Update Lego

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credential.go

@@ -0,0 +1,18 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package auth
+
+type Credential interface {
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/access_key_credential.go

@@ -0,0 +1,34 @@
+package credentials
+
+// Deprecated: Use AccessKeyCredential in this package instead.
+type BaseCredential struct {
+	AccessKeyId     string
+	AccessKeySecret string
+}
+
+type AccessKeyCredential struct {
+	AccessKeyId     string
+	AccessKeySecret string
+}
+
+// Deprecated: Use NewAccessKeyCredential in this package instead.
+func NewBaseCredential(accessKeyId, accessKeySecret string) *BaseCredential {
+	return &BaseCredential{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+	}
+}
+
+func (baseCred *BaseCredential) ToAccessKeyCredential() *AccessKeyCredential {
+	return &AccessKeyCredential{
+		AccessKeyId:     baseCred.AccessKeyId,
+		AccessKeySecret: baseCred.AccessKeySecret,
+	}
+}
+
+func NewAccessKeyCredential(accessKeyId, accessKeySecret string) *AccessKeyCredential {
+	return &AccessKeyCredential{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+	}
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/ecs_ram_role.go

@@ -0,0 +1,29 @@
+package credentials
+
+// Deprecated: Use EcsRamRoleCredential in this package instead.
+type StsRoleNameOnEcsCredential struct {
+	RoleName string
+}
+
+// Deprecated: Use NewEcsRamRoleCredential in this package instead.
+func NewStsRoleNameOnEcsCredential(roleName string) *StsRoleNameOnEcsCredential {
+	return &StsRoleNameOnEcsCredential{
+		RoleName: roleName,
+	}
+}
+
+func (oldCred *StsRoleNameOnEcsCredential) ToEcsRamRoleCredential() *EcsRamRoleCredential {
+	return &EcsRamRoleCredential{
+		RoleName: oldCred.RoleName,
+	}
+}
+
+type EcsRamRoleCredential struct {
+	RoleName string
+}
+
+func NewEcsRamRoleCredential(roleName string) *EcsRamRoleCredential {
+	return &EcsRamRoleCredential{
+		RoleName: roleName,
+	}
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/rsa_key_pair_credential.go

@@ -0,0 +1,15 @@
+package credentials
+
+type RsaKeyPairCredential struct {
+	PrivateKey        string
+	PublicKeyId       string
+	SessionExpiration int
+}
+
+func NewRsaKeyPairCredential(privateKey, publicKeyId string, sessionExpiration int) *RsaKeyPairCredential {
+	return &RsaKeyPairCredential{
+		PrivateKey:        privateKey,
+		PublicKeyId:       publicKeyId,
+		SessionExpiration: sessionExpiration,
+	}
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/sts_credential.go

@@ -0,0 +1,15 @@
+package credentials
+
+type StsTokenCredential struct {
+	AccessKeyId       string
+	AccessKeySecret   string
+	AccessKeyStsToken string
+}
+
+func NewStsTokenCredential(accessKeyId, accessKeySecret, accessKeyStsToken string) *StsTokenCredential {
+	return &StsTokenCredential{
+		AccessKeyId:       accessKeyId,
+		AccessKeySecret:   accessKeySecret,
+		AccessKeyStsToken: accessKeyStsToken,
+	}
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/sts_role_arn_credential.go

@@ -0,0 +1,49 @@
+package credentials
+
+// Deprecated: Use RamRoleArnCredential in this package instead.
+type StsRoleArnCredential struct {
+	AccessKeyId           string
+	AccessKeySecret       string
+	RoleArn               string
+	RoleSessionName       string
+	RoleSessionExpiration int
+}
+
+type RamRoleArnCredential struct {
+	AccessKeyId           string
+	AccessKeySecret       string
+	RoleArn               string
+	RoleSessionName       string
+	RoleSessionExpiration int
+}
+
+// Deprecated: Use RamRoleArnCredential in this package instead.
+func NewStsRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName string, roleSessionExpiration int) *StsRoleArnCredential {
+	return &StsRoleArnCredential{
+		AccessKeyId:           accessKeyId,
+		AccessKeySecret:       accessKeySecret,
+		RoleArn:               roleArn,
+		RoleSessionName:       roleSessionName,
+		RoleSessionExpiration: roleSessionExpiration,
+	}
+}
+
+func (oldCred *StsRoleArnCredential) ToRamRoleArnCredential() *RamRoleArnCredential {
+	return &RamRoleArnCredential{
+		AccessKeyId:           oldCred.AccessKeyId,
+		AccessKeySecret:       oldCred.AccessKeySecret,
+		RoleArn:               oldCred.RoleArn,
+		RoleSessionName:       oldCred.RoleSessionName,
+		RoleSessionExpiration: oldCred.RoleSessionExpiration,
+	}
+}
+
+func NewRamRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName string, roleSessionExpiration int) *RamRoleArnCredential {
+	return &RamRoleArnCredential{
+		AccessKeyId:           accessKeyId,
+		AccessKeySecret:       accessKeySecret,
+		RoleArn:               roleArn,
+		RoleSessionName:       roleSessionName,
+		RoleSessionExpiration: roleSessionExpiration,
+	}
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/roa_signature_composer.go

@@ -0,0 +1,121 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package auth
+
+import (
+	"bytes"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
+	"sort"
+	"strings"
+)
+
+func signRoaRequest(request requests.AcsRequest, signer Signer, regionId string) (err error) {
+	completeROASignParams(request, signer, regionId)
+	stringToSign := buildRoaStringToSign(request)
+	request.SetStringToSign(stringToSign)
+	signature := signer.Sign(stringToSign, "")
+	accessKeyId, err := signer.GetAccessKeyId()
+	if err != nil {
+		return nil
+	}
+
+	request.GetHeaders()["Authorization"] = "acs " + accessKeyId + ":" + signature
+
+	return
+}
+
+func completeROASignParams(request requests.AcsRequest, signer Signer, regionId string) {
+	headerParams := request.GetHeaders()
+
+	// complete query params
+	queryParams := request.GetQueryParams()
+	//if _, ok := queryParams["RegionId"]; !ok {
+	//	queryParams["RegionId"] = regionId
+	//}
+	if extraParam := signer.GetExtraParam(); extraParam != nil {
+		for key, value := range extraParam {
+			if key == "SecurityToken" {
+				headerParams["x-acs-security-token"] = value
+				continue
+			}
+
+			queryParams[key] = value
+		}
+	}
+
+	// complete header params
+	headerParams["Date"] = utils.GetTimeInFormatRFC2616()
+	headerParams["x-acs-signature-method"] = signer.GetName()
+	headerParams["x-acs-signature-version"] = signer.GetVersion()
+	if request.GetFormParams() != nil && len(request.GetFormParams()) > 0 {
+		formString := utils.GetUrlFormedMap(request.GetFormParams())
+		request.SetContent([]byte(formString))
+		headerParams["Content-Type"] = requests.Form
+	}
+	contentMD5 := utils.GetMD5Base64(request.GetContent())
+	headerParams["Content-MD5"] = contentMD5
+	if _, contains := headerParams["Content-Type"]; !contains {
+		headerParams["Content-Type"] = requests.Raw
+	}
+	switch format := request.GetAcceptFormat(); format {
+	case "JSON":
+		headerParams["Accept"] = requests.Json
+	case "XML":
+		headerParams["Accept"] = requests.Xml
+	default:
+		headerParams["Accept"] = requests.Raw
+	}
+}
+
+func buildRoaStringToSign(request requests.AcsRequest) (stringToSign string) {
+
+	headers := request.GetHeaders()
+
+	stringToSignBuilder := bytes.Buffer{}
+	stringToSignBuilder.WriteString(request.GetMethod())
+	stringToSignBuilder.WriteString(requests.HeaderSeparator)
+
+	// append header keys for sign
+	appendIfContain(headers, &stringToSignBuilder, "Accept", requests.HeaderSeparator)
+	appendIfContain(headers, &stringToSignBuilder, "Content-MD5", requests.HeaderSeparator)
+	appendIfContain(headers, &stringToSignBuilder, "Content-Type", requests.HeaderSeparator)
+	appendIfContain(headers, &stringToSignBuilder, "Date", requests.HeaderSeparator)
+
+	// sort and append headers witch starts with 'x-acs-'
+	var acsHeaders []string
+	for key := range headers {
+		if strings.HasPrefix(key, "x-acs-") {
+			acsHeaders = append(acsHeaders, key)
+		}
+	}
+	sort.Strings(acsHeaders)
+	for _, key := range acsHeaders {
+		stringToSignBuilder.WriteString(key + ":" + headers[key])
+		stringToSignBuilder.WriteString(requests.HeaderSeparator)
+	}
+
+	// append query params
+	stringToSignBuilder.WriteString(request.BuildQueries())
+	stringToSign = stringToSignBuilder.String()
+	return
+}
+
+func appendIfContain(sourceMap map[string]string, target *bytes.Buffer, key, separator string) {
+	if value, contain := sourceMap[key]; contain && len(value) > 0 {
+		target.WriteString(sourceMap[key])
+		target.WriteString(separator)
+	}
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/rpc_signature_composer.go

@@ -0,0 +1,96 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package auth
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
+	"net/url"
+	"sort"
+	"strings"
+)
+
+func signRpcRequest(request requests.AcsRequest, signer Signer, regionId string) (err error) {
+	err = completeRpcSignParams(request, signer, regionId)
+	if err != nil {
+		return
+	}
+	// remove while retry
+	if _, containsSign := request.GetQueryParams()["Signature"]; containsSign {
+		delete(request.GetQueryParams(), "Signature")
+	}
+	stringToSign := buildRpcStringToSign(request)
+	request.SetStringToSign(stringToSign)
+	signature := signer.Sign(stringToSign, "&")
+	request.GetQueryParams()["Signature"] = signature
+
+	return
+}
+
+func completeRpcSignParams(request requests.AcsRequest, signer Signer, regionId string) (err error) {
+	queryParams := request.GetQueryParams()
+	queryParams["Version"] = request.GetVersion()
+	queryParams["Action"] = request.GetActionName()
+	queryParams["Format"] = request.GetAcceptFormat()
+	queryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
+	queryParams["SignatureMethod"] = signer.GetName()
+	queryParams["SignatureType"] = signer.GetType()
+	queryParams["SignatureVersion"] = signer.GetVersion()
+	queryParams["SignatureNonce"] = utils.GetUUIDV4()
+	queryParams["AccessKeyId"], err = signer.GetAccessKeyId()
+
+	if err != nil {
+		return
+	}
+
+	if _, contains := queryParams["RegionId"]; !contains {
+		queryParams["RegionId"] = regionId
+	}
+	if extraParam := signer.GetExtraParam(); extraParam != nil {
+		for key, value := range extraParam {
+			queryParams[key] = value
+		}
+	}
+
+	request.GetHeaders()["Content-Type"] = requests.Form
+	formString := utils.GetUrlFormedMap(request.GetFormParams())
+	request.SetContent([]byte(formString))
+
+	return
+}
+
+func buildRpcStringToSign(request requests.AcsRequest) (stringToSign string) {
+	signParams := make(map[string]string)
+	for key, value := range request.GetQueryParams() {
+		signParams[key] = value
+	}
+	for key, value := range request.GetFormParams() {
+		signParams[key] = value
+	}
+
+	// sort params by key
+	var paramKeySlice []string
+	for key := range signParams {
+		paramKeySlice = append(paramKeySlice, key)
+	}
+	sort.Strings(paramKeySlice)
+	stringToSign = utils.GetUrlFormedMap(signParams)
+	stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
+	stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
+	stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
+	stringToSign = url.QueryEscape(stringToSign)
+	stringToSign = request.GetMethod() + "&%2F&" + stringToSign
+	return
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signer.go

@@ -0,0 +1,95 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package auth
+
+import (
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"reflect"
+)
+
+type Signer interface {
+	GetName() string
+	GetType() string
+	GetVersion() string
+	GetAccessKeyId() (string, error)
+	GetExtraParam() map[string]string
+	Sign(stringToSign, secretSuffix string) string
+	Shutdown()
+}
+
+func NewSignerWithCredential(credential Credential, commonApi func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)) (signer Signer, err error) {
+	switch instance := credential.(type) {
+	case *credentials.AccessKeyCredential:
+		{
+			signer, err = signers.NewAccessKeySigner(instance)
+		}
+	case *credentials.StsTokenCredential:
+		{
+			signer, err = signers.NewStsTokenSigner(instance)
+		}
+
+	case *credentials.RamRoleArnCredential:
+		{
+			signer, err = signers.NewRamRoleArnSigner(instance, commonApi)
+		}
+	case *credentials.RsaKeyPairCredential:
+		{
+			signer, err = signers.NewSignerKeyPair(instance, commonApi)
+		}
+	case *credentials.EcsRamRoleCredential:
+		{
+			signer, err = signers.NewEcsRamRoleSigner(instance, commonApi)
+		}
+	case *credentials.BaseCredential: // deprecated user interface
+		{
+			signer, err = signers.NewAccessKeySigner(instance.ToAccessKeyCredential())
+		}
+	case *credentials.StsRoleArnCredential: // deprecated user interface
+		{
+			signer, err = signers.NewRamRoleArnSigner(instance.ToRamRoleArnCredential(), commonApi)
+		}
+	case *credentials.StsRoleNameOnEcsCredential: // deprecated user interface
+		{
+			signer, err = signers.NewEcsRamRoleSigner(instance.ToEcsRamRoleCredential(), commonApi)
+		}
+	default:
+		message := fmt.Sprintf(errors.UnsupportedCredentialErrorMessage, reflect.TypeOf(credential))
+		err = errors.NewClientError(errors.UnsupportedCredentialErrorCode, message, nil)
+	}
+	return
+}
+
+func Sign(request requests.AcsRequest, signer Signer, regionId string) (err error) {
+	switch request.GetStyle() {
+	case requests.ROA:
+		{
+			signRoaRequest(request, signer, regionId)
+		}
+	case requests.RPC:
+		{
+			err = signRpcRequest(request, signer, regionId)
+		}
+	default:
+		message := fmt.Sprintf(errors.UnknownRequestTypeErrorMessage, reflect.TypeOf(request))
+		err = errors.NewClientError(errors.UnknownRequestTypeErrorCode, message, nil)
+	}
+
+	return
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/algorithms.go

@@ -0,0 +1,63 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"crypto"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"
+	/*"encoding/pem"
+	"io/ioutil"
+	"os/user"
+	"crypto/sha256"*/)
+
+func ShaHmac1(source, secret string) string {
+	key := []byte(secret)
+	hmac := hmac.New(sha1.New, key)
+	hmac.Write([]byte(source))
+	signedBytes := hmac.Sum(nil)
+	signedString := base64.StdEncoding.EncodeToString(signedBytes)
+	return signedString
+}
+
+func Sha256WithRsa(source, secret string) string {
+	decodeString, err := base64.StdEncoding.DecodeString(secret)
+	if err != nil {
+		fmt.Println("DecodeString err", err)
+	}
+	private, err := x509.ParsePKCS8PrivateKey(decodeString)
+	if err != nil {
+		fmt.Println("ParsePKCS8PrivateKey err", err)
+	}
+
+	h := crypto.Hash.New(crypto.SHA256)
+	h.Write([]byte(source))
+	hashed := h.Sum(nil)
+	signature, err := rsa.SignPKCS1v15(rand.Reader, private.(*rsa.PrivateKey),
+		crypto.SHA256, hashed)
+	if err != nil {
+		fmt.Println("Error from signing:", err)
+		return ""
+	}
+
+	signedString := base64.StdEncoding.EncodeToString(signature)
+	//fmt.Printf("Encoded: %v\n", signedString)
+	return signedString
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/credential_updater.go

@@ -0,0 +1,53 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"time"
+)
+
+const defaultInAdvanceScale = 0.8
+
+type credentialUpdater struct {
+	credentialExpiration int
+	lastUpdateTimestamp  int64
+	inAdvanceScale       float64
+	buildRequestMethod   func() (*requests.CommonRequest, error)
+	responseCallBack     func(response *responses.CommonResponse) error
+	refreshApi           func(request *requests.CommonRequest) (response *responses.CommonResponse, err error)
+}
+
+func (updater *credentialUpdater) needUpdateCredential() (result bool) {
+	if updater.inAdvanceScale == 0 {
+		updater.inAdvanceScale = defaultInAdvanceScale
+	}
+	return time.Now().Unix()-updater.lastUpdateTimestamp >= int64(float64(updater.credentialExpiration)*updater.inAdvanceScale)
+}
+
+func (updater *credentialUpdater) updateCredential() (err error) {
+	request, err := updater.buildRequestMethod()
+	if err != nil {
+		return
+	}
+	response, err := updater.refreshApi(request)
+	if err != nil {
+		return
+	}
+	updater.lastUpdateTimestamp = time.Now().Unix()
+	err = updater.responseCallBack(response)
+	return
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/session_credential.go

@@ -0,0 +1,7 @@
+package signers
+
+type SessionCredential struct {
+	AccessKeyId     string
+	AccessKeySecret string
+	StsToken        string
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_access_key.go

@@ -0,0 +1,58 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+)
+
+type AccessKeySigner struct {
+	credential *credentials.AccessKeyCredential
+}
+
+func (signer *AccessKeySigner) GetExtraParam() map[string]string {
+	return nil
+}
+
+func NewAccessKeySigner(credential *credentials.AccessKeyCredential) (*AccessKeySigner, error) {
+	return &AccessKeySigner{
+		credential: credential,
+	}, nil
+}
+
+func (*AccessKeySigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*AccessKeySigner) GetType() string {
+	return ""
+}
+
+func (*AccessKeySigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *AccessKeySigner) GetAccessKeyId() (accessKeyId string, err error) {
+	return signer.credential.AccessKeyId, nil
+}
+
+func (signer *AccessKeySigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.credential.AccessKeySecret + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *AccessKeySigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_ecs_ram_role.go

@@ -0,0 +1,175 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/jmespath/go-jmespath"
+	"net/http"
+	"strings"
+	"time"
+)
+
+type EcsRamRoleSigner struct {
+	*credentialUpdater
+	sessionCredential *SessionCredential
+	credential        *credentials.EcsRamRoleCredential
+	commonApi         func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)
+}
+
+func NewEcsRamRoleSigner(credential *credentials.EcsRamRoleCredential, commonApi func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error)) (signer *EcsRamRoleSigner, err error) {
+	signer = &EcsRamRoleSigner{
+		credential: credential,
+		commonApi:  commonApi,
+	}
+
+	signer.credentialUpdater = &credentialUpdater{
+		credentialExpiration: defaultDurationSeconds / 60,
+		buildRequestMethod:   signer.buildCommonRequest,
+		responseCallBack:     signer.refreshCredential,
+		refreshApi:           signer.refreshApi,
+	}
+
+	return
+}
+
+func (*EcsRamRoleSigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*EcsRamRoleSigner) GetType() string {
+	return ""
+}
+
+func (*EcsRamRoleSigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *EcsRamRoleSigner) GetAccessKeyId() (accessKeyId string, err error) {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		err = signer.updateCredential()
+	}
+	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
+		return "", err
+	}
+	return signer.sessionCredential.AccessKeyId, nil
+}
+
+func (signer *EcsRamRoleSigner) GetExtraParam() map[string]string {
+	if signer.sessionCredential == nil {
+		return make(map[string]string)
+	}
+	if len(signer.sessionCredential.StsToken) <= 0 {
+		return make(map[string]string)
+	}
+	return map[string]string{"SecurityToken": signer.sessionCredential.StsToken}
+}
+
+func (signer *EcsRamRoleSigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.sessionCredential.AccessKeyId + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *EcsRamRoleSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {
+	request = requests.NewCommonRequest()
+	return
+}
+
+func (signer *EcsRamRoleSigner) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
+	requestUrl := "http://100.100.100.200/latest/meta-data/ram/security-credentials/" + signer.credential.RoleName
+	httpRequest, err := http.NewRequest(requests.GET, requestUrl, strings.NewReader(""))
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err", err)
+		return
+	}
+	httpClient := &http.Client{}
+	httpResponse, err := httpClient.Do(httpRequest)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err", err)
+		return
+	}
+
+	response = responses.NewCommonResponse()
+	err = responses.Unmarshal(response, httpResponse, "")
+
+	return
+}
+
+func (signer *EcsRamRoleSigner) refreshCredential(response *responses.CommonResponse) (err error) {
+	if response.GetHttpStatus() != http.StatusOK {
+		fmt.Println("refresh Ecs sts token err, httpStatus: " + string(response.GetHttpStatus()) + ", message = " + response.GetHttpContentString())
+		return
+	}
+	var data interface{}
+	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, json.Unmarshal fail", err)
+		return
+	}
+	code, err := jmespath.Search("Code", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get Code", err)
+		return
+	}
+	if code.(string) != "Success" {
+		fmt.Println("refresh Ecs sts token err, Code is not Success", err)
+		return
+	}
+	accessKeyId, err := jmespath.Search("AccessKeyId", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get AccessKeyId", err)
+		return
+	}
+	accessKeySecret, err := jmespath.Search("AccessKeySecret", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get AccessKeySecret", err)
+		return
+	}
+	securityToken, err := jmespath.Search("SecurityToken", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get SecurityToken", err)
+		return
+	}
+	expiration, err := jmespath.Search("Expiration", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get Expiration", err)
+		return
+	}
+	if accessKeyId == nil || accessKeySecret == nil || securityToken == nil {
+		return
+	}
+
+	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", expiration.(string))
+	signer.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
+	signer.sessionCredential = &SessionCredential{
+		AccessKeyId:     accessKeyId.(string),
+		AccessKeySecret: accessKeySecret.(string),
+		StsToken:        securityToken.(string),
+	}
+
+	return
+}
+
+func (signer *EcsRamRoleSigner) GetSessionCredential() *SessionCredential {
+	return signer.sessionCredential
+}
+
+func (signer *EcsRamRoleSigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_key_pair.go

@@ -0,0 +1,148 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/jmespath/go-jmespath"
+	"net/http"
+	"strconv"
+)
+
+type SignerKeyPair struct {
+	*credentialUpdater
+	sessionCredential *SessionCredential
+	credential        *credentials.RsaKeyPairCredential
+	commonApi         func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)
+}
+
+func NewSignerKeyPair(credential *credentials.RsaKeyPairCredential, commonApi func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error)) (signer *SignerKeyPair, err error) {
+	signer = &SignerKeyPair{
+		credential: credential,
+		commonApi:  commonApi,
+	}
+
+	signer.credentialUpdater = &credentialUpdater{
+		credentialExpiration: credential.SessionExpiration,
+		buildRequestMethod:   signer.buildCommonRequest,
+		responseCallBack:     signer.refreshCredential,
+		refreshApi:           signer.refreshApi,
+	}
+
+	if credential.SessionExpiration > 0 {
+		if credential.SessionExpiration >= 900 && credential.SessionExpiration <= 3600 {
+			signer.credentialExpiration = credential.SessionExpiration
+		} else {
+			err = errors.NewClientError(errors.InvalidParamErrorCode, "Key Pair session duration should be in the range of 15min - 1Hr", nil)
+		}
+	} else {
+		signer.credentialExpiration = defaultDurationSeconds
+	}
+	return
+}
+
+func (*SignerKeyPair) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*SignerKeyPair) GetType() string {
+	return ""
+}
+
+func (*SignerKeyPair) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *SignerKeyPair) GetAccessKeyId() (accessKeyId string, err error) {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		err = signer.updateCredential()
+	}
+	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
+		return "", err
+	}
+	return signer.sessionCredential.AccessKeyId, err
+}
+
+func (signer *SignerKeyPair) GetExtraParam() map[string]string {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		signer.updateCredential()
+	}
+	if signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0 {
+		return make(map[string]string)
+	}
+	return make(map[string]string)
+}
+
+func (signer *SignerKeyPair) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.sessionCredential.AccessKeyId + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *SignerKeyPair) buildCommonRequest() (request *requests.CommonRequest, err error) {
+	request = requests.NewCommonRequest()
+	request.Product = "Sts"
+	request.Version = "2015-04-01"
+	request.ApiName = "GenerateSessionAccessKey"
+	request.Scheme = requests.HTTPS
+	request.QueryParams["PublicKeyId"] = signer.credential.PublicKeyId
+	request.QueryParams["DurationSeconds"] = strconv.Itoa(signer.credentialExpiration)
+	return
+}
+
+func (signerKeyPair *SignerKeyPair) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
+	signerV2, err := NewSignerV2(signerKeyPair.credential)
+	return signerKeyPair.commonApi(request, signerV2)
+}
+
+func (signer *SignerKeyPair) refreshCredential(response *responses.CommonResponse) (err error) {
+	if response.GetHttpStatus() != http.StatusOK {
+		message := "refresh session AccessKey failed"
+		err = errors.NewServerError(response.GetHttpStatus(), response.GetHttpContentString(), message)
+		return
+	}
+	var data interface{}
+	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
+	if err != nil {
+		fmt.Println("refresh KeyPair err, json.Unmarshal fail", err)
+		return
+	}
+	accessKeyId, err := jmespath.Search("SessionAccessKey.SessionAccessKeyId", data)
+	if err != nil {
+		fmt.Println("refresh KeyPair err, fail to get SessionAccessKeyId", err)
+		return
+	}
+	accessKeySecret, err := jmespath.Search("SessionAccessKey.SessionAccessKeySecret", data)
+	if err != nil {
+		fmt.Println("refresh KeyPair err, fail to get SessionAccessKeySecret", err)
+		return
+	}
+	if accessKeyId == nil || accessKeySecret == nil {
+		return
+	}
+	signer.sessionCredential = &SessionCredential{
+		AccessKeyId:     accessKeyId.(string),
+		AccessKeySecret: accessKeySecret.(string),
+	}
+	return
+}
+
+func (signer *SignerKeyPair) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_ram_role_arn.go

@@ -0,0 +1,174 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/jmespath/go-jmespath"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+const (
+	defaultDurationSeconds = 3600
+)
+
+type RamRoleArnSigner struct {
+	*credentialUpdater
+	roleSessionName   string
+	sessionCredential *SessionCredential
+	credential        *credentials.RamRoleArnCredential
+	commonApi         func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)
+}
+
+func NewRamRoleArnSigner(credential *credentials.RamRoleArnCredential, commonApi func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)) (signer *RamRoleArnSigner, err error) {
+	signer = &RamRoleArnSigner{
+		credential: credential,
+		commonApi:  commonApi,
+	}
+
+	signer.credentialUpdater = &credentialUpdater{
+		credentialExpiration: credential.RoleSessionExpiration,
+		buildRequestMethod:   signer.buildCommonRequest,
+		responseCallBack:     signer.refreshCredential,
+		refreshApi:           signer.refreshApi,
+	}
+
+	if len(credential.RoleSessionName) > 0 {
+		signer.roleSessionName = credential.RoleSessionName
+	} else {
+		signer.roleSessionName = "aliyun-go-sdk-" + strconv.FormatInt(time.Now().UnixNano()/1000, 10)
+	}
+	if credential.RoleSessionExpiration > 0 {
+		if credential.RoleSessionExpiration >= 900 && credential.RoleSessionExpiration <= 3600 {
+			signer.credentialExpiration = credential.RoleSessionExpiration
+		} else {
+			err = errors.NewClientError(errors.InvalidParamErrorCode, "Assume Role session duration should be in the range of 15min - 1Hr", nil)
+		}
+	} else {
+		signer.credentialExpiration = defaultDurationSeconds
+	}
+	return
+}
+
+func (*RamRoleArnSigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*RamRoleArnSigner) GetType() string {
+	return ""
+}
+
+func (*RamRoleArnSigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *RamRoleArnSigner) GetAccessKeyId() (accessKeyId string, err error) {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		err = signer.updateCredential()
+	}
+	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
+		return "", err
+	}
+	return signer.sessionCredential.AccessKeyId, nil
+}
+
+func (signer *RamRoleArnSigner) GetExtraParam() map[string]string {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		signer.updateCredential()
+	}
+	if signer.sessionCredential == nil || len(signer.sessionCredential.StsToken) <= 0 {
+		return make(map[string]string)
+	}
+	return map[string]string{"SecurityToken": signer.sessionCredential.StsToken}
+}
+
+func (signer *RamRoleArnSigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.sessionCredential.AccessKeySecret + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *RamRoleArnSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {
+	request = requests.NewCommonRequest()
+	request.Product = "Sts"
+	request.Version = "2015-04-01"
+	request.ApiName = "AssumeRole"
+	request.Scheme = requests.HTTPS
+	request.QueryParams["RoleArn"] = signer.credential.RoleArn
+	request.QueryParams["RoleSessionName"] = signer.credential.RoleSessionName
+	request.QueryParams["DurationSeconds"] = strconv.Itoa(signer.credentialExpiration)
+	return
+}
+
+func (signer *RamRoleArnSigner) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
+	credential := &credentials.AccessKeyCredential{
+		AccessKeyId:     signer.credential.AccessKeyId,
+		AccessKeySecret: signer.credential.AccessKeySecret,
+	}
+	signerV1, err := NewAccessKeySigner(credential)
+	return signer.commonApi(request, signerV1)
+}
+
+func (signer *RamRoleArnSigner) refreshCredential(response *responses.CommonResponse) (err error) {
+	if response.GetHttpStatus() != http.StatusOK {
+		message := "refresh session token failed"
+		err = errors.NewServerError(response.GetHttpStatus(), response.GetHttpContentString(), message)
+		return
+	}
+	var data interface{}
+	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, json.Unmarshal fail", err)
+		return
+	}
+	accessKeyId, err := jmespath.Search("Credentials.AccessKeyId", data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, fail to get AccessKeyId", err)
+		return
+	}
+	accessKeySecret, err := jmespath.Search("Credentials.AccessKeySecret", data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, fail to get AccessKeySecret", err)
+		return
+	}
+	securityToken, err := jmespath.Search("Credentials.SecurityToken", data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, fail to get SecurityToken", err)
+		return
+	}
+	if accessKeyId == nil || accessKeySecret == nil || securityToken == nil {
+		return
+	}
+	signer.sessionCredential = &SessionCredential{
+		AccessKeyId:     accessKeyId.(string),
+		AccessKeySecret: accessKeySecret.(string),
+		StsToken:        securityToken.(string),
+	}
+	return
+}
+
+func (signer *RamRoleArnSigner) GetSessionCredential() *SessionCredential {
+	return signer.sessionCredential
+}
+
+func (signer *RamRoleArnSigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_sts_token.go

@@ -0,0 +1,58 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+)
+
+type StsTokenSigner struct {
+	credential *credentials.StsTokenCredential
+}
+
+func NewStsTokenSigner(credential *credentials.StsTokenCredential) (*StsTokenSigner, error) {
+	return &StsTokenSigner{
+		credential: credential,
+	}, nil
+}
+
+func (*StsTokenSigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*StsTokenSigner) GetType() string {
+	return ""
+}
+
+func (*StsTokenSigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *StsTokenSigner) GetAccessKeyId() (accessKeyId string, err error) {
+	return signer.credential.AccessKeyId, nil
+}
+
+func (signer *StsTokenSigner) GetExtraParam() map[string]string {
+	return map[string]string{"SecurityToken": signer.credential.AccessKeyStsToken}
+}
+
+func (signer *StsTokenSigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.credential.AccessKeySecret + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *StsTokenSigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_v2.go

@@ -0,0 +1,58 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+)
+
+type SignerV2 struct {
+	credential *credentials.RsaKeyPairCredential
+}
+
+func (signer *SignerV2) GetExtraParam() map[string]string {
+	return nil
+}
+
+func NewSignerV2(credential *credentials.RsaKeyPairCredential) (*SignerV2, error) {
+	return &SignerV2{
+		credential: credential,
+	}, nil
+}
+
+func (*SignerV2) GetName() string {
+	return "SHA256withRSA"
+}
+
+func (*SignerV2) GetType() string {
+	return "PRIVATEKEY"
+}
+
+func (*SignerV2) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *SignerV2) GetAccessKeyId() (accessKeyId string, err error) {
+	return signer.credential.PublicKeyId, err
+}
+
+func (signer *SignerV2) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.credential.PrivateKey
+	return Sha256WithRsa(stringToSign, secret)
+}
+
+func (signer *SignerV2) Shutdown() {
+
+}