Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.amazonaws.auth
Class AWS4Signer

java.lang.Object
  extended by com.amazonaws.auth.AbstractAWSSigner
      extended by com.amazonaws.auth.AWS4Signer
All Implemented Interfaces:
Presigner, RegionAwareSigner, ServiceAwareSigner, Signer
public class AWS4Signer
extends AbstractAWSSigner
implements ServiceAwareSigner, RegionAwareSigner, Presigner

Signer implementation that signs requests with the AWS4 signing protocol.

Nested Class Summary
protected static class AWS4Signer.HeaderSigningResult
           
 
Field Summary
protected static String ALGORITHM
           
protected  boolean doubleUrlEncode
          Whether double url-encode the resource path when constructing the canonical request.
protected static org.apache.commons.logging.Log log
           
protected  Date overriddenDate
          Date override for testing only
protected  String regionName
          Region name override for use when the endpoint can't be used to determine the region name.
protected  String serviceName
          Service name override for use when the endpoint can't be used to determine the service name.
protected static String TERMINATOR
           
 
Constructor Summary
AWS4Signer()
          Construct a new AWS4 signer instance.
AWS4Signer(boolean doubleUrlEncoding)
          Construct a new AWS4 signer instance.
 
Method Summary
protected  void addHostHeader(Request<?> request)
           
protected  void addSessionCredentials(Request<?> request, AWSSessionCredentials credentials)
          Adds session credentials to the request given.
protected  String calculateContentHash(Request<?> request)
          Calculate the hash of the request's payload.
protected  String calculateContentHashPresign(Request<?> request)
          Calculate the hash of the request's payload.
protected  AWS4Signer.HeaderSigningResult computeSignature(Request<?> request, String dateStamp, String timeStamp, String algorithm, String contentSha256, AWSCredentials sanitizedCredentials)
           
protected  String extractRegionName(URI endpoint)
           
protected  String extractServiceName(URI endpoint)
           
protected  String getCanonicalizedHeaderString(Request<?> request)
           
protected  String getCanonicalRequest(Request<?> request, String contentSha256)
           
protected  long getDateFromRequest(Request<?> request)
           
protected  String getDateStamp(long dateMilli)
           
protected  String getScope(Request<?> request, String dateStamp)
           
protected  String getSignedHeadersString(Request<?> request)
           
protected  String getStringToSign(String algorithm, String dateTime, String scope, String canonicalRequest)
           
protected  String getTimeStamp(long dateMilli)
           
 void presignRequest(Request<?> request, AWSCredentials credentials, Date expiration)
          Signs the request by adding the signature to the URL rather than as a header.
protected  void processRequestPayload(Request<?> request, AWS4Signer.HeaderSigningResult headerSigningResult)
          Subclass could override this method to perform any additional procedure on the request payload, with access to the result from signing the header.
 void setRegionName(String regionName)
          Sets the region name that this signer should use when calculating request signatures.
 void setServiceName(String serviceName)
          Sets the service name that this signer should use when calculating request signatures.
 void sign(Request<?> request, AWSCredentials credentials)
          Sign the given request with the given set of credentials.
 
Methods inherited from class com.amazonaws.auth.AbstractAWSSigner
getBinaryRequestPayload, getBinaryRequestPayloadStream, getBinaryRequestPayloadStreamWithoutQueryParams, getBinaryRequestPayloadWithoutQueryParams, getCanonicalizedEndpoint, getCanonicalizedQueryString, getCanonicalizedQueryString, getCanonicalizedResourcePath, getCanonicalizedResourcePath, getRequestPayload, getRequestPayloadWithoutQueryParams, getSignatureDate, getTimeOffset, hash, hash, hash, newString, sanitizeCredentials, sign, sign, signAndBase64Encode, signAndBase64Encode
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ALGORITHM

protected static final String ALGORITHM
See Also:
Constant Field Values

TERMINATOR

protected static final String TERMINATOR
See Also:
Constant Field Values

serviceName

protected String serviceName
Service name override for use when the endpoint can't be used to determine the service name.

regionName

protected String regionName
Region name override for use when the endpoint can't be used to determine the region name.

overriddenDate

protected Date overriddenDate
Date override for testing only

doubleUrlEncode

protected boolean doubleUrlEncode
Whether double url-encode the resource path when constructing the canonical request. By default, we enable double url-encoding. TODO: Different sigv4 services seem to be inconsistent on this. So for services that want to suppress this, they should use new AWS4Signer(false).

log

protected static final org.apache.commons.logging.Log log
Constructor Detail

AWS4Signer

public AWS4Signer()
Construct a new AWS4 signer instance. By default, enable double url-encoding.

AWS4Signer

public AWS4Signer(boolean doubleUrlEncoding)
Construct a new AWS4 signer instance.

Parameters:
doubleUrlEncoding - Whether double url-encode the resource path when constructing the canonical request.
Method Detail

sign

public void sign(Request<?> request,
                 AWSCredentials credentials)
Description copied from interface: Signer
Sign the given request with the given set of credentials. Modifies the passed-in request to apply the signature.

Specified by:
sign in interface Signer
Parameters:
request - The request to sign.
credentials - The credentials to sign the request with.

setServiceName

public void setServiceName(String serviceName)
Sets the service name that this signer should use when calculating request signatures. This can almost always be determined directly from the request's end point, so you shouldn't need this method, but it's provided for the edge case where the information is not in the endpoint.

Specified by:
setServiceName in interface ServiceAwareSigner
Parameters:
serviceName - The service name to use when calculating signatures in this signer.

setRegionName

public void setRegionName(String regionName)
Sets the region name that this signer should use when calculating request signatures. This can almost always be determined directly from the request's end point, so you shouldn't need this method, but it's provided for the edge case where the information is not in the endpoint.

Specified by:
setRegionName in interface RegionAwareSigner
Parameters:
regionName - The region name to use when calculating signatures in this signer.

addSessionCredentials

protected void addSessionCredentials(Request<?> request,
                                     AWSSessionCredentials credentials)
Description copied from class: AbstractAWSSigner
Adds session credentials to the request given.

Specified by:
addSessionCredentials in class AbstractAWSSigner
Parameters:
request - The request to add session credentials information to
credentials - The session credentials to add to the request

extractRegionName

protected String extractRegionName(URI endpoint)

extractServiceName

protected String extractServiceName(URI endpoint)

getCanonicalizedHeaderString

protected String getCanonicalizedHeaderString(Request<?> request)

getSignedHeadersString

protected String getSignedHeadersString(Request<?> request)

getCanonicalRequest

protected String getCanonicalRequest(Request<?> request,
                                     String contentSha256)

getStringToSign

protected String getStringToSign(String algorithm,
                                 String dateTime,
                                 String scope,
                                 String canonicalRequest)

computeSignature

protected final AWS4Signer.HeaderSigningResult computeSignature(Request<?> request,
                                                                String dateStamp,
                                                                String timeStamp,
                                                                String algorithm,
                                                                String contentSha256,
                                                                AWSCredentials sanitizedCredentials)

getTimeStamp

protected final String getTimeStamp(long dateMilli)

getDateStamp

protected final String getDateStamp(long dateMilli)

getDateFromRequest

protected final long getDateFromRequest(Request<?> request)

addHostHeader

protected void addHostHeader(Request<?> request)

getScope

protected String getScope(Request<?> request,
                          String dateStamp)

calculateContentHash

protected String calculateContentHash(Request<?> request)
Calculate the hash of the request's payload. Subclass could override this method to provide different values for "x-amz-content-sha256" header or do any other necessary set-ups on the request headers. (e.g. aws-chunked uses a pre-defined header value, and needs to change some headers relating to content-encoding and content-length.)

processRequestPayload

protected void processRequestPayload(Request<?> request,
                                     AWS4Signer.HeaderSigningResult headerSigningResult)
Subclass could override this method to perform any additional procedure on the request payload, with access to the result from signing the header. (e.g. Signing the payload by chunk-encoding). The default implementation doesn't need to do anything.

presignRequest

public void presignRequest(Request<?> request,
                           AWSCredentials credentials,
                           Date expiration)
Description copied from interface: Presigner
Signs the request by adding the signature to the URL rather than as a header. This method is expected to modify the passed-in request to add the signature.

Specified by:
presignRequest in interface Presigner
Parameters:
request - The request to sign.
credentials - The credentials to sign it with.
expiration - The time when this presigned URL will expire.

calculateContentHashPresign

protected String calculateContentHashPresign(Request<?> request)
Calculate the hash of the request's payload. In case of pre-sign, the existing code would generate the hash of an empty byte array and returns it. This method can be overridden by sub classes to provide different values (e.g) For S3 pre-signing, the content hash calculation is different from the general implementation.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2016. All rights reserved.