protected override void PreInvoke(IExecutionContext executionContext) { var request = executionContext.RequestContext.OriginalRequest; var config = executionContext.RequestContext.ClientConfig; var copySnapshotRequest = request as CopySnapshotRequest; if (copySnapshotRequest != null) { if (string.IsNullOrEmpty(copySnapshotRequest.DestinationRegion)) { copySnapshotRequest.DestinationRegion = AWS4Signer.DetermineSigningRegion(config, "ec2", alternateEndpoint: null); } if (string.IsNullOrEmpty(copySnapshotRequest.SourceRegion)) { throw new AmazonEC2Exception("SourceRegion is required to perform the copy snapshot."); } var endpoint = RegionEndpoint.GetBySystemName(copySnapshotRequest.SourceRegion); if (endpoint == null) { throw new AmazonEC2Exception(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", copySnapshotRequest.SourceRegion)); } // Make sure the presigned URL is currently null so we don't attempt to generate // a presigned URL with a presigned URL. copySnapshotRequest.PresignedUrl = null; // Marshall this request but switch to the source region and make it a GET request. var marshaller = new CopySnapshotRequestMarshaller(); var irequest = marshaller.Marshall(copySnapshotRequest); irequest.UseQueryString = true; irequest.HttpMethod = "GET"; irequest.Parameters.Add("X-Amz-Expires", AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry.ToString(CultureInfo.InvariantCulture)); irequest.Endpoint = new Uri("https://" + endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname); // Create presigned URL. var metrics = new RequestMetrics(); var immutableCredentials = _credentials.GetCredentials(); if (immutableCredentials.UseToken) { irequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token; } var signingResult = AWS4PreSignedUrlSigner.SignRequest(irequest, config, metrics, immutableCredentials.AccessKey, immutableCredentials.SecretKey, "ec2", copySnapshotRequest.SourceRegion); var authorization = "&" + signingResult.ForQueryParameters; var url = AmazonServiceClient.ComposeUrl(irequest); copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization; } }
/// <summary> /// Converts the SDK's IRequest to the CRT's HttpRequest Object /// </summary> /// <param name="request">SDK request</param> /// <returns>CRT request</returns> public static Aws.Crt.Http.HttpRequest ConvertToCrtRequest(IRequest request) { // Remove any query params that CRT will set if (request.ParameterCollection != null && request.ParameterCollection.Count > 0) { foreach (var queryParam in request.ParameterCollection.GetSortedParametersList()) { if (CrtForbiddenQueryParams.Contains(queryParam.Key)) { request.ParameterCollection.Remove(queryParam.Key); } } } var crtRequest = new Aws.Crt.Http.HttpRequest { // Using OriginalString here because ComposeUrl -> ResolveResourcePath -> // JoinResourcePathSegments -> UrlEncode will escape some sequeneces (e.g. Ä -> %C3%84) // but initializing that as a Uri will convert it back to Ä Uri = AmazonServiceClient.ComposeUrl(request, false).OriginalString, Method = request.HttpMethod }; if (request.ContentStream != null) { if (request.ContentStream.CanSeek) { crtRequest.BodyStream = request.ContentStream; } else if (request.ContentStream is WrapperStream wrappedStream) { crtRequest.BodyStream = wrappedStream.GetSeekableBaseStream(); } else { throw new AWSCommonRuntimeException("Unable to pass an HTTP request with a non-seekable content stream to CRT."); } } else if (request.Content != null) { crtRequest.BodyStream = new MemoryStream(request.Content); } var headerList = new List <HttpHeader>(request.Headers.Count); foreach (var header in request.Headers) { // Skip CRT-calculated headers if (!CrtForbiddenHeaders.Contains(header.Key)) { headerList.Add(new HttpHeader(header.Key, header.Value)); } } crtRequest.Headers = headerList.ToArray(); return(crtRequest); }
/// <summary> /// Generate a token for IAM authentication to an RDS database. /// </summary> /// <param name="credentials">The credentials for the token.</param> /// <param name="region">The region of the RDS database.</param> /// <param name="hostname">Hostname of the RDS database.</param> /// <param name="port">Port of the RDS database.</param> /// <param name="dbUser">Database user for the token.</param> /// <returns></returns> public static string GenerateAuthToken(AWSCredentials credentials, RegionEndpoint region, string hostname, int port, string dbUser) { if (credentials == null) { throw new ArgumentNullException("credentials"); } if (region == null) { throw new ArgumentNullException("region"); } if (port < 0 || port > 65535) { throw new ArgumentException(String.Format(CultureInfo.InvariantCulture, "{0} is an invalid port. Port must be 0 to 65535.", port)); } hostname = hostname?.Trim(); if (string.IsNullOrEmpty(hostname)) { throw new ArgumentException("Hostname must not be null or empty."); } dbUser = dbUser?.Trim(); if (string.IsNullOrEmpty(dbUser)) { throw new ArgumentException("DBUser must not be null or empty."); } GenerateRDSAuthTokenRequest authTokenRequest = new GenerateRDSAuthTokenRequest(); IRequest request = new DefaultRequest(authTokenRequest, RDSServiceName); request.UseQueryString = true; request.HttpMethod = HTTPGet; request.Parameters.Add(XAmzExpires, FifteenMinutes.TotalSeconds.ToString(CultureInfo.InvariantCulture)); request.Parameters.Add(DBUserKey, dbUser); request.Parameters.Add(ActionKey, ActionValue); request.Endpoint = new UriBuilder(HTTPS, hostname, port).Uri; var immutableCredentials = credentials.GetCredentials(); if (immutableCredentials.UseToken) { request.Parameters[XAmzSecurityToken] = immutableCredentials.Token; } var signingResult = AWS4PreSignedUrlSigner.SignRequest(request, null, new RequestMetrics(), immutableCredentials.AccessKey, immutableCredentials.SecretKey, RDSServiceName, region.SystemName); var authorization = "&" + signingResult.ForQueryParameters; var url = AmazonServiceClient.ComposeUrl(request); // remove the https:// and append the authorization return(url.AbsoluteUri.Substring(HTTPS.Length + URISchemeDelimiter.Length) + authorization); }
/// <summary> /// Creates the HttpWebRequest and configures the end point, content, user agent and proxy settings. /// </summary> /// <param name="requestContext">The async request.</param> /// <returns>The web request that actually makes the call.</returns> protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext) { IRequest request = requestContext.Request; Uri url = AmazonServiceClient.ComposeUrl(request); var httpRequest = _requestFactory.CreateHttpRequest(url); httpRequest.ConfigureRequest(requestContext); httpRequest.Method = request.HttpMethod; if (request.MayContainRequestBody()) { var content = request.Content; if (request.SetContentFromParameters || (content == null && request.ContentStream == null)) { // Mapping parameters to query string or body are mutually exclusive. if (!request.UseQueryString) { string queryString = AWSSDKUtils.GetParametersAsString(request.Parameters); content = Encoding.UTF8.GetBytes(queryString); request.Content = content; request.SetContentFromParameters = true; } else { request.Content = new Byte[0]; } } if (content != null) { request.Headers[HeaderKeys.ContentLengthHeader] = content.Length.ToString(CultureInfo.InvariantCulture); } else if (request.ContentStream != null && !request.Headers.ContainsKey(HeaderKeys.ContentLengthHeader)) { request.Headers[HeaderKeys.ContentLengthHeader] = request.ContentStream.Length.ToString(CultureInfo.InvariantCulture); } } if (requestContext.Unmarshaller is JsonResponseUnmarshaller) { // Currently the signature seems to be valid without including this header in the calculation. request.Headers["Accept"] = "application/json"; } return(httpRequest); }
/// <summary> /// Creates the HttpWebRequest and configures the end point, content, user agent and proxy settings. /// </summary> /// <param name="requestContext">The async request.</param> /// <returns>The web request that actually makes the call.</returns> protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext) { IRequest request = requestContext.Request; Uri url = AmazonServiceClient.ComposeUrl(request); var httpRequest = _requestFactory.CreateHttpRequest(url); httpRequest.ConfigureRequest(requestContext); httpRequest.Method = request.HttpMethod; if (request.MayContainRequestBody()) { var content = request.Content; if (request.SetContentFromParameters || (content == null && request.ContentStream == null)) { // Mapping parameters to query string or body are mutually exclusive. if (!request.UseQueryString) { string queryString = AWSSDKUtils.GetParametersAsString(request); content = Encoding.UTF8.GetBytes(queryString); request.Content = content; request.SetContentFromParameters = true; } else { request.Content = new Byte[0]; } } if (content != null) { request.Headers[HeaderKeys.ContentLengthHeader] = content.Length.ToString(CultureInfo.InvariantCulture); } else if (request.ContentStream != null && request.ContentStream.CanSeek && !request.Headers.ContainsKey(HeaderKeys.ContentLengthHeader)) { request.Headers[HeaderKeys.ContentLengthHeader] = request.ContentStream.Length.ToString(CultureInfo.InvariantCulture); } } return(httpRequest); }
/// <summary> /// Auto-generates pre-signed URLs for requests that implement <see cref="IPreSignedUrlRequest"/>. /// if the PreSignedUrl property isn't set and the SourceRegion property is set. /// </summary> /// <param name="executionContext"></param> protected virtual void PreInvoke(IExecutionContext executionContext) { var preSignedUrlRequest = executionContext.RequestContext.OriginalRequest as IPreSignedUrlRequest; if (preSignedUrlRequest != null && preSignedUrlRequest.SourceRegion != null && preSignedUrlRequest.PreSignedUrl == null) { var config = executionContext.RequestContext.ClientConfig; var endpoint = RegionEndpoint.GetBySystemName(preSignedUrlRequest.SourceRegion); if (endpoint == null) { throw new AmazonRDSException(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", preSignedUrlRequest.SourceRegion)); } // Marshall this request and prepare it to be signed var marshaller = executionContext.RequestContext.Marshaller; var iRequest = marshaller.Marshall(preSignedUrlRequest as AmazonWebServiceRequest); iRequest.UseQueryString = true; iRequest.HttpMethod = HTTPGet; iRequest.Endpoint = new UriBuilder(UriSchemeHTTPS, endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname).Uri; iRequest.Parameters[DestinationRegionParameterKey] = executionContext.RequestContext.ClientConfig.RegionEndpoint.SystemName; // Most pre signed URLS also have an X-Amz-Expires header. But RDS just ignores it and always imposes a +/- 14 minute time limit instead. var immutableCredentials = _credentials.GetCredentials(); if (immutableCredentials.UseToken) { // Don't use HeaderKeys.XAmzSecurityTokenHeader because RDS treats this as case-sensitive iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token; } // Create presigned URL and assign it var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, config, new RequestMetrics(), immutableCredentials.AccessKey, immutableCredentials.SecretKey, RDSServiceNameForSigning, preSignedUrlRequest.SourceRegion); var authorization = "&" + signingResult.ForQueryParameters; preSignedUrlRequest.PreSignedUrl = AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization; } }
public override AmazonWebServiceResponse Unmarshall(NonHttpUnmarshallerContext input) { var request = input?.ResponseData?.OriginalRequest; if (request is null) { throw new InvalidOperationException("Unable to unmarshal non-HTTP Amazon Service Response: The original request is null."); } IDictionary <string, string>?headers = null; var signerResult = request.AWS4SignerResult; if (!(signerResult is null)) { headers = signerResult.SignedHeaders .Split(signedHeadersSeparator, StringSplitOptions.RemoveEmptyEntries) .ToDictionary( k => k, k => request.Headers[k], StringComparer.OrdinalIgnoreCase ) ; request.Parameters["X-Amz-Algorithm"] = AWS4Signer.AWS4AlgorithmTag; request.Parameters["X-Amz-Credential"] = FormattableString.Invariant( $"{signerResult.AccessKeyId}/{signerResult.Scope}"); request.Parameters["X-Amz-Date"] = signerResult.ISO8601DateTime; request.Parameters["X-Amz-SignedHeaders"] = signerResult.SignedHeaders; request.Parameters["X-Amz-Signature"] = signerResult.Signature; } return(new CreateMqttWebSocketUriResponse( AmazonServiceClient.ComposeUrl(request), headers ?? new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase) ) { HttpStatusCode = HttpStatusCode.OK }); }
protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext) { IRequest request = requestContext.Request; Uri requestUri = AmazonServiceClient.ComposeUrl(request); IHttpRequest <TRequestContent> httpRequest = _requestFactory.CreateHttpRequest(requestUri); httpRequest.ConfigureRequest(requestContext); httpRequest.Method = request.HttpMethod; if (request.MayContainRequestBody()) { byte[] array = request.Content; if (request.SetContentFromParameters || (array == null && request.ContentStream == null)) { if (!request.UseQueryString) { string parametersAsString = AWSSDKUtils.GetParametersAsString(request.Parameters); array = (request.Content = Encoding.UTF8.GetBytes(parametersAsString)); request.SetContentFromParameters = true; } else { request.Content = new byte[0]; } } if (array != null) { request.Headers["Content-Length"] = array.Length.ToString(CultureInfo.InvariantCulture); } else if (request.ContentStream != null && !request.Headers.ContainsKey("Content-Length")) { request.Headers["Content-Length"] = request.ContentStream.Length.ToString(CultureInfo.InvariantCulture); } } if (requestContext.Unmarshaller is JsonResponseUnmarshaller) { request.Headers["Accept"] = "application/json"; } return(httpRequest); }
/// <summary> /// <para> /// Auto-generates pre-signed URLs for requests that implement <see cref="IPreSignedUrlRequest"/>. /// if the PreSignedUrl property isn't set and the SourceRegion property is set. /// </para> /// </summary> /// <param name="executionContext"></param> protected virtual void PreInvoke(IExecutionContext executionContext) { var preSignedUrlRequest = executionContext.RequestContext.OriginalRequest as IPreSignedUrlRequest; if (preSignedUrlRequest != null && preSignedUrlRequest.SourceRegion != null && preSignedUrlRequest.PreSignedUrl == null) { var config = executionContext.RequestContext.ClientConfig; var endpoint = RegionEndpoint.GetBySystemName(preSignedUrlRequest.SourceRegion); if (endpoint == null) { throw new AmazonNeptuneException(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", preSignedUrlRequest.SourceRegion)); } // Marshall this request and prepare it to be signed var marshaller = executionContext.RequestContext.Marshaller; var iRequest = marshaller.Marshall(preSignedUrlRequest as AmazonWebServiceRequest); iRequest.UseQueryString = true; iRequest.HttpMethod = HTTPGet; iRequest.Endpoint = new UriBuilder(UriSchemeHTTPS, endpoint.GetEndpointForService(config).Hostname).Uri; iRequest.Parameters[DestinationRegionParameterKey] = executionContext.RequestContext.ClientConfig.RegionEndpoint.SystemName; iRequest.Parameters[XAmzExpires] = ((int)ExpirationTime.TotalSeconds).ToString(CultureInfo.InvariantCulture); var immutableCredentials = _credentials.GetCredentials(); if (immutableCredentials.UseToken) { iRequest.Parameters[XAmzSecurityToken] = immutableCredentials.Token; } // Create presigned URL and assign it var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, config, new RequestMetrics(), immutableCredentials.AccessKey, immutableCredentials.SecretKey, NeptuneServiceNameForSigning, preSignedUrlRequest.SourceRegion); var authorization = "&" + signingResult.ForQueryParameters; preSignedUrlRequest.PreSignedUrl = AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization; } }
/// <summary> /// Create a signed URL allowing access to a resource that would /// usually require authentication. /// </summary> /// <remarks> /// <para> /// When using query string authentication you create a query, /// specify an expiration time for the query, sign it with your /// signature, place the data in an HTTP request, and distribute /// the request to a user or embed the request in a web page. /// </para> /// <para> /// A PreSigned URL can be generated for GET, PUT, DELETE and HEAD /// operations on your bucketName, keys, and versions. /// </para> /// </remarks> /// <param name="request">The GetPreSignedUrlRequest that defines the /// parameters of the operation.</param> /// <param name="useSigV2Fallback">determines if signing will fall back to SigV2 if the /// signing region is us-east-1 /// <returns>A string that is the signed http request.</returns> /// <exception cref="T:System.ArgumentException" /> /// <exception cref="T:System.ArgumentNullException" /> internal string GetPreSignedURLInternal(GetPreSignedUrlRequest request, bool useSigV2Fallback = true) { if (Credentials == null) { throw new AmazonS3Exception("Credentials must be specified, cannot call method anonymously"); } if (request == null) { throw new ArgumentNullException("request", "The PreSignedUrlRequest specified is null!"); } if (!request.IsSetExpires()) { throw new InvalidOperationException("The Expires specified is null!"); } var aws4Signing = AWSConfigsS3.UseSignatureVersion4; var region = AWS4Signer.DetermineSigningRegion(Config, "s3", alternateEndpoint: null, request: null); if (aws4Signing && string.IsNullOrEmpty(region)) { throw new InvalidOperationException("To use AWS4 signing, a region must be specified in the client configuration using the AuthenticationRegion or Region properties, or be determinable from the service URL."); } RegionEndpoint endpoint = RegionEndpoint.GetBySystemName(region); if (endpoint.GetEndpointForService("s3").SignatureVersionOverride == "4" || endpoint.GetEndpointForService("s3").SignatureVersionOverride == null) { aws4Signing = true; } var fallbackToSigV2 = useSigV2Fallback && !AWSConfigsS3.UseSigV4SetExplicitly; if (endpoint == RegionEndpoint.USEast1 && fallbackToSigV2) { aws4Signing = false; } // If the expiration is longer than SigV4 will allow then automatically use SigV2 instead. // But only if the region we're signing for allows SigV2. if (aws4Signing) { var secondsUntilExpiration = GetSecondsUntilExpiration(request, aws4Signing); if (secondsUntilExpiration > AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry && endpoint.GetEndpointForService("s3").SignatureVersionOverride == "2") { aws4Signing = false; } } var immutableCredentials = Credentials.GetCredentials(); var irequest = Marshall(request, immutableCredentials.AccessKey, immutableCredentials.Token, aws4Signing); irequest.Endpoint = EndpointResolver.DetermineEndpoint(this.Config, irequest); var context = new Amazon.Runtime.Internal.ExecutionContext(new Amazon.Runtime.Internal.RequestContext(true) { Request = irequest, ClientConfig = this.Config }, null); AmazonS3PostMarshallHandler.ProcessRequestHandlers(context); var metrics = new RequestMetrics(); string authorization; if (aws4Signing) { var aws4Signer = new AWS4PreSignedUrlSigner(); var signingResult = aws4Signer.SignRequest(irequest, this.Config, metrics, immutableCredentials.AccessKey, immutableCredentials.SecretKey); authorization = "&" + signingResult.ForQueryParameters; } else { S3Signer.SignRequest(irequest, metrics, immutableCredentials.AccessKey, immutableCredentials.SecretKey); authorization = irequest.Headers[HeaderKeys.AuthorizationHeader]; authorization = authorization.Substring(authorization.IndexOf(":", StringComparison.Ordinal) + 1); authorization = "&Signature=" + AmazonS3Util.UrlEncode(authorization, false); } Uri url = AmazonServiceClient.ComposeUrl(irequest); string result = url.AbsoluteUri + authorization; Protocol protocol = DetermineProtocol(); if (request.Protocol != protocol) { switch (protocol) { case Protocol.HTTP: result = result.Replace("http://", "https://"); break; case Protocol.HTTPS: result = result.Replace("https://", "http://"); break; } } return(result); }
/// <summary> /// Custom pipeline handler /// </summary> /// <param name="executionContext"></param> protected void PreInvoke(IExecutionContext executionContext) { var request = executionContext.RequestContext.OriginalRequest; var config = executionContext.RequestContext.ClientConfig; var runInstancesRequest = request as RunInstancesRequest; if (runInstancesRequest != null) { if (runInstancesRequest.IsSetBlockDeviceMappings()) { var mappings = runInstancesRequest.BlockDeviceMappings; foreach (var mapping in mappings) { if (mapping.IsSetEbs()) { var ebs = mapping.Ebs; if (ebs.IsSetSnapshotId() && ebs.IsSetEncrypted() && ebs.Encrypted == false) { ebs.ClearEncryptedFlag(); } } } } } // replace null Tag.Value with empty string var createTagsRequest = request as CreateTagsRequest; if (createTagsRequest != null) { if (createTagsRequest.IsSetTags()) { var tags = createTagsRequest.Tags; foreach (var tag in tags) { if (tag != null && tag.Value == null) { tag.Value = string.Empty; } } } } var copySnapshotRequest = request as CopySnapshotRequest; if (copySnapshotRequest != null) { if (string.IsNullOrEmpty(copySnapshotRequest.DestinationRegion)) { copySnapshotRequest.DestinationRegion = AWS4Signer.DetermineSigningRegion(config, "ec2", alternateEndpoint: null, request: null); } if (string.IsNullOrEmpty(copySnapshotRequest.SourceRegion)) { throw new AmazonEC2Exception("SourceRegion is required to perform the copy snapshot."); } var endpoint = RegionEndpoint.GetBySystemName(copySnapshotRequest.SourceRegion); if (endpoint == null) { throw new AmazonEC2Exception(string.Format(CultureInfo.InvariantCulture, "No endpoint for region {0}.", copySnapshotRequest.SourceRegion)); } // Make sure the presigned URL is currently null so we don't attempt to generate // a presigned URL with a presigned URL. copySnapshotRequest.PresignedUrl = null; // Marshall this request but switch to the source region and make it a GET request. var marshaller = new CopySnapshotRequestMarshaller(); var irequest = marshaller.Marshall(copySnapshotRequest); irequest.UseQueryString = true; irequest.HttpMethod = "GET"; irequest.Parameters.Add("X-Amz-Expires", AWS4PreSignedUrlSigner.MaxAWS4PreSignedUrlExpiry.ToString(CultureInfo.InvariantCulture)); irequest.Endpoint = new Uri("https://" + endpoint.GetEndpointForService(config.RegionEndpointServiceName).Hostname); // Create presigned URL. var metrics = new RequestMetrics(); var immutableCredentials = _credentials.GetCredentials(); if (immutableCredentials.UseToken) { irequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token; } var signingResult = AWS4PreSignedUrlSigner.SignRequest(irequest, config, metrics, immutableCredentials.AccessKey, immutableCredentials.SecretKey, "ec2", copySnapshotRequest.SourceRegion); var authorization = "&" + signingResult.ForQueryParameters; var url = AmazonServiceClient.ComposeUrl(irequest); copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization; } var authorizeSecurityGroupEgressRequest = request as AuthorizeSecurityGroupEgressRequest; if (authorizeSecurityGroupEgressRequest != null) { if (authorizeSecurityGroupEgressRequest.IsSetIpPermissions()) { SelectModifiedIpRange(authorizeSecurityGroupEgressRequest.IpPermissions); } } var authorizeSecurityGroupIngressRequest = request as AuthorizeSecurityGroupIngressRequest; if (authorizeSecurityGroupIngressRequest != null) { if (authorizeSecurityGroupIngressRequest.IsSetIpPermissions()) { SelectModifiedIpRange(authorizeSecurityGroupIngressRequest.IpPermissions); } } var revokeSecurityGroupEgressRequest = request as RevokeSecurityGroupEgressRequest; if (revokeSecurityGroupEgressRequest != null) { if (revokeSecurityGroupEgressRequest.IsSetIpPermissions()) { SelectModifiedIpRange(revokeSecurityGroupEgressRequest.IpPermissions); } } var revokeSecurityGroupIngressRequest = request as RevokeSecurityGroupIngressRequest; if (revokeSecurityGroupIngressRequest != null) { if (revokeSecurityGroupIngressRequest.IsSetIpPermissions()) { SelectModifiedIpRange(revokeSecurityGroupIngressRequest.IpPermissions); } } var updateSecurityGroupRuleDescriptionsEgressRequest = request as UpdateSecurityGroupRuleDescriptionsEgressRequest; if (updateSecurityGroupRuleDescriptionsEgressRequest != null) { if (updateSecurityGroupRuleDescriptionsEgressRequest.IsSetIpPermissions()) { SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsEgressRequest.IpPermissions); } } var updateSecurityGroupRuleDescriptionsIngressRequest = request as UpdateSecurityGroupRuleDescriptionsIngressRequest; if (updateSecurityGroupRuleDescriptionsIngressRequest != null) { if (updateSecurityGroupRuleDescriptionsIngressRequest.IsSetIpPermissions()) { SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsIngressRequest.IpPermissions); } } }
/// <summary> /// Generate a presigned URL based on a <see cref="SynthesizeSpeechRequest"/>. /// </summary> /// <param name="credentials">The credentials to use in the presigned URL.</param> /// <param name="region">The region for the URL.</param> /// <param name="request">The request to base the presigned URL on.</param> /// <returns></returns> public static string GeneratePresignedUrl(AWSCredentials credentials, RegionEndpoint region, SynthesizeSpeechRequest request) { if (credentials == null) { throw new ArgumentNullException("credentials"); } if (region == null) { throw new ArgumentNullException("region"); } if (request == null) { throw new ArgumentNullException("request"); } // Marshall this request and prepare it to be signed var marshaller = new SynthesizeSpeechRequestMarshaller(); var iRequest = marshaller.Marshall(request); iRequest.UseQueryString = true; iRequest.HttpMethod = HTTPGet; iRequest.Endpoint = new UriBuilder(HTTPS, region.GetEndpointForService(PollyServiceName).Hostname).Uri; iRequest.Parameters[XAmzExpires] = ((int)FifteenMinutes.TotalSeconds).ToString(CultureInfo.InvariantCulture); if (request.IsSetLexiconNames()) { iRequest.ParameterCollection.Add("LexiconNames", request.LexiconNames); } if (request.IsSetOutputFormat()) { iRequest.Parameters["OutputFormat"] = request.OutputFormat.ToString(); } if (request.IsSetSampleRate()) { iRequest.Parameters["SampleRate"] = request.SampleRate.ToString(); } if (request.IsSetText()) { iRequest.Parameters["Text"] = request.Text; } if (request.IsSetTextType()) { iRequest.Parameters["TextType"] = request.TextType.ToString(); } if (request.IsSetVoiceId()) { iRequest.Parameters["VoiceId"] = request.VoiceId; } if (request.IsSetSpeechMarkTypes()) { iRequest.ParameterCollection.Add("SpeechMarkTypes", request.SpeechMarkTypes); } if (request.IsSetLanguageCode()) { iRequest.ParameterCollection.Add("LanguageCode", request.LanguageCode); } var immutableCredentials = credentials.GetCredentials(); if (immutableCredentials.UseToken) { // Don't use HeaderKeys.XAmzSecurityTokenHeader because Polly treats this as case-sensitive iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token; } // Only the host header should be signed, and the signer adds that. // So clear out headers. iRequest.Headers.Clear(); // Create presigned URL and assign it var signingResult = AWS4PreSignedUrlSigner.SignRequest(iRequest, null, new RequestMetrics(), immutableCredentials.AccessKey, immutableCredentials.SecretKey, PollyServiceName, region.SystemName); var authorization = "&" + signingResult.ForQueryParameters; return(AmazonServiceClient.ComposeUrl(iRequest).AbsoluteUri + authorization); }
private static void SignHttp(IRequest request, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey) { SigningAlgorithm algorithm = SigningAlgorithm.HmacSHA256; string nonce = Guid.NewGuid().ToString(); string date = AWSSDKUtils.FormattedCurrentTimestampRFC822; bool isHttps = IsHttpsRequest(request); // Temporarily disabling the AWS3 HTTPS signing scheme and only using AWS3 HTTP isHttps = false; request.Headers[HeaderKeys.DateHeader] = date; request.Headers[HeaderKeys.XAmzDateHeader] = date; // Clear out existing auth header (can be there if retry) request.Headers.Remove(HeaderKeys.XAmzAuthorizationHeader); // AWS3 HTTP requires that we sign the Host header // so we have to have it in the request by the time we sign. string hostHeader = request.Endpoint.Host; if (!request.Endpoint.IsDefaultPort) { hostHeader += ":" + request.Endpoint.Port; } request.Headers[HeaderKeys.HostHeader] = hostHeader; byte[] bytesToSign = null; string stringToSign; if (isHttps) { request.Headers[HeaderKeys.XAmzNonceHeader] = nonce; stringToSign = date + nonce; bytesToSign = Encoding.UTF8.GetBytes(stringToSign); } else { Uri url = AmazonServiceClient.ComposeUrl(request); stringToSign = request.HttpMethod + "\n" + GetCanonicalizedResourcePath(url) + "\n" + GetCanonicalizedQueryString(request.Parameters) + "\n" + GetCanonicalizedHeadersForStringToSign(request) + "\n" + GetRequestPayload(request); bytesToSign = CryptoUtilFactory.CryptoInstance.ComputeSHA256Hash(Encoding.UTF8.GetBytes(stringToSign)); } metrics.AddProperty(Metric.StringToSign, stringToSign); string signature = ComputeHash(bytesToSign, awsSecretAccessKey, algorithm); StringBuilder builder = new StringBuilder(); builder.Append(isHttps ? HTTPS_SCHEME : HTTP_SCHEME); builder.Append(" "); builder.Append("AWSAccessKeyId=" + awsAccessKeyId + ","); builder.Append("Algorithm=" + algorithm.ToString() + ","); if (!isHttps) { builder.Append(GetSignedHeadersComponent(request) + ","); } builder.Append("Signature=" + signature); string authorizationHeader = builder.ToString(); request.Headers[HeaderKeys.XAmzAuthorizationHeader] = authorizationHeader; }