Dobe hmac base64

[dobe]

hi agentzh

i've now implemented some directives:

set_hmac_sha1
set_encode_base64
set_decode_base64
set_encode_hex
set_decode_hex

now it is possible to create a full blown s3 authentication proxy with something like this (note the only thing i need lua for is the date, which could also come from downstream in some cases)::

location '/' {
    set $aws_signature '';
    set_by_lua $now "return ngx.cookie_time(ngx.time())";
    set $aws_secret_key 'secret';
    set $aws_access_key 'access';
    set $bucket 'name-of-bucket';
    set $string_to_sign "$request_method\n$http_content_md5\n$http_content_type\n\nx-amz-date:$now\n/$bucket$uri";

    set_hmac_sha1 $aws_signature $aws_secret_key $string_to_sign;
    set_encode_base64 $aws_signature $aws_signature;
    proxy_set_header x-amz-date $now;
    proxy_set_header Authorization "AWS $aws_access_key:$aws_signature";
    proxy_pass http://host-of-bucket;
}

it is now also possible to create a base64 encoded Content-MD5 header from a hex digest set_decode_hex -> set_encode_base64

cheers, bernd

[agentzh]

Done and done :)

Thanks for your contribution :)