private byte[] SigningKey(AwsDate awsDate)
 =>
 Encoding.UTF8.GetBytes(AwsConstants.Signing.SecretKeyPrefix + SecretKey)
 .UseToSign(awsDate.DateString)
 .UseToSign(Region)
 .UseToSign(Service)
 .UseToSign(AwsConstants.Signing.ScopeTerminator);
        public async Task <HttpRequestMessage> SignAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var awsDate = new AwsDate();

            // set the host and date headers
            request.Headers.Host = request.RequestUri.Host;
            request.Headers.Add(AwsConstants.Headers.Date, awsDate.DateTimeString);

            // build the string to sign from the canonical request
            var stringToSign = StringToSign(awsDate, await request.ToHashedCanonicalRequestAsync());

            // get the signing key using the date on the request
            var signingKey = SigningKey(awsDate);

            // build the signature by signing the string to sign with the signing key
            var signature = signingKey.UseToSign(stringToSign).HexEncode();

            // set the auth headers
            request.Headers.Authorization =
                new AuthenticationHeaderValue(
                    AwsConstants.Signing.Algorithm,
                    $"Credential={AccessKey}/{CredentialScope(awsDate)}, SignedHeaders={request.SignedHeaders()}, Signature={signature}");

            // add the session token, if any, to the headers on the request
            if (!string.IsNullOrWhiteSpace(SessionToken))
            {
                request.Headers.Add(AwsConstants.Headers.SecurityToken, SessionToken);
            }

            return(request);
        }
 private string CredentialScope(AwsDate awsDate)
 => $"{awsDate.DateString}/{Region}/{Service}/{AwsConstants.Signing.ScopeTerminator}";
 private string StringToSign(AwsDate awsDate, string hashedRequest)
 =>
 AwsConstants.Signing.Algorithm + "\n" +
 awsDate.DateTimeString + "\n" +
 CredentialScope(awsDate) + "\n" +
 hashedRequest;