Class Aws4SignerBase
- java.lang.Object
-
- org.jclouds.s3.filters.Aws4SignerBase
-
- Direct Known Subclasses:
Aws4SignerForAuthorizationHeader
,Aws4SignerForChunkedUpload
,Aws4SignerForQueryString
public abstract class Aws4SignerBase extends Object
Common methods and properties for all AWS4 signer variants
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
Aws4SignerBase.ServiceAndRegion
-
Field Summary
Fields Modifier and Type Field Description protected com.google.common.base.Supplier<Credentials>
creds
protected Crypto
crypto
protected DateFormat
dateFormat
protected String
headerTag
protected Aws4SignerBase.ServiceAndRegion
serviceAndRegion
protected SignatureWire
signatureWire
protected DateFormat
timestampFormat
protected com.google.common.base.Supplier<Date>
timestampProvider
-
Constructor Summary
Constructors Modifier Constructor Description protected
Aws4SignerBase(SignatureWire signatureWire, String headerTag, com.google.common.base.Supplier<Credentials> creds, com.google.common.base.Supplier<Date> timestampProvider, Aws4SignerBase.ServiceAndRegion serviceAndRegion, Crypto crypto)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
appendAmzHeaders(HttpRequest request, com.google.common.collect.ImmutableMap.Builder<String,String> signedHeadersBuilder)
protected String
createStringToSign(String method, URI endpoint, Map<String,String> signedHeaders, String timestamp, String credentialScope, String hashedPayload)
Create a Canonical Request to signprotected String
getCanonicalizedQueryString(String queryString)
Examines the specified query string parameters and returns a canonicalized form.protected String
getContentLength(HttpRequest request)
protected String
getContentType(HttpRequest request)
static byte[]
hash(byte[] bytes)
hash input with sha256static byte[]
hash(InputStream input)
hash input with sha256static byte[]
hash(String input)
hash string (encoding UTF_8) with sha256static String
hex(byte[] bytes)
Lowercase base 16 encoding.protected byte[]
hmacSHA256(String toSign, byte[] key)
hmac sha256static com.google.common.io.ByteProcessor<byte[]>
hmacSHA256(Crypto crypto, byte[] signatureKey)
protected static String
hostHeaderFor(URI endpoint)
protected static Map<String,String>
lowerCaseNaturalOrderKeys(Map<String,String> in)
change the keys but keep the values in-tact.protected byte[]
signatureKey(String secretKey, String datestamp, String region, String service)
caluclate AWS signature key.static String
urlEncode(String value)
Encode a string for use in the path of a URL; uses URLEncoder.encode, (which encodes a string for use in the query portion of a URL), then applies some postfilters to fix things up per the RFC.
-
-
-
Field Detail
-
timestampFormat
protected final DateFormat timestampFormat
-
dateFormat
protected final DateFormat dateFormat
-
headerTag
protected final String headerTag
-
serviceAndRegion
protected final Aws4SignerBase.ServiceAndRegion serviceAndRegion
-
signatureWire
protected final SignatureWire signatureWire
-
creds
protected final com.google.common.base.Supplier<Credentials> creds
-
timestampProvider
protected final com.google.common.base.Supplier<Date> timestampProvider
-
crypto
protected final Crypto crypto
-
-
Constructor Detail
-
Aws4SignerBase
protected Aws4SignerBase(SignatureWire signatureWire, String headerTag, com.google.common.base.Supplier<Credentials> creds, com.google.common.base.Supplier<Date> timestampProvider, Aws4SignerBase.ServiceAndRegion serviceAndRegion, Crypto crypto)
-
-
Method Detail
-
getContentType
protected String getContentType(HttpRequest request)
-
getContentLength
protected String getContentLength(HttpRequest request)
-
appendAmzHeaders
protected void appendAmzHeaders(HttpRequest request, com.google.common.collect.ImmutableMap.Builder<String,String> signedHeadersBuilder)
-
signatureKey
protected byte[] signatureKey(String secretKey, String datestamp, String region, String service)
caluclate AWS signature key.DateKey = hmacSHA256(datestamp, "AWS4"+ secretKey)
DateRegionKey = hmacSHA256(region, DateKey)
DateRegionServiceKey = hmacSHA256(service, DateRegionKey)
SigningKey = hmacSHA256("aws4_request", DateRegionServiceKey)
- Parameters:
secretKey
- AWS access secret keydatestamp
- date yyyyMMddregion
- AWS regionservice
- AWS service- Returns:
- SigningKey
-
hmacSHA256
protected byte[] hmacSHA256(String toSign, byte[] key)
hmac sha256- Parameters:
toSign
- string to signkey
- hash key
-
hmacSHA256
public static com.google.common.io.ByteProcessor<byte[]> hmacSHA256(Crypto crypto, byte[] signatureKey) throws InvalidKeyException
- Throws:
InvalidKeyException
-
hash
public static byte[] hash(InputStream input) throws HttpException
hash input with sha256- Parameters:
input
-- Returns:
- hash result
- Throws:
HttpException
-
hash
public static byte[] hash(byte[] bytes) throws HttpException
hash input with sha256- Parameters:
bytes
- input bytes- Returns:
- hash result
- Throws:
HttpException
-
hash
public static byte[] hash(String input) throws HttpException
hash string (encoding UTF_8) with sha256- Parameters:
input
- input stream- Returns:
- hash result
- Throws:
HttpException
-
getCanonicalizedQueryString
protected String getCanonicalizedQueryString(String queryString)
Examines the specified query string parameters and returns a canonicalized form. The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an '&'.- Parameters:
queryString
- The query string parameters to be canonicalized.- Returns:
- A canonicalized form for the specified query string parameters.
-
urlEncode
public static String urlEncode(String value)
Encode a string for use in the path of a URL; uses URLEncoder.encode, (which encodes a string for use in the query portion of a URL), then applies some postfilters to fix things up per the RFC. Can optionally handle strings which are meant to encode a path (ie include '/'es which should NOT be escaped).- Parameters:
value
- the value to encode- Returns:
- the encoded value
-
hex
public static String hex(byte[] bytes)
Lowercase base 16 encoding.- Parameters:
bytes
- bytes- Returns:
- base16 lower case hex string.
-
createStringToSign
protected String createStringToSign(String method, URI endpoint, Map<String,String> signedHeaders, String timestamp, String credentialScope, String hashedPayload)
Create a Canonical Request to signCanonical Request
<HTTPMethod>\n
<CanonicalURI>\n
<CanonicalQueryString>\n
<CanonicalHeaders>\n
<SignedHeaders>\n
<HashedPayload>HTTPMethod is one of the HTTP methods, for example GET, PUT, HEAD, and DELETE.
CanonicalURI is the URI-encoded version of the absolute path component of the URI—everything starting with the "/" that follows the domain name and up to the end of the string or to the question mark character ('?') if you have query string parameters.
CanonicalQueryString specifies the URI-encoded query string parameters. You URI-encode name and values individually. You must also sort the parameters in the canonical query string alphabetically by key name. The sorting occurs after encoding.
CanonicalHeaders is a list of request headers with their values. Individual header name and value pairs are separated by the newline character ("\n"). Header names must be in lowercase. Header value must be trim space.
The CanonicalHeaders list must include the following: HTTP host header. If the Content-Type header is present in the request, it must be added to the CanonicalHeaders list. Any x-amz-* headers that you plan to include in your request must also be added.SignedHeaders is an alphabetically sorted, semicolon-separated list of lowercase request header names. The request headers in the list are the same headers that you included in the CanonicalHeaders string.
HashedPayload is the hexadecimal value of the SHA256 hash of the request payload.
If there is no payload in the request, you compute a hash of the empty string as follows:
Hex(SHA256Hash(""))
The hash returns the following value: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855- Parameters:
method
- http request methodendpoint
- http request endpoingsignedHeaders
- signed headerstimestamp
- ISO8601 timestampcredentialScope
- credential scope- Returns:
- string to sign
-
-