private void TestS3Signer(bool requestUseSigV4, string clientConfigSignatureVersion,
bool awsConfigsS3UseSignatureVersion4, bool expectSigV4)
{
var originalAWSConfigsS3UseSignatureVersion4 = AWSConfigsS3.UseSignatureVersion4;
try
{
AWSConfigsS3.UseSignatureVersion4 = awsConfigsS3UseSignatureVersion4;
var signer = new S3Signer();
var putObjectRequest = new PutObjectRequest();
var iRequest = new DefaultRequest(putObjectRequest, "s3")
{
UseSigV4 = requestUseSigV4,
Endpoint = new System.Uri("https://does_not_matter.com")
};
var config = new AmazonS3Config
{
SignatureVersion = clientConfigSignatureVersion,
RegionEndpoint = RegionEndpoint.USWest1
};
signer.Sign(iRequest, config, new RequestMetrics(), "ACCESS", "SECRET");
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.AreEqual(expectSigV4, iRequest.Headers[HeaderKeys.AuthorizationHeader].Contains("aws4_request"));
}
finally
{
AWSConfigsS3.UseSignatureVersion4 = originalAWSConfigsS3UseSignatureVersion4;
}
}
public void TestS3SignerSignatureVersion(SignatureVersion signatureVersion, string clientConfigSignatureVersion,
bool awsConfigsS3UseSignatureVersion4, SignatureVersion expectedSignatureVersion)
{
var originalAWSConfigsS3UseSignatureVersion4 = AWSConfigsS3.UseSignatureVersion4;
try
{
AWSConfigsS3.UseSignatureVersion4 = awsConfigsS3UseSignatureVersion4;
var signer = new S3Signer();
var putObjectRequest = new PutObjectRequest();
var iRequest = new DefaultRequest(putObjectRequest, "s3")
{
SignatureVersion = signatureVersion,
Endpoint = new System.Uri("https://does_not_matter.com")
};
var config = new AmazonS3Config
{
SignatureVersion = clientConfigSignatureVersion,
RegionEndpoint = RegionEndpoint.USWest1
};
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
if (expectedSignatureVersion == SignatureVersion.SigV4a)
{
Assert.IsTrue(iRequest.Headers[HeaderKeys.AuthorizationHeader].Contains("AWS4-ECDSA-P256-SHA256"));
}
else if (expectedSignatureVersion == SignatureVersion.SigV4)
{
Assert.IsTrue(iRequest.Headers[HeaderKeys.AuthorizationHeader].Contains("AWS4-HMAC-SHA256"));
}
else if (expectedSignatureVersion == SignatureVersion.SigV2)
{
Assert.IsTrue(iRequest.Headers[HeaderKeys.AuthorizationHeader].Contains("AWS ACCESS"));
}
}
finally
{
AWSConfigsS3.UseSignatureVersion4 = originalAWSConfigsS3UseSignatureVersion4;
}
}
public void WriteGetObjectResponseSignerTest()
{
var signer = new S3Signer();
var request = new WriteGetObjectResponseRequest
{
RequestRoute = "route",
RequestToken = "token"
};
var config = new AmazonS3Config
{
RegionEndpoint = RegionEndpoint.EUWest1
};
var iRequest = S3ArnTestUtils.RunMockRequest(request, WriteGetObjectResponseRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-object-lambda"));
}
public void S3ObjectLambdaSignerTest()
{
var signer = new S3Signer();
var arnString = "arn:aws:s3-object-lambda:us-east-1:123456789012:accesspoint/mybanner";
var request = new GetObjectRequest()
{
BucketName = arnString,
Key = "foo.txt"
};
var config = new AmazonS3Config
{
RegionEndpoint = RegionEndpoint.USEast1
};
var iRequest = S3ArnTestUtils.RunMockRequest(request, GetObjectRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-object-lambda"));
}
public void TestS3OutpostsSignerGetBucket()
{
var signer = new S3Signer();
var bucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var getBucketRequest = new GetBucketRequest
{
Bucket = bucketArn
};
var config = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var originalAuthService = config.AuthenticationServiceName;
var iRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
Assert.IsTrue(config.AuthenticationServiceName == originalAuthService);
}
public void TestS3OutpostsSignerCreateAccessPointWithArn()
{
var signer = new S3Signer();
var createAccessPointRequest = new CreateAccessPointRequest
{
Bucket = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket",
Name = "myaccesspoint",
};
var config = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var originalAuthService = config.AuthenticationServiceName;
var iRequest = S3ControlArnTestUtils.RunMockRequest(createAccessPointRequest, CreateAccessPointRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), "ACCESS", "SECRET");
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
Assert.IsTrue(config.AuthenticationServiceName == originalAuthService);
}
public void TestS3OutpostsSigner()
{
var signer = new S3Signer();
var outpostsArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:accesspoint:myaccesspoint";
var putObjectRequest = new PutObjectRequest()
{
BucketName = outpostsArn,
Key = "foo.txt",
ContentBody = "data"
};
var config = new AmazonS3Config
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var iRequest = S3ArnTestUtils.RunMockRequest(putObjectRequest, PutObjectRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
}
public void TestS3OutpostsSignerCreateBucket()
{
var signer = new S3Signer();
var createBucketRequest = new CreateBucketRequest
{
Bucket = "test",
OutpostId = "op-123456789012"
};
var config = new AmazonS3ControlConfig
{
SignatureVersion = "4",
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var originalAuthService = config.AuthenticationServiceName;
var iRequest = S3ControlArnTestUtils.RunMockRequest(createBucketRequest, CreateBucketRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
Assert.IsTrue(config.AuthenticationServiceName == originalAuthService);
}