public SignatureInfo GetInfo(IAwsCredentials credentials, CredentialScope scope, HttpRequestMessage request)
{
var signingKey = GetSigningKey(credentials, scope);
var stringToSign = GetStringToSign(scope, request);
var signature = Signature.ComputeHmacSha256(signingKey, Encoding.UTF8.GetBytes(stringToSign)).ToHexString();
var signedHeaders = GetSignedHeaders(request);
var auth = $"AWS4-HMAC-SHA256 Credential={credentials.AccessKeyId}/{scope},SignedHeaders={signedHeaders},Signature={signature}";
return(new SignatureInfo {
CanonicalizedString = GetCanonicalRequest(request),
StringToSign = stringToSign,
Auth = auth
});
}
public void Sign(IAwsCredential credential, CredentialScope scope, HttpRequestMessage request)
{
#region Preconditions
if (credential == null)
{
throw new ArgumentNullException(nameof(credential));
}
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
#endregion
// If we're using S3, ensure the request content has been signed
if (scope.Service == AwsService.S3 && !request.Headers.Contains("x-amz-content-sha256"))
{
request.Headers.Add("x-amz-content-sha256", ComputeSHA256(request.Content));
}
var signingKey = GetSigningKey(credential, scope);
var stringToSign = GetStringToSign(scope, request);
var signature = Signature.ComputeHmacSha256(signingKey, Encoding.UTF8.GetBytes(stringToSign)).ToHexString();
var signedHeaders = GetSignedHeaders(request);
// AWS4-HMAC-SHA256 Credential={0},SignedHeaders={0},Signature={0}
var auth = $"AWS4-HMAC-SHA256 Credential={credential.AccessKeyId}/{scope},SignedHeaders={signedHeaders},Signature={signature}";
request.Headers.TryAddWithoutValidation("Authorization", auth);
}
public void Sign(IAwsCredentials credentials, CredentialScope scope, HttpRequestMessage request)
{
#region Preconditions
if (credentials == null)
{
throw new ArgumentNullException(nameof(credentials));
}
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
#endregion
// If we're using S3, ensure the request content has been signed
if (scope.Service == AwsService.S3 && !request.Headers.Contains("x-amz-content-sha256"))
{
request.Headers.Add("x-amz-content-sha256", ComputeSHA256(request.Content));
}
var signingKey = GetSigningKey(credentials, scope);
var stringToSign = GetStringToSign(scope, request);
var signature = Signature.ComputeHmacSha256(signingKey, Encoding.UTF8.GetBytes(stringToSign)).ToHexString();
var signedHeaders = GetSignedHeaders(request);
// AWS4-HMAC-SHA256 Credential={0},SignedHeaders={0},Signature={0}
var auth = $"AWS4-HMAC-SHA256 Credential={credentials.AccessKeyId}/{scope},SignedHeaders={signedHeaders},Signature={signature}";
// AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20120228/us-east-1/iam/aws4_request,SignedHeaders=content-type;host;x-amz-date,Signature=HexEncode(calculated-signature-from-task-3)
request.Headers.TryAddWithoutValidation("Authorization", auth);
}
// http://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
public void Presign(
IAwsCredential credential,
CredentialScope scope,
DateTime date,
TimeSpan expires,
HttpRequestMessage request)
{
#region Preconditions
if (credential == null)
{
throw new ArgumentNullException(nameof(credential));
}
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
#endregion
var signingKey = GetSigningKey(credential, scope);
var queryParameters = new SortedDictionary <string, string>();
foreach (var pair in ParseQueryString(request.RequestUri.Query))
{
queryParameters[pair.Key] = pair.Value;
}
var timestamp = date.ToString(format: isoDateTimeFormat);
queryParameters["X-Amz-Algorithm"] = "AWS4-HMAC-SHA256";
queryParameters["X-Amz-Credential"] = $"{credential.AccessKeyId}/{scope}";
if (credential.SecurityToken != null)
{
queryParameters["X-Amz-Security-Token"] = credential.SecurityToken;
}
queryParameters["X-Amz-Date"] = timestamp;
queryParameters["X-Amz-Expires"] = expires.TotalSeconds.ToString(); // in seconds
queryParameters["X-Amz-SignedHeaders"] = "host";
var canonicalHeaders = "host:" + request.RequestUri.Host;
if (!request.RequestUri.IsDefaultPort)
{
canonicalHeaders += ":" + request.RequestUri.Port;
}
var canonicalRequest = GetCanonicalRequest(
method: request.Method,
canonicalURI: request.RequestUri.AbsolutePath,
canonicalQueryString: CanonicizeQueryString(queryParameters),
canonicalHeaders: canonicalHeaders,
signedHeaders: "host",
payloadHash: emptySha256
);
var stringToSign = GetStringToSign(
scope,
timestamp,
canonicalRequest
);
var signature = Signature.ComputeHmacSha256(
key: signingKey,
data: Encoding.UTF8.GetBytes(stringToSign)
).ToHexString();
/*
* queryString = Action=action
* queryString += &X-Amz-Algorithm=algorithm
* queryString += &X-Amz-Credential= urlencode(access_key_ID + '/' + credential_scope)
* queryString += &X-Amz-Date=date
* queryString += &X-Amz-Expires=timeout interval
* queryString += &X-Amz-SignedHeaders=signed_headers
*/
var queryString = string.Join("&",
queryParameters.Select(pair => WebUtility.UrlEncode(pair.Key) + "=" + WebUtility.UrlEncode(pair.Value))
) + "&X-Amz-Signature=" + signature;
var url = request.RequestUri.ToString();
request.RequestUri = new Uri(
url.Substring(0, url.IndexOf("?")) + "?" + queryString
);
}