public SampleElasticsearchClient(string endPoint, Amazon.RegionEndpoint regionEndPoint)
{
AWSCredentials awsCredentials = FallbackCredentialsFactory.GetCredentials();
AwsHttpConnection conn = new AwsHttpConnection(regionEndPoint.SystemName,
new StaticCredentialsProvider(new AwsCredentials()
{
AccessKey = awsCredentials.GetCredentials().AccessKey,
SecretKey = awsCredentials.GetCredentials().SecretKey,
Token = awsCredentials.GetCredentials().Token
}));
var pool = new SingleNodeConnectionPool(new Uri(endPoint));
ConnectionSettings settings = new ConnectionSettings(pool, conn)
.DisableDirectStreaming()
.InferMappingFor <LogEntry>(m => m.IndexName("logs"));
//.DefaultMappingFor<LogEntry>(m => m.IndexName("logs"));
_esClient = new ElasticClient(settings);
IndexName logIndex = IndexName.From <LogEntry>();
var req = new IndexExistsRequest(logIndex);
var res = _esClient.IndexExists(req);
if (!res.Exists)
{
_esClient.CreateIndex("logs", c => c
.Mappings(md => md.Map <LogEntry>(m => m.AutoMap())));
}
}
private void SignRequest(IRequest request, RequestData requestData)
{
byte[] data = null;
if (requestData.PostData != null)
{
data = requestData.PostData.WrittenBytes;
if (data == null)
{
using (var ms = new MemoryStream())
{
requestData.PostData.Write(ms, requestData.ConnectionSettings);
data = ms.ToArray();
}
}
}
ImmutableCredentials credentials;
try
{
credentials = _credentials.GetCredentials();
}
catch (Exception e)
{
throw new Exception("Unable to retrieve credentials required to sign the request.", e);
}
if (credentials == null)
{
throw new Exception("Unable to retrieve credentials required to sign the request.");
}
SignV4Util.SignRequest(request, data, credentials, _region.SystemName, "es");
}
/// <summary>
/// Send an Signature Version 4 signed HTTP request.
/// </summary>
/// <param name="self">
/// The extension target.
/// </param>
/// <param name="request">
/// The HTTP request message to send.
/// </param>
/// <param name="completionOption">
/// One of the enumeration values that specifies when the operation should complete (as
/// soon as a response is available or after reading the response content).
/// </param>
/// <param name="cancellationToken">
/// The cancellation token to cancel operation.
/// </param>
/// <param name="regionName">
/// The system name of the AWS region associated with the endpoint, e.g. "us-east-1".
/// </param>
/// <param name="serviceName">
/// The signing name of the service, e.g. "execute-api".
/// </param>
/// <param name="credentials">
/// AWS credentials containing the following parameters:
/// - The AWS public key for the account making the service call.
/// - The AWS secret key for the account making the call, in clear text.
/// - The session token obtained from STS if request is authenticated using temporary
/// security credentials, e.g. a role.
/// </param>
/// <returns>
/// The HTTP response message.
/// </returns>
/// <exception cref="ArgumentNullException">
/// The <paramref name="request"/> is null.
/// </exception>
/// <exception cref="InvalidOperationException">
/// The request message was already sent by the <see cref="HttpClient"/> instance.
/// </exception>
/// <exception cref="HttpRequestException">
/// The request failed due to an underlying issue such as network connectivity, DNS
/// failure, or server certificate validation.
/// </exception>
/// <exception cref="TaskCanceledException">
/// The request was canceled.
/// <para/>
/// -or-
/// <para/>
/// If the <see cref="TaskCanceledException"/> exception nests the
/// <see cref="TimeoutException"/>: The request failed due to timeout.
/// </exception>
public static HttpResponseMessage Send(
this HttpClient self,
HttpRequestMessage request,
HttpCompletionOption completionOption,
CancellationToken cancellationToken,
string regionName,
string serviceName,
AWSCredentials credentials)
{
if (credentials == null)
{
throw new ArgumentNullException(nameof(credentials));
}
var immutableCredentials = credentials.GetCredentials();
var response = self.Send(
request,
completionOption,
cancellationToken,
regionName,
serviceName,
immutableCredentials);
return(response);
}
public static CredentialProfileOptions ExtractProfileOptions(AWSCredentials credentials)
{
var type = credentials.GetType();
if (type == typeof(BasicAWSCredentials) || type == typeof(SessionAWSCredentials))
{
var immutableCredentials = credentials.GetCredentials();
return(new CredentialProfileOptions
{
AccessKey = immutableCredentials.AccessKey,
SecretKey = immutableCredentials.SecretKey,
Token = immutableCredentials.Token
});
}
if (PassThroughExtractTypes.Contains(type))
{
return(null);
}
if (ThrowExtractTypes.Contains(type))
{
throw new InvalidOperationException("Cannot save credentials of type " + type.Name);
}
throw new InvalidOperationException("Unrecognized credentials type: " + type.Name);
}
protected Message MakeSetCredentialsMessage(AWSCredentials awsCredentials, bool forMetrics)
{
var immutableCredentials = awsCredentials.GetCredentials();
var creds = new Credentials
{
Akid = immutableCredentials.AccessKey,
SecretKey = immutableCredentials.SecretKey
};
if (immutableCredentials.UseToken)
{
creds.Token = immutableCredentials.Token;
}
var setCredentials = new SetCredentials
{
Credentials = creds,
ForMetrics = forMetrics
};
return(new Message
{
SetCredentials = setCredentials,
Id = ulong.MaxValue
});
}
protected override void PreInvoke(IExecutionContext executionContext)
{
var request = executionContext.RequestContext.OriginalRequest;
var config = executionContext.RequestContext.ClientConfig;
var copySnapshotRequest = request as CopySnapshotRequest;
if (copySnapshotRequest != null)
{
if (string.IsNullOrEmpty(copySnapshotRequest.DestinationRegion))
{
copySnapshotRequest.DestinationRegion = AWS4Signer.DetermineSigningRegion(config, "ec2", alternateEndpoint: null);
}
if (string.IsNullOrEmpty(copySnapshotRequest.SourceRegion))
{
throw new AmazonEC2Exception("SourceRegion is required to perform the copy snapshot.");
}
var endpoint = RegionEndpoint.GetBySystemName(copySnapshotRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonEC2Exception(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", copySnapshotRequest.SourceRegion));
}
// Make sure the presigned URL is currently null so we don't attempt to generate
// a presigned URL with a presigned URL.
copySnapshotRequest.PresignedUrl = null;
// Marshall this request but switch to the source region and make it a GET request.
var marshaller = new CopySnapshotRequestMarshaller();
var irequest = marshaller.Marshall(copySnapshotRequest);
irequest.UseQueryString = true;
irequest.HttpMethod = "GET";
irequest.Parameters.Add("X-Amz-Expires", AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry.ToString(CultureInfo.InvariantCulture));
irequest.Endpoint = new Uri("https://" + endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname);
// Create presigned URL.
var metrics = new RequestMetrics();
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
irequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(irequest,
config,
metrics,
immutableCredentials.AccessKey,
immutableCredentials.SecretKey,
"ec2",
copySnapshotRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(irequest);
copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization;
}
}
private static void AddStoredCredential(AWSCredentials creds, string profileName)
{
string niceProfile = profileName.Replace(' ', '-');
Console.WriteLine("Pushing credential " + niceProfile);
RunConfigure(string.Format("set aws_access_key_id {0} --profile {1}", creds.GetCredentials().AccessKey, niceProfile), true, false);
RunConfigure(string.Format("set aws_secret_access_key {0} --profile {1}", creds.GetCredentials().SecretKey, niceProfile), true, false);
}
public async Task <GraphQLResponse> PostSignedRequestAsync(
GraphQLRequest request,
IDictionary <string, string> headers,
CancellationToken cancellationToken)
{
GraphQLResponse graphQlResponse;
AWS4RequestSigner signer;
var credentials = awsCredentials?.GetCredentials();
signer = credentials == null
? new AWS4RequestSigner(accessKey, secretKey)
: new AWS4RequestSigner(credentials.AccessKey, credentials.SecretKey);
using (StringContent httpContent =
new StringContent(JsonConvert.SerializeObject(request, this.options.JsonSerializerSettings)))
{
httpContent.Headers.ContentType = this.options.MediaType;
using (var httpRequest = new HttpRequestMessage
{
Content = httpContent, Method = HttpMethod.Post, RequestUri = options.EndPoint
})
{
if (headers != null)
{
foreach (var header in headers)
{
httpRequest.Headers.Add(header.Key, header.Value);
}
}
if (credentials != null)
{
if (!string.IsNullOrEmpty(credentials.Token))
{
httpRequest.Headers.Add(SessionTokenHeader, credentials.Token);
}
}
else if (!string.IsNullOrEmpty(sessionToken))
{
httpRequest.Headers.Add(SessionTokenHeader, sessionToken);
}
await signer.Sign(httpRequest, serviceName, region);
using (HttpResponseMessage httpResponseMessage =
await this.httpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false))
{
graphQlResponse = await this.ReadHttpResponseMessageAsync(httpResponseMessage)
.ConfigureAwait(false);
}
}
}
return(graphQlResponse);
}
/// <summary>
/// Generate a token for IAM authentication to an RDS database.
/// </summary>
/// <param name="credentials">The credentials for the token.</param>
/// <param name="region">The region of the RDS database.</param>
/// <param name="hostname">Hostname of the RDS database.</param>
/// <param name="port">Port of the RDS database.</param>
/// <param name="dbUser">Database user for the token.</param>
/// <returns></returns>
public static string GenerateAuthToken(AWSCredentials credentials, RegionEndpoint region, string hostname, int port, string dbUser)
{
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (region == null)
{
throw new ArgumentNullException("region");
}
if (port < 0 || port > 65535)
{
throw new ArgumentException(String.Format(CultureInfo.InvariantCulture, "{0} is an invalid port. Port must be 0 to 65535.", port));
}
hostname = hostname?.Trim();
if (string.IsNullOrEmpty(hostname))
{
throw new ArgumentException("Hostname must not be null or empty.");
}
dbUser = dbUser?.Trim();
if (string.IsNullOrEmpty(dbUser))
{
throw new ArgumentException("DBUser must not be null or empty.");
}
GenerateRDSAuthTokenRequest authTokenRequest = new GenerateRDSAuthTokenRequest();
IRequest request = new DefaultRequest(authTokenRequest, RDSServiceName);
request.UseQueryString = true;
request.HttpMethod = HTTPGet;
request.Parameters.Add(XAmzExpires, FifteenMinutes.TotalSeconds.ToString(CultureInfo.InvariantCulture));
request.Parameters.Add(DBUserKey, dbUser);
request.Parameters.Add(ActionKey, ActionValue);
request.Endpoint = new UriBuilder(HTTPS, hostname, port).Uri;
var immutableCredentials = credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
request.Parameters[XAmzSecurityToken] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(request, null, new RequestMetrics(), immutableCredentials.AccessKey,
immutableCredentials.SecretKey, RDSServiceName, region.SystemName);
var authorization = "&" + signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(request);
// remove the https:// and append the authorization
return(url.AbsoluteUri.Substring(HTTPS.Length + URISchemeDelimiter.Length) + authorization);
}
public static void AssertClientHasCredentials(AmazonServiceClient client, AWSCredentials credentials)
{
var prop = client.GetType().GetProperty("Credentials", BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.FlattenHierarchy);
var actualCredentials = ((AWSCredentials)prop.GetValue(client)).GetCredentials();
var givenCredentials = credentials.GetCredentials();
if (actualCredentials?.AccessKey != givenCredentials.AccessKey ||
actualCredentials?.SecretKey != givenCredentials.SecretKey ||
actualCredentials?.Token != givenCredentials.Token)
{
throw new Exception("Credentials do not match");
}
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <returns></returns>
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
var policyBytes = Encoding.UTF8.GetBytes(policy.Trim().Replace("\r", "").Replace("\n", ""));
var base64Policy = Convert.ToBase64String(policyBytes);
string signature = null;
if (credentials.GetCredentials().UseSecureStringForSecretKey)
{
signature = AWSSDKUtils.HMACSign(Encoding.UTF8.GetBytes(base64Policy), credentials.GetCredentials().SecureSecretKey, new HMACSHA1());
}
else
{
signature = AWSSDKUtils.HMACSign(Encoding.UTF8.GetBytes(base64Policy), credentials.GetCredentials().ClearSecretKey, new HMACSHA1());
}
return(new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = credentials.GetCredentials().AccessKey
});
}
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
ImmutableCredentials credentials2 = credentials.GetCredentials();
string text = Convert.ToBase64String(credentials2.get_UseToken() ? addTokenToPolicy(policy, credentials2.get_Token()) : Encoding.UTF8.GetBytes(policy.Trim()));
string signature = CryptoUtilFactory.get_CryptoInstance().HMACSign(Encoding.UTF8.GetBytes(text), credentials2.get_SecretKey(), 0);
return(new S3PostUploadSignedPolicy
{
Policy = text,
Signature = signature,
AccessKeyId = credentials2.get_AccessKey(),
SecurityToken = credentials2.get_Token(),
SignatureVersion = "2"
});
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <returns></returns>
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
var policyBytes = Encoding.UTF8.GetBytes(policy.Trim());
var base64Policy = Convert.ToBase64String(policyBytes);
string signature = null;
signature = CryptoUtilFactory.CryptoInstance.HMACSign(Encoding.UTF8.GetBytes(base64Policy), credentials.GetCredentials().SecretKey, SigningAlgorithm.HmacSHA1);
return(new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = credentials.GetCredentials().AccessKey
});
}
public static async Task SignRequestAsync(this HttpRequestMessage httpRequestMessage, string region, string service, AWSCredentials credentials)
{
var creds = credentials.GetCredentials();
var canonicalizedQueryParameters = string.Empty;
if (!string.IsNullOrEmpty(httpRequestMessage.RequestUri.Query))
{
canonicalizedQueryParameters = signer.CanonicalizeQueryParameters(httpRequestMessage.RequestUri.Query.TrimStart('?'));
}
DateTime requestDateTimeInUTC = AWSSDKUtils.CorrectedUtcNow;
var dictionary = new Dictionary <string, string>
{
{ "host", httpRequestMessage.RequestUri.Host },
{ "x-amz-date", requestDateTimeInUTC.ToString("yyyyMMddTHHmmssZ") }
};
var requestBody = await httpRequestMessage.Content.ReadAsStringAsync();
if (!string.IsNullOrEmpty(requestBody))
{
httpRequestMessage.Content = new StringContent(requestBody, Encoding.UTF8, "application/json");
}
var uri = httpRequestMessage.RequestUri;
string canonicalServiceUri = uri.LocalPath;
string requestMethod = httpRequestMessage.Method.Method.ToUpper();
var aWSSigV4AuthorizationValue = signer.GetAWSSigV4AuthorizationValue(dictionary,
canonicalizedQueryParameters,
canonicalServiceUri,
region,
service,
creds,
requestMethod,
requestBody,
requestDateTimeInUTC);
httpRequestMessage.Headers.TryAddWithoutValidation("Authorization", aWSSigV4AuthorizationValue);
httpRequestMessage.Headers.TryAddWithoutValidation("x-amz-date", requestDateTimeInUTC.ToString("yyyyMMddTHHmmssZ"));
if (creds.UseToken)
{
httpRequestMessage.Headers.TryAddWithoutValidation("x-amz-security-token", creds.Token);
}
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <returns>A signed policy object for use with an S3PostUploadRequest.</returns>
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
ImmutableCredentials iCreds = credentials.GetCredentials();
var policyBytes = iCreds.UseToken
? addTokenToPolicy(policy, iCreds.Token)
: Encoding.UTF8.GetBytes(policy.Trim());
var base64Policy = Convert.ToBase64String(policyBytes);
string signature = CryptoUtilFactory.CryptoInstance.HMACSign(Encoding.UTF8.GetBytes(base64Policy), iCreds.SecretKey, SigningAlgorithm.HmacSHA1);
return(new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = iCreds.AccessKey,
SecurityToken = iCreds.Token
});
}
public static S3PostUploadSignedPolicy GetSignedPolicyV4(string policy, AWSCredentials credentials, RegionEndpoint region)
{
DateTime correctedUtcNow = AWSSDKUtils.get_CorrectedUtcNow();
ImmutableCredentials credentials2 = credentials.GetCredentials();
string text = "AWS4-HMAC-SHA256";
string text2 = AWS4Signer.FormatDateTime(correctedUtcNow, "yyyyMMdd");
string text3 = AWS4Signer.FormatDateTime(correctedUtcNow, "yyyyMMddTHHmmssZ");
string text4 = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}/{3}/{4}/", credentials2.get_AccessKey(), text2, region.get_SystemName(), "s3", "aws4_request");
Dictionary <string, string> dictionary = new Dictionary <string, string>
{
{
S3Constants.PostFormDataXAmzCredential,
text4
},
{
S3Constants.PostFormDataXAmzAlgorithm,
text
},
{
S3Constants.PostFormDataXAmzDate,
text3
}
};
if (credentials2.get_UseToken())
{
dictionary[S3Constants.PostFormDataSecurityToken] = credentials2.get_Token();
}
string text5 = Convert.ToBase64String(addConditionsToPolicy(policy, dictionary));
byte[] array = AWS4Signer.ComposeSigningKey(credentials2.get_SecretKey(), region.get_SystemName(), text2, "s3");
string signature = AWSSDKUtils.ToHex(AWS4Signer.ComputeKeyedHash(1, array, text5), true);
return(new S3PostUploadSignedPolicy
{
Policy = text5,
Signature = signature,
AccessKeyId = credentials2.get_AccessKey(),
SecurityToken = credentials2.get_Token(),
SignatureVersion = "4",
Algorithm = text,
Date = text3,
Credential = text4
});
}
/// <summary>
/// Retrieves the credentials to be used for the current call before
/// invoking the next handler.
/// </summary>
/// <param name="executionContext"></param>
protected override void PreInvoke(IExecutionContext executionContext)
{
ImmutableCredentials ic = null;
if (_credentials == null || _credentials is AnonymousAWSCredentials)
{
ic = null;
}
else
{
using (executionContext.RequestContext.Metrics.StartEvent(Metric.CredentialsRequestTime))
{
ic = _credentials.GetCredentials();
}
}
executionContext.RequestContext.ImmutableCredentials = ic;
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <param name="region">Service region endpoint.</param>
/// <returns>A signed policy object for use with an S3PostUploadRequest.</returns>
public static S3PostUploadSignedPolicy GetSignedPolicyV4(string policy, AWSCredentials credentials, RegionEndpoint region)
{
var signedAt = AWSSDKUtils.CorrectedUtcNow;
ImmutableCredentials iCreds = credentials.GetCredentials();
var algorithm = "AWS4-HMAC-SHA256";
var dateStamp = Runtime.Internal.Auth.AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateFormat);
var dateTimeStamp = Runtime.Internal.Auth.AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateTimeFormat);
var credentialString = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}/{3}/{4}/", iCreds.AccessKey, dateStamp, region.SystemName, "s3", Runtime.Internal.Auth.AWS4Signer.Terminator);
Dictionary <string, string> extraConditions = new Dictionary <string, string> {
{ S3Constants.PostFormDataXAmzCredential, credentialString },
{ S3Constants.PostFormDataXAmzAlgorithm, algorithm },
{ S3Constants.PostFormDataXAmzDate, dateTimeStamp }
};
if (iCreds.UseToken)
{
extraConditions[S3Constants.PostFormDataSecurityToken] = iCreds.Token;
}
var policyBytes = addConditionsToPolicy(policy, extraConditions);
var base64Policy = Convert.ToBase64String(policyBytes);
var signingKey = Runtime.Internal.Auth.AWS4Signer.ComposeSigningKey(iCreds.SecretKey, region.SystemName, dateStamp, "s3");
var signature = AWSSDKUtils.ToHex(Runtime.Internal.Auth.AWS4Signer.ComputeKeyedHash(SigningAlgorithm.HmacSHA256, signingKey, base64Policy), true);
return(new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = iCreds.AccessKey,
SecurityToken = iCreds.Token,
SignatureVersion = "4",
Algorithm = algorithm,
Date = dateTimeStamp,
Credential = credentialString
});
}
/// <summary>
/// Auto-generates pre-signed URLs for requests that implement <see cref="IPreSignedUrlRequest"/>.
/// if the PreSignedUrl property isn't set and the SourceRegion property is set.
/// </summary>
/// <param name="executionContext"></param>
protected virtual void PreInvoke(IExecutionContext executionContext)
{
var preSignedUrlRequest = executionContext.RequestContext.OriginalRequest as IPreSignedUrlRequest;
if (preSignedUrlRequest != null && preSignedUrlRequest.SourceRegion != null && preSignedUrlRequest.PreSignedUrl == null)
{
var config = executionContext.RequestContext.ClientConfig;
var endpoint = RegionEndpoint.GetBySystemName(preSignedUrlRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonRDSException(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", preSignedUrlRequest.SourceRegion));
}
// Marshall this request and prepare it to be signed
var marshaller = executionContext.RequestContext.Marshaller;
var iRequest = marshaller.Marshall(preSignedUrlRequest as AmazonWebServiceRequest);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(UriSchemeHTTPS, endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname).Uri;
iRequest.Parameters[DestinationRegionParameterKey] = executionContext.RequestContext.ClientConfig.RegionEndpoint.SystemName;
// Most pre signed URLS also have an X-Amz-Expires header. But RDS just ignores it and always imposes a +/- 14 minute time limit instead.
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
// Don't use HeaderKeys.XAmzSecurityTokenHeader because RDS treats this as case-sensitive
iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
// Create presigned URL and assign it
var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, config, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, RDSServiceNameForSigning, preSignedUrlRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
preSignedUrlRequest.PreSignedUrl = AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization;
}
}
/// <summary>
/// <para>
/// Auto-generates pre-signed URLs for requests that implement <see cref="IPreSignedUrlRequest"/>.
/// if the PreSignedUrl property isn't set and the SourceRegion property is set.
/// </para>
/// </summary>
/// <param name="executionContext"></param>
protected virtual void PreInvoke(IExecutionContext executionContext)
{
var preSignedUrlRequest = executionContext.RequestContext.OriginalRequest as IPreSignedUrlRequest;
if (preSignedUrlRequest != null && preSignedUrlRequest.SourceRegion != null && preSignedUrlRequest.PreSignedUrl == null)
{
var config = executionContext.RequestContext.ClientConfig;
var endpoint = RegionEndpoint.GetBySystemName(preSignedUrlRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonNeptuneException(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", preSignedUrlRequest.SourceRegion));
}
// Marshall this request and prepare it to be signed
var marshaller = executionContext.RequestContext.Marshaller;
var iRequest = marshaller.Marshall(preSignedUrlRequest as AmazonWebServiceRequest);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(UriSchemeHTTPS, endpoint.GetEndpointForService(config).Hostname).Uri;
iRequest.Parameters[DestinationRegionParameterKey] = executionContext.RequestContext.ClientConfig.RegionEndpoint.SystemName;
iRequest.Parameters[XAmzExpires] = ((int)ExpirationTime.TotalSeconds).ToString(CultureInfo.InvariantCulture);
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
iRequest.Parameters[XAmzSecurityToken] = immutableCredentials.Token;
}
// Create presigned URL and assign it
var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, config, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, NeptuneServiceNameForSigning, preSignedUrlRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
preSignedUrlRequest.PreSignedUrl = AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization;
}
}
private bool tryGetLocalDBContext(out IDynamoDBContext context)
{
var profileStore = new CredentialProfileStoreChain();
AWSCredentials awsCredentials = null;
if (profileStore.TryGetAWSCredentials(_profileName, out awsCredentials))
{
var credentials = awsCredentials.GetCredentials();
context = getDBClientOnLocal(credentials.AccessKey, credentials.SecretKey);
return(true);
}
else if (File.Exists(_localCredsUri + _localCredsFilename))
{
ICollection <string> keys = new List <string>();
using (StreamReader stream = File.OpenText(_localCredsUri + _localCredsFilename))
{
keys.Add(stream.ReadLine());
keys.Add(stream.ReadLine());
context = getDBClientOnLocal(keys.ElementAt <string>(0), keys.ElementAt <string>(1));
if (context != null)
{
return(true);
}
else
{
return(false);
}
}
}
else
{
context = null;
return(false);
}
}
public EC2(AWSCredentials awsCredentials, string accountId, RegionEndpoint regionEndpoint) : this(awsCredentials.GetCredentials().AccessKey, awsCredentials.GetCredentials().SecretKey, accountId, regionEndpoint.SystemName)
{
}
/// <summary>
/// Custom pipeline handler
/// </summary>
/// <param name="executionContext"></param>
protected void PreInvoke(IExecutionContext executionContext)
{
var request = executionContext.RequestContext.OriginalRequest;
var config = executionContext.RequestContext.ClientConfig;
var runInstancesRequest = request as RunInstancesRequest;
if (runInstancesRequest != null)
{
if (runInstancesRequest.IsSetBlockDeviceMappings())
{
var mappings = runInstancesRequest.BlockDeviceMappings;
foreach (var mapping in mappings)
{
if (mapping.IsSetEbs())
{
var ebs = mapping.Ebs;
if (ebs.IsSetSnapshotId() &&
ebs.IsSetEncrypted() &&
ebs.Encrypted == false)
{
ebs.ClearEncryptedFlag();
}
}
}
}
}
// replace null Tag.Value with empty string
var createTagsRequest = request as CreateTagsRequest;
if (createTagsRequest != null)
{
if (createTagsRequest.IsSetTags())
{
var tags = createTagsRequest.Tags;
foreach (var tag in tags)
{
if (tag != null && tag.Value == null)
{
tag.Value = string.Empty;
}
}
}
}
var copySnapshotRequest = request as CopySnapshotRequest;
if (copySnapshotRequest != null)
{
if (string.IsNullOrEmpty(copySnapshotRequest.DestinationRegion))
{
copySnapshotRequest.DestinationRegion = AWS4Signer.DetermineSigningRegion(config, "ec2", alternateEndpoint: null, request: null);
}
if (string.IsNullOrEmpty(copySnapshotRequest.SourceRegion))
{
throw new AmazonEC2Exception("SourceRegion is required to perform the copy snapshot.");
}
var endpoint = RegionEndpoint.GetBySystemName(copySnapshotRequest.SourceRegion);
if (endpoint == null)
{
throw new AmazonEC2Exception(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", copySnapshotRequest.SourceRegion));
}
// Make sure the presigned URL is currently null so we don't attempt to generate
// a presigned URL with a presigned URL.
copySnapshotRequest.PresignedUrl = null;
// Marshall this request but switch to the source region and make it a GET request.
var marshaller = new CopySnapshotRequestMarshaller();
var irequest = marshaller.Marshall(copySnapshotRequest);
irequest.UseQueryString = true;
irequest.HttpMethod = "GET";
irequest.Parameters.Add("X-Amz-Expires", AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry.ToString(CultureInfo.InvariantCulture));
irequest.Endpoint = new Uri("https://" + endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname);
// Create presigned URL.
var metrics = new RequestMetrics();
var immutableCredentials = _credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
irequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
var signingResult = AWS4PreSignedUrlSigner.SignRequest(irequest,
config,
metrics,
immutableCredentials.AccessKey,
immutableCredentials.SecretKey,
"ec2",
copySnapshotRequest.SourceRegion);
var authorization = "&" + signingResult.ForQueryParameters;
var url = AmazonServiceClient.ComposeUrl(irequest);
copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization;
}
var authorizeSecurityGroupEgressRequest = request as AuthorizeSecurityGroupEgressRequest;
if (authorizeSecurityGroupEgressRequest != null)
{
if (authorizeSecurityGroupEgressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(authorizeSecurityGroupEgressRequest.IpPermissions);
}
}
var authorizeSecurityGroupIngressRequest = request as AuthorizeSecurityGroupIngressRequest;
if (authorizeSecurityGroupIngressRequest != null)
{
if (authorizeSecurityGroupIngressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(authorizeSecurityGroupIngressRequest.IpPermissions);
}
}
var revokeSecurityGroupEgressRequest = request as RevokeSecurityGroupEgressRequest;
if (revokeSecurityGroupEgressRequest != null)
{
if (revokeSecurityGroupEgressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(revokeSecurityGroupEgressRequest.IpPermissions);
}
}
var revokeSecurityGroupIngressRequest = request as RevokeSecurityGroupIngressRequest;
if (revokeSecurityGroupIngressRequest != null)
{
if (revokeSecurityGroupIngressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(revokeSecurityGroupIngressRequest.IpPermissions);
}
}
var updateSecurityGroupRuleDescriptionsEgressRequest = request as UpdateSecurityGroupRuleDescriptionsEgressRequest;
if (updateSecurityGroupRuleDescriptionsEgressRequest != null)
{
if (updateSecurityGroupRuleDescriptionsEgressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsEgressRequest.IpPermissions);
}
}
var updateSecurityGroupRuleDescriptionsIngressRequest = request as UpdateSecurityGroupRuleDescriptionsIngressRequest;
if (updateSecurityGroupRuleDescriptionsIngressRequest != null)
{
if (updateSecurityGroupRuleDescriptionsIngressRequest.IsSetIpPermissions())
{
SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsIngressRequest.IpPermissions);
}
}
}
/// <summary>
/// Generate a presigned URL based on a <see cref="SynthesizeSpeechRequest"/>.
/// </summary>
/// <param name="credentials">The credentials to use in the presigned URL.</param>
/// <param name="region">The region for the URL.</param>
/// <param name="request">The request to base the presigned URL on.</param>
/// <returns></returns>
public static string GeneratePresignedUrl(AWSCredentials credentials, RegionEndpoint region, SynthesizeSpeechRequest request)
{
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (region == null)
{
throw new ArgumentNullException("region");
}
if (request == null)
{
throw new ArgumentNullException("request");
}
// Marshall this request and prepare it to be signed
var marshaller = new SynthesizeSpeechRequestMarshaller();
var iRequest = marshaller.Marshall(request);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(HTTPS, region.GetEndpointForService(PollyServiceName).Hostname).Uri;
iRequest.Parameters[XAmzExpires] = ((int)FifteenMinutes.TotalSeconds).ToString(CultureInfo.InvariantCulture);
if (request.IsSetLexiconNames())
{
iRequest.ParameterCollection.Add("LexiconNames", request.LexiconNames);
}
if (request.IsSetOutputFormat())
{
iRequest.Parameters["OutputFormat"] = request.OutputFormat.ToString();
}
if (request.IsSetSampleRate())
{
iRequest.Parameters["SampleRate"] = request.SampleRate.ToString();
}
if (request.IsSetText())
{
iRequest.Parameters["Text"] = request.Text;
}
if (request.IsSetTextType())
{
iRequest.Parameters["TextType"] = request.TextType.ToString();
}
if (request.IsSetVoiceId())
{
iRequest.Parameters["VoiceId"] = request.VoiceId;
}
if (request.IsSetSpeechMarkTypes())
{
iRequest.ParameterCollection.Add("SpeechMarkTypes", request.SpeechMarkTypes);
}
if (request.IsSetLanguageCode())
{
iRequest.ParameterCollection.Add("LanguageCode", request.LanguageCode);
}
var immutableCredentials = credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
// Don't use HeaderKeys.XAmzSecurityTokenHeader because Polly treats this as case-sensitive
iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
// Only the host header should be signed, and the signer adds that.
// So clear out headers.
iRequest.Headers.Clear();
// Create presigned URL and assign it
var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, null, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, PollyServiceName, region.SystemName);
var authorization = "&" + signingResult.ForQueryParameters;
return(AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization);
}
private AmazonSQSClient(AWSCredentials credentials, AmazonSQSConfig config)
{
this.config = config;
this.awsAccessKeyId = credentials.GetCredentials().AccessKey;
this.clearAwsSecretAccessKey = credentials.GetCredentials().SecretKey;
}
public void Upload(Stream objectToUpload, int iteration)
{
try
{
PutS3ObjectSample.Run("v3/" + iteration + ".png", objectToUpload, _region, _bucketName, _credentials.GetCredentials().AccessKey, _credentials.GetCredentials().SecretKey);
}
catch (Exception exception)
{
Console.WriteLine(exception);
}
}
private static void SetDefaultCredential(AWSCredentials creds)
{
RunConfigure(string.Format("set aws_access_key_id {0}", creds.GetCredentials().AccessKey), true, false);
RunConfigure(string.Format("set aws_secret_access_key {0}", creds.GetCredentials().SecretKey), true, false);
}