/** * Add a field to the to-string result. * @param fieldName The name of the field. Must not be null. * @param field The value of the field. Value is ignored if null. */ public ToString add(String fieldName, Object field) { if (field != null) { String value; if (field.getClass().isArray()) { if (field instanceof byte[]) { value = "0x" + BinaryUtils.toHex((byte[]) field); } else { value = Arrays.toString((Object[]) field); } } else { value = String.valueOf(field); } result.append(fieldName).append("=").append(value).append(", "); } return this; }
/** * Add a field to the to-string result. * @param fieldName The name of the field. Must not be null. * @param field The value of the field. Value is ignored if null. */ public ToString add(String fieldName, Object field) { if (field != null) { String value; if (field.getClass().isArray()) { if (field instanceof byte[]) { value = "0x" + BinaryUtils.toHex((byte[]) field); } else { value = Arrays.toString((Object[]) field); } } else { value = String.valueOf(field); } result.append(fieldName).append("=").append(value).append(", "); } return this; }
priorChunkSignature + "\n" + AbstractAws4Signer.EMPTY_STRING_SHA256_HEX + "\n" + BinaryUtils.toHex(sha256.digest(chunkData)); String chunkSignature = BinaryUtils.toHex(aws4Signer.signWithMac(chunkStringToSign, hmacSha256)); priorChunkSignature = chunkSignature; chunkHeader.append(CHUNK_SIGNATURE_HEADER)
priorChunkSignature + "\n" + AbstractAws4Signer.EMPTY_STRING_SHA256_HEX + "\n" + BinaryUtils.toHex(sha256.digest(chunkData)); String chunkSignature = BinaryUtils.toHex(aws4Signer.signWithMac(chunkStringToSign, hmacSha256)); priorChunkSignature = chunkSignature; chunkHeader.append(CHUNK_SIGNATURE_HEADER)
/** * Returns the hex-encoded MD5 hash String of the given message body. */ private static String calculateMessageBodyMd5(String messageBody) { log.debug(() -> "Message body: " + messageBody); byte[] expectedMd5; try { expectedMd5 = Md5Utils.computeMD5Hash(messageBody.getBytes(StandardCharsets.UTF_8)); } catch (Exception e) { throw SdkClientException.builder() .message("Unable to calculate the MD5 hash of the message body. " + e.getMessage()) .cause(e) .build(); } String expectedMd5Hex = BinaryUtils.toHex(expectedMd5); log.debug(() -> "Expected MD5 of message body: " + expectedMd5Hex); return expectedMd5Hex; }
/** * Returns the hex-encoded MD5 hash String of the given message body. */ private static String calculateMessageBodyMd5(String messageBody) { log.debug(() -> "Message body: " + messageBody); byte[] expectedMd5; try { expectedMd5 = Md5Utils.computeMD5Hash(messageBody.getBytes(StandardCharsets.UTF_8)); } catch (Exception e) { throw SdkClientException.builder() .message("Unable to calculate the MD5 hash of the message body. " + e.getMessage()) .cause(e) .build(); } String expectedMd5Hex = BinaryUtils.toHex(expectedMd5); log.debug(() -> "Expected MD5 of message body: " + expectedMd5Hex); return expectedMd5Hex; }
/** * Calculate the hash of the request's payload. Subclass could override this * method to provide different values for "x-amz-content-sha256" header or * do any other necessary set-ups on the request headers. (e.g. aws-chunked * uses a pre-defined header value, and needs to change some headers * relating to content-encoding and content-length.) */ protected String calculateContentHash(SdkHttpFullRequest.Builder mutableRequest, T signerParams) { InputStream payloadStream = getBinaryRequestPayloadStream(mutableRequest.contentStreamProvider()); return BinaryUtils.toHex(hash(payloadStream)); }
private AwsChunkedEncodingInputStream asChunkEncodedStream(InputStream inputStream, byte[] signature, byte[] signingKey, Aws4SignerRequestParams signerRequestParams) { return new AwsChunkedEncodingInputStream( inputStream, signingKey, signerRequestParams.getFormattedSigningDateTime(), signerRequestParams.getScope(), BinaryUtils.toHex(signature), this); }
/** * Calculate the hash of the request's payload. Subclass could override this * method to provide different values for "x-amz-content-sha256" header or * do any other necessary set-ups on the request headers. (e.g. aws-chunked * uses a pre-defined header value, and needs to change some headers * relating to content-encoding and content-length.) */ protected String calculateContentHash(SdkHttpFullRequest.Builder mutableRequest, T signerParams) { InputStream payloadStream = getBinaryRequestPayloadStream(mutableRequest.contentStreamProvider()); return BinaryUtils.toHex(hash(payloadStream)); }
private AwsChunkedEncodingInputStream asChunkEncodedStream(InputStream inputStream, byte[] signature, byte[] signingKey, Aws4SignerRequestParams signerRequestParams) { return new AwsChunkedEncodingInputStream( inputStream, signingKey, signerRequestParams.getFormattedSigningDateTime(), signerRequestParams.getScope(), BinaryUtils.toHex(signature), this); }
byte[] signatureBytes = signEventStream(priorSignature, key, signingDate, requestParams, nonSignatureHeaders, payload); priorSignature = BinaryUtils.toHex(signatureBytes);
byte[] signatureBytes = signEventStream(priorSignature, key, signingDate, requestParams, nonSignatureHeaders, payload); priorSignature = BinaryUtils.toHex(signatureBytes);
/** * Creates the authorization header to be included in the request. */ private String buildAuthorizationHeader(byte[] signature, AwsCredentials credentials, Aws4SignerRequestParams signerParams, SdkHttpFullRequest.Builder mutableRequest) { String signingCredentials = credentials.accessKeyId() + "/" + signerParams.getScope(); String credential = "Credential=" + signingCredentials; String signerHeaders = "SignedHeaders=" + getSignedHeadersString(mutableRequest.headers()); String signatureHeader = "Signature=" + BinaryUtils.toHex(signature); return SignerConstant.AWS4_SIGNING_ALGORITHM + " " + credential + ", " + signerHeaders + ", " + signatureHeader; }
/** * Creates the authorization header to be included in the request. */ private String buildAuthorizationHeader(byte[] signature, AwsCredentials credentials, Aws4SignerRequestParams signerParams, SdkHttpFullRequest.Builder mutableRequest) { String signingCredentials = credentials.accessKeyId() + "/" + signerParams.getScope(); String credential = "Credential=" + signingCredentials; String signerHeaders = "SignedHeaders=" + getSignedHeadersString(mutableRequest.headers()); String signatureHeader = "Signature=" + BinaryUtils.toHex(signature); return SignerConstant.AWS4_SIGNING_ALGORITHM + " " + credential + ", " + signerHeaders + ", " + signatureHeader; }
String expectedMd5Hex = BinaryUtils.toHex(md5Digest.digest()); log.debug(() -> "Expected MD5 of message attributes: " + expectedMd5Hex); return expectedMd5Hex;
/** * Step 2 of the AWS Signature version 4 calculation. Refer to * http://docs.aws * .amazon.com/general/latest/gr/sigv4-create-string-to-sign.html. */ private String createStringToSign(String canonicalRequest, Aws4SignerRequestParams requestParams) { String stringToSign = requestParams.getSigningAlgorithm() + SignerConstant.LINE_SEPARATOR + requestParams.getFormattedSigningDateTime() + SignerConstant.LINE_SEPARATOR + requestParams.getScope() + SignerConstant.LINE_SEPARATOR + BinaryUtils.toHex(hash(canonicalRequest)); LOG.debug(() -> "AWS4 String to sign: " + stringToSign); return stringToSign; }
/** * Step 2 of the AWS Signature version 4 calculation. Refer to * http://docs.aws * .amazon.com/general/latest/gr/sigv4-create-string-to-sign.html. */ private String createStringToSign(String canonicalRequest, Aws4SignerRequestParams requestParams) { String stringToSign = requestParams.getSigningAlgorithm() + SignerConstant.LINE_SEPARATOR + requestParams.getFormattedSigningDateTime() + SignerConstant.LINE_SEPARATOR + requestParams.getScope() + SignerConstant.LINE_SEPARATOR + BinaryUtils.toHex(hash(canonicalRequest)); LOG.debug(() -> "AWS4 String to sign: " + stringToSign); return stringToSign; }
protected SdkHttpFullRequest.Builder doPresign(SdkHttpFullRequest request, Aws4SignerRequestParams requestParams, U signingParams) { SdkHttpFullRequest.Builder mutableRequest = request.toBuilder(); long expirationInSeconds = generateExpirationTime(signingParams); addHostHeader(mutableRequest); AwsCredentials sanitizedCredentials = sanitizeCredentials(signingParams.awsCredentials()); if (sanitizedCredentials instanceof AwsSessionCredentials) { // For SigV4 pre-signing URL, we need to add "X-Amz-Security-Token" // as a query string parameter, before constructing the canonical // request. mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SECURITY_TOKEN, ((AwsSessionCredentials) sanitizedCredentials).sessionToken()); } // Add the important parameters for v4 signing String timeStamp = requestParams.getFormattedSigningDateTime(); addPreSignInformationToRequest(mutableRequest, sanitizedCredentials, requestParams, timeStamp, expirationInSeconds); String contentSha256 = calculateContentHashPresign(mutableRequest, signingParams); String canonicalRequest = createCanonicalRequest(mutableRequest, contentSha256, signingParams.doubleUrlEncode()); String stringToSign = createStringToSign(canonicalRequest, requestParams); byte[] signingKey = deriveSigningKey(sanitizedCredentials, requestParams); byte[] signature = computeSignature(stringToSign, signingKey); mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNATURE, BinaryUtils.toHex(signature)); return mutableRequest; }
protected SdkHttpFullRequest.Builder doPresign(SdkHttpFullRequest request, Aws4SignerRequestParams requestParams, U signingParams) { SdkHttpFullRequest.Builder mutableRequest = request.toBuilder(); long expirationInSeconds = generateExpirationTime(signingParams); addHostHeader(mutableRequest); AwsCredentials sanitizedCredentials = sanitizeCredentials(signingParams.awsCredentials()); if (sanitizedCredentials instanceof AwsSessionCredentials) { // For SigV4 pre-signing URL, we need to add "X-Amz-Security-Token" // as a query string parameter, before constructing the canonical // request. mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SECURITY_TOKEN, ((AwsSessionCredentials) sanitizedCredentials).sessionToken()); } // Add the important parameters for v4 signing String timeStamp = requestParams.getFormattedSigningDateTime(); addPreSignInformationToRequest(mutableRequest, sanitizedCredentials, requestParams, timeStamp, expirationInSeconds); String contentSha256 = calculateContentHashPresign(mutableRequest, signingParams); String canonicalRequest = createCanonicalRequest(mutableRequest, contentSha256, signingParams.doubleUrlEncode()); String stringToSign = createStringToSign(canonicalRequest, requestParams); byte[] signingKey = deriveSigningKey(sanitizedCredentials, requestParams); byte[] signature = computeSignature(stringToSign, signingKey); mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNATURE, BinaryUtils.toHex(signature)); return mutableRequest; }