public class AWS4Signer extends AbstractAWSSigner implements ServiceAwareSigner, RegionAwareSigner, Presigner
Modifier and Type | Field and Description |
---|---|
protected boolean |
doubleUrlEncode
Whether double url-encode the resource path when constructing the
canonical request.
|
private static java.util.List<java.lang.String> |
listOfHeadersToIgnoreInLowerCase |
protected static InternalLogApi |
log |
protected java.util.Date |
overriddenDate
Date override for testing only
|
protected java.lang.String |
regionName
Region name override for use when the endpoint can't be used to determine
the region name.
|
protected java.lang.String |
serviceName
Service name override for use when the endpoint can't be used to
determine the service name.
|
private static int |
SIGNER_CACHE_MAX_SIZE |
private static FIFOCache<SignerKey> |
signerCache |
EMPTY_STRING_SHA256_HEX
Constructor and Description |
---|
AWS4Signer()
Construct a new AWS4 signer instance.
|
AWS4Signer(boolean doubleUrlEncoding)
Construct a new AWS4 signer instance.
|
Modifier and Type | Method and Description |
---|---|
protected void |
addHostHeader(SignableRequest<?> request) |
private void |
addPreSignInformationToRequest(SignableRequest<?> request,
AWSCredentials credentials,
AWS4SignerRequestParams signerParams,
java.lang.String timeStamp,
long expirationInSeconds)
Includes all the signing headers as request parameters for pre-signing.
|
protected void |
addSessionCredentials(SignableRequest<?> request,
AWSSessionCredentials credentials)
Adds session credentials to the request given.
|
private java.lang.String |
buildAuthorizationHeader(SignableRequest<?> request,
byte[] signature,
AWSCredentials credentials,
AWS4SignerRequestParams signerParams)
Creates the authorization header to be included in the request.
|
protected java.lang.String |
calculateContentHash(SignableRequest<?> request)
Calculate the hash of the request's payload.
|
protected java.lang.String |
calculateContentHashPresign(SignableRequest<?> request)
Calculate the hash of the request's payload.
|
protected byte[] |
computeSignature(java.lang.String stringToSign,
byte[] signingKey,
AWS4SignerRequestParams signerRequestParams)
Step 3 of the AWS Signature version 4 calculation.
|
private java.lang.String |
computeSigningCacheKeyName(AWSCredentials credentials,
AWS4SignerRequestParams signerRequestParams)
Computes the name to be used to reference the signing key in the cache.
|
protected java.lang.String |
createCanonicalRequest(SignableRequest<?> request,
java.lang.String contentSha256)
Step 1 of the AWS Signature version 4 calculation.
|
protected java.lang.String |
createStringToSign(java.lang.String canonicalRequest,
AWS4SignerRequestParams signerParams)
Step 2 of the AWS Signature version 4 calculation.
|
private byte[] |
deriveSigningKey(AWSCredentials credentials,
AWS4SignerRequestParams signerRequestParams)
Step 3 of the AWS Signature version 4 calculation.
|
private long |
generateExpirationDate(java.util.Date expirationDate)
Generates an expiration date for the presigned url.
|
protected java.lang.String |
getCanonicalizedHeaderString(SignableRequest<?> request) |
java.util.Date |
getOverriddenDate()
Returns a copy of date that overrides the signing date in the request.
|
java.lang.String |
getRegionName()
Returns the region name that is used when calculating the signature.
|
java.lang.String |
getServiceName()
Returns the service name that is used when calculating the signature.
|
protected java.lang.String |
getSignedHeadersString(SignableRequest<?> request) |
private boolean |
isAnonymous(AWSCredentials credentials)
Checks if the credentials is an instance of
AnonymousAWSCredentials |
private byte[] |
newSigningKey(AWSCredentials credentials,
java.lang.String dateStamp,
java.lang.String regionName,
java.lang.String serviceName)
Generates a new signing key from the given parameters and returns it.
|
void |
presignRequest(SignableRequest<?> request,
AWSCredentials credentials,
java.util.Date userSpecifiedExpirationDate)
Signs the request by adding the signature to the URL rather than as a
header.
|
protected void |
processRequestPayload(SignableRequest<?> request,
byte[] signature,
byte[] signingKey,
AWS4SignerRequestParams signerRequestParams)
Subclass could override this method to perform any additional procedure
on the request payload, with access to the result from signing the
header.
|
(package private) void |
setOverrideDate(java.util.Date overriddenDate)
Sets the date that overrides the signing date in the request.
|
void |
setRegionName(java.lang.String regionName)
Sets the region name that this signer should use when calculating request
signatures.
|
void |
setServiceName(java.lang.String serviceName)
Sets the service name that this signer should use when calculating
request signatures.
|
protected boolean |
shouldExcludeHeaderFromSigning(java.lang.String header) |
void |
sign(SignableRequest<?> request,
AWSCredentials credentials)
Sign the given request with the given set of credentials.
|
getBinaryRequestPayload, getBinaryRequestPayloadStream, getBinaryRequestPayloadStreamWithoutQueryParams, getBinaryRequestPayloadWithoutQueryParams, getCanonicalizedEndpoint, getCanonicalizedQueryString, getCanonicalizedQueryString, getCanonicalizedResourcePath, getCanonicalizedResourcePath, getRequestPayload, getRequestPayloadWithoutQueryParams, getSignatureDate, getTimeOffset, hash, hash, hash, newString, sanitizeCredentials, sign, sign, signAndBase64Encode, signAndBase64Encode, signWithMac
protected static final InternalLogApi log
private static final int SIGNER_CACHE_MAX_SIZE
private static final java.util.List<java.lang.String> listOfHeadersToIgnoreInLowerCase
protected java.lang.String serviceName
protected java.lang.String regionName
protected java.util.Date overriddenDate
protected boolean doubleUrlEncode
public AWS4Signer()
public AWS4Signer(boolean doubleUrlEncoding)
doubleUrlEncoding
- Whether double url-encode the resource path when constructing
the canonical request.public void setServiceName(java.lang.String serviceName)
setServiceName
in interface ServiceAwareSigner
serviceName
- The service name to use when calculating signatures in this
signer.public void setRegionName(java.lang.String regionName)
setRegionName
in interface RegionAwareSigner
regionName
- The region name to use when calculating signatures in this
signer.void setOverrideDate(java.util.Date overriddenDate)
public java.lang.String getRegionName()
public java.lang.String getServiceName()
public java.util.Date getOverriddenDate()
public void sign(SignableRequest<?> request, AWSCredentials credentials)
Signer
public void presignRequest(SignableRequest<?> request, AWSCredentials credentials, java.util.Date userSpecifiedExpirationDate)
Presigner
presignRequest
in interface Presigner
request
- The request to sign.credentials
- The credentials to sign it with.userSpecifiedExpirationDate
- The time when this presigned URL will expire.protected java.lang.String createCanonicalRequest(SignableRequest<?> request, java.lang.String contentSha256)
protected java.lang.String createStringToSign(java.lang.String canonicalRequest, AWS4SignerRequestParams signerParams)
private final byte[] deriveSigningKey(AWSCredentials credentials, AWS4SignerRequestParams signerRequestParams)
private final java.lang.String computeSigningCacheKeyName(AWSCredentials credentials, AWS4SignerRequestParams signerRequestParams)
protected final byte[] computeSignature(java.lang.String stringToSign, byte[] signingKey, AWS4SignerRequestParams signerRequestParams)
private java.lang.String buildAuthorizationHeader(SignableRequest<?> request, byte[] signature, AWSCredentials credentials, AWS4SignerRequestParams signerParams)
private void addPreSignInformationToRequest(SignableRequest<?> request, AWSCredentials credentials, AWS4SignerRequestParams signerParams, java.lang.String timeStamp, long expirationInSeconds)
protected void addSessionCredentials(SignableRequest<?> request, AWSSessionCredentials credentials)
AbstractAWSSigner
addSessionCredentials
in class AbstractAWSSigner
request
- The request to add session credentials information tocredentials
- The session credentials to add to the requestprotected java.lang.String getCanonicalizedHeaderString(SignableRequest<?> request)
protected java.lang.String getSignedHeadersString(SignableRequest<?> request)
protected boolean shouldExcludeHeaderFromSigning(java.lang.String header)
protected void addHostHeader(SignableRequest<?> request)
protected java.lang.String calculateContentHash(SignableRequest<?> request)
protected void processRequestPayload(SignableRequest<?> request, byte[] signature, byte[] signingKey, AWS4SignerRequestParams signerRequestParams)
protected java.lang.String calculateContentHashPresign(SignableRequest<?> request)
private boolean isAnonymous(AWSCredentials credentials)
AnonymousAWSCredentials
private long generateExpirationDate(java.util.Date expirationDate)
private byte[] newSigningKey(AWSCredentials credentials, java.lang.String dateStamp, java.lang.String regionName, java.lang.String serviceName)