private byte[] SigningKey(AwsDate awsDate) => Encoding.UTF8.GetBytes(AwsConstants.Signing.SecretKeyPrefix + SecretKey) .UseToSign(awsDate.DateString) .UseToSign(Region) .UseToSign(Service) .UseToSign(AwsConstants.Signing.ScopeTerminator);
public async Task <HttpRequestMessage> SignAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var awsDate = new AwsDate();
// set the host and date headers
request.Headers.Host = request.RequestUri.Host;
request.Headers.Add(AwsConstants.Headers.Date, awsDate.DateTimeString);
// build the string to sign from the canonical request
var stringToSign = StringToSign(awsDate, await request.ToHashedCanonicalRequestAsync());
// get the signing key using the date on the request
var signingKey = SigningKey(awsDate);
// build the signature by signing the string to sign with the signing key
var signature = signingKey.UseToSign(stringToSign).HexEncode();
// set the auth headers
request.Headers.Authorization =
new AuthenticationHeaderValue(
AwsConstants.Signing.Algorithm,
$"Credential={AccessKey}/{CredentialScope(awsDate)}, SignedHeaders={request.SignedHeaders()}, Signature={signature}");
// add the session token, if any, to the headers on the request
if (!string.IsNullOrWhiteSpace(SessionToken))
{
request.Headers.Add(AwsConstants.Headers.SecurityToken, SessionToken);
}
return(request);
}
private string CredentialScope(AwsDate awsDate)
=> $"{awsDate.DateString}/{Region}/{Service}/{AwsConstants.Signing.ScopeTerminator}";
private string StringToSign(AwsDate awsDate, string hashedRequest) => AwsConstants.Signing.Algorithm + "\n" + awsDate.DateTimeString + "\n" + CredentialScope(awsDate) + "\n" + hashedRequest;