software.amazon.awssdk.crt.auth.signing

Class AwsSigningConfig

java.lang.Object

software.amazon.awssdk.crt.CrtResource

software.amazon.awssdk.crt.auth.signing.AwsSigningConfig

All Implemented Interfaces:

AutoCloseable

public class AwsSigningConfig
extends CrtResource

A class representing configuration related to signing something "signable" (an http request, a body chunk, a stream event) via an AWS signing process.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AwsSigningConfig.AwsSignatureType What sort of signature should be computed from the signable?
static class	AwsSigningConfig.AwsSignedBodyHeaderType Controls if signing adds a header containing the canonical request's body value
class	AwsSigningConfig.AwsSignedBodyValue A set of string constants for various canonical request payload values.
static class	AwsSigningConfig.AwsSigningAlgorithm What version of the AWS signing process should we use.

Nested classes/interfaces inherited from class software.amazon.awssdk.crt.CrtResource

CrtResource.ResourceInstance

Constructor Summary

Constructors

Constructor and Description
AwsSigningConfig()

Method Summary

Modifier and Type	Method and Description
protected boolean	canReleaseReferencesImmediately() Override that determines whether a resource releases its dependencies at the same time the native handle is released or if it waits.
AwsSigningConfig	clone()
AwsSigningConfig.AwsSigningAlgorithm	getAlgorithm() Gets what version of the AWS signing procecss will be used
Credentials	getCredentials() Gets the credentials to use for signing.
CredentialsProvider	getCredentialsProvider() Gets the provider to source credentials from before signing
long	getExpirationInSeconds() Gets the expiration time in seconds to use when signing to make a pre-signed url.
boolean	getOmitSessionToken() Gets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials.
String	getRegion() Gets what will be used for the region or region-set concept during signing.
String	getService() Gets what service signing name will be used
boolean	getShouldNormalizeUriPath() Gets whether or not the uri path should be normalized during canonical request construction
java.util.function.Predicate<String>	getShouldSignHeader() Gets the header-name signing predicate filter to use
AwsSigningConfig.AwsSignatureType	getSignatureType() Gets what kind of signature will be computed
AwsSigningConfig.AwsSignedBodyHeaderType	getSignedBodyHeader() Gets what signed body header should hold the payload hash (or override value).
String	getSignedBodyValue() Gets the payload hash override to use in canonical request construction.
long	getTime() Gets the point in time (in milliseconds since epoch) that signing will be done relative to
boolean	getUseDoubleUriEncode() Gets whether or not signing will uri encode urls during canonical request construction
protected void	releaseNativeHandle() Required override method that must begin the release process of the acquired native handle
void	setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm algorithm) Sets what version of the AWS signing process should be used
void	setCredentials(Credentials credentials) Sets the credentials to use for signing.
void	setCredentialsProvider(CredentialsProvider credentialsProvider) Sets the provider to use to source credentials from before signing.
void	setExpirationInSeconds(long expirationInSeconds) Sets the expiration time in seconds when using query param signing (pre-signed url).
void	setOmitSessionToken(boolean omitSessionToken) Sets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials.
void	setRegion(String region) Sets what to use for region when signing.
void	setService(String service) Sets what service signing name to use.
void	setShouldNormalizeUriPath(boolean shouldNormalizeUriPath) Sets whether or not the uri path should be normalized during canonical request construction
void	setShouldSignHeader(java.util.function.Predicate<String> shouldSignHeader) Sets a header-name signing predicate filter.
void	setSignatureType(AwsSigningConfig.AwsSignatureType signatureType) Sets what sort of signature should be computed
void	setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType signedBodyHeader) Sets what signed body header should hold the payload hash (or override value).
void	setSignedBodyValue(String signedBodyValue) Sets the payload hash override value to use in canonical request construction.
void	setTime(long time) Sets the point in time that signing should be relative to.
void	setUseDoubleUriEncode(boolean useDoubleUriEncode) Sets whether or not signing should uri encode urls as part of canonical request construction.

Methods inherited from class software.amazon.awssdk.crt.CrtResource

acquireNativeHandle, addRef, addReferenceTo, close, collectNativeResource, collectNativeResources, decRef, getNativeHandle, getResourceLogDescription, isNull, logNativeResources, releaseReferences, removeReferenceTo, setDescription, swapReferenceTo, waitForNoResources

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AwsSigningConfig

public AwsSigningConfig()

Method Detail

clone

public AwsSigningConfig clone()

Overrides:

clone in class Object

releaseNativeHandle

protected void releaseNativeHandle()

Required override method that must begin the release process of the acquired native handle

Specified by:

releaseNativeHandle in class CrtResource

canReleaseReferencesImmediately

protected boolean canReleaseReferencesImmediately()

Override that determines whether a resource releases its dependencies at the same time the native handle is released or if it waits. Resources with asynchronous shutdown processes should override this with false, and establish a callback from native code that invokes releaseReferences() when the asynchronous shutdown process has completed. See HttpClientConnectionManager for an example.

Specified by:

canReleaseReferencesImmediately in class CrtResource

Returns:

true if this resource releases synchronously, false if this resource performs async shutdown

setAlgorithm

public void setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm algorithm)

Sets what version of the AWS signing process should be used

Parameters:

algorithm - desired version of the AWS signing process

getAlgorithm

public AwsSigningConfig.AwsSigningAlgorithm getAlgorithm()

Gets what version of the AWS signing procecss will be used

Returns:

what version of the AWS signing procecss will be used

setSignatureType

public void setSignatureType(AwsSigningConfig.AwsSignatureType signatureType)

Sets what sort of signature should be computed

Parameters:

signatureType - what kind of signature to compute

getSignatureType

public AwsSigningConfig.AwsSignatureType getSignatureType()

Gets what kind of signature will be computed

Returns:

what kind of signature will be computed

setRegion

public void setRegion(String region)

Sets what to use for region when signing. Depending on the algorithm, this may not be an actual region name and so no validation is done on this parameter. In sigv4a, this value is used for the "region-set" concept.

Parameters:

region - region value to use when signing

getRegion

public String getRegion()

Gets what will be used for the region or region-set concept during signing.

Returns:

what will be used for the region or region-set concept during signing

setService

public void setService(String service)

Sets what service signing name to use.

Parameters:

service - signing name of the service that this signing calculation should use

getService

public String getService()

Gets what service signing name will be used

Returns:

what service signing name will be used

setTime

public void setTime(long time)

Sets the point in time that signing should be relative to. Not Instant for Android API level support reasons. Additionally, for http requests, X-Amz-Date will be added to the request using this time point.

Parameters:

time - point in time, as milliseconds since epoch, that signing should be relative to

getTime

public long getTime()

Gets the point in time (in milliseconds since epoch) that signing will be done relative to

Returns:

the point in time (in milliseconds since epoch) that signing will be done relative to

setCredentialsProvider

public void setCredentialsProvider(CredentialsProvider credentialsProvider)

Sets the provider to use to source credentials from before signing.

Parameters:

credentialsProvider - provider to retrieve credentials from prior to signing

getCredentialsProvider

public CredentialsProvider getCredentialsProvider()

Gets the provider to source credentials from before signing

Returns:

the provider to source credentials from before signing

setCredentials

public void setCredentials(Credentials credentials)

Sets the credentials to use for signing. Overrides the provider setting if non-null.

Parameters:

credentials - credentials to use for signing

getCredentials

public Credentials getCredentials()

Gets the credentials to use for signing.

Returns:

credentials to use for signing

setShouldSignHeader

public void setShouldSignHeader(java.util.function.Predicate<String> shouldSignHeader)

Sets a header-name signing predicate filter. Headers that do not pass the filter will not be signed.

Parameters:

shouldSignHeader - header-name signing predicate filter

getShouldSignHeader

public java.util.function.Predicate<String> getShouldSignHeader()

Gets the header-name signing predicate filter to use

Returns:

the header-name signing predicate filter to use

setUseDoubleUriEncode

public void setUseDoubleUriEncode(boolean useDoubleUriEncode)

Sets whether or not signing should uri encode urls as part of canonical request construction. We assume the uri will be encoded once in preparation for transmission. Certain services do not decode before checking signature, requiring us to actually double-encode the uri in the canonical request in order to pass a signature check.

Parameters:

useDoubleUriEncode - should signing uri encode urls in the canonical request

getUseDoubleUriEncode

public boolean getUseDoubleUriEncode()

Gets whether or not signing will uri encode urls during canonical request construction

Returns:

whether or not signing will uri encode urls during canonical request construction

setShouldNormalizeUriPath

public void setShouldNormalizeUriPath(boolean shouldNormalizeUriPath)

Sets whether or not the uri path should be normalized during canonical request construction

Parameters:

shouldNormalizeUriPath - whether or not the uri path should be normalized during canonical request construction

getShouldNormalizeUriPath

public boolean getShouldNormalizeUriPath()

Gets whether or not the uri path should be normalized during canonical request construction

Returns:

whether or not the uri path should be normalized during canonical request construction

setOmitSessionToken

public void setOmitSessionToken(boolean omitSessionToken)

Sets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials. "X-Amz-Security-Token" is added during signing, as a header or query param, when credentials have a session token. If false (the default), this parameter is included in the canonical request. If true, this parameter is still added, but omitted from the canonical request.

Parameters:

omitSessionToken - whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials

getOmitSessionToken

public boolean getOmitSessionToken()

Gets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials.

Returns:

whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials

setSignedBodyValue

public void setSignedBodyValue(String signedBodyValue)

Sets the payload hash override value to use in canonical request construction. If the signed body header type is not set to null, then the designated header will also take on this value. If this value is NULL, then the signer will compute the SHA256 of the body stream and use that instead.

Parameters:

signedBodyValue - payload hash override value to use in canonical request construction

getSignedBodyValue

public String getSignedBodyValue()

Gets the payload hash override to use in canonical request construction.

Returns:

the payload hash override to use in canonical request construction

setSignedBodyHeader

public void setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType signedBodyHeader)

Sets what signed body header should hold the payload hash (or override value).

Parameters:

signedBodyHeader - what signed body header should hold the payload hash (or override value)

getSignedBodyHeader

public AwsSigningConfig.AwsSignedBodyHeaderType getSignedBodyHeader()

Gets what signed body header should hold the payload hash (or override value).

Returns:

what signed body header should hold the payload hash (or override value)

setExpirationInSeconds

public void setExpirationInSeconds(long expirationInSeconds)

Sets the expiration time in seconds when using query param signing (pre-signed url). The appropriate query param will be added to the URL when building the canonical and signed requests.

Parameters:

expirationInSeconds - time in seconds that a pre-signed url will be valid for

getExpirationInSeconds

public long getExpirationInSeconds()

Gets the expiration time in seconds to use when signing to make a pre-signed url.

Returns:

the expiration time in seconds for a pre-signed url