Package org.jclouds.s3.filters

Class Aws4SignerBase

java.lang.Object
org.jclouds.s3.filters.Aws4SignerBase
Direct Known Subclasses:
Aws4SignerForAuthorizationHeader, Aws4SignerForChunkedUpload, Aws4SignerForQueryString
public abstract class Aws4SignerBase extends Object
Common methods and properties for all AWS4 signer variants

  • Field Details

    • timestampFormat

      protected final DateFormat timestampFormat

    • dateFormat

      protected final DateFormat dateFormat

    • headerTag

      protected final String headerTag

    • serviceAndRegion

      protected final Aws4SignerBase.ServiceAndRegion serviceAndRegion

    • signatureWire

      protected final org.jclouds.http.internal.SignatureWire signatureWire

    • creds

      protected final com.google.common.base.Supplier<org.jclouds.domain.Credentials> creds

    • timestampProvider

      protected final com.google.common.base.Supplier<Date> timestampProvider

    • crypto

      protected final org.jclouds.crypto.Crypto crypto

  • Constructor Details

    • Aws4SignerBase

      protected Aws4SignerBase(org.jclouds.http.internal.SignatureWire signatureWire, String headerTag, com.google.common.base.Supplier<org.jclouds.domain.Credentials> creds, com.google.common.base.Supplier<Date> timestampProvider, Aws4SignerBase.ServiceAndRegion serviceAndRegion, org.jclouds.crypto.Crypto crypto)

  • Method Details

    • hostHeaderFor

      protected static String hostHeaderFor(URI endpoint)

    • getContentType

      protected String getContentType(org.jclouds.http.HttpRequest request)

    • getContentLength

      protected String getContentLength(org.jclouds.http.HttpRequest request)

    • appendAmzHeaders

      protected void appendAmzHeaders(org.jclouds.http.HttpRequest request, com.google.common.collect.ImmutableMap.Builder<String,String> signedHeadersBuilder)

    • signatureKey

      protected byte[] signatureKey(String secretKey, String datestamp, String region, String service)
      caluclate AWS signature key.

      DateKey = hmacSHA256(datestamp, "AWS4"+ secretKey)
      DateRegionKey = hmacSHA256(region, DateKey)
      DateRegionServiceKey = hmacSHA256(service, DateRegionKey)
      SigningKey = hmacSHA256("aws4_request", DateRegionServiceKey)

      Parameters:
      secretKey - AWS access secret key
      datestamp - date yyyyMMdd
      region - AWS region
      service - AWS service
      Returns:
      SigningKey

    • hmacSHA256

      protected byte[] hmacSHA256(String toSign, byte[] key)
      hmac sha256
      Parameters:
      toSign - string to sign
      key - hash key

    • hmacSHA256

      public static com.google.common.io.ByteProcessor<byte[]> hmacSHA256(org.jclouds.crypto.Crypto crypto, byte[] signatureKey) throws InvalidKeyException
      Throws:
      InvalidKeyException

    • hash

      public static byte[] hash(InputStream input) throws org.jclouds.http.HttpException
      hash input with sha256
      Parameters:
      input -
      Returns:
      hash result
      Throws:
      org.jclouds.http.HttpException

    • hash

      public static byte[] hash(byte[] bytes) throws org.jclouds.http.HttpException
      hash input with sha256
      Parameters:
      bytes - input bytes
      Returns:
      hash result
      Throws:
      org.jclouds.http.HttpException

    • hash

      public static byte[] hash(String input) throws org.jclouds.http.HttpException
      hash string (encoding UTF_8) with sha256
      Parameters:
      input - input stream
      Returns:
      hash result
      Throws:
      org.jclouds.http.HttpException

    • getCanonicalizedQueryString

      protected String getCanonicalizedQueryString(String queryString)
      Examines the specified query string parameters and returns a canonicalized form.

      The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an 'invalid input: '&''.

      Parameters:
      queryString - The query string parameters to be canonicalized.
      Returns:
      A canonicalized form for the specified query string parameters.

    • urlEncode

      public static String urlEncode(String value)
      Encode a string for use in the path of a URL; uses URLEncoder.encode, (which encodes a string for use in the query portion of a URL), then applies some postfilters to fix things up per the RFC. Can optionally handle strings which are meant to encode a path (ie include '/'es which should NOT be escaped).
      Parameters:
      value - the value to encode
      Returns:
      the encoded value

    • hex

      public static String hex(byte[] bytes)
      Lowercase base 16 encoding.
      Parameters:
      bytes - bytes
      Returns:
      base16 lower case hex string.

    • createStringToSign

      protected String createStringToSign(String method, URI endpoint, Map<String,String> signedHeaders, String timestamp, String credentialScope, String hashedPayload)
      Create a Canonical Request to sign

      Canonical Request

      <HTTPMethod>\n
      <CanonicalURI>\n
      <CanonicalQueryString>\n
      <CanonicalHeaders>\n
      <SignedHeaders>\n
      <HashedPayload>

      HTTPMethod is one of the HTTP methods, for example GET, PUT, HEAD, and DELETE.

      CanonicalURI is the URI-encoded version of the absolute path component of the URI—everything starting with the "/" that follows the domain name and up to the end of the string or to the question mark character ('?') if you have query string parameters.

      CanonicalQueryString specifies the URI-encoded query string parameters. You URI-encode name and values individually. You must also sort the parameters in the canonical query string alphabetically by key name. The sorting occurs after encoding.

      CanonicalHeaders is a list of request headers with their values. Individual header name and value pairs are separated by the newline character ("\n"). Header names must be in lowercase. Header value must be trim space.
      The CanonicalHeaders list must include the following: HTTP host header. If the Content-Type header is present in the request, it must be added to the CanonicalHeaders list. Any x-amz-* headers that you plan to include in your request must also be added.

      SignedHeaders is an alphabetically sorted, semicolon-separated list of lowercase request header names. The request headers in the list are the same headers that you included in the CanonicalHeaders string.

      HashedPayload is the hexadecimal value of the SHA256 hash of the request payload.

      If there is no payload in the request, you compute a hash of the empty string as follows: Hex(SHA256Hash("")) The hash returns the following value: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      Parameters:
      method - http request method
      endpoint - http request endpoing
      signedHeaders - signed headers
      timestamp - ISO8601 timestamp
      credentialScope - credential scope
      Returns:
      string to sign

    • lowerCaseNaturalOrderKeys

      protected static Map<String,String> lowerCaseNaturalOrderKeys(Map<String,String> in)
      change the keys but keep the values in-tact.
      Parameters:
      in - input map to transform
      Returns:
      immutableSortedMap with the new lowercase keys.