Update Lego

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/algorithms.go

@@ -0,0 +1,63 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"crypto"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"
+	/*"encoding/pem"
+	"io/ioutil"
+	"os/user"
+	"crypto/sha256"*/)
+
+func ShaHmac1(source, secret string) string {
+	key := []byte(secret)
+	hmac := hmac.New(sha1.New, key)
+	hmac.Write([]byte(source))
+	signedBytes := hmac.Sum(nil)
+	signedString := base64.StdEncoding.EncodeToString(signedBytes)
+	return signedString
+}
+
+func Sha256WithRsa(source, secret string) string {
+	decodeString, err := base64.StdEncoding.DecodeString(secret)
+	if err != nil {
+		fmt.Println("DecodeString err", err)
+	}
+	private, err := x509.ParsePKCS8PrivateKey(decodeString)
+	if err != nil {
+		fmt.Println("ParsePKCS8PrivateKey err", err)
+	}
+
+	h := crypto.Hash.New(crypto.SHA256)
+	h.Write([]byte(source))
+	hashed := h.Sum(nil)
+	signature, err := rsa.SignPKCS1v15(rand.Reader, private.(*rsa.PrivateKey),
+		crypto.SHA256, hashed)
+	if err != nil {
+		fmt.Println("Error from signing:", err)
+		return ""
+	}
+
+	signedString := base64.StdEncoding.EncodeToString(signature)
+	//fmt.Printf("Encoded: %v\n", signedString)
+	return signedString
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/credential_updater.go

@@ -0,0 +1,53 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"time"
+)
+
+const defaultInAdvanceScale = 0.8
+
+type credentialUpdater struct {
+	credentialExpiration int
+	lastUpdateTimestamp  int64
+	inAdvanceScale       float64
+	buildRequestMethod   func() (*requests.CommonRequest, error)
+	responseCallBack     func(response *responses.CommonResponse) error
+	refreshApi           func(request *requests.CommonRequest) (response *responses.CommonResponse, err error)
+}
+
+func (updater *credentialUpdater) needUpdateCredential() (result bool) {
+	if updater.inAdvanceScale == 0 {
+		updater.inAdvanceScale = defaultInAdvanceScale
+	}
+	return time.Now().Unix()-updater.lastUpdateTimestamp >= int64(float64(updater.credentialExpiration)*updater.inAdvanceScale)
+}
+
+func (updater *credentialUpdater) updateCredential() (err error) {
+	request, err := updater.buildRequestMethod()
+	if err != nil {
+		return
+	}
+	response, err := updater.refreshApi(request)
+	if err != nil {
+		return
+	}
+	updater.lastUpdateTimestamp = time.Now().Unix()
+	err = updater.responseCallBack(response)
+	return
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/session_credential.go

@@ -0,0 +1,7 @@
+package signers
+
+type SessionCredential struct {
+	AccessKeyId     string
+	AccessKeySecret string
+	StsToken        string
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_access_key.go

@@ -0,0 +1,58 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+)
+
+type AccessKeySigner struct {
+	credential *credentials.AccessKeyCredential
+}
+
+func (signer *AccessKeySigner) GetExtraParam() map[string]string {
+	return nil
+}
+
+func NewAccessKeySigner(credential *credentials.AccessKeyCredential) (*AccessKeySigner, error) {
+	return &AccessKeySigner{
+		credential: credential,
+	}, nil
+}
+
+func (*AccessKeySigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*AccessKeySigner) GetType() string {
+	return ""
+}
+
+func (*AccessKeySigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *AccessKeySigner) GetAccessKeyId() (accessKeyId string, err error) {
+	return signer.credential.AccessKeyId, nil
+}
+
+func (signer *AccessKeySigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.credential.AccessKeySecret + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *AccessKeySigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_ecs_ram_role.go

@@ -0,0 +1,175 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/jmespath/go-jmespath"
+	"net/http"
+	"strings"
+	"time"
+)
+
+type EcsRamRoleSigner struct {
+	*credentialUpdater
+	sessionCredential *SessionCredential
+	credential        *credentials.EcsRamRoleCredential
+	commonApi         func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)
+}
+
+func NewEcsRamRoleSigner(credential *credentials.EcsRamRoleCredential, commonApi func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error)) (signer *EcsRamRoleSigner, err error) {
+	signer = &EcsRamRoleSigner{
+		credential: credential,
+		commonApi:  commonApi,
+	}
+
+	signer.credentialUpdater = &credentialUpdater{
+		credentialExpiration: defaultDurationSeconds / 60,
+		buildRequestMethod:   signer.buildCommonRequest,
+		responseCallBack:     signer.refreshCredential,
+		refreshApi:           signer.refreshApi,
+	}
+
+	return
+}
+
+func (*EcsRamRoleSigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*EcsRamRoleSigner) GetType() string {
+	return ""
+}
+
+func (*EcsRamRoleSigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *EcsRamRoleSigner) GetAccessKeyId() (accessKeyId string, err error) {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		err = signer.updateCredential()
+	}
+	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
+		return "", err
+	}
+	return signer.sessionCredential.AccessKeyId, nil
+}
+
+func (signer *EcsRamRoleSigner) GetExtraParam() map[string]string {
+	if signer.sessionCredential == nil {
+		return make(map[string]string)
+	}
+	if len(signer.sessionCredential.StsToken) <= 0 {
+		return make(map[string]string)
+	}
+	return map[string]string{"SecurityToken": signer.sessionCredential.StsToken}
+}
+
+func (signer *EcsRamRoleSigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.sessionCredential.AccessKeyId + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *EcsRamRoleSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {
+	request = requests.NewCommonRequest()
+	return
+}
+
+func (signer *EcsRamRoleSigner) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
+	requestUrl := "http://100.100.100.200/latest/meta-data/ram/security-credentials/" + signer.credential.RoleName
+	httpRequest, err := http.NewRequest(requests.GET, requestUrl, strings.NewReader(""))
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err", err)
+		return
+	}
+	httpClient := &http.Client{}
+	httpResponse, err := httpClient.Do(httpRequest)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err", err)
+		return
+	}
+
+	response = responses.NewCommonResponse()
+	err = responses.Unmarshal(response, httpResponse, "")
+
+	return
+}
+
+func (signer *EcsRamRoleSigner) refreshCredential(response *responses.CommonResponse) (err error) {
+	if response.GetHttpStatus() != http.StatusOK {
+		fmt.Println("refresh Ecs sts token err, httpStatus: " + string(response.GetHttpStatus()) + ", message = " + response.GetHttpContentString())
+		return
+	}
+	var data interface{}
+	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, json.Unmarshal fail", err)
+		return
+	}
+	code, err := jmespath.Search("Code", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get Code", err)
+		return
+	}
+	if code.(string) != "Success" {
+		fmt.Println("refresh Ecs sts token err, Code is not Success", err)
+		return
+	}
+	accessKeyId, err := jmespath.Search("AccessKeyId", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get AccessKeyId", err)
+		return
+	}
+	accessKeySecret, err := jmespath.Search("AccessKeySecret", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get AccessKeySecret", err)
+		return
+	}
+	securityToken, err := jmespath.Search("SecurityToken", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get SecurityToken", err)
+		return
+	}
+	expiration, err := jmespath.Search("Expiration", data)
+	if err != nil {
+		fmt.Println("refresh Ecs sts token err, fail to get Expiration", err)
+		return
+	}
+	if accessKeyId == nil || accessKeySecret == nil || securityToken == nil {
+		return
+	}
+
+	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", expiration.(string))
+	signer.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
+	signer.sessionCredential = &SessionCredential{
+		AccessKeyId:     accessKeyId.(string),
+		AccessKeySecret: accessKeySecret.(string),
+		StsToken:        securityToken.(string),
+	}
+
+	return
+}
+
+func (signer *EcsRamRoleSigner) GetSessionCredential() *SessionCredential {
+	return signer.sessionCredential
+}
+
+func (signer *EcsRamRoleSigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_key_pair.go

@@ -0,0 +1,148 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/jmespath/go-jmespath"
+	"net/http"
+	"strconv"
+)
+
+type SignerKeyPair struct {
+	*credentialUpdater
+	sessionCredential *SessionCredential
+	credential        *credentials.RsaKeyPairCredential
+	commonApi         func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)
+}
+
+func NewSignerKeyPair(credential *credentials.RsaKeyPairCredential, commonApi func(*requests.CommonRequest, interface{}) (response *responses.CommonResponse, err error)) (signer *SignerKeyPair, err error) {
+	signer = &SignerKeyPair{
+		credential: credential,
+		commonApi:  commonApi,
+	}
+
+	signer.credentialUpdater = &credentialUpdater{
+		credentialExpiration: credential.SessionExpiration,
+		buildRequestMethod:   signer.buildCommonRequest,
+		responseCallBack:     signer.refreshCredential,
+		refreshApi:           signer.refreshApi,
+	}
+
+	if credential.SessionExpiration > 0 {
+		if credential.SessionExpiration >= 900 && credential.SessionExpiration <= 3600 {
+			signer.credentialExpiration = credential.SessionExpiration
+		} else {
+			err = errors.NewClientError(errors.InvalidParamErrorCode, "Key Pair session duration should be in the range of 15min - 1Hr", nil)
+		}
+	} else {
+		signer.credentialExpiration = defaultDurationSeconds
+	}
+	return
+}
+
+func (*SignerKeyPair) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*SignerKeyPair) GetType() string {
+	return ""
+}
+
+func (*SignerKeyPair) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *SignerKeyPair) GetAccessKeyId() (accessKeyId string, err error) {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		err = signer.updateCredential()
+	}
+	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
+		return "", err
+	}
+	return signer.sessionCredential.AccessKeyId, err
+}
+
+func (signer *SignerKeyPair) GetExtraParam() map[string]string {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		signer.updateCredential()
+	}
+	if signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0 {
+		return make(map[string]string)
+	}
+	return make(map[string]string)
+}
+
+func (signer *SignerKeyPair) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.sessionCredential.AccessKeyId + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *SignerKeyPair) buildCommonRequest() (request *requests.CommonRequest, err error) {
+	request = requests.NewCommonRequest()
+	request.Product = "Sts"
+	request.Version = "2015-04-01"
+	request.ApiName = "GenerateSessionAccessKey"
+	request.Scheme = requests.HTTPS
+	request.QueryParams["PublicKeyId"] = signer.credential.PublicKeyId
+	request.QueryParams["DurationSeconds"] = strconv.Itoa(signer.credentialExpiration)
+	return
+}
+
+func (signerKeyPair *SignerKeyPair) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
+	signerV2, err := NewSignerV2(signerKeyPair.credential)
+	return signerKeyPair.commonApi(request, signerV2)
+}
+
+func (signer *SignerKeyPair) refreshCredential(response *responses.CommonResponse) (err error) {
+	if response.GetHttpStatus() != http.StatusOK {
+		message := "refresh session AccessKey failed"
+		err = errors.NewServerError(response.GetHttpStatus(), response.GetHttpContentString(), message)
+		return
+	}
+	var data interface{}
+	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
+	if err != nil {
+		fmt.Println("refresh KeyPair err, json.Unmarshal fail", err)
+		return
+	}
+	accessKeyId, err := jmespath.Search("SessionAccessKey.SessionAccessKeyId", data)
+	if err != nil {
+		fmt.Println("refresh KeyPair err, fail to get SessionAccessKeyId", err)
+		return
+	}
+	accessKeySecret, err := jmespath.Search("SessionAccessKey.SessionAccessKeySecret", data)
+	if err != nil {
+		fmt.Println("refresh KeyPair err, fail to get SessionAccessKeySecret", err)
+		return
+	}
+	if accessKeyId == nil || accessKeySecret == nil {
+		return
+	}
+	signer.sessionCredential = &SessionCredential{
+		AccessKeyId:     accessKeyId.(string),
+		AccessKeySecret: accessKeySecret.(string),
+	}
+	return
+}
+
+func (signer *SignerKeyPair) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_ram_role_arn.go

@@ -0,0 +1,174 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/jmespath/go-jmespath"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+const (
+	defaultDurationSeconds = 3600
+)
+
+type RamRoleArnSigner struct {
+	*credentialUpdater
+	roleSessionName   string
+	sessionCredential *SessionCredential
+	credential        *credentials.RamRoleArnCredential
+	commonApi         func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)
+}
+
+func NewRamRoleArnSigner(credential *credentials.RamRoleArnCredential, commonApi func(request *requests.CommonRequest, signer interface{}) (response *responses.CommonResponse, err error)) (signer *RamRoleArnSigner, err error) {
+	signer = &RamRoleArnSigner{
+		credential: credential,
+		commonApi:  commonApi,
+	}
+
+	signer.credentialUpdater = &credentialUpdater{
+		credentialExpiration: credential.RoleSessionExpiration,
+		buildRequestMethod:   signer.buildCommonRequest,
+		responseCallBack:     signer.refreshCredential,
+		refreshApi:           signer.refreshApi,
+	}
+
+	if len(credential.RoleSessionName) > 0 {
+		signer.roleSessionName = credential.RoleSessionName
+	} else {
+		signer.roleSessionName = "aliyun-go-sdk-" + strconv.FormatInt(time.Now().UnixNano()/1000, 10)
+	}
+	if credential.RoleSessionExpiration > 0 {
+		if credential.RoleSessionExpiration >= 900 && credential.RoleSessionExpiration <= 3600 {
+			signer.credentialExpiration = credential.RoleSessionExpiration
+		} else {
+			err = errors.NewClientError(errors.InvalidParamErrorCode, "Assume Role session duration should be in the range of 15min - 1Hr", nil)
+		}
+	} else {
+		signer.credentialExpiration = defaultDurationSeconds
+	}
+	return
+}
+
+func (*RamRoleArnSigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*RamRoleArnSigner) GetType() string {
+	return ""
+}
+
+func (*RamRoleArnSigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *RamRoleArnSigner) GetAccessKeyId() (accessKeyId string, err error) {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		err = signer.updateCredential()
+	}
+	if err != nil && (signer.sessionCredential == nil || len(signer.sessionCredential.AccessKeyId) <= 0) {
+		return "", err
+	}
+	return signer.sessionCredential.AccessKeyId, nil
+}
+
+func (signer *RamRoleArnSigner) GetExtraParam() map[string]string {
+	if signer.sessionCredential == nil || signer.needUpdateCredential() {
+		signer.updateCredential()
+	}
+	if signer.sessionCredential == nil || len(signer.sessionCredential.StsToken) <= 0 {
+		return make(map[string]string)
+	}
+	return map[string]string{"SecurityToken": signer.sessionCredential.StsToken}
+}
+
+func (signer *RamRoleArnSigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.sessionCredential.AccessKeySecret + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *RamRoleArnSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {
+	request = requests.NewCommonRequest()
+	request.Product = "Sts"
+	request.Version = "2015-04-01"
+	request.ApiName = "AssumeRole"
+	request.Scheme = requests.HTTPS
+	request.QueryParams["RoleArn"] = signer.credential.RoleArn
+	request.QueryParams["RoleSessionName"] = signer.credential.RoleSessionName
+	request.QueryParams["DurationSeconds"] = strconv.Itoa(signer.credentialExpiration)
+	return
+}
+
+func (signer *RamRoleArnSigner) refreshApi(request *requests.CommonRequest) (response *responses.CommonResponse, err error) {
+	credential := &credentials.AccessKeyCredential{
+		AccessKeyId:     signer.credential.AccessKeyId,
+		AccessKeySecret: signer.credential.AccessKeySecret,
+	}
+	signerV1, err := NewAccessKeySigner(credential)
+	return signer.commonApi(request, signerV1)
+}
+
+func (signer *RamRoleArnSigner) refreshCredential(response *responses.CommonResponse) (err error) {
+	if response.GetHttpStatus() != http.StatusOK {
+		message := "refresh session token failed"
+		err = errors.NewServerError(response.GetHttpStatus(), response.GetHttpContentString(), message)
+		return
+	}
+	var data interface{}
+	err = json.Unmarshal(response.GetHttpContentBytes(), &data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, json.Unmarshal fail", err)
+		return
+	}
+	accessKeyId, err := jmespath.Search("Credentials.AccessKeyId", data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, fail to get AccessKeyId", err)
+		return
+	}
+	accessKeySecret, err := jmespath.Search("Credentials.AccessKeySecret", data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, fail to get AccessKeySecret", err)
+		return
+	}
+	securityToken, err := jmespath.Search("Credentials.SecurityToken", data)
+	if err != nil {
+		fmt.Println("refresh RoleArn sts token err, fail to get SecurityToken", err)
+		return
+	}
+	if accessKeyId == nil || accessKeySecret == nil || securityToken == nil {
+		return
+	}
+	signer.sessionCredential = &SessionCredential{
+		AccessKeyId:     accessKeyId.(string),
+		AccessKeySecret: accessKeySecret.(string),
+		StsToken:        securityToken.(string),
+	}
+	return
+}
+
+func (signer *RamRoleArnSigner) GetSessionCredential() *SessionCredential {
+	return signer.sessionCredential
+}
+
+func (signer *RamRoleArnSigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_sts_token.go

@@ -0,0 +1,58 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+)
+
+type StsTokenSigner struct {
+	credential *credentials.StsTokenCredential
+}
+
+func NewStsTokenSigner(credential *credentials.StsTokenCredential) (*StsTokenSigner, error) {
+	return &StsTokenSigner{
+		credential: credential,
+	}, nil
+}
+
+func (*StsTokenSigner) GetName() string {
+	return "HMAC-SHA1"
+}
+
+func (*StsTokenSigner) GetType() string {
+	return ""
+}
+
+func (*StsTokenSigner) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *StsTokenSigner) GetAccessKeyId() (accessKeyId string, err error) {
+	return signer.credential.AccessKeyId, nil
+}
+
+func (signer *StsTokenSigner) GetExtraParam() map[string]string {
+	return map[string]string{"SecurityToken": signer.credential.AccessKeyStsToken}
+}
+
+func (signer *StsTokenSigner) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.credential.AccessKeySecret + secretSuffix
+	return ShaHmac1(stringToSign, secret)
+}
+
+func (signer *StsTokenSigner) Shutdown() {
+
+}

vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers/signer_v2.go

@@ -0,0 +1,58 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package signers
+
+import (
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+)
+
+type SignerV2 struct {
+	credential *credentials.RsaKeyPairCredential
+}
+
+func (signer *SignerV2) GetExtraParam() map[string]string {
+	return nil
+}
+
+func NewSignerV2(credential *credentials.RsaKeyPairCredential) (*SignerV2, error) {
+	return &SignerV2{
+		credential: credential,
+	}, nil
+}
+
+func (*SignerV2) GetName() string {
+	return "SHA256withRSA"
+}
+
+func (*SignerV2) GetType() string {
+	return "PRIVATEKEY"
+}
+
+func (*SignerV2) GetVersion() string {
+	return "1.0"
+}
+
+func (signer *SignerV2) GetAccessKeyId() (accessKeyId string, err error) {
+	return signer.credential.PublicKeyId, err
+}
+
+func (signer *SignerV2) Sign(stringToSign, secretSuffix string) string {
+	secret := signer.credential.PrivateKey
+	return Sha256WithRsa(stringToSign, secret)
+}
+
+func (signer *SignerV2) Shutdown() {
+
+}