awsRegion + ".amazonaws.com";
set bereq.url = querystring.remove(bereq.url);
set bereq.url = regsuball(urlencode(urldecode(bereq.url.path)), {"%2F"}, "/");
set var.dateStamp = strftime({"%Y%m%d"}, now);
set var.canonicalHeaders = "" +
"host:" + + LF +
"x-amz-content-sha256:" + + LF +
"x-amz-date:" + + LF
;
set var.canonicalQuery = "";
set var.signedHeaders = "host;x-amz-content-sha256;x-amz-date";
set var.canonicalRequest = "" +
"GET" + LF +
bereq.url.path + LF +
var.canonicalQuery + LF +
var.canonicalHeaders + LF +
var.signedHeaders + LF +
digest.hash_sha256("")
;
set var.scope = var.dateStamp + "/" + var.awsRegion + "/s3/aws4_request";
set var.stringToSign = "" +
"AWS4-HMAC-SHA256" + LF +
+ LF +
var.scope + LF +
regsub(digest.hash_sha256(var.canonicalRequest),"^0x", "")
;
set var.signature = digest.awsv4_hmac(
var.awsSecretKey,
var.dateStamp,
var.awsRegion,
"s3",
var.stringToSign
);
set = "AWS4-HMAC-SHA256 " +
"Credential=" + var.awsAccessKey + "/" + var.scope + ", "
"SignedHeaders=" + var.signedHeaders + ", " +
"Signature=" + regsub(var.signature,"^0x", "")
;
unset ;
unset ;
unset ;
unset ;
}