public (string Signature, string Policy) GetSignature(JToken stringToSign)
{
var date = DateTime.UtcNow.ToString("yyyyMMdd");
var key = AWS4Signer.ComposeSigningKey(this._awsSecretAccessKey, this._region, date, "s3");
var policy = Convert.ToBase64String(Encoding.UTF8.GetBytes(stringToSign.ToString()));
var signatureHash = AWS4Signer.ComputeKeyedHash(SigningAlgorithm.HmacSHA256, key, policy);
var signature = AWSSDKUtils.ToHex(signatureHash, true);
return(signature, policy);
}
public static S3PostUploadSignedPolicy GetSignedPolicyV4(string policy, AWSCredentials credentials, RegionEndpoint region)
{
DateTime correctedUtcNow = AWSSDKUtils.get_CorrectedUtcNow();
ImmutableCredentials credentials2 = credentials.GetCredentials();
string text = "AWS4-HMAC-SHA256";
string text2 = AWS4Signer.FormatDateTime(correctedUtcNow, "yyyyMMdd");
string text3 = AWS4Signer.FormatDateTime(correctedUtcNow, "yyyyMMddTHHmmssZ");
string text4 = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}/{3}/{4}/", credentials2.get_AccessKey(), text2, region.get_SystemName(), "s3", "aws4_request");
Dictionary <string, string> dictionary = new Dictionary <string, string>
{
{
S3Constants.PostFormDataXAmzCredential,
text4
},
{
S3Constants.PostFormDataXAmzAlgorithm,
text
},
{
S3Constants.PostFormDataXAmzDate,
text3
}
};
if (credentials2.get_UseToken())
{
dictionary[S3Constants.PostFormDataSecurityToken] = credentials2.get_Token();
}
string text5 = Convert.ToBase64String(addConditionsToPolicy(policy, dictionary));
byte[] array = AWS4Signer.ComposeSigningKey(credentials2.get_SecretKey(), region.get_SystemName(), text2, "s3");
string signature = AWSSDKUtils.ToHex(AWS4Signer.ComputeKeyedHash(1, array, text5), true);
return(new S3PostUploadSignedPolicy
{
Policy = text5,
Signature = signature,
AccessKeyId = credentials2.get_AccessKey(),
SecurityToken = credentials2.get_Token(),
SignatureVersion = "4",
Algorithm = text,
Date = text3,
Credential = text4
});
}
public static string Build(
DateTime now,
string regionName,
string serviceName,
ImmutableCredentials credentials,
string signedHeaders,
string credentialScope,
string stringToSign)
{
// The following pseudocode shows the construction of the Authorization header value.
//
// <algorithm> Credential=<access key id>/<credential scope>, SignedHeaders=<signed headers>, Signature=<signature>
//
// Note the following:
//
// - There is no comma between the algorithm and Credential. However, the SignedHeaders
// and Signature are separated from the preceding values with a comma.
// - The Credential value starts with the access key id, which is followed by a forward
// slash (/), which is followed by the credential scope. The secret access key is
// used to derive the signing key for the signature, but is not included in the
// signing information sent in the request.
//
// To derive your signing key, use your secret access key to create a series of hash-
// based message authentication codes (HMACs).
//
// Note that the date used in the hashing process is in the format YYYYMMDD (for
// example, 20150830), and does not include the time.
var signingKey = AWS4Signer.ComposeSigningKey(
credentials.SecretKey,
regionName,
now.ToIso8601BasicDate(),
serviceName);
// Calculate the signature. To do this, use the signing key that you derived and the
// string to sign as inputs to the keyed hash function. After you calculate the
// signature, convert the binary value to a hexadecimal representation.
var hash = AWS4Signer.ComputeKeyedHash(SigningAlgorithm.HmacSHA256, signingKey, stringToSign);
var signature = AWSSDKUtils.ToHex(hash, true);
return($"{AWS4Signer.AWS4AlgorithmTag} Credential={credentials.AccessKey}/{credentialScope}, SignedHeaders={signedHeaders}, Signature={signature}");
}