public string SignRequest <TReq>(TReq request, TimeSpan expiresIn) where TReq : IRequest
{
request.Timestamp = DateTimeOffset.UtcNow;
request.RequestId = Guid.NewGuid();
_logger.LogTrace("Handling {RequestType} with request id {RequestId}", typeof(TReq).Name, request.RequestId);
S3Config config = _options.Value;
_marshaller.MarshalRequest(request, config);
_validator.ValidateAndThrow(request);
StringBuilder sb = StringBuilderPool.Shared.Rent(200);
RequestHelper.AppendScheme(sb, config);
int schemeLength = sb.Length;
RequestHelper.AppendHost(sb, config, request);
request.SetHeader(HttpHeaders.Host, sb.ToString(schemeLength, sb.Length - schemeLength));
string scope = _scopeBuilder.CreateScope("s3", request.Timestamp);
request.SetQueryParameter(AmzParameters.XAmzAlgorithm, SigningConstants.AlgorithmTag);
request.SetQueryParameter(AmzParameters.XAmzCredential, _options.Value.Credentials.KeyId + '/' + scope);
request.SetQueryParameter(AmzParameters.XAmzDate, request.Timestamp.ToString(DateTimeFormats.Iso8601DateTime, DateTimeFormatInfo.InvariantInfo));
request.SetQueryParameter(AmzParameters.XAmzExpires, expiresIn.TotalSeconds.ToString(NumberFormatInfo.InvariantInfo));
request.SetQueryParameter(AmzParameters.XAmzSignedHeaders, string.Join(";", SigningConstants.FilterHeaders(request.Headers).Select(x => x.Key)));
//Copy all headers to query parameters
foreach (KeyValuePair <string, string> header in request.Headers)
{
if (header.Key == HttpHeaders.Host)
{
continue;
}
request.SetQueryParameter(header.Key, header.Value);
}
_authBuilder.BuildAuthorization(request);
//Clear sensitive material from the request
if (request is IContainSensitiveMaterial sensitive)
{
sensitive.ClearSensitiveMaterial();
}
RequestHelper.AppendUrl(sb, config, request);
RequestHelper.AppendQueryParameters(sb, request);
string url = sb.ToString();
StringBuilderPool.Shared.Return(sb);
return(url);
}
public byte[] CreateChunkSignature(IRequest request, byte[] previousSignature, byte[] content, int offset, int length)
{
Validator.RequireNotNull(request, nameof(request));
_logger.LogTrace("Creating chunk signature for {RequestId}", request.RequestId);
string stringToSign = CreateStringToSign(request.Timestamp, _scopeBuilder.CreateScope("s3", request.Timestamp), previousSignature, content, offset, length);
byte[] signature = CreateSignature(request.Timestamp, stringToSign);
_logger.LogDebug("Chunk signature: {signature}", signature);
return(signature);
}
public byte[] CreateChunkSignature(IRequest request, byte[] previousSignature, byte[] content, int contentLength)
{
Validator.RequireNotNull(request);
_logger.LogTrace("Creating chunk signature {Resource}", request.Resource);
string stringToSign = CreateStringToSign(request.Date, _scopeBuilder.CreateScope("s3", request.Date), previousSignature, content, contentLength);
byte[] signature = CreateSignature(request.Date, stringToSign);
_logger.LogDebug("Chunk signature: {signature}", signature);
return(signature);
}
public byte[] CreateSignature(IRequest request)
{
Validator.RequireNotNull(request);
_logger.LogTrace("Creating signature for {Resource}", request.Resource);
string canonicalRequest = CreateCanonicalRequest(request.Method, request.Resource, request.Headers, request.QueryParameters, request.Headers[AmzHeaders.XAmzContentSha256]);
string stringToSign = CreateStringToSign(request.Date, _scopeBuilder.CreateScope("s3", request.Date), canonicalRequest);
byte[] signature = CreateSignature(request.Date, stringToSign);
_logger.LogDebug("Signature: {signature}", signature);
return(signature);
}
public byte[] CreateSignature(IRequest request)
{
Validator.RequireNotNull(request, nameof(request));
_logger.LogTrace("Creating signature for {RequestId}", request.RequestId);
string bucketName = null;
if (request is IHasBucketName bn)
{
bucketName = bn.BucketName;
}
string objectKey = null;
if (request is IHasObjectKey ok)
{
objectKey = ok.ObjectKey;
}
//Ensure that the object key is encoded
string encodedResource = objectKey != null?UrlHelper.UrlPathEncode(objectKey) : null;
if (_options.Value.Endpoint == null || _options.Value.NamingMode == NamingMode.PathStyle)
{
if (bucketName != null)
{
objectKey = bucketName + '/' + encodedResource;
}
else
{
objectKey = encodedResource;
}
}
else
{
objectKey = encodedResource;
}
string canonicalRequest = CreateCanonicalRequest(request.RequestId, objectKey, request.Method, request.Headers, request.QueryParameters, request.Headers[AmzHeaders.XAmzContentSha256]);
string stringToSign = CreateStringToSign(request.Timestamp, _scopeBuilder.CreateScope("s3", request.Timestamp), canonicalRequest);
byte[] signature = CreateSignature(request.Timestamp, stringToSign);
_logger.LogDebug("Signature: {signature}", signature);
return(signature);
}
public string SignRequest <TReq>(TReq request, TimeSpan expiresIn) where TReq : IRequest
{
request.Timestamp = DateTimeOffset.UtcNow;
request.RequestId = Guid.NewGuid();
_logger.LogTrace("Handling {RequestType} with request id {RequestId}", typeof(TReq).Name, request.RequestId);
_marshaller.MarshalRequest(_config, request);
IEndpointData endpointData = _endpointBuilder.GetEndpoint(request);
request.SetHeader(HttpHeaders.Host, endpointData.Host);
string scope = _scopeBuilder.CreateScope("s3", request.Timestamp);
request.SetQueryParameter(AmzParameters.XAmzAlgorithm, SigningConstants.AlgorithmTag);
request.SetQueryParameter(AmzParameters.XAmzCredential, _config.Credentials.KeyId + '/' + scope);
request.SetQueryParameter(AmzParameters.XAmzDate, request.Timestamp.ToString(DateTimeFormats.Iso8601DateTime, DateTimeFormatInfo.InvariantInfo));
request.SetQueryParameter(AmzParameters.XAmzExpires, expiresIn.TotalSeconds.ToString(NumberFormatInfo.InvariantInfo));
request.SetQueryParameter(AmzParameters.XAmzSignedHeaders, string.Join(";", HeaderWhitelist.FilterHeaders(request.Headers).Select(x => x.Key)));
//Copy all headers to query parameters
foreach (KeyValuePair <string, string> header in request.Headers)
{
if (header.Key == HttpHeaders.Host)
{
continue;
}
request.SetQueryParameter(header.Key, header.Value);
}
_authBuilder.BuildAuthorization(request);
//Clear sensitive material from the request
if (request is IContainSensitiveMaterial sensitive)
{
sensitive.ClearSensitiveMaterial();
}
StringBuilder sb = StringBuilderPool.Shared.Rent(200);
sb.Append(endpointData.Endpoint);
RequestHelper.AppendPath(sb, _config, request);
RequestHelper.AppendQueryParameters(sb, request);
return(StringBuilderPool.Shared.ReturnString(sb));
}
internal string BuildInternal(DateTimeOffset date, IReadOnlyDictionary <string, string> headers, byte[] signature)
{
_logger.LogTrace("Building header based authorization");
string scope = _scopeBuilder.CreateScope("s3", date);
StringBuilder header = StringBuilderPool.Shared.Rent(250);
header.Append(SigningConstants.AlgorithmTag);
header.AppendFormat(CultureInfo.InvariantCulture, " Credential={0}/{1},", _config.Credentials.KeyId, scope);
header.AppendFormat(CultureInfo.InvariantCulture, "SignedHeaders={0},", string.Join(";", HeaderWhitelist.FilterHeaders(headers).Select(x => x.Key)));
header.AppendFormat(CultureInfo.InvariantCulture, "Signature={0}", signature.HexEncode());
string authHeader = StringBuilderPool.Shared.ReturnString(header);
_logger.LogDebug("AuthHeader: {AuthHeader}", authHeader);
return(authHeader);
}
internal string BuildHeader(DateTimeOffset date, IReadOnlyDictionary <string, string> headers, byte[] signature)
{
_logger.LogTrace("Building auth header");
string scope = _scopeBuilder.CreateScope("s3", date);
StringBuilder header = new StringBuilder(512);
header.Append(SigningConstants.AlgorithmTag);
header.AppendFormat(CultureInfo.InvariantCulture, " Credential={0}/{1},", _options.Value.Credentials.KeyId, scope);
header.AppendFormat(CultureInfo.InvariantCulture, "SignedHeaders={0},", string.Join(";", FilterHeaders(headers)));
header.AppendFormat(CultureInfo.InvariantCulture, "Signature={0}", signature.HexEncode());
string authHeader = header.ToString();
_logger.LogDebug("AuthHeader: {AuthHeader}", authHeader);
return(authHeader);
}
public byte[] CreateSignature(IRequest request, bool enablePayloadSignature = true)
{
Validator.RequireNotNull(request, nameof(request));
_logger.LogTrace("Creating signature for {RequestId}", request.RequestId);
StringBuilder sb = StringBuilderPool.Shared.Rent(200);
RequestHelper.AppendPath(sb, _options, request);
string url = StringBuilderPool.Shared.ReturnString(sb);
string payloadSignature = enablePayloadSignature ? request.Headers[AmzHeaders.XAmzContentSha256] : "UNSIGNED-PAYLOAD";
string canonicalRequest = CreateCanonicalRequest(request.RequestId, url, request.Method, request.Headers, request.QueryParameters, payloadSignature);
string stringToSign = CreateStringToSign(request.Timestamp, _scopeBuilder.CreateScope("s3", request.Timestamp), canonicalRequest);
byte[] signature = CreateSignature(request.Timestamp, stringToSign);
_logger.LogDebug("Signature: {signature}", signature);
return(signature);
}