Class AWS4Signer

    • Field Detail

      • serviceName

        protected String serviceName
        Service name override for use when the endpoint can't be used to determine the service name.
      • regionName

        protected String regionName
        Region name override for use when the endpoint can't be used to determine the region name.
      • overriddenDate

        protected Date overriddenDate
        Date override for testing only
      • doubleUrlEncode

        protected boolean doubleUrlEncode
        Whether double url-encode the resource path when constructing the canonical request. By default, we enable double url-encoding. TODO: Different sigv4 services seem to be inconsistent on this. So for services that want to suppress this, they should use new AWS4Signer(false).
    • Constructor Detail

      • AWS4Signer

        public AWS4Signer()
        Construct a new AWS4 signer instance. By default, enable double url-encoding.
      • AWS4Signer

        public AWS4Signer​(boolean doubleUrlEncoding)
        Construct a new AWS4 signer instance.
        Parameters:
        doubleUrlEncoding - Whether double url-encode the resource path when constructing the canonical request.
    • Method Detail

      • setServiceName

        public void setServiceName​(String serviceName)
        Sets the service name that this signer should use when calculating request signatures. This can almost always be determined directly from the request's end point, so you shouldn't need this method, but it's provided for the edge case where the information is not in the endpoint.
        Specified by:
        setServiceName in interface ServiceAwareSigner
        Parameters:
        serviceName - The service name to use when calculating signatures in this signer.
      • setRegionName

        public void setRegionName​(String regionName)
        Sets the region name that this signer should use when calculating request signatures. This can almost always be determined directly from the request's end point, so you shouldn't need this method, but it's provided for the edge case where the information is not in the endpoint.
        Specified by:
        setRegionName in interface RegionAwareSigner
        Parameters:
        regionName - The region name to use when calculating signatures in this signer.
      • getRegionName

        public String getRegionName()
        Returns the region name that is used when calculating the signature.
      • getServiceName

        public String getServiceName()
        Returns the service name that is used when calculating the signature.
      • getOverriddenDate

        public Date getOverriddenDate()
        Returns a copy of date that overrides the signing date in the request. Return null by default.
      • sign

        public void sign​(SignableRequest<?> request,
                         AWSCredentials credentials)
        Description copied from interface: Signer
        Sign the given request with the given set of credentials. Modifies the passed-in request to apply the signature.
        Specified by:
        sign in interface Signer
        Parameters:
        request - The request to sign.
        credentials - The credentials to sign the request with.
      • presignRequest

        public void presignRequest​(SignableRequest<?> request,
                                   AWSCredentials credentials,
                                   Date userSpecifiedExpirationDate)
        Description copied from interface: Presigner
        Signs the request by adding the signature to the URL rather than as a header. This method is expected to modify the passed-in request to add the signature.
        Specified by:
        presignRequest in interface Presigner
        Parameters:
        request - The request to sign.
        credentials - The credentials to sign it with.
        userSpecifiedExpirationDate - The time when this presigned URL will expire.
      • createCanonicalRequest

        protected String createCanonicalRequest​(SignableRequest<?> request,
                                                String contentSha256)
        Step 1 of the AWS Signature version 4 calculation. Refer to http://docs.aws .amazon.com/general/latest/gr/sigv4-create-canonical-request.html to generate the canonical request.
      • createStringToSign

        protected String createStringToSign​(String canonicalRequest,
                                            com.amazonaws.auth.internal.AWS4SignerRequestParams signerParams)
        Step 2 of the AWS Signature version 4 calculation. Refer to http://docs.aws .amazon.com/general/latest/gr/sigv4-create-string-to-sign.html.
      • computeSignature

        protected final byte[] computeSignature​(String stringToSign,
                                                byte[] signingKey,
                                                com.amazonaws.auth.internal.AWS4SignerRequestParams signerRequestParams)
        Step 3 of the AWS Signature version 4 calculation. It involves deriving the signing key and computing the signature. Refer to http://docs.aws.amazon .com/general/latest/gr/sigv4-calculate-signature.html
      • getCanonicalizedHeaderString

        protected String getCanonicalizedHeaderString​(SignableRequest<?> request)
      • shouldExcludeHeaderFromSigning

        protected boolean shouldExcludeHeaderFromSigning​(String header)
      • addHostHeader

        protected void addHostHeader​(SignableRequest<?> request)
      • calculateContentHash

        protected String calculateContentHash​(SignableRequest<?> request)
        Calculate the hash of the request's payload. Subclass could override this method to provide different values for "x-amz-content-sha256" header or do any other necessary set-ups on the request headers. (e.g. aws-chunked uses a pre-defined header value, and needs to change some headers relating to content-encoding and content-length.)
      • processRequestPayload

        protected void processRequestPayload​(SignableRequest<?> request,
                                             byte[] signature,
                                             byte[] signingKey,
                                             com.amazonaws.auth.internal.AWS4SignerRequestParams signerRequestParams)
        Subclass could override this method to perform any additional procedure on the request payload, with access to the result from signing the header. (e.g. Signing the payload by chunk-encoding). The default implementation doesn't need to do anything.
      • calculateContentHashPresign

        protected String calculateContentHashPresign​(SignableRequest<?> request)
        Calculate the hash of the request's payload. In case of pre-sign, the existing code would generate the hash of an empty byte array and returns it. This method can be overridden by sub classes to provide different values (e.g) For S3 pre-signing, the content hash calculation is different from the general implementation.