/// <remarks>This method has a asynchronous alternative.</remarks> public static string Calculate(HttpContent?content) { // Use a hash (digest) function like SHA256 to create a hashed value from the payload // in the body of the HTTP or HTTPS request. // // If the payload is empty, use an empty string as the input to the hash function. if (content == null) { // Per performance reasons, use the pre-computed hash of an empty string from the // AWS SDK return(AWS4Signer.EmptyBodySha256); } var contentStream = content.ReadAsStream(); var hash = CryptoUtilFactory.CryptoInstance.ComputeSHA256Hash(contentStream); return(AWSSDKUtils.ToHex(hash, true)); }
public override void Sign(IRequest request, IClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey) { if (string.IsNullOrEmpty(awsAccessKeyId)) { throw new ArgumentOutOfRangeException("awsAccessKeyId", "The AWS Access Key ID cannot be NULL or a Zero length string"); } request.Parameters["AWSAccessKeyId"] = awsAccessKeyId; request.Parameters["SignatureVersion"] = clientConfig.SignatureVersion; request.Parameters["SignatureMethod"] = clientConfig.SignatureMethod.ToString(); request.Parameters["Timestamp"] = AWSSDKUtils.FormattedCurrentTimestampISO8601; request.Parameters.Remove("Signature"); string text = AWSSDKUtils.CalculateStringToSignV2(request.Parameters, request.Endpoint.AbsoluteUri); metrics.AddProperty(Metric.StringToSign, text); string value = AbstractAWSSigner.ComputeHash(text, awsSecretAccessKey, clientConfig.SignatureMethod); request.Parameters["Signature"] = value; }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } var sac = obj as SessionAWSCredentials; if (sac == null) { return(false); } return(AWSSDKUtils.AreEqual( new object[] { _lastCredentials }, new object[] { sac._lastCredentials })); }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } SSOImmutableCredentials ssoImmutableCredentials = obj as SSOImmutableCredentials; if (ssoImmutableCredentials == null) { return(false); } return(AWSSDKUtils.AreEqual( new object[] { AccessKey, SecretKey, Token, Expiration }, new object[] { ssoImmutableCredentials.AccessKey, ssoImmutableCredentials.SecretKey, ssoImmutableCredentials.Token, Expiration })); }
public async Task <CredentialsRefreshState> DetermineProcessCredentialAsync() { try { var processInfo = await AWSSDKUtils.RunProcessAsync(_processStartInfo).ConfigureAwait(false); return(SetCredentialsRefreshState(processInfo)); } catch (ProcessAWSCredentialException) { throw; } catch (Exception e) { _logger.DebugFormat("Process recorded exception - {0}", e); throw new ProcessAWSCredentialException(string.Format(CultureInfo.CurrentCulture, "AWS credential process terminated with {0}", e.GetType()), e); } }
/// <summary> /// Gets the persisted grant. /// </summary> /// <returns>The persisted grant.</returns> /// <param name="pgd">Pgd.</param> public static PersistedGrant GetPersistedGrant(this PersistedGrantDynamoDB pgd) { if (pgd == null) { return(null); } return(new PersistedGrant { Key = pgd.Key, ClientId = pgd.ClientId, SubjectId = pgd.SubjectId, Type = pgd.Type, CreationTime = AWSSDKUtils.ConvertFromUnixEpochSeconds(pgd.CreationTime), Expiration = AWSSDKUtils.ConvertFromUnixEpochSeconds(pgd.Expiration), Data = pgd.Data }); }
/// <summary> /// Gets the persisted grant dynamo db. /// </summary> /// <returns>The persisted grant dynamo db.</returns> /// <param name="pg">Pg.</param> public static PersistedGrantDynamoDB GetPersistedGrantDynamoDB(this PersistedGrant pg) { if (pg == null) { return(null); } return(new PersistedGrantDynamoDB { Key = pg.Key, ClientId = pg.ClientId, SubjectId = pg.SubjectId, Type = pg.Type, CreationTime = AWSSDKUtils.ConvertToUnixEpochSeconds(pg.CreationTime), Expiration = AWSSDKUtils.ConvertToUnixEpochSeconds(pg.Expiration.Value), Data = pg.Data }); }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } ImmutableCredentials ic = obj as ImmutableCredentials; if (ic == null) { return(false); } return(AWSSDKUtils.AreEqual( new object[] { AccessKey, SecretKey, Token }, new object[] { ic.AccessKey, ic.SecretKey, ic.Token })); }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } var bac = obj as BasicAWSCredentials; if (bac == null) { return(false); } return(AWSSDKUtils.AreEqual( new object[] { _credentials }, new object[] { bac._credentials })); }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } AssumeRoleImmutableCredentials aric = obj as AssumeRoleImmutableCredentials; if (aric == null) { return(false); } return(AWSSDKUtils.AreEqual( new object[] { AccessKey, SecretKey, Token, Expiration }, new object[] { aric.AccessKey, aric.SecretKey, aric.Token, Expiration })); }
/// <summary> /// Inspects the supplied evidence to return the signer appropriate for the operation /// </summary> /// <param name="useSigV4Setting">Global setting for the service</param> /// <param name="request">The request.</param> /// <param name="config">Configuration for the client</param> /// <returns>True if signature v4 request signing should be used</returns> protected static bool UseV4Signing(bool useSigV4Setting, IRequest request, IClientConfig config) { if (request.UseSigV4 || config.SignatureVersion == "4" || (useSigV4Setting && config.SignatureVersion != "2")) { return(true); } else { // do a cascading series of checks to try and arrive at whether we have // a recognisable region; this is required to use the AWS4 signer RegionEndpoint r = null; if (!string.IsNullOrEmpty(request.AuthenticationRegion)) { r = RegionEndpoint.GetBySystemName(request.AuthenticationRegion); } if (r == null && !string.IsNullOrEmpty(config.ServiceURL)) { var parsedRegion = AWSSDKUtils.DetermineRegion(config.ServiceURL); if (!string.IsNullOrEmpty(parsedRegion)) { r = RegionEndpoint.GetBySystemName(parsedRegion); } } if (r == null && config.RegionEndpoint != null) { r = config.RegionEndpoint; } if (r != null) { var endpoint = r.GetEndpointForService(config.RegionEndpointServiceName, config.UseDualstackEndpoint); if (endpoint != null && (endpoint.SignatureVersionOverride == "4" || string.IsNullOrEmpty(endpoint.SignatureVersionOverride))) { return(true); } } return(false); } }
/// <summary> /// Signs the specified request with the AWS2 signing protocol by using the /// AWS account credentials given in the method parameters. /// </summary> /// <param name="awsAccessKeyId">The AWS public key</param> /// <param name="awsSecretAccessKey">The AWS secret key used to sign the request in clear text</param> /// <param name="clientConfig">The configuration that specifies which hashing algorithm to use</param> /// <param name="request">The request to have the signature compute for</param> /// <param name="secureKey">The AWS secret key stored in a secure string</param> /// <param name="metrics">Request metrics</param> /// <exception cref="Amazon.Runtime.SignatureException">If any problems are encountered while signing the request</exception> public override void Sign(IRequest request, ClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey, SecureString secureKey) { if (String.IsNullOrEmpty(awsAccessKeyId)) { throw new Exception("The AWS Access Key ID cannot be NULL or a Zero length string"); } request.Parameters["AWSAccessKeyId"] = awsAccessKeyId; request.Parameters["SignatureVersion"] = clientConfig.SignatureVersion; request.Parameters["SignatureMethod"] = clientConfig.SignatureMethod.ToString(); request.Parameters["Timestamp"] = AWSSDKUtils.FormattedCurrentTimestampISO8601; string toSign = AWSSDKUtils.CalculateStringToSignV2(request.Parameters, clientConfig.DetermineServiceURL()); metrics.AddProperty(RequestMetrics.Metric.StringToSign, toSign); string auth = ComputeHash(toSign, awsSecretAccessKey, secureKey, clientConfig.SignatureMethod); request.Parameters["Signature"] = auth; }
public static Uri ComposeUrl(IRequest iRequest) { Uri endpoint = iRequest.Endpoint; string text = iRequest.ResourcePath; if (text == null) { text = string.Empty; } else if (text.StartsWith("/", StringComparison.Ordinal)) { text = text.Substring(1); } string arg = "?"; StringBuilder stringBuilder = new StringBuilder(); if (iRequest.SubResources.Count > 0) { foreach (KeyValuePair <string, string> subResource in iRequest.SubResources) { stringBuilder.AppendFormat("{0}{1}", arg, subResource.Key); if (subResource.Value != null) { stringBuilder.AppendFormat("={0}", subResource.Value); } arg = "&"; } } if (iRequest.UseQueryString && iRequest.Parameters.Count > 0) { string parametersAsString = AWSSDKUtils.GetParametersAsString(iRequest.Parameters); stringBuilder.AppendFormat("{0}{1}", arg, parametersAsString); } if (AWSSDKUtils.HasBidiControlCharacters(text)) { throw new AmazonClientException(string.Format(CultureInfo.InvariantCulture, "Target resource path [{0}] has bidirectional characters, which are not supportedby System.Uri and thus cannot be handled by the .NET SDK.", text)); } string str = AWSSDKUtils.UrlEncode(text, path: true) + stringBuilder; Uri uri = new Uri(endpoint.AbsoluteUri + str); DontUnescapePathDotsAndSlashes(uri); return(uri); }
/// <summary> /// Creates the HttpWebRequest and configures the end point, content, user agent and proxy settings. /// </summary> /// <param name="requestContext">The async request.</param> /// <returns>The web request that actually makes the call.</returns> protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext) { IRequest request = requestContext.Request; Uri url = AmazonServiceClient.ComposeUrl(request); var httpRequest = _requestFactory.CreateHttpRequest(url); httpRequest.ConfigureRequest(requestContext); httpRequest.Method = request.HttpMethod; if (request.MayContainRequestBody()) { if (request.Content == null && request.ContentStream == null) { string queryString = AWSSDKUtils.GetParametersAsString(request.Parameters); request.Content = Encoding.UTF8.GetBytes(queryString); } if (request.Content != null) { request.Headers[HeaderKeys.ContentLengthHeader] = request.Content.Length.ToString(CultureInfo.InvariantCulture); } else if (request.ContentStream != null && !request.Headers.ContainsKey(HeaderKeys.ContentLengthHeader)) { request.Headers[HeaderKeys.ContentLengthHeader] = request.ContentStream.Length.ToString(CultureInfo.InvariantCulture); } } else if (request.UseQueryString && (request.HttpMethod == "POST" || request.HttpMethod == "PUT")) { request.Content = new Byte[0]; } if (requestContext.Unmarshaller is JsonResponseUnmarshaller) { // Currently the signature seems to be valid without including this header in the calculation. request.Headers["Accept"] = "application/json"; } return(httpRequest); }
public Dictionary <string, AttributeValue> GetAttributes() { Guid guid = Guid.NewGuid(); Dictionary <string, AttributeValue> attributes = new Dictionary <string, AttributeValue>(); attributes["_id"] = new AttributeValue { S = guid.ToString() }; // Title is range-key attributes["publisher"] = new AttributeValue { S = doctor }; // Other attributes attributes["subscriber"] = new AttributeValue { S = patient }; attributes["createdBy"] = new AttributeValue { S = createdBy }; attributes["body"] = new AttributeValue { S = message }; //{ // SS = new List<string> { "Please come to the appointment for " + doctor + " at " + scheduled.ToLongDateString(), "ATT:503-809-1602" } //}; attributes["type"] = new AttributeValue { S = _type }; attributes["seq"] = new AttributeValue { N = "1" }; int epochSeconds = AWSSDKUtils.ConvertToUnixEpochSeconds(DateTime.Now.AddMinutes(0.5).ToUniversalTime()); attributes["scheduled"] = new AttributeValue { N = epochSeconds.ToString() }; return(attributes); }
public static async Task <string> CalculateAsync(HttpContent content) { // Use a hash (digest) function like SHA256 to create a hashed value from the payload // in the body of the HTTP or HTTPS request. // // If the payload is empty, use an empty string as the input to the hash function. if (content == null) { // Per performance reasons, use the pre-computed hash of an empty string from the // AWS SDK return(AWS4Signer.EmptyBodySha256); } var data = await content.ReadAsByteArrayAsync(); var hash = AWS4Signer.ComputeHash(data); return(AWSSDKUtils.ToHex(hash, true)); }
/// <summary> /// Computes and returns the canonicalized query string, if query parameters have been supplied. /// Parameters with no value will be canonicalized as 'param='. The expectation is that parameters /// have not already been url encoded prior to canonicalization. /// </summary> /// <param name="parameters">The set of parameters to be encoded in the query string</param> /// <param name="uriEncodeParameters"> /// Parameters must be uri encoded into the canonical request and by default the signer expects /// that the supplied collection contains non-encoded data. Set this to false if the encoding was /// done prior to signer entry. /// </param> /// <returns>The uri encoded query string parameters in canonical ordering</returns> protected static string CanonicalizeQueryParameters(IDictionary <string, string> parameters, bool uriEncodeParameters = true) { if (parameters == null || parameters.Count == 0) { return(string.Empty); } var canonicalQueryString = new StringBuilder(); var queryParams = new SortedDictionary <string, string>(parameters, StringComparer.Ordinal); foreach (var p in queryParams) { if (canonicalQueryString.Length > 0) { canonicalQueryString.Append("&"); } if (uriEncodeParameters) { if (string.IsNullOrEmpty(p.Value)) { canonicalQueryString.AppendFormat("{0}=", AWSSDKUtils.UrlEncode(p.Key, false)); } else { canonicalQueryString.AppendFormat("{0}={1}", AWSSDKUtils.UrlEncode(p.Key, false), AWSSDKUtils.UrlEncode(p.Value, false)); } } else { if (string.IsNullOrEmpty(p.Value)) { canonicalQueryString.AppendFormat("{0}=", p.Key); } else { canonicalQueryString.AppendFormat("{0}={1}", p.Key, p.Value); } } } return(canonicalQueryString.ToString()); }
private X509Certificate2 GetX509Certificate() { lock (certificateCache) { if (certificateCache.ContainsKey(this.SigningCertURL)) { return(certificateCache[this.SigningCertURL]); } else { for (int retries = 1; retries <= MAX_RETRIES; retries++) { try { HttpWebRequest request = HttpWebRequest.Create(this.SigningCertURL) as HttpWebRequest; using (HttpWebResponse response = request.GetResponse() as HttpWebResponse) using (var reader = new StreamReader(response.GetResponseStream())) { var content = reader.ReadToEnd().Trim(); var pemObject = new PemReader(new StringReader(content)).ReadPemObject(); X509Certificate2 certificate = new X509Certificate2(pemObject.Content); certificateCache[this.SigningCertURL] = certificate; return(certificate); } } catch (Exception e) { if (retries == MAX_RETRIES) { throw new Exception(string.Format("Unable to download signing cert after {0} retries", MAX_RETRIES), e); } else { AWSSDKUtils.Sleep((int)(Math.Pow(4, retries) * 100)); } } } } throw new Exception(string.Format("Unable to download signing cert after {0} retries", MAX_RETRIES)); } }
private byte[] GetRequestData(IRequest request) { byte[] requestData; if (request.Content == null) { string queryString = AWSSDKUtils.GetParametersAsString(request.Parameters); requestData = Encoding.UTF8.GetBytes(queryString); } else { requestData = request.Content; } if (logger.IsDebugEnabled) { this.logger.DebugFormat("Request body's content size {0}", requestData.Length); } return(requestData); }
public string ComputeContentStreamHash() { if (contentStream == null) { return(null); } if (contentStreamHash == null) { Stream stream = WrapperStream.SearchWrappedStream(contentStream, (Stream s) => s.CanSeek); if (stream != null) { long position = stream.Position; byte[] data = CryptoUtilFactory.CryptoInstance.ComputeSHA256Hash(stream); contentStreamHash = AWSSDKUtils.ToHex(data, lowercase: true); stream.Seek(position, SeekOrigin.Begin); } } return(contentStreamHash); }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } var p = obj as CredentialProfile; if (p == null) { return(false); } return(AWSSDKUtils.AreEqual( new object[] { Name, Options, Region, ProfileType, CanCreateAWSCredentials, UniqueKey }, new object[] { p.Name, p.Options, p.Region, p.ProfileType, p.CanCreateAWSCredentials, p.UniqueKey }) && AWSSDKUtils.DictionariesAreEqual(Properties, p.Properties)); }
/// <summary> /// Generate a policy document that describes custom access permissions to /// apply via a private distribution's signed URL. /// </summary> /// <param name="resourcePath"> /// An optional HTTP/S or RTMP resource path that restricts which /// distribution and S3 objects will be accessible in a signed /// URL. For standard distributions the resource URL will be /// <tt>"http://" + distributionName + "/" + path</tt> (may /// also include URL parameters. For distributions with the HTTPS /// required protocol, the resource URL must start with /// <tt>"https://"</tt>. RTMP resources do not take the form of a /// URL, and instead the resource path is nothing but the stream's /// name. The '*' and '?' characters can be used as a wildcards to /// allow multi-character or single-character matches /// respectively: /// <ul> /// <li><tt>*</tt> : All distributions/objects will be accessible</li> /// <li><tt>a1b2c3d4e5f6g7.cloudfront.net/*</tt> : All objects /// within the distribution a1b2c3d4e5f6g7 will be accessible</li> /// <li><tt>a1b2c3d4e5f6g7.cloudfront.net/path/to/object.txt</tt> /// : Only the S3 object named <tt>path/to/object.txt</tt> in the /// distribution a1b2c3d4e5f6g7 will be accessible.</li> /// </ul> /// If this parameter is null the policy will permit access to all /// distributions and S3 objects associated with the certificate /// keypair used to generate the signed URL. /// </param> /// <param name="expiresOn">The time and date when the signed URL will expire.</param> /// <param name="limitToIpAddressCIDR">An optional range of client IP addresses that will be allowed /// to access the distribution, specified as a CIDR range. If /// null, the CIDR will be <tt>0.0.0.0/0</tt> and any client will /// be permitted.</param> /// <param name="activeFrom">An optional UTC time and date when the signed URL will become /// active. A value of DateTime.MinValue (the default value of DateTime) is ignored. /// </param> /// <returns>A policy document describing the access permission to apply when /// generating a signed URL.</returns> public static string BuildPolicyForSignedUrl(string resourcePath, DateTime expiresOn, string limitToIpAddressCIDR, DateTime activeFrom) { // Reference: // http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom-policy-statement // Validate if activeFrom (time at which the URL will be active) // is less than expiresOn (time at which the URL will expire) if (activeFrom > expiresOn) { throw new AmazonClientException("The parameter activeFrom (time at which the URL will be active)" + "must be less than expiresOn (time at which the URL will expire)."); } if (resourcePath == null) { resourcePath = "*"; } string ipAddress = (string.IsNullOrEmpty(limitToIpAddressCIDR) ? "0.0.0.0/0" // No IP restriction : limitToIpAddressCIDR); string policy = "{\"Statement\": [{" + "\"Resource\":\"" + resourcePath + "\"" + ",\"Condition\":{" + "\"DateLessThan\":{\"AWS:EpochTime\":" + AWSSDKUtils.ConvertToUnixEpochSeconds(expiresOn.ToUniversalTime()) + "}" + ",\"IpAddress\":{\"AWS:SourceIp\":\"" + ipAddress + "\"}" // Ignore epochDateGreaterThan if its value is DateTime.MinValue, the default value of DateTime. + (activeFrom > DateTime.MinValue ? ",\"DateGreaterThan\":{\"AWS:EpochTime\":" + AWSSDKUtils.ConvertToUnixEpochSeconds(activeFrom.ToUniversalTime()) + "}" : string.Empty) + "}}]}"; return(policy); }
public static string DetermineSigningRegion(IClientConfig clientConfig, string serviceName, RegionEndpoint alternateEndpoint, IRequest request) { if (alternateEndpoint != null) { RegionEndpoint.Endpoint endpointForService = alternateEndpoint.GetEndpointForService(serviceName, clientConfig.UseDualstackEndpoint); if (endpointForService.AuthRegion != null) { return(endpointForService.AuthRegion); } return(alternateEndpoint.SystemName); } string authenticationRegion = clientConfig.AuthenticationRegion; if (request != null && request.AuthenticationRegion != null) { authenticationRegion = request.AuthenticationRegion; } if (!string.IsNullOrEmpty(authenticationRegion)) { return(authenticationRegion.ToLowerInvariant()); } if (!string.IsNullOrEmpty(clientConfig.ServiceURL)) { string text = AWSSDKUtils.DetermineRegion(clientConfig.ServiceURL); if (!string.IsNullOrEmpty(text)) { return(text.ToLowerInvariant()); } } RegionEndpoint regionEndpoint = clientConfig.RegionEndpoint; if (regionEndpoint != null) { RegionEndpoint.Endpoint endpointForService2 = regionEndpoint.GetEndpointForService(serviceName, clientConfig.UseDualstackEndpoint); if (!string.IsNullOrEmpty(endpointForService2.AuthRegion)) { return(endpointForService2.AuthRegion); } return(regionEndpoint.SystemName); } return(string.Empty); }
/// <summary> /// Creates the HttpWebRequest and configures the end point, content, user agent and proxy settings. /// </summary> /// <param name="requestContext">The async request.</param> /// <returns>The web request that actually makes the call.</returns> protected virtual IHttpRequest <TRequestContent> CreateWebRequest(IRequestContext requestContext) { IRequest request = requestContext.Request; Uri url = AmazonServiceClient.ComposeUrl(request); var httpRequest = _requestFactory.CreateHttpRequest(url); httpRequest.ConfigureRequest(requestContext); httpRequest.Method = request.HttpMethod; if (request.MayContainRequestBody()) { var content = request.Content; if (request.SetContentFromParameters || (content == null && request.ContentStream == null)) { // Mapping parameters to query string or body are mutually exclusive. if (!request.UseQueryString) { string queryString = AWSSDKUtils.GetParametersAsString(request); content = Encoding.UTF8.GetBytes(queryString); request.Content = content; request.SetContentFromParameters = true; } else { request.Content = new Byte[0]; } } if (content != null) { request.Headers[HeaderKeys.ContentLengthHeader] = content.Length.ToString(CultureInfo.InvariantCulture); } else if (request.ContentStream != null && request.ContentStream.CanSeek && !request.Headers.ContainsKey(HeaderKeys.ContentLengthHeader)) { request.Headers[HeaderKeys.ContentLengthHeader] = request.ContentStream.Length.ToString(CultureInfo.InvariantCulture); } } return(httpRequest); }
internal static string DetermineRegion(ClientConfig clientConfig) { if (!string.IsNullOrEmpty(clientConfig.AuthenticationRegion)) { return(clientConfig.AuthenticationRegion.ToLower(CultureInfo.InvariantCulture)); } if (!string.IsNullOrEmpty(clientConfig.ServiceURL)) { var parsedRegion = AWSSDKUtils.DetermineRegion(clientConfig.ServiceURL); if (!string.IsNullOrEmpty(parsedRegion)) { return(parsedRegion.ToLower(CultureInfo.InvariantCulture)); } } return(clientConfig.RegionEndpoint != null ? clientConfig.RegionEndpoint.SystemName : string.Empty); }
private static string BuildPolicyString(string bucketName, string prefix, int expireInMinutes) { StringBuilder builder = new StringBuilder("{", 0x200); builder.Append("\"expiration\": \""); builder.Append(AWSSDKUtils.GetFormattedTimestampISO8601(expireInMinutes)); builder.Append("\","); builder.Append("\"conditions\": ["); builder.Append("{\"bucket\": \""); builder.Append(bucketName); builder.Append("\"},"); builder.Append("{\"acl\": \""); builder.Append("ec2-bundle-read"); builder.Append("\"},"); builder.Append("[\"starts-with\", \"$key\", \""); builder.Append(prefix); builder.Append("\"]"); builder.Append("]}"); return(builder.ToString()); }
public override bool Equals(object obj) { if (object.ReferenceEquals(this, obj)) { return(true); } CacheKey ck = obj as CacheKey; if (ck == null) { return(false); } var allEqual = AWSSDKUtils.AreEqual( new object[] { this.ImmutableCredentials, this.RegionEndpoint, this.ServiceUrl, this.CacheType }, new object[] { ck.ImmutableCredentials, ck.RegionEndpoint, ck.ServiceUrl, ck.CacheType }); return(allEqual); }
/// <summary> /// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy. /// </summary> /// <param name="policy">JSON string representing the policy to sign</param> /// <param name="credentials">Credentials to sign the policy with</param> /// <param name="region">Service region endpoint.</param> /// <returns>A signed policy object for use with an S3PostUploadRequest.</returns> public static S3PostUploadSignedPolicy GetSignedPolicyV4(string policy, AWSCredentials credentials, RegionEndpoint region) { var signedAt = AWSSDKUtils.CorrectedUtcNow; ImmutableCredentials iCreds = credentials.GetCredentials(); var algorithm = "AWS4-HMAC-SHA256"; var dateStamp = Runtime.Internal.Auth.AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateFormat); var dateTimeStamp = Runtime.Internal.Auth.AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateTimeFormat); var credentialString = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}/{3}/{4}/", iCreds.AccessKey, dateStamp, region.SystemName, "s3", Runtime.Internal.Auth.AWS4Signer.Terminator); Dictionary <string, string> extraConditions = new Dictionary <string, string> { { S3Constants.PostFormDataXAmzCredential, credentialString }, { S3Constants.PostFormDataXAmzAlgorithm, algorithm }, { S3Constants.PostFormDataXAmzDate, dateTimeStamp } }; if (iCreds.UseToken) { extraConditions[S3Constants.PostFormDataSecurityToken] = iCreds.Token; } var policyBytes = addConditionsToPolicy(policy, extraConditions); var base64Policy = Convert.ToBase64String(policyBytes); var signingKey = Runtime.Internal.Auth.AWS4Signer.ComposeSigningKey(iCreds.SecretKey, region.SystemName, dateStamp, "s3"); var signature = AWSSDKUtils.ToHex(Runtime.Internal.Auth.AWS4Signer.ComputeKeyedHash(SigningAlgorithm.HmacSHA256, signingKey, base64Policy), true); return(new S3PostUploadSignedPolicy { Policy = base64Policy, Signature = signature, AccessKeyId = iCreds.AccessKey, SecurityToken = iCreds.Token, SignatureVersion = "4", Algorithm = algorithm, Date = dateTimeStamp, Credential = credentialString }); }
public static string Build( DateTime now, string regionName, string serviceName, ImmutableCredentials credentials, string signedHeaders, string credentialScope, string stringToSign) { // The following pseudocode shows the construction of the Authorization header value. // // <algorithm> Credential=<access key id>/<credential scope>, SignedHeaders=<signed headers>, Signature=<signature> // // Note the following: // // - There is no comma between the algorithm and Credential. However, the SignedHeaders // and Signature are separated from the preceding values with a comma. // - The Credential value starts with the access key id, which is followed by a forward // slash (/), which is followed by the credential scope. The secret access key is // used to derive the signing key for the signature, but is not included in the // signing information sent in the request. // // To derive your signing key, use your secret access key to create a series of hash- // based message authentication codes (HMACs). // // Note that the date used in the hashing process is in the format YYYYMMDD (for // example, 20150830), and does not include the time. var signingKey = AWS4Signer.ComposeSigningKey( credentials.SecretKey, regionName, now.ToIso8601BasicDate(), serviceName); // Calculate the signature. To do this, use the signing key that you derived and the // string to sign as inputs to the keyed hash function. After you calculate the // signature, convert the binary value to a hexadecimal representation. var hash = AWS4Signer.ComputeKeyedHash(SigningAlgorithm.HmacSHA256, signingKey, stringToSign); var signature = AWSSDKUtils.ToHex(hash, true); return($"{AWS4Signer.AWS4AlgorithmTag} Credential={credentials.AccessKey}/{credentialScope}, SignedHeaders={signedHeaders}, Signature={signature}"); }
/// <summary> /// Constructs the signed trailing headers, optionally including /// the selected checksum for this stream's data. For example: /// trailing-header-A:value CRLF /// trailing-header-B:value CRLF /// x-amz-trailer-signature:signature_value CRLF /// CRLF /// </summary> /// <returns>Stream chunk containing the trailing headers and their signature</returns> private string ConstructSignedTrailersChunk() { // If the trailing headers included a trailing checksum, set the hash value if (_hashAlgorithm != null) { _hashAlgorithm.TransformFinalBlock(new byte[0], 0, 0); _trailingHeaders[ChecksumUtils.GetChecksumHeaderKey(_trailingChecksum)] = Convert.ToBase64String(_hashAlgorithm.Hash); } string chunkSignature; if (HeaderSigningResult is AWS4SigningResult) { var sortedTrailingHeaders = AWS4Signer.SortAndPruneHeaders(_trailingHeaders); var canonicalizedTrailingHeaders = AWS4Signer.CanonicalizeHeaders(sortedTrailingHeaders); var chunkStringToSign = TRAILING_HEADER_STRING_TO_SIGN_PREFIX + "\n" + HeaderSigningResult.ISO8601DateTime + "\n" + HeaderSigningResult.Scope + "\n" + PreviousChunkSignature + "\n" + AWSSDKUtils.ToHex(AWS4Signer.ComputeHash(canonicalizedTrailingHeaders), true); chunkSignature = AWSSDKUtils.ToHex(AWS4Signer.SignBlob(((AWS4SigningResult)HeaderSigningResult).GetSigningKey(), chunkStringToSign), true); } else // SigV4a { chunkSignature = Sigv4aSigner.SignTrailingHeaderChunk(_trailingHeaders, PreviousChunkSignature, (AWS4aSigningResult)HeaderSigningResult).PadRight(V4A_SIGNATURE_LENGTH, '*'); } var chunk = new StringBuilder(); // The order here must match the order of keys sent already in the X-Amz-Trailer header. foreach (var kvp in _trailingHeaders.OrderBy(kvp => kvp.Key)) { chunk.Append($"{kvp.Key}:{kvp.Value}{STREAM_NEWLINE}"); } chunk.Append($"{TRAILING_HEADER_SIGNATURE_KEY}:{chunkSignature}{STREAM_NEWLINE}"); chunk.Append(STREAM_NEWLINE); return(chunk.ToString()); }