Package org.jclouds.s3.filters

Class Aws4SignerBase

    • Field Detail

      • timestampFormat

        protected final DateFormat timestampFormat

      • dateFormat

        protected final DateFormat dateFormat

      • headerTag

        protected final String headerTag

      • creds

        protected final com.google.common.base.Supplier<Credentials> creds

      • timestampProvider

        protected final com.google.common.base.Supplier<Date> timestampProvider

      • crypto

        protected final Crypto crypto

    • Method Detail

      • hostHeaderFor

        protected static String hostHeaderFor​(URI endpoint)

      • appendAmzHeaders

        protected void appendAmzHeaders​(HttpRequest request,
                                com.google.common.collect.ImmutableMap.Builder<String,​String> signedHeadersBuilder)

      • signatureKey

        protected byte[] signatureKey​(String secretKey,
                              String datestamp,
                              String region,
                              String service)
        caluclate AWS signature key.

        DateKey = hmacSHA256(datestamp, "AWS4"+ secretKey)
        DateRegionKey = hmacSHA256(region, DateKey)
        DateRegionServiceKey = hmacSHA256(service, DateRegionKey)
        SigningKey = hmacSHA256("aws4_request", DateRegionServiceKey)

        Parameters:
        secretKey - AWS access secret key
        datestamp - date yyyyMMdd
        region - AWS region
        service - AWS service
        Returns:
        SigningKey

      • hmacSHA256

        protected byte[] hmacSHA256​(String toSign,
                            byte[] key)
        hmac sha256
        Parameters:
        toSign - string to sign
        key - hash key

      • hash

        public static byte[] hash​(byte[] bytes)
                   throws HttpException
        hash input with sha256
        Parameters:
        bytes - input bytes
        Returns:
        hash result
        Throws:
        HttpException

      • hash

        public static byte[] hash​(String input)
                   throws HttpException
        hash string (encoding UTF_8) with sha256
        Parameters:
        input - input stream
        Returns:
        hash result
        Throws:
        HttpException

      • getCanonicalizedQueryString

        protected String getCanonicalizedQueryString​(String queryString)
        Examines the specified query string parameters and returns a canonicalized form.

        The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an '&'.

        Parameters:
        queryString - The query string parameters to be canonicalized.
        Returns:
        A canonicalized form for the specified query string parameters.

      • urlEncode

        public static String urlEncode​(String value)
        Encode a string for use in the path of a URL; uses URLEncoder.encode, (which encodes a string for use in the query portion of a URL), then applies some postfilters to fix things up per the RFC. Can optionally handle strings which are meant to encode a path (ie include '/'es which should NOT be escaped).
        Parameters:
        value - the value to encode
        Returns:
        the encoded value

      • hex

        public static String hex​(byte[] bytes)
        Lowercase base 16 encoding.
        Parameters:
        bytes - bytes
        Returns:
        base16 lower case hex string.

      • createStringToSign

        protected String createStringToSign​(String method,
                                    URI endpoint,
                                    Map<String,​String> signedHeaders,
                                    String timestamp,
                                    String credentialScope,
                                    String hashedPayload)
        Create a Canonical Request to sign

        Canonical Request

        <HTTPMethod>\n
        <CanonicalURI>\n
        <CanonicalQueryString>\n
        <CanonicalHeaders>\n
        <SignedHeaders>\n
        <HashedPayload>

        HTTPMethod is one of the HTTP methods, for example GET, PUT, HEAD, and DELETE.

        CanonicalURI is the URI-encoded version of the absolute path component of the URI—everything starting with the "/" that follows the domain name and up to the end of the string or to the question mark character ('?') if you have query string parameters.

        CanonicalQueryString specifies the URI-encoded query string parameters. You URI-encode name and values individually. You must also sort the parameters in the canonical query string alphabetically by key name. The sorting occurs after encoding.

        CanonicalHeaders is a list of request headers with their values. Individual header name and value pairs are separated by the newline character ("\n"). Header names must be in lowercase. Header value must be trim space.
        The CanonicalHeaders list must include the following: HTTP host header. If the Content-Type header is present in the request, it must be added to the CanonicalHeaders list. Any x-amz-* headers that you plan to include in your request must also be added.

        SignedHeaders is an alphabetically sorted, semicolon-separated list of lowercase request header names. The request headers in the list are the same headers that you included in the CanonicalHeaders string.

        HashedPayload is the hexadecimal value of the SHA256 hash of the request payload.

        If there is no payload in the request, you compute a hash of the empty string as follows: Hex(SHA256Hash("")) The hash returns the following value: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

        Parameters:
        method - http request method
        endpoint - http request endpoing
        signedHeaders - signed headers
        timestamp - ISO8601 timestamp
        credentialScope - credential scope
        Returns:
        string to sign

      • lowerCaseNaturalOrderKeys

        protected static Map<String,​String> lowerCaseNaturalOrderKeys​(Map<String,​String> in)
        change the keys but keep the values in-tact.
        Parameters:
        in - input map to transform
        Returns:
        immutableSortedMap with the new lowercase keys.