/** * Generates a new signing key from the given parameters and returns it. */ protected byte[] newSigningKey(AWSCredentials credentials, String dateStamp, String regionName, String serviceName) { byte[] kSecret = ("AWS4" + credentials.getAWSSecretKey()) .getBytes(Charset.forName("UTF-8")); byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); return sign(AWS4_TERMINATOR, kService, SigningAlgorithm.HmacSHA256); } }
/** * Step 3 of the AWS Signature version 4 calculation. It involves deriving * the signing key and computing the signature. Refer to * http://docs.aws.amazon * .com/general/latest/gr/sigv4-calculate-signature.html */ protected final byte[] computeSignature(String stringToSign, byte[] signingKey, AWS4SignerRequestParams signerRequestParams) { return sign(stringToSign.getBytes(Charset.forName("UTF-8")), signingKey, SigningAlgorithm.HmacSHA256); }
@Override public void sign(SignableRequest<?> request, AWSCredentials credentials) { request.getHeaders().put(X_AMZ_CONTENT_SHA256, "required"); super.sign(request, credentials); }
/** * Step 3 of the AWS Signature version 4 calculation. It involves deriving * the signing key and computing the signature. Refer to * http://docs.aws.amazon * .com/general/latest/gr/sigv4-calculate-signature.html */ protected final byte[] computeSignature(String stringToSign, byte[] signingKey, AWS4SignerRequestParams signerRequestParams) { return sign(stringToSign.getBytes(Charset.forName("UTF-8")), signingKey, SigningAlgorithm.HmacSHA256); }
/** * Generates a new signing key from the given parameters and returns it. */ protected byte[] newSigningKey(AWSCredentials credentials, String dateStamp, String regionName, String serviceName) { byte[] kSecret = ("AWS4" + credentials.getAWSSecretKey()) .getBytes(Charset.forName("UTF-8")); byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); return sign(AWS4_TERMINATOR, kService, SigningAlgorithm.HmacSHA256); } }
@Override public void sign(SignableRequest<?> request, AWSCredentials credentials) { request.getHeaders().put(X_AMZ_CONTENT_SHA256, "required"); super.sign(request, credentials); }
@SuppressWarnings("checkstyle:hiddenfield") protected final HeaderSigningResult computeSignature( Request<?> request, String dateStamp, String timeStamp, String algorithm, String contentSha256, AWSCredentials sanitizedCredentials) { final String regionName = extractRegionName(request.getEndpoint()); final String serviceName = extractServiceName(request.getEndpoint()); final String scope = dateStamp + "/" + regionName + "/" + serviceName + "/" + TERMINATOR; final String stringToSign = getStringToSign(algorithm, timeStamp, scope, getCanonicalRequest(request, contentSha256)); // AWS4 uses a series of derived keys, formed by hashing different // pieces of data final byte[] kSecret = ("AWS4" + sanitizedCredentials.getAWSSecretKey()) .getBytes(StringUtils.UTF8); final byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); final byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); final byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); final byte[] kSigning = sign(TERMINATOR, kService, SigningAlgorithm.HmacSHA256); final byte[] signature = sign(stringToSign.getBytes(StringUtils.UTF8), kSigning, SigningAlgorithm.HmacSHA256); return new HeaderSigningResult(timeStamp, scope, kSigning, signature); }
BinaryUtils.toHex(aws4Signer.hash(nonsigExtension)) + "\n" + BinaryUtils.toHex(aws4Signer.hash(chunkData)); final String chunkSignature = BinaryUtils.toHex(aws4Signer.sign(chunkStringToSign, kSigning, SigningAlgorithm.HmacSHA256)); priorChunkSignature = chunkSignature;
/** * Tests that if passed anonymous credentials, signer will not generate a * signature */ @Test public void testAnonymous() throws Exception { final AWSCredentials credentials = new AnonymousAWSCredentials(); final Request<?> request = generateBasicRequest(); final Calendar c = new GregorianCalendar(); c.set(1981, 1, 16, 6, 30, 0); c.setTimeZone(TimeZone.getTimeZone("UTC")); signer.overrideDate(c.getTime()); signer.sign(request, credentials); assertNull(request.getHeaders().get("Authorization")); }
@Test public void testSigning() throws Exception { final String EXPECTED_AUTHORIZATION_HEADER_WITHOUT_SHA256_HEADER = "AWS4-HMAC-SHA256 Credential=access/19810216/us-east-1/demo/aws4_request, SignedHeaders=host;x-amz-archive-description;x-amz-date, Signature=77fe7c02927966018667f21d1dc3dfad9057e58401cbb9ed64f1b7868288e35a"; final String EXPECTED_AUTHORIZATION_HEADER_WITH_SHA256_HEADER = "AWS4-HMAC-SHA256 Credential=access/19810216/us-east-1/demo/aws4_request, SignedHeaders=host;x-amz-archive-description;x-amz-date;x-amz-sha256, Signature=e73e20539446307a5dc71252dbd5b97e861f1d1267456abda3ebd8d57e519951"; final AWSCredentials credentials = new BasicAWSCredentials("access", "secret"); // Test request without 'x-amz-sha256' header Request<?> request = generateBasicRequest(); final Calendar c = new GregorianCalendar(); c.set(1981, 1, 16, 6, 30, 0); c.setTimeZone(TimeZone.getTimeZone("UTC")); signer.overrideDate(c.getTime()); signer.sign(request, credentials); assertEquals(EXPECTED_AUTHORIZATION_HEADER_WITHOUT_SHA256_HEADER, request.getHeaders().get("Authorization")); // Test request with 'x-amz-sha256' header request = generateBasicRequest(); request.addHeader("x-amz-sha256", "required"); signer.sign(request, credentials); assertEquals(EXPECTED_AUTHORIZATION_HEADER_WITH_SHA256_HEADER, request.getHeaders().get("Authorization")); }
/** * Step 3 of the AWS Signature version 4 calculation. It involves deriving * the signing key and computing the signature. Refer to * http://docs.aws.amazon * .com/general/latest/gr/sigv4-calculate-signature.html */ protected final byte[] computeSignature(String stringToSign, byte[] signingKey, AWS4SignerRequestParams signerRequestParams) { return sign(stringToSign.getBytes(Charset.forName("UTF-8")), signingKey, SigningAlgorithm.HmacSHA256); }
/** * Generates a new signing key from the given parameters and returns it. */ protected byte[] newSigningKey(AWSCredentials credentials, String dateStamp, String regionName, String serviceName) { byte[] kSecret = ("AWS4" + credentials.getAWSSecretKey()) .getBytes(Charset.forName("UTF-8")); byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); return sign(AWS4_TERMINATOR, kService, SigningAlgorithm.HmacSHA256); } }
/** * Signs a request using AWS signature V4. * @param request the request instance * @param accessKey the app's access key * @param secretKey the app's secret key */ public void sign(Request<?> request, String accessKey, String secretKey) { super.sign(request, new BasicAWSCredentials(accessKey, secretKey)); resetDate(); }
/** * Signs a request using AWS signature V4. * @param request the request instance * @param accessKey the app's access key * @param secretKey the app's secret key */ public void sign(Request<?> request, String accessKey, String secretKey) { super.sign(request, new BasicAWSCredentials(accessKey, secretKey)); resetDate(); }
@Override public void sign(SignableRequest<?> request, AWSCredentials credentials) { request.getHeaders().put(X_AMZ_CONTENT_SHA256, "required"); super.sign(request, credentials); }
@Override public void addAuth(HttpURLConnection urlConnection, String body) { signer.sign(new URLConnectionSignableRequest(urlConnection, body), credentials); }
@SuppressWarnings("checkstyle:hiddenfield") protected final HeaderSigningResult computeSignature( Request<?> request, String dateStamp, String timeStamp, String algorithm, String contentSha256, AWSCredentials sanitizedCredentials) { final String regionName = extractRegionName(request.getEndpoint()); final String serviceName = extractServiceName(request.getEndpoint()); final String scope = dateStamp + "/" + regionName + "/" + serviceName + "/" + TERMINATOR; final String stringToSign = getStringToSign(algorithm, timeStamp, scope, getCanonicalRequest(request, contentSha256)); // AWS4 uses a series of derived keys, formed by hashing different // pieces of data final byte[] kSecret = ("AWS4" + sanitizedCredentials.getAWSSecretKey()) .getBytes(StringUtils.UTF8); final byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); final byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); final byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); final byte[] kSigning = sign(TERMINATOR, kService, SigningAlgorithm.HmacSHA256); final byte[] signature = sign(stringToSign.getBytes(StringUtils.UTF8), kSigning, SigningAlgorithm.HmacSHA256); return new HeaderSigningResult(timeStamp, scope, kSigning, signature); }
@SuppressWarnings("checkstyle:hiddenfield") protected final HeaderSigningResult computeSignature( Request<?> request, String dateStamp, String timeStamp, String algorithm, String contentSha256, AWSCredentials sanitizedCredentials) { final String regionName = extractRegionName(request.getEndpoint()); final String serviceName = extractServiceName(request.getEndpoint()); final String scope = dateStamp + "/" + regionName + "/" + serviceName + "/" + TERMINATOR; final String stringToSign = getStringToSign(algorithm, timeStamp, scope, getCanonicalRequest(request, contentSha256)); // AWS4 uses a series of derived keys, formed by hashing different // pieces of data final byte[] kSecret = ("AWS4" + sanitizedCredentials.getAWSSecretKey()) .getBytes(StringUtils.UTF8); final byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); final byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); final byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); final byte[] kSigning = sign(TERMINATOR, kService, SigningAlgorithm.HmacSHA256); final byte[] signature = sign(stringToSign.getBytes(StringUtils.UTF8), kSigning, SigningAlgorithm.HmacSHA256); return new HeaderSigningResult(timeStamp, scope, kSigning, signature); }
@Override public void filter(ClientRequestContext clientRequestContext) throws IOException { // Creates AWSRequest from clientRequestContext. AWSRequest request = new AWSRequest(signer.getServiceName(), clientRequestContext, workers); // Uses AWS4Signer.sign to generate the authentication headers for clientRequestContext. signer.sign(request, awsCredentialsProvider.getCredentials()); } }
private static String getSignedHeaders(AwsIamAuthenticationOptions options) { Map<String, String> headers = createIamRequestHeaders(options); AWS4Signer signer = new AWS4Signer(); DefaultRequest<String> request = new DefaultRequest<>("sts"); request.setContent(new ByteArrayInputStream(REQUEST_BODY.getBytes())); request.setHeaders(headers); request.setHttpMethod(HttpMethodName.POST); request.setEndpoint(options.getEndpointUri()); signer.setServiceName(request.getServiceName()); signer.sign(request, options.getCredentialsProvider().getCredentials()); Map<String, Object> map = new LinkedHashMap<>(); for (Entry<String, String> entry : request.getHeaders().entrySet()) { map.put(entry.getKey(), Collections.singletonList(entry.getValue())); } try { return OBJECT_MAPPER.writeValueAsString(map); } catch (JsonProcessingException e) { throw new IllegalStateException("Cannot serialize headers to JSON", e); } }