protected override void PreInvoke(IExecutionContext executionContext)
{
var request = executionContext.RequestContext.OriginalRequest;
var config = executionContext.RequestContext.ClientConfig;
var copySnapshotRequest = request as CopySnapshotRequest;
if (copySnapshotRequest != null)
{
if (string.IsNullOrEmpty(copySnapshotRequest.DestinationRegion))
{
copySnapshotRequest.DestinationRegion = AWS4Signer.DetermineSigningRegion(config, "ec2", alternateEndpoint: null);
}
if (string.IsNullOrEmpty(copySnapshotRequest.SourceRegion))
{
throw new AmazonEC2Exception("SourceRegion is required to perform the copy snapshot.");
}
var endpoint = RegionEndpoint.GetBySystemName(copySnapshotRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonEC2Exception(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", copySnapshotRequest.SourceRegion));
}
// Make sure the presigned URL is currently null so we don't attempt to generate
// a presigned URL with a presigned URL.
copySnapshotRequest.PresignedUrl = null;
// Marshall this request but switch to the source region and make it a GET request.
var marshaller = new CopySnapshotRequestMarshaller();
var irequest = marshaller.Marshall(copySnapshotRequest);
irequest.UseQueryString = true;
irequest.HttpMethod = "GET";
irequest.Parameters.Add("X-Amz-Expires", AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry.ToString(CultureInfo.InvariantCulture));
irequest.Endpoint = new Uri("https://" + endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname);
// Create presigned URL.
var metrics = new RequestMetrics();
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
irequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(irequest,
config,
metrics,
immutableCredentials.AccessKey,
immutableCredentials.SecretKey,
"ec2",
copySnapshotRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(irequest);
copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization;
}
}
/// <summary>
/// Converts the SDK's IRequest to the CRT's HttpRequest Object
/// </summary>
/// <param name="request">SDK request</param>
/// <returns>CRT request</returns>
public static Aws.Crt.Http.HttpRequest ConvertToCrtRequest(IRequest request)
{
// Remove any query params that CRT will set
if (request.ParameterCollection != null && request.ParameterCollection.Count > 0)
{
foreach (var queryParam in request.ParameterCollection.GetSortedParametersList())
{
if (CrtForbiddenQueryParams.Contains(queryParam.Key))
{
request.ParameterCollection.Remove(queryParam.Key);
}
}
}
var crtRequest = new Aws.Crt.Http.HttpRequest
{
// Using OriginalString here because ComposeUrl -> ResolveResourcePath ->
// JoinResourcePathSegments -> UrlEncode will escape some sequeneces (e.g. Ä -> %C3%84)
// but initializing that as a Uri will convert it back to Ä
Uri = AmazonServiceClient.ComposeUrl(request, false).OriginalString,
Method = request.HttpMethod
};
if (request.ContentStream != null)
{
if (request.ContentStream.CanSeek)
{
crtRequest.BodyStream = request.ContentStream;
}
else if (request.ContentStream is WrapperStream wrappedStream)
{
crtRequest.BodyStream = wrappedStream.GetSeekableBaseStream();
}
else
{
throw new AWSCommonRuntimeException("Unable to pass an HTTP request with a non-seekable content stream to CRT.");
}
}
else if (request.Content != null)
{
crtRequest.BodyStream = new MemoryStream(request.Content);
}
var headerList = new List <HttpHeader>(request.Headers.Count);
foreach (var header in request.Headers)
{
// Skip CRT-calculated headers
if (!CrtForbiddenHeaders.Contains(header.Key))
{
headerList.Add(new HttpHeader(header.Key, header.Value));
}
}
crtRequest.Headers = headerList.ToArray();
return(crtRequest);
}
/// <summary>
/// Generate a token for IAM authentication to an RDS database.
/// </summary>
/// <param name="credentials">The credentials for the token.</param>
/// <param name="region">The region of the RDS database.</param>
/// <param name="hostname">Hostname of the RDS database.</param>
/// <param name="port">Port of the RDS database.</param>
/// <param name="dbUser">Database user for the token.</param>
/// <returns></returns>
public static string GenerateAuthToken(AWSCredentials credentials, RegionEndpoint region, string hostname, int port, string dbUser)
{
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (region == null)
{
throw new ArgumentNullException("region");
}
if (port < 0 || port > 65535)
{
throw new ArgumentException(String.Format(CultureInfo.InvariantCulture, "{0} is an invalid port. Port must be 0 to 65535.", port));
}
hostname = hostname?.Trim();
if (string.IsNullOrEmpty(hostname))
{
throw new ArgumentException("Hostname must not be null or empty.");
}
dbUser = dbUser?.Trim();
if (string.IsNullOrEmpty(dbUser))
{
throw new ArgumentException("DBUser must not be null or empty.");
}
GenerateRDSAuthTokenRequest authTokenRequest = new GenerateRDSAuthTokenRequest();
IRequest request = new DefaultRequest(authTokenRequest, RDSServiceName);
request.UseQueryString = true;
request.HttpMethod = HTTPGet;
request.Parameters.Add(XAmzExpires, FifteenMinutes.TotalSeconds.ToString(CultureInfo.InvariantCulture));
request.Parameters.Add(DBUserKey, dbUser);
request.Parameters.Add(ActionKey, ActionValue);
request.Endpoint = new UriBuilder(HTTPS, hostname, port).Uri;
var immutableCredentials = credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
request.Parameters[XAmzSecurityToken] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(request, null, new RequestMetrics(), immutableCredentials.AccessKey,
immutableCredentials.SecretKey, RDSServiceName, region.SystemName);
var authorization = "&" + signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(request);
// remove the https:// and append the authorization
return(url.AbsoluteUri.Substring(HTTPS.Length + URISchemeDelimiter.Length) + authorization);
}
/// <summary>
/// Creates the HttpWebRequest and configures the end point, content, user agent and proxy settings.
/// </summary>
/// <param name="requestContext">The async request.</param>
/// <returns>The web request that actually makes the call.</returns>
protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext)
{
IRequest request = requestContext.Request;
Uri url = AmazonServiceClient.ComposeUrl(request);
var httpRequest = _requestFactory.CreateHttpRequest(url);
httpRequest.ConfigureRequest(requestContext);
httpRequest.Method = request.HttpMethod;
if (request.MayContainRequestBody())
{
var content = request.Content;
if (request.SetContentFromParameters || (content == null && request.ContentStream == null))
{
// Mapping parameters to query string or body are mutually exclusive.
if (!request.UseQueryString)
{
string queryString = AWSSDKUtils.GetParametersAsString(request.Parameters);
content = Encoding.UTF8.GetBytes(queryString);
request.Content = content;
request.SetContentFromParameters = true;
}
else
{
request.Content = new Byte[0];
}
}
if (content != null)
{
request.Headers[HeaderKeys.ContentLengthHeader] =
content.Length.ToString(CultureInfo.InvariantCulture);
}
else if (request.ContentStream != null && !request.Headers.ContainsKey(HeaderKeys.ContentLengthHeader))
{
request.Headers[HeaderKeys.ContentLengthHeader] =
request.ContentStream.Length.ToString(CultureInfo.InvariantCulture);
}
}
if (requestContext.Unmarshaller is JsonResponseUnmarshaller)
{
// Currently the signature seems to be valid without including this header in the calculation.
request.Headers["Accept"] = "application/json";
}
return(httpRequest);
}
/// <summary>
/// Creates the HttpWebRequest and configures the end point, content, user agent and proxy settings.
/// </summary>
/// <param name="requestContext">The async request.</param>
/// <returns>The web request that actually makes the call.</returns>
protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext)
{
IRequest request = requestContext.Request;
Uri url = AmazonServiceClient.ComposeUrl(request);
var httpRequest = _requestFactory.CreateHttpRequest(url);
httpRequest.ConfigureRequest(requestContext);
httpRequest.Method = request.HttpMethod;
if (request.MayContainRequestBody())
{
var content = request.Content;
if (request.SetContentFromParameters || (content == null && request.ContentStream == null))
{
// Mapping parameters to query string or body are mutually exclusive.
if (!request.UseQueryString)
{
string queryString = AWSSDKUtils.GetParametersAsString(request);
content = Encoding.UTF8.GetBytes(queryString);
request.Content = content;
request.SetContentFromParameters = true;
}
else
{
request.Content = new Byte[0];
}
}
if (content != null)
{
request.Headers[HeaderKeys.ContentLengthHeader] =
content.Length.ToString(CultureInfo.InvariantCulture);
}
else if (request.ContentStream != null && request.ContentStream.CanSeek && !request.Headers.ContainsKey(HeaderKeys.ContentLengthHeader))
{
request.Headers[HeaderKeys.ContentLengthHeader] =
request.ContentStream.Length.ToString(CultureInfo.InvariantCulture);
}
}
return(httpRequest);
}
/// <summary>
/// Auto-generates pre-signed URLs for requests that implement <see cref="IPreSignedUrlRequest"/>.
/// if the PreSignedUrl property isn't set and the SourceRegion property is set.
/// </summary>
/// <param name="executionContext"></param>
protected virtual void PreInvoke(IExecutionContext executionContext)
{
var preSignedUrlRequest = executionContext.RequestContext.OriginalRequest as IPreSignedUrlRequest;
if (preSignedUrlRequest != null && preSignedUrlRequest.SourceRegion != null && preSignedUrlRequest.PreSignedUrl == null)
{
var config = executionContext.RequestContext.ClientConfig;
var endpoint = RegionEndpoint.GetBySystemName(preSignedUrlRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonRDSException(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", preSignedUrlRequest.SourceRegion));
}
// Marshall this request and prepare it to be signed
var marshaller = executionContext.RequestContext.Marshaller;
var iRequest = marshaller.Marshall(preSignedUrlRequest as AmazonWebServiceRequest);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(UriSchemeHTTPS, endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname).Uri;
iRequest.Parameters[DestinationRegionParameterKey] = executionContext.RequestContext.ClientConfig.RegionEndpoint.SystemName;
// Most pre signed URLS also have an X-Amz-Expires header. But RDS just ignores it and always imposes a +/- 14 minute time limit instead.
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
// Don't use HeaderKeys.XAmzSecurityTokenHeader because RDS treats this as case-sensitive
iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
// Create presigned URL and assign it
var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, config, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, RDSServiceNameForSigning, preSignedUrlRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
preSignedUrlRequest.PreSignedUrl = AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization;
}
}
public override AmazonWebServiceResponse Unmarshall(NonHttpUnmarshallerContext input)
{
var request = input?.ResponseData?.OriginalRequest;
if (request is null)
{
throw new InvalidOperationException("Unable to unmarshal non-HTTP Amazon Service Response: The original request is null.");
}
IDictionary <string, string>?headers = null;
var signerResult = request.AWS4SignerResult;
if (!(signerResult is null))
{
headers = signerResult.SignedHeaders
.Split(signedHeadersSeparator, StringSplitOptions.RemoveEmptyEntries)
.ToDictionary(
k => k,
k => request.Headers[k],
StringComparer.OrdinalIgnoreCase
)
;
request.Parameters["X-Amz-Algorithm"] = AWS4Signer.AWS4AlgorithmTag;
request.Parameters["X-Amz-Credential"] = FormattableString.Invariant(
$"{signerResult.AccessKeyId}/{signerResult.Scope}");
request.Parameters["X-Amz-Date"] = signerResult.ISO8601DateTime;
request.Parameters["X-Amz-SignedHeaders"] = signerResult.SignedHeaders;
request.Parameters["X-Amz-Signature"] = signerResult.Signature;
}
return(new CreateMqttWebSocketUriResponse(
AmazonServiceClient.ComposeUrl(request),
headers ?? new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase)
)
{
HttpStatusCode = HttpStatusCode.OK
});
}
protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext)
{
IRequest request = requestContext.Request;
Uri requestUri = AmazonServiceClient.ComposeUrl(request);
IHttpRequest <TRequestContent> httpRequest = _requestFactory.CreateHttpRequest(requestUri);
httpRequest.ConfigureRequest(requestContext);
httpRequest.Method = request.HttpMethod;
if (request.MayContainRequestBody())
{
byte[] array = request.Content;
if (request.SetContentFromParameters || (array == null && request.ContentStream == null))
{
if (!request.UseQueryString)
{
string parametersAsString = AWSSDKUtils.GetParametersAsString(request.Parameters);
array = (request.Content = Encoding.UTF8.GetBytes(parametersAsString));
request.SetContentFromParameters = true;
}
else
{
request.Content = new byte[0];
}
}
if (array != null)
{
request.Headers["Content-Length"] = array.Length.ToString(CultureInfo.InvariantCulture);
}
else if (request.ContentStream != null && !request.Headers.ContainsKey("Content-Length"))
{
request.Headers["Content-Length"] = request.ContentStream.Length.ToString(CultureInfo.InvariantCulture);
}
}
if (requestContext.Unmarshaller is JsonResponseUnmarshaller)
{
request.Headers["Accept"] = "application/json";
}
return(httpRequest);
}
/// <summary>
/// <para>
/// Auto-generates pre-signed URLs for requests that implement <see cref="IPreSignedUrlRequest"/>.
/// if the PreSignedUrl property isn't set and the SourceRegion property is set.
/// </para>
/// </summary>
/// <param name="executionContext"></param>
protected virtual void PreInvoke(IExecutionContext executionContext)
{
var preSignedUrlRequest = executionContext.RequestContext.OriginalRequest as IPreSignedUrlRequest;
if (preSignedUrlRequest != null && preSignedUrlRequest.SourceRegion != null && preSignedUrlRequest.PreSignedUrl == null)
{
var config = executionContext.RequestContext.ClientConfig;
var endpoint = RegionEndpoint.GetBySystemName(preSignedUrlRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonNeptuneException(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", preSignedUrlRequest.SourceRegion));
}
// Marshall this request and prepare it to be signed
var marshaller = executionContext.RequestContext.Marshaller;
var iRequest = marshaller.Marshall(preSignedUrlRequest as AmazonWebServiceRequest);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(UriSchemeHTTPS, endpoint.GetEndpointForService(config).Hostname).Uri;
iRequest.Parameters[DestinationRegionParameterKey] = executionContext.RequestContext.ClientConfig.RegionEndpoint.SystemName;
iRequest.Parameters[XAmzExpires] = ((int)ExpirationTime.TotalSeconds).ToString(CultureInfo.InvariantCulture);
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
iRequest.Parameters[XAmzSecurityToken] = immutableCredentials.Token;
}
// Create presigned URL and assign it
var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, config, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, NeptuneServiceNameForSigning, preSignedUrlRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
preSignedUrlRequest.PreSignedUrl = AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization;
}
}
/// <summary>
/// Create a signed URL allowing access to a resource that would
/// usually require authentication.
/// </summary>
/// <remarks>
/// <para>
/// When using query string authentication you create a query,
/// specify an expiration time for the query, sign it with your
/// signature, place the data in an HTTP request, and distribute
/// the request to a user or embed the request in a web page.
/// </para>
/// <para>
/// A PreSigned URL can be generated for GET, PUT, DELETE and HEAD
/// operations on your bucketName, keys, and versions.
/// </para>
/// </remarks>
/// <param name="request">The GetPreSignedUrlRequest that defines the
/// parameters of the operation.</param>
/// <param name="useSigV2Fallback">determines if signing will fall back to SigV2 if the
/// signing region is us-east-1
/// <returns>A string that is the signed http request.</returns>
/// <exception cref="T:System.ArgumentException" />
/// <exception cref="T:System.ArgumentNullException" />
internal string GetPreSignedURLInternal(GetPreSignedUrlRequest request, bool useSigV2Fallback = true)
{
if (Credentials == null)
{
throw new AmazonS3Exception("Credentials must be specified, cannot call method anonymously");
}
if (request == null)
{
throw new ArgumentNullException("request", "The PreSignedUrlRequest specified is null!");
}
if (!request.IsSetExpires())
{
throw new InvalidOperationException("The Expires specified is null!");
}
var aws4Signing = AWSConfigsS3.UseSignatureVersion4;
var region = AWS4Signer.DetermineSigningRegion(Config, "s3", alternateEndpoint: null, request: null);
if (aws4Signing && string.IsNullOrEmpty(region))
{
throw new InvalidOperationException("To use AWS4 signing, a region must be specified in the client configuration using the AuthenticationRegion or Region properties, or be determinable from the service URL.");
}
RegionEndpoint endpoint = RegionEndpoint.GetBySystemName(region);
if (endpoint.GetEndpointForService("s3").SignatureVersionOverride == "4" || endpoint.GetEndpointForService("s3").SignatureVersionOverride == null)
{
aws4Signing = true;
}
var fallbackToSigV2 = useSigV2Fallback && !AWSConfigsS3.UseSigV4SetExplicitly;
if (endpoint == RegionEndpoint.USEast1 && fallbackToSigV2)
{
aws4Signing = false;
}
// If the expiration is longer than SigV4 will allow then automatically use SigV2 instead.
// But only if the region we're signing for allows SigV2.
if (aws4Signing)
{
var secondsUntilExpiration = GetSecondsUntilExpiration(request, aws4Signing);
if (secondsUntilExpiration > AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry &&
endpoint.GetEndpointForService("s3").SignatureVersionOverride == "2")
{
aws4Signing = false;
}
}
var immutableCredentials = Credentials.GetCredentials();
var irequest = Marshall(request, immutableCredentials.AccessKey, immutableCredentials.Token, aws4Signing);
irequest.Endpoint = EndpointResolver.DetermineEndpoint(this.Config, irequest);
var context = new Amazon.Runtime.Internal.ExecutionContext(new Amazon.Runtime.Internal.RequestContext(true)
{
Request = irequest, ClientConfig = this.Config
}, null);
AmazonS3PostMarshallHandler.ProcessRequestHandlers(context);
var metrics = new RequestMetrics();
string authorization;
if (aws4Signing)
{
var aws4Signer = new AWS4PreSignedUrlSigner();
var signingResult = aws4Signer.SignRequest(irequest,
this.Config,
metrics,
immutableCredentials.AccessKey,
immutableCredentials.SecretKey);
authorization = "&" + signingResult.ForQueryParameters;
}
else
{
S3Signer.SignRequest(irequest, metrics, immutableCredentials.AccessKey, immutableCredentials.SecretKey);
authorization = irequest.Headers[HeaderKeys.AuthorizationHeader];
authorization = authorization.Substring(authorization.IndexOf(":", StringComparison.Ordinal) + 1);
authorization = "&Signature=" + AmazonS3Util.UrlEncode(authorization, false);
}
Uri url = AmazonServiceClient.ComposeUrl(irequest);
string result = url.AbsoluteUri + authorization;
Protocol protocol = DetermineProtocol();
if (request.Protocol != protocol)
{
switch (protocol)
{
case Protocol.HTTP:
result = result.Replace("http://", "https://");
break;
case Protocol.HTTPS:
result = result.Replace("https://", "http://");
break;
}
}
return(result);
}
/// <summary>
/// Custom pipeline handler
/// </summary>
/// <param name="executionContext"></param>
protected void PreInvoke(IExecutionContext executionContext)
{
var request = executionContext.RequestContext.OriginalRequest;
var config = executionContext.RequestContext.ClientConfig;
var runInstancesRequest = request as RunInstancesRequest;
if (runInstancesRequest != null)
{
if (runInstancesRequest.IsSetBlockDeviceMappings())
{
var mappings = runInstancesRequest.BlockDeviceMappings;
foreach (var mapping in mappings)
{
if (mapping.IsSetEbs())
{
var ebs = mapping.Ebs;
if (ebs.IsSetSnapshotId() &&
ebs.IsSetEncrypted() &&
ebs.Encrypted == false)
{
ebs.ClearEncryptedFlag();
}
}
}
}
}
// replace null Tag.Value with empty string
var createTagsRequest = request as CreateTagsRequest;
if (createTagsRequest != null)
{
if (createTagsRequest.IsSetTags())
{
var tags = createTagsRequest.Tags;
foreach (var tag in tags)
{
if (tag != null && tag.Value == null)
{
tag.Value = string.Empty;
}
}
}
}
var copySnapshotRequest = request as CopySnapshotRequest;
if (copySnapshotRequest != null)
{
if (string.IsNullOrEmpty(copySnapshotRequest.DestinationRegion))
{
copySnapshotRequest.DestinationRegion = AWS4Signer.DetermineSigningRegion(config, "ec2", alternateEndpoint: null, request: null);
}
if (string.IsNullOrEmpty(copySnapshotRequest.SourceRegion))
{
throw new AmazonEC2Exception("SourceRegion is required to perform the copy snapshot.");
}
var endpoint = RegionEndpoint.GetBySystemName(copySnapshotRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonEC2Exception(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", copySnapshotRequest.SourceRegion));
}
// Make sure the presigned URL is currently null so we don't attempt to generate
// a presigned URL with a presigned URL.
copySnapshotRequest.PresignedUrl = null;
// Marshall this request but switch to the source region and make it a GET request.
var marshaller = new CopySnapshotRequestMarshaller();
var irequest = marshaller.Marshall(copySnapshotRequest);
irequest.UseQueryString = true;
irequest.HttpMethod = "GET";
irequest.Parameters.Add("X-Amz-Expires", AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry.ToString(CultureInfo.InvariantCulture));
irequest.Endpoint = new Uri("https://" + endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname);
// Create presigned URL.
var metrics = new RequestMetrics();
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
irequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(irequest,
config,
metrics,
immutableCredentials.AccessKey,
immutableCredentials.SecretKey,
"ec2",
copySnapshotRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(irequest);
copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization;
}
var authorizeSecurityGroupEgressRequest = request as AuthorizeSecurityGroupEgressRequest;
if (authorizeSecurityGroupEgressRequest != null)
{
if (authorizeSecurityGroupEgressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(authorizeSecurityGroupEgressRequest.IpPermissions);
}
}
var authorizeSecurityGroupIngressRequest = request as AuthorizeSecurityGroupIngressRequest;
if (authorizeSecurityGroupIngressRequest != null)
{
if (authorizeSecurityGroupIngressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(authorizeSecurityGroupIngressRequest.IpPermissions);
}
}
var revokeSecurityGroupEgressRequest = request as RevokeSecurityGroupEgressRequest;
if (revokeSecurityGroupEgressRequest != null)
{
if (revokeSecurityGroupEgressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(revokeSecurityGroupEgressRequest.IpPermissions);
}
}
var revokeSecurityGroupIngressRequest = request as RevokeSecurityGroupIngressRequest;
if (revokeSecurityGroupIngressRequest != null)
{
if (revokeSecurityGroupIngressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(revokeSecurityGroupIngressRequest.IpPermissions);
}
}
var updateSecurityGroupRuleDescriptionsEgressRequest = request as UpdateSecurityGroupRuleDescriptionsEgressRequest;
if (updateSecurityGroupRuleDescriptionsEgressRequest != null)
{
if (updateSecurityGroupRuleDescriptionsEgressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsEgressRequest.IpPermissions);
}
}
var updateSecurityGroupRuleDescriptionsIngressRequest = request as UpdateSecurityGroupRuleDescriptionsIngressRequest;
if (updateSecurityGroupRuleDescriptionsIngressRequest != null)
{
if (updateSecurityGroupRuleDescriptionsIngressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsIngressRequest.IpPermissions);
}
}
}
/// <summary>
/// Generate a presigned URL based on a <see cref="SynthesizeSpeechRequest"/>.
/// </summary>
/// <param name="credentials">The credentials to use in the presigned URL.</param>
/// <param name="region">The region for the URL.</param>
/// <param name="request">The request to base the presigned URL on.</param>
/// <returns></returns>
public static string GeneratePresignedUrl(AWSCredentials credentials, RegionEndpoint region, SynthesizeSpeechRequest request)
{
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (region == null)
{
throw new ArgumentNullException("region");
}
if (request == null)
{
throw new ArgumentNullException("request");
}
// Marshall this request and prepare it to be signed
var marshaller = new SynthesizeSpeechRequestMarshaller();
var iRequest = marshaller.Marshall(request);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(HTTPS, region.GetEndpointForService(PollyServiceName).Hostname).Uri;
iRequest.Parameters[XAmzExpires] = ((int)FifteenMinutes.TotalSeconds).ToString(CultureInfo.InvariantCulture);
if (request.IsSetLexiconNames())
{
iRequest.ParameterCollection.Add("LexiconNames", request.LexiconNames);
}
if (request.IsSetOutputFormat())
{
iRequest.Parameters["OutputFormat"] = request.OutputFormat.ToString();
}
if (request.IsSetSampleRate())
{
iRequest.Parameters["SampleRate"] = request.SampleRate.ToString();
}
if (request.IsSetText())
{
iRequest.Parameters["Text"] = request.Text;
}
if (request.IsSetTextType())
{
iRequest.Parameters["TextType"] = request.TextType.ToString();
}
if (request.IsSetVoiceId())
{
iRequest.Parameters["VoiceId"] = request.VoiceId;
}
if (request.IsSetSpeechMarkTypes())
{
iRequest.ParameterCollection.Add("SpeechMarkTypes", request.SpeechMarkTypes);
}
if (request.IsSetLanguageCode())
{
iRequest.ParameterCollection.Add("LanguageCode", request.LanguageCode);
}
var immutableCredentials = credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
// Don't use HeaderKeys.XAmzSecurityTokenHeader because Polly treats this as case-sensitive
iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
// Only the host header should be signed, and the signer adds that.
// So clear out headers.
iRequest.Headers.Clear();
// Create presigned URL and assign it
var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, null, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, PollyServiceName, region.SystemName);
var authorization = "&" + signingResult.ForQueryParameters;
return(AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization);
}
private static void SignHttp(IRequest request, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey)
{
SigningAlgorithm algorithm = SigningAlgorithm.HmacSHA256;
string nonce = Guid.NewGuid().ToString();
string date = AWSSDKUtils.FormattedCurrentTimestampRFC822;
bool isHttps = IsHttpsRequest(request);
// Temporarily disabling the AWS3 HTTPS signing scheme and only using AWS3 HTTP
isHttps = false;
request.Headers[HeaderKeys.DateHeader] = date;
request.Headers[HeaderKeys.XAmzDateHeader] = date;
// Clear out existing auth header (can be there if retry)
request.Headers.Remove(HeaderKeys.XAmzAuthorizationHeader);
// AWS3 HTTP requires that we sign the Host header
// so we have to have it in the request by the time we sign.
string hostHeader = request.Endpoint.Host;
if (!request.Endpoint.IsDefaultPort)
{
hostHeader += ":" + request.Endpoint.Port;
}
request.Headers[HeaderKeys.HostHeader] = hostHeader;
byte[] bytesToSign = null;
string stringToSign;
if (isHttps)
{
request.Headers[HeaderKeys.XAmzNonceHeader] = nonce;
stringToSign = date + nonce;
bytesToSign = Encoding.UTF8.GetBytes(stringToSign);
}
else
{
Uri url = AmazonServiceClient.ComposeUrl(request);
stringToSign = request.HttpMethod + "\n"
+ GetCanonicalizedResourcePath(url) + "\n"
+ GetCanonicalizedQueryString(request.Parameters) + "\n"
+ GetCanonicalizedHeadersForStringToSign(request) + "\n"
+ GetRequestPayload(request);
bytesToSign = CryptoUtilFactory.CryptoInstance.ComputeSHA256Hash(Encoding.UTF8.GetBytes(stringToSign));
}
metrics.AddProperty(Metric.StringToSign, stringToSign);
string signature = ComputeHash(bytesToSign, awsSecretAccessKey, algorithm);
StringBuilder builder = new StringBuilder();
builder.Append(isHttps ? HTTPS_SCHEME : HTTP_SCHEME);
builder.Append(" ");
builder.Append("AWSAccessKeyId=" + awsAccessKeyId + ",");
builder.Append("Algorithm=" + algorithm.ToString() + ",");
if (!isHttps)
{
builder.Append(GetSignedHeadersComponent(request) + ",");
}
builder.Append("Signature=" + signature);
string authorizationHeader = builder.ToString();
request.Headers[HeaderKeys.XAmzAuthorizationHeader] = authorizationHeader;
}
