public void SignBodylessRequestByHeaders()
{
var config = BuildBaseSigningConfig();
var request = BuildTestSuiteRequestWithoutBody();
CrtResult <HttpRequest> result = AwsSigner.SignHttpRequest(request, config);
HttpRequest signedRequest = result.Get();
Assert.Equal("GET", signedRequest.Method);
Assert.Equal("/?Param-3=Value3&Param=Value2&%E1%88%B4=Value1", signedRequest.Uri);
Assert.Equal(3, signedRequest.Headers.Length);
Assert.True(HasHeader(signedRequest, "Host", "example.amazonaws.com"));
Assert.True(HasHeader(signedRequest, "X-Amz-Date", "20150830T123600Z"));
Assert.True(HasHeader(signedRequest, "Authorization", "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=371d3713e185cc334048618a97f809c9ffe339c62934c032af5a0e595648fcac"));
}
/// /// <summary>
/// Calculates the signature for the specified request using the Asymmetric SigV4
/// signing protocol in preparation for generating a presigned URL.
/// </summary>
/// <param name="request">
/// The request to compute the signature for. Additional headers mandated by the
/// SigV4a protocol will be added to the request before signing.
/// </param>
/// <param name="clientConfig">
/// Client configuration data encompassing the service call (notably authentication
/// region, endpoint and service name).
/// </param>
/// <param name="metrics">Metrics for the request</param>
/// <param name="credentials">The AWS credentials for the account making the service call</param>
/// <param name="service">Service to sign the request for</param>
/// <param name="overrideSigningRegion">Region to sign the request for</param>
/// <returns>AWS4aSigningResult for the given request</returns>
public AWS4aSigningResult Presign4a(IRequest request,
IClientConfig clientConfig,
RequestMetrics metrics,
ImmutableCredentials credentials,
string service,
string overrideSigningRegion)
{
var signedAt = AWS4Signer.InitializeHeaders(request.Headers, request.Endpoint);
var regionSet = overrideSigningRegion ?? AWS4Signer.DetermineSigningRegion(clientConfig, service, request.AlternateEndpoint, request);
var signingConfig = PrepareCRTSigningConfig(AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS, regionSet, service, signedAt, credentials);
if (AWS4PreSignedUrlSigner.ServicesUsingUnsignedPayload.Contains(service))
{
signingConfig.SignedBodyValue = AWS4Signer.UnsignedPayload;
}
else
{
signingConfig.SignedBodyValue = AWS4Signer.EmptyBodySha256;
}
// The expiration may have already be set in a header when marshalling the GetPreSignedUrlRequest -> IRequest
if (request.Parameters != null && request.Parameters.ContainsKey(HeaderKeys.XAmzExpires))
{
signingConfig.ExpirationInSeconds = Convert.ToUInt64(request.Parameters[HeaderKeys.XAmzExpires]);
}
var crtRequest = CrtHttpRequestConverter.ConvertToCrtRequest(request);
var signingResult = AwsSigner.SignHttpRequest(crtRequest, signingConfig);
string authorizationValue = Encoding.Default.GetString(signingResult.Get().Signature);
var dateStamp = AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateFormat);
var scope = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}", dateStamp, service, AWS4Signer.Terminator);
AWS4aSigningResult result = new AWS4aSigningResult(
credentials.AccessKey,
signedAt,
CrtHttpRequestConverter.ExtractSignedHeaders(signingResult.Get().SignedRequest),
scope,
regionSet,
authorizationValue,
service,
signingResult.Get().SignedRequest.Uri,
credentials);
return(result);
}
public void SignBodylessRequestByQuery()
{
var config = BuildBaseSigningConfig();
config.SignatureType = AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS;
config.ExpirationInSeconds = 3600;
var request = BuildTestSuiteRequestWithoutBody();
CrtResult <HttpRequest> result = AwsSigner.SignHttpRequest(request, config);
HttpRequest signedRequest = result.Get();
Assert.Equal("GET", signedRequest.Method);
Assert.Equal("/?Param-3=Value3&Param=Value2&%E1%88%B4=Value1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=c5f1848ceec943ac2ca68ee720460c23aaae30a2300586597ada94c4a65e4787", signedRequest.Uri);
Assert.Equal(1, signedRequest.Headers.Length);
Assert.True(HasHeader(signedRequest, "Host", "example.amazonaws.com"));
}
/// <summary>
/// Calculates the signature for the specified request using the Asymmetric SigV4 signing protocol
/// </summary>
/// <param name="request">
/// The request to compute the signature for. Additional headers mandated by the
/// SigV4a protocol will be added to the request before signing.
/// </param>
/// <param name="clientConfig">
/// Client configuration data encompassing the service call (notably authentication
/// region, endpoint and service name).
/// </param>
/// <param name="metrics">Metrics for the request</param>
/// <param name="credentials">The AWS credentials for the account making the service call</param>
/// <returns>AWS4aSigningResult for the given request</returns>
public AWS4aSigningResult SignRequest(IRequest request,
IClientConfig clientConfig,
RequestMetrics metrics,
ImmutableCredentials credentials)
{
var signedAt = AWS4Signer.InitializeHeaders(request.Headers, request.Endpoint);
var serviceSigningName = !string.IsNullOrEmpty(request.OverrideSigningServiceName) ? request.OverrideSigningServiceName : AWS4Signer.DetermineService(clientConfig);
var regionSet = AWS4Signer.DetermineSigningRegion(clientConfig, clientConfig.RegionEndpointServiceName, request.AlternateEndpoint, request);
request.DeterminedSigningRegion = regionSet;
AWS4Signer.SetXAmzTrailerHeader(request.Headers, request.TrailingHeaders);
var signingConfig = PrepareCRTSigningConfig(AwsSignatureType.HTTP_REQUEST_VIA_HEADERS, regionSet, serviceSigningName, signedAt, credentials);
// If the request should use a fixed x-amz-content-sha256 header value, determine the appropriate one
var fixedBodyHash = request.TrailingHeaders?.Count > 0
? AWS4Signer.V4aStreamingBodySha256WithTrailer
: AWS4Signer.V4aStreamingBodySha256;
signingConfig.SignedBodyValue = AWS4Signer.SetRequestBodyHash(request, SignPayload, fixedBodyHash, ChunkedUploadWrapperStream.V4A_SIGNATURE_LENGTH);
var crtRequest = CrtHttpRequestConverter.ConvertToCrtRequest(request);
var signingResult = AwsSigner.SignHttpRequest(crtRequest, signingConfig);
var authorizationValue = Encoding.Default.GetString(signingResult.Get().Signature);
var signedCrtRequest = signingResult.Get().SignedRequest;
CrtHttpRequestConverter.CopyHeadersFromCrtRequest(request, signedCrtRequest);
var dateStamp = AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateFormat);
var scope = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}", dateStamp, serviceSigningName, AWS4Signer.Terminator);
AWS4aSigningResult result = new AWS4aSigningResult(
credentials.AccessKey,
signedAt,
CrtHttpRequestConverter.ExtractSignedHeaders(signedCrtRequest),
scope,
regionSet,
authorizationValue,
serviceSigningName,
"",
credentials);
return(result);
}
public void SignRequestFailureIllegalHeader()
{
var config = BuildBaseSigningConfig();
var request = BuildRequestWithIllegalHeader();
CrtResult <HttpRequest> result = AwsSigner.SignHttpRequest(request, config);
Assert.Throws <CrtException>(() => result.Get());
int crtErrorCode = 0;
try {
HttpRequest req = result.Get();
} catch (CrtException e) {
crtErrorCode = e.ErrorCode;
}
/* AWS_AUTH_SIGNING_ILLEGAL_REQUEST_HEADER */
Assert.Equal(1024 * 6 + 6, crtErrorCode);
}
public void SignBodyRequestByHeaders()
{
var config = BuildBaseSigningConfig();
config.SignedBodyHeader = AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA256;
var request = BuildTestSuiteRequestWithBody();
CrtResult <HttpRequest> result = AwsSigner.SignHttpRequest(request, config);
HttpRequest signedRequest = result.Get();
Assert.Equal("POST", signedRequest.Method);
Assert.Equal("/", signedRequest.Uri);
Assert.Equal(6, signedRequest.Headers.Length);
Assert.True(HasHeader(signedRequest, "Host", "example.amazonaws.com"));
Assert.True(HasHeader(signedRequest, "X-Amz-Date", "20150830T123600Z"));
Assert.True(HasHeader(signedRequest, "Authorization", "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=d3875051da38690788ef43de4db0d8f280229d82040bfac253562e56c3f20e0b"));
Assert.True(HasHeader(signedRequest, "Content-Type", "application/x-www-form-urlencoded"));
Assert.True(HasHeader(signedRequest, "x-amz-content-sha256", "9095672bbd1f56dfc5b65f3e153adc8731a4a654192329106275f4c7b24d0b6e"));
Assert.True(HasHeader(signedRequest, "Content-Length", "13"));
}
/// <summary>
/// Calculates the signature for the specified request using the Asymmetric SigV4 signing protocol
/// </summary>
/// <param name="request">
/// The request to compute the signature for. Additional headers mandated by the
/// SigV4a protocol will be added to the request before signing.
/// </param>
/// <param name="clientConfig">
/// Client configuration data encompassing the service call (notably authentication
/// region, endpoint and service name).
/// </param>
/// <param name="metrics">Metrics for the request</param>
/// <param name="credentials">The AWS credentials for the account making the service call</param>
/// <returns>AWS4aSigningResult for the given request</returns>
public AWS4aSigningResult SignRequest(IRequest request,
IClientConfig clientConfig,
RequestMetrics metrics,
ImmutableCredentials credentials)
{
var signedAt = AWS4Signer.InitializeHeaders(request.Headers, request.Endpoint);
var service = !string.IsNullOrEmpty(request.OverrideSigningServiceName) ? request.OverrideSigningServiceName : AWS4Signer.DetermineService(clientConfig);
var regionSet = AWS4Signer.DetermineSigningRegion(clientConfig, service, request.AlternateEndpoint, request);
request.DeterminedSigningRegion = regionSet;
var signingConfig = PrepareCRTSigningConfig(AwsSignatureType.HTTP_REQUEST_VIA_HEADERS, regionSet, service, signedAt, credentials);
// Compute here rather than CRT to support the fixed value for header of a chunked request
signingConfig.SignedBodyValue = AWS4Signer.SetRequestBodyHash(request, SignPayload, AWS4Signer.V4aStreamingBodySha256, ChunkedUploadWrapperStream.V4A_SIGNATURE_LENGTH);
var crtRequest = CrtHttpRequestConverter.ConvertToCrtRequest(request);
var signingResult = AwsSigner.SignHttpRequest(crtRequest, signingConfig);
var authorizationValue = Encoding.Default.GetString(signingResult.Get().Signature);
var signedCrtRequest = signingResult.Get().SignedRequest;
CrtHttpRequestConverter.CopyHeadersFromCrtRequest(request, signedCrtRequest);
var dateStamp = AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateFormat);
var scope = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}", dateStamp, service, AWS4Signer.Terminator);
AWS4aSigningResult result = new AWS4aSigningResult(
credentials.AccessKey,
signedAt,
CrtHttpRequestConverter.ExtractSignedHeaders(signedCrtRequest),
scope,
regionSet,
authorizationValue,
service,
"",
credentials);
return(result);
}
public void SignRequestFailureNoCredentials()
{
var config = BuildBaseSigningConfig();
config.Credentials = null;
var request = BuildTestSuiteRequestWithoutBody();
CrtResult <HttpRequest> result = AwsSigner.SignHttpRequest(request, config);
Assert.Throws <CrtException>(() => result.Get());
int crtErrorCode = 0;
try {
HttpRequest req = result.Get();
} catch (CrtException e) {
crtErrorCode = e.ErrorCode;
}
/* AWS_AUTH_SIGNING_INVALID_CONFIGURATION */
Assert.Equal(1024 * 6 + 7, crtErrorCode);
}
public void SignRequestByHeadersWithHeaderSkip()
{
var config = BuildBaseSigningConfig();
config.ShouldSignHeader = ShouldSignHeader;
var request = BuildRequestWithSkippedHeader();
CrtResult <HttpRequest> result = AwsSigner.SignHttpRequest(request, config);
HttpRequest signedRequest = result.Get();
Assert.Equal("GET", signedRequest.Method);
Assert.Equal("/", signedRequest.Uri);
Assert.Equal(4, signedRequest.Headers.Length);
Assert.True(HasHeader(signedRequest, "Host", "example.amazonaws.com"));
Assert.True(HasHeader(signedRequest, "X-Amz-Date", "20150830T123600Z"));
Assert.True(HasHeader(signedRequest, "Skip", "me"));
/* Verify Skip is not in the signed headers component of the Authorization header */
String authValue = GetHeaderValue(signedRequest, "Authorization");
Assert.Equal(false, authValue.Contains("Skip"));
}
