private static void ApplyProxy(ClientConfig config) { var proxyAddress = KeePass.Program.Config.Integration.ProxyAddress; var proxyPort = KeePass.Program.Config.Integration.ProxyPort; var proxyType = KeePass.Program.Config.Integration.ProxyType; if (proxyType == ProxyServerType.Manual) { if (!string.IsNullOrEmpty(proxyAddress)) config.ProxyHost = proxyAddress; if (!string.IsNullOrEmpty(proxyPort)) config.ProxyPort = int.Parse(proxyPort); config.ProxyCredentials = ProxyTools.GetKeePassProxyCredentials(); } else if (proxyType == ProxyServerType.System) { if (config.RegionEndpoint == null) return; var systemProxy = System.Net.WebRequest.DefaultWebProxy; var endpoint = config.RegionEndpoint.GetEndpointForService("s3"); var uri = new Uri("https://" + endpoint.Hostname); if (systemProxy.IsBypassed(uri)) return; var proxyHost = systemProxy.GetProxy(uri); config.ProxyHost = proxyHost.Host; config.ProxyPort = proxyHost.Port; config.ProxyCredentials = systemProxy.Credentials; } }
public override void Sign(IRequest request, ClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey) { request.Headers["x-amz-date"] = AWSSDKUtils.FormattedCurrentTimestampRFC822; string toSign = buildSigningString(request.HttpMethod, request.CanonicalResource, request.Parameters, request.Headers); metrics.AddProperty(Metric.StringToSign, toSign); string auth = CryptoUtilFactory.CryptoInstance.HMACSign(toSign, awsSecretAccessKey, SigningAlgorithm.HmacSHA1); string authorization = string.Concat("AWS ", awsAccessKeyId, ":", auth); request.Headers[S3QueryParameter.Authorization.ToString()] = authorization; }
/// <summary> /// Calculates and signs the specified request using the AWS4 signing protocol by using the /// AWS account credentials given in the method parameters. /// </summary> /// <param name="awsAccessKeyId">The AWS public key</param> /// <param name="awsSecretAccessKey">The AWS secret key used to sign the request in clear text</param> /// <param name="metrics">Request metrics</param> /// <param name="clientConfig">The configuration that specifies which hashing algorithm to use</param> /// <param name="request">The request to have the signature compute for</param> /// <exception cref="Amazon.Runtime.SignatureException">If any problems are encountered while signing the request</exception> public override void Sign(IRequest request, ClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey) { // clean up request from previous execution request.Headers.Remove("Authorization"); SigningAlgorithm signingAlgorithm = SigningAlgorithm.HmacSHA256; DateTime dt = DateTime.UtcNow; string dateTime = dt.ToString(AWSSDKUtils.ISO8601BasicDateTimeFormat, CultureInfo.InvariantCulture); string dateStamp = dt.ToString("yyyyMMdd", CultureInfo.InvariantCulture); string region = DetermineRegion(clientConfig); string service = DetermineService(clientConfig); if (!request.Headers.ContainsKey("Host")) { string hostHeader = request.Endpoint.Host; if (!request.Endpoint.IsDefaultPort) hostHeader += ":" + request.Endpoint.Port; request.Headers.Add("Host", hostHeader); } request.Headers["X-Amz-Date"] = dateTime; string scope = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}/{3}", dateStamp, region, service, TERMINATOR); List<string> headersToSign = GetHeadersForSigning(request.Headers); var queryString = request.UseQueryString ? AWSSDKUtils.GetParametersAsString(request.Parameters) : ""; string canonicalRequest = GetCanonicalRequest(headersToSign, new Uri(request.Endpoint, request.ResourcePath), queryString, request.Headers, request.UseQueryString ? "" : GetRequestPayload(request), request.ContentStreamHash, request.HttpMethod); StringBuilder stringToSignBuilder = new StringBuilder(); stringToSignBuilder.AppendFormat(CultureInfo.InvariantCulture, "{0}-{1}\n{2}\n{3}\n", SCHEME, ALGORITHM, dateTime, scope); byte[] canonicalRequestHashBytes = CryptoUtilFactory.CryptoInstance.ComputeSHA256Hash(Encoding.UTF8.GetBytes(canonicalRequest)); stringToSignBuilder.Append(AWSSDKUtils.ToHex(canonicalRequestHashBytes, true)); byte[] hashKey = ComposeSigningKey(signingAlgorithm, awsSecretAccessKey, region, dateStamp, service); string stringToSign = stringToSignBuilder.ToString(); metrics.AddProperty(Metric.StringToSign, stringToSign); byte[] signature = CryptoUtilFactory.CryptoInstance.HMACSignBinary(Encoding.UTF8.GetBytes(stringToSign), hashKey, SigningAlgorithm.HmacSHA256); StringBuilder authorizationHeader = new StringBuilder(); authorizationHeader.AppendFormat("{0}-{1} ", SCHEME, ALGORITHM); authorizationHeader.AppendFormat("Credential={0}/{1}, ", awsAccessKeyId, scope); authorizationHeader.AppendFormat("SignedHeaders={0}, ", GetSignedHeaders(headersToSign)); authorizationHeader.AppendFormat("Signature={0}", AWSSDKUtils.ToHex(signature, true)); request.Headers["Authorization"] = authorizationHeader.ToString(); }
/// <summary> /// Signs the specified request with the AWS3 signing protocol by using the /// AWS account credentials given in the method parameters. /// </summary> /// <param name="awsAccessKeyId">The AWS public key</param> /// <param name="awsSecretAccessKey">The AWS secret key used to sign the request in clear text</param> /// <param name="metrics">Request metrics</param> /// <param name="clientConfig">The configuration that specifies which hashing algorithm to use</param> /// <param name="request">The request to have the signature compute for</param> /// <exception cref="Amazon.Runtime.SignatureException">If any problems are encountered while signing the request</exception> public override void Sign(IRequest request, ClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey) { if (UseAws3Https) { SignHttps(request, clientConfig, metrics, awsAccessKeyId, awsSecretAccessKey); } else { SignHttp(request, metrics, awsAccessKeyId, awsSecretAccessKey); } }
/// <summary> /// Signs the specified request with the AWS3 signing protocol by using the /// AWS account credentials given in the method parameters. /// </summary> /// <param name="awsAccessKeyId">The AWS public key</param> /// <param name="awsSecretAccessKey">The AWS secret key used to sign the request in clear text</param> /// <param name="clientConfig">The configuration that specifies which hashing algorithm to use</param> /// <param name="request">The request to have the signature compute for</param> /// <param name="secureKey">The AWS secret key stored in a secure string</param> /// <exception cref="Amazon.Runtime.SignatureException">If any problems are encountered while signing the request</exception> public override void Sign(IRequest request, ClientConfig clientConfig, string awsAccessKeyId, string awsSecretAccessKey, SecureString secureKey) { if (UseAws3Https) { SignHttps(request, clientConfig, awsAccessKeyId, awsSecretAccessKey, secureKey); } else { SignHttp(request, clientConfig, awsAccessKeyId, awsSecretAccessKey, secureKey); } }
/// <summary> /// Calculates and signs the specified request using the AWS4 signing protocol by using the /// AWS account credentials given in the method parameters. /// </summary> /// <param name="awsAccessKeyId">The AWS public key</param> /// <param name="awsSecretAccessKey">The AWS secret key used to sign the request in clear text</param> /// <param name="clientConfig">The configuration that specifies which hashing algorithm to use</param> /// <param name="request">The request to have the signature compute for</param> /// <param name="secureKey">The AWS secret key stored in a secure string</param> /// <exception cref="Amazon.Runtime.SignatureException">If any problems are encountered while signing the request</exception> public override void Sign(IRequest request, ClientConfig clientConfig, string awsAccessKeyId, string awsSecretAccessKey, SecureString secureKey) { string signingAlgorithm = SigningAlgorithm.HmacSHA256.ToString().ToUpper(); DateTime dt = DateTime.UtcNow; string dateTime = dt.ToString(AWSSDKUtils.ISO8601BasicDateTimeFormat, CultureInfo.InvariantCulture); string dateStamp = dt.ToString("yyyyMMdd", CultureInfo.InvariantCulture); string region = DetermineRegion(clientConfig); string service = DetermineService(clientConfig); if (!request.Headers.ContainsKey("Host")) { string hostHeader = request.Endpoint.Host; if (!request.Endpoint.IsDefaultPort) hostHeader += ":" + request.Endpoint.Port; request.Headers.Add("Host", hostHeader); } request.Headers.Add("X-Amz-Date", dateTime); string scope = string.Format("{0}/{1}/{2}/{3}", dateStamp, region, service, TERMINATOR); List<string> headersToSign = GetHeadersForSigning(request.Headers); var queryString = request.UseQueryString ? AWSSDKUtils.GetParametersAsString(request.Parameters) : ""; string canonicalRequest = GetCanonicalRequest(headersToSign, new Uri(request.Endpoint, request.ResourcePath), queryString, request.Headers, request.UseQueryString ? "" : GetRequestPayload(request), request.ContentStreamHash, request.HttpMethod); StringBuilder stringToSign = new StringBuilder(); stringToSign.AppendFormat("{0}-{1}\n{2}\n{3}\n", SCHEME, ALGORITHM, dateTime, scope); byte[] canonicalRequestHashBytes = CanonicalizationHash.ComputeHash(Encoding.UTF8.GetBytes(canonicalRequest)); stringToSign.Append(AWSSDKUtils.ToHex(canonicalRequestHashBytes, true)); KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(signingAlgorithm); kha.Key = ComposeSigningKey(signingAlgorithm, awsSecretAccessKey, secureKey, region, dateStamp, service); byte[] signature = kha.ComputeHash(Encoding.UTF8.GetBytes(stringToSign.ToString())); StringBuilder authorizationHeader = new StringBuilder(); authorizationHeader.AppendFormat("{0}-{1} ", SCHEME, ALGORITHM); authorizationHeader.AppendFormat("Credential={0}/{1}, ", awsAccessKeyId, scope); authorizationHeader.AppendFormat("SignedHeaders={0}, ", GetSignedHeaders(headersToSign)); authorizationHeader.AppendFormat("Signature={0}", AWSSDKUtils.ToHex(signature, true)); request.Headers.Add("Authorization", authorizationHeader.ToString()); }
public override void Sign(IRequest request, ClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey, SecureString secureKey) { if (String.IsNullOrEmpty(awsAccessKeyId)) { throw new Exception("The AWS Access Key ID cannot be NULL or a Zero length string"); } string dateTime = AWSSDKUtils.GetFormattedTimestampRFC822(0); request.Headers.Add("X-Amz-Date", dateTime); string signature = ComputeHash(dateTime, awsSecretAccessKey, secureKey, SigningAlgorithm.HmacSHA1); request.Headers.Add("Authorization", "AWS " + awsAccessKeyId + ":" + signature); }
public override void Sign(IRequest request, ClientConfig clientConfig, RequestMetrics metrics, string awsAccessKeyId, string awsSecretAccessKey) { var signer = SelectSigner(this, _useSigV4, request, clientConfig); var aws4Signer = signer as AWS4Signer; var useV4 = aws4Signer != null; //var aws4Signer = SelectSigner(clientConfig) as AWS4Signer; if (useV4) { var signingResult = aws4Signer.SignRequest(request, clientConfig, metrics, awsAccessKeyId, awsSecretAccessKey); request.Headers[HeaderKeys.AuthorizationHeader] = signingResult.ForAuthorizationHeader; if (request.UseChunkEncoding) request.AWS4SignerResult = signingResult; } else SignRequest(request, metrics, awsAccessKeyId, awsSecretAccessKey); }
/// <summary> /// Creates the service client using the credentials and client config. /// </summary> /// <param name="credentials"></param> /// <param name="config"></param> /// <returns></returns> private static AmazonServiceClient CreateClient(Type serviceInterfaceType, AWSCredentials credentials, ClientConfig config) { var clientTypeName = serviceInterfaceType.Namespace + "." + serviceInterfaceType.Name.Substring(1) + "Client"; var clientType = serviceInterfaceType.GetTypeInfo().Assembly.GetType(clientTypeName); if (clientType == null) { throw new AmazonClientException($"Failed to find service client {clientTypeName} which implements {serviceInterfaceType.FullName}."); } var constructor = clientType.GetConstructor(new Type[] { typeof(AWSCredentials), config.GetType() }); if (constructor == null) { throw new AmazonClientException($"Service client {clientTypeName} misisng a constructor with parameters AWSCredentials and {config.GetType().FullName}."); } var client = constructor.Invoke(new object[] { credentials, config }) as AmazonServiceClient; return client; }
private void SignHttps(IRequest request, ClientConfig clientConfig, string awsAccessKeyId, string awsSecretAccessKey, SecureString secureKey) { string nonce = Guid.NewGuid().ToString(); string date = AWSSDKUtils.FormattedCurrentTimestampRFC822; string stringToSign; stringToSign = date + nonce; string signature = ComputeHash(stringToSign, awsSecretAccessKey, secureKey, clientConfig.SignatureMethod); StringBuilder builder = new StringBuilder(); builder.Append(HTTPS_SCHEME).Append(" "); builder.Append("AWSAccessKeyId=" + awsAccessKeyId + ","); builder.Append("Algorithm=" + clientConfig.SignatureMethod.ToString() + ","); builder.Append("SignedHeaders=x-amz-date;x-amz-nonce,"); builder.Append("Signature=" + signature); request.Headers[AUTHORIZATION_HEADER] = builder.ToString(); request.Headers[NONCE_HEADER] = nonce; request.Headers["x-amz-date"] = date; }
static string DetermineBucketRegionCode(ClientConfig config) { if (config.RegionEndpoint != null && string.IsNullOrEmpty(config.ServiceURL)) return config.RegionEndpoint.SystemName; return AWSSDKUtils.DetermineRegion(config.DetermineServiceURL()); }
private static string DetermineService(ClientConfig clientConfig) { if (!string.IsNullOrEmpty(clientConfig.AuthenticationServiceName)) return clientConfig.AuthenticationServiceName.ToLower(); else return AWSSDKUtils.DetermineService(clientConfig.DetermineServiceURL()).ToLower(); }
protected AmazonUnityServiceClient(string awsAccessKeyId, string awsSecretAccessKey, ClientConfig config) : base(awsAccessKeyId, awsSecretAccessKey, config) { }
internal AmazonWebServiceClient(AWSCredentials credentials, ClientConfig config, AuthenticationTypes authenticationType) : base(credentials, config, authenticationType) { }
internal AmazonWebServiceClient(string awsAccessKeyId, string awsSecretAccessKey, ClientConfig config, AuthenticationTypes authenticationType) : base((AWSCredentials) new BasicAWSCredentials(awsAccessKeyId, awsSecretAccessKey), config, authenticationType) { }
private static string DetermineRegion(ClientConfig clientConfig) { if (!string.IsNullOrEmpty(clientConfig.AuthenticationRegion)) return clientConfig.AuthenticationRegion.ToLower(CultureInfo.InvariantCulture); else return AWSSDKUtils.DetermineRegion(clientConfig.DetermineServiceURL()).ToLower(CultureInfo.InvariantCulture); }
private void SignHttp(IRequest request, ClientConfig clientConfig, string awsAccessKeyId, string awsSecretAccessKey, SecureString secureKey) { SigningAlgorithm algorithm = SigningAlgorithm.HmacSHA256; string nonce = Guid.NewGuid().ToString(); string date = AWSSDKUtils.FormattedCurrentTimestampRFC822; bool isHttps = IsHttpsRequest(request); // Temporarily disabling the AWS3 HTTPS signing scheme and only using AWS3 HTTP isHttps = false; request.Headers["Date"] = date; request.Headers["X-Amz-Date"] = date; // AWS3 HTTP requires that we sign the Host header // so we have to have it in the request by the time we sign. string hostHeader = request.Endpoint.Host; if (!request.Endpoint.IsDefaultPort) hostHeader += ":" + request.Endpoint.Port; request.Headers["Host"] = hostHeader; byte[] bytesToSign; string stringToSign; if (isHttps) { request.Headers[NONCE_HEADER] = nonce; stringToSign = date + nonce; bytesToSign = Encoding.UTF8.GetBytes(stringToSign); } else { Uri url = request.Endpoint; if (!string.IsNullOrEmpty(request.ResourcePath)) url = new Uri(request.Endpoint, request.ResourcePath); stringToSign = request.HttpMethod + "\n" + GetCanonicalizedResourcePath(url) + "\n" + GetCanonicalizedQueryString(request.Parameters) + "\n" + GetCanonicalizedHeadersForStringToSign(request) + "\n" + GetRequestPayload(request); bytesToSign = CanonicalizationHash.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)); } string signature = ComputeHash(bytesToSign, awsSecretAccessKey, secureKey, algorithm); StringBuilder builder = new StringBuilder(); builder.Append(isHttps ? HTTPS_SCHEME : HTTP_SCHEME); builder.Append(" "); builder.Append("AWSAccessKeyId=" + awsAccessKeyId + ","); builder.Append("Algorithm=" + algorithm.ToString() + ","); if (!isHttps) { builder.Append(GetSignedHeadersComponent(request) + ","); } builder.Append("Signature=" + signature); string authorizationHeader = builder.ToString(); request.Headers[AUTHORIZATION_HEADER] = authorizationHeader; }
protected AmazonUnityServiceClient(AWSCredentials credentials, ClientConfig config) : base(credentials, config) { }
private static string DetermineRegion(ClientConfig clientConfig) { if (!string.IsNullOrEmpty(clientConfig.AuthenticationRegion)) return clientConfig.AuthenticationRegion.ToLower(); else return AWSSDKUtils.DetermineRegion(clientConfig.ServiceURL).ToLower(); }
internal AmazonWebServiceClient(string awsAccessKeyId, string awsSecretAccessKey, ClientConfig config) { this.logger = new Logger(this.GetType()); this.config = config; if (!String.IsNullOrEmpty(awsSecretAccessKey)) { if (config.UseSecureStringForAwsSecretKey) { this.awsSecretAccessKey = new SecureString(); foreach (char ch in awsSecretAccessKey.ToCharArray()) { this.awsSecretAccessKey.AppendChar(ch); } this.awsSecretAccessKey.MakeReadOnly(); } else { clearAwsSecretAccessKey = awsSecretAccessKey; } } this.awsAccessKeyId = awsAccessKeyId; }