private byte[] SigningKey(AwsDate awsDate) => Encoding.UTF8.GetBytes(AwsConstants.Signing.SecretKeyPrefix + SecretKey) .UseToSign(awsDate.DateString) .UseToSign(Region) .UseToSign(Service) .UseToSign(AwsConstants.Signing.ScopeTerminator);
public async Task <HttpRequestMessage> SignAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var awsDate = new AwsDate(); // set the host and date headers request.Headers.Host = request.RequestUri.Host; request.Headers.Add(AwsConstants.Headers.Date, awsDate.DateTimeString); // build the string to sign from the canonical request var stringToSign = StringToSign(awsDate, await request.ToHashedCanonicalRequestAsync()); // get the signing key using the date on the request var signingKey = SigningKey(awsDate); // build the signature by signing the string to sign with the signing key var signature = signingKey.UseToSign(stringToSign).HexEncode(); // set the auth headers request.Headers.Authorization = new AuthenticationHeaderValue( AwsConstants.Signing.Algorithm, $"Credential={AccessKey}/{CredentialScope(awsDate)}, SignedHeaders={request.SignedHeaders()}, Signature={signature}"); // add the session token, if any, to the headers on the request if (!string.IsNullOrWhiteSpace(SessionToken)) { request.Headers.Add(AwsConstants.Headers.SecurityToken, SessionToken); } return(request); }
private string CredentialScope(AwsDate awsDate) => $"{awsDate.DateString}/{Region}/{Service}/{AwsConstants.Signing.ScopeTerminator}";
private string StringToSign(AwsDate awsDate, string hashedRequest) => AwsConstants.Signing.Algorithm + "\n" + awsDate.DateTimeString + "\n" + CredentialScope(awsDate) + "\n" + hashedRequest;