public abstract class Aws4SignerBase extends Object
Modifier and Type | Class and Description |
---|---|
static interface |
Aws4SignerBase.ServiceAndRegion |
Modifier and Type | Field and Description |
---|---|
protected com.google.common.base.Supplier<Credentials> |
creds |
protected Crypto |
crypto |
protected DateFormat |
dateFormat |
protected String |
headerTag |
protected Aws4SignerBase.ServiceAndRegion |
serviceAndRegion |
protected SignatureWire |
signatureWire |
protected DateFormat |
timestampFormat |
protected com.google.common.base.Supplier<Date> |
timestampProvider |
Modifier | Constructor and Description |
---|---|
protected |
Aws4SignerBase(SignatureWire signatureWire,
String headerTag,
com.google.common.base.Supplier<Credentials> creds,
com.google.common.base.Supplier<Date> timestampProvider,
Aws4SignerBase.ServiceAndRegion serviceAndRegion,
Crypto crypto) |
Modifier and Type | Method and Description |
---|---|
protected void |
appendAmzHeaders(HttpRequest request,
com.google.common.collect.ImmutableMap.Builder<String,String> signedHeadersBuilder) |
protected String |
createStringToSign(String method,
URI endpoint,
Map<String,String> signedHeaders,
String timestamp,
String credentialScope,
String hashedPayload)
Create a Canonical Request to sign
|
protected String |
getCanonicalizedQueryString(String queryString)
Examines the specified query string parameters and returns a
canonicalized form.
|
protected String |
getContentLength(HttpRequest request) |
protected String |
getContentType(HttpRequest request) |
static byte[] |
hash(byte[] bytes)
hash input with sha256
|
static byte[] |
hash(InputStream input)
hash input with sha256
|
static byte[] |
hash(String input)
hash string (encoding UTF_8) with sha256
|
static String |
hex(byte[] bytes)
Lowercase base 16 encoding.
|
static com.google.common.io.ByteProcessor<byte[]> |
hmacSHA256(Crypto crypto,
byte[] signatureKey) |
protected byte[] |
hmacSHA256(String toSign,
byte[] key)
hmac sha256
|
protected static Map<String,String> |
lowerCaseNaturalOrderKeys(Map<String,String> in)
change the keys but keep the values in-tact.
|
protected byte[] |
signatureKey(String secretKey,
String datestamp,
String region,
String service)
caluclate AWS signature key.
|
static String |
urlEncode(String value)
Encode a string for use in the path of a URL; uses URLEncoder.encode,
(which encodes a string for use in the query portion of a URL), then
applies some postfilters to fix things up per the RFC.
|
protected final DateFormat timestampFormat
protected final DateFormat dateFormat
protected final String headerTag
protected final Aws4SignerBase.ServiceAndRegion serviceAndRegion
protected final SignatureWire signatureWire
protected final com.google.common.base.Supplier<Credentials> creds
protected final com.google.common.base.Supplier<Date> timestampProvider
protected final Crypto crypto
protected Aws4SignerBase(SignatureWire signatureWire, String headerTag, com.google.common.base.Supplier<Credentials> creds, com.google.common.base.Supplier<Date> timestampProvider, Aws4SignerBase.ServiceAndRegion serviceAndRegion, Crypto crypto)
protected String getContentType(HttpRequest request)
protected String getContentLength(HttpRequest request)
protected void appendAmzHeaders(HttpRequest request, com.google.common.collect.ImmutableMap.Builder<String,String> signedHeadersBuilder)
protected byte[] signatureKey(String secretKey, String datestamp, String region, String service)
DateKey = hmacSHA256(datestamp, "AWS4"+ secretKey)
DateRegionKey = hmacSHA256(region, DateKey)
DateRegionServiceKey = hmacSHA256(service, DateRegionKey)
SigningKey = hmacSHA256("aws4_request", DateRegionServiceKey)
secretKey
- AWS access secret keydatestamp
- date yyyyMMddregion
- AWS regionservice
- AWS serviceprotected byte[] hmacSHA256(String toSign, byte[] key)
toSign
- string to signkey
- hash keypublic static com.google.common.io.ByteProcessor<byte[]> hmacSHA256(Crypto crypto, byte[] signatureKey) throws InvalidKeyException
InvalidKeyException
public static byte[] hash(InputStream input) throws HTTPException
input
- HTTPException
public static byte[] hash(byte[] bytes) throws HTTPException
bytes
- input bytesHTTPException
public static byte[] hash(String input) throws HTTPException
input
- input streamHTTPException
protected String getCanonicalizedQueryString(String queryString)
queryString
- The query string parameters to be canonicalized.public static String urlEncode(String value)
value
- the value to encodepublic static String hex(byte[] bytes)
bytes
- bytesprotected String createStringToSign(String method, URI endpoint, Map<String,String> signedHeaders, String timestamp, String credentialScope, String hashedPayload)
<HTTPMethod>\n
<CanonicalURI>\n
<CanonicalQueryString>\n
<CanonicalHeaders>\n
<SignedHeaders>\n
<HashedPayload>
HTTPMethod is one of the HTTP methods, for example GET, PUT, HEAD, and DELETE.
CanonicalURI is the URI-encoded version of the absolute path component of the URI—everything starting with the "/" that follows the domain name and up to the end of the string or to the question mark character ('?') if you have query string parameters.
CanonicalQueryString specifies the URI-encoded query string parameters. You URI-encode name and values individually. You must also sort the parameters in the canonical query string alphabetically by key name. The sorting occurs after encoding.
CanonicalHeaders is a list of request headers with their values. Individual header name and value pairs are
separated by the newline character ("\n"). Header names must be in lowercase. Header value must be trim space.
The CanonicalHeaders list must include the following:
HTTP host header.
If the Content-Type header is present in the request, it must be added to the CanonicalHeaders list.
Any x-amz-* headers that you plan to include in your request must also be added.
SignedHeaders is an alphabetically sorted, semicolon-separated list of lowercase request header names. The request headers in the list are the same headers that you included in the CanonicalHeaders string.
HashedPayload is the hexadecimal value of the SHA256 hash of the request payload.
If there is no payload in the request, you compute a hash of the empty string as follows:
Hex(SHA256Hash(""))
The hash returns the following value:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
method
- http request methodendpoint
- http request endpoingsignedHeaders
- signed headerstimestamp
- ISO8601 timestampcredentialScope
- credential scopeCopyright © 2009-2016 The Apache Software Foundation. All Rights Reserved.