public void GetPresignCanonicalRequestWithParametersTest()
{
var authenticator = new V4Authenticator(false, "my-access-key", "my-secret-key");
var request = new Uri(
"http://localhost:9001/bucket/object-name?uploadId=upload-id&partNumber=1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=my-access-key%2F20200501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200501T154533Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host");
var headersToSign = new SortedDictionary <string, string>(StringComparer.Ordinal)
{
{ "X-Special".ToLowerInvariant(), "special" },
{ "Content-Language".ToLowerInvariant(), "en" },
};
var canonicalRequest = authenticator.GetPresignCanonicalRequest(HttpMethod.Put, request, headersToSign);
Assert.AreEqual(string.Join('\n', new[]
{
"PUT",
"/bucket/object-name",
"X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=my-access-key%2F20200501%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200501T154533Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&content-language=en&partNumber=1&uploadId=upload-id&x-special=special",
"host:localhost:9001",
"",
"host",
"UNSIGNED-PAYLOAD"
}),
canonicalRequest);
}
public void TestRequestWithHeaderParameters()
{
// secure authenticated requests
V4Authenticator authenticator = new V4Authenticator(true, "accesskey", "secretkey");
Assert.IsTrue(authenticator.isSecure);
Assert.IsFalse(authenticator.isAnonymous);
IRestClient restClient = new RestClient("http://localhost:9000");
IRestRequest request = new RestRequest("bucketname/objectname", RestSharp.Method.PUT);
request.AddHeader("response-content-disposition", "inline;filenameMyDocument.txt;");
request.AddHeader("response-content-type", "application/json");
request.AddBody("body of request");
authenticator.Authenticate(restClient, request);
var presignedUrl = authenticator.PresignURL(restClient, request, 5000);
Assert.IsTrue(presignedUrl.Contains("&response-content-disposition"));
Assert.IsTrue(presignedUrl.Contains("&response-content-type"));
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsTrue(hasPayloadHeader(request, "Content-Md5"));
Assert.IsTrue(hasPayloadHeader(request, "response-content-disposition"));
Tuple <string, object> match = GetHeaderKV(request, "x-amz-content-sha256");
Assert.IsTrue(match != null && ((string)match.Item2).Equals("UNSIGNED-PAYLOAD"));
}
public void TestInsecureRequestHeaders()
{
// insecure authenticated requests
var authenticator = new V4Authenticator(false, "accesskey", "secretkey");
Assert.IsFalse(authenticator.isSecure);
Assert.IsFalse(authenticator.isAnonymous);
var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");
authenticator.Authenticate(request);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsFalse(hasPayloadHeader(request, "Content-Md5"));
}
public void TestAnonymousSecureRequestHeaders()
{
//test anonymous secure request headers
var authenticator = new V4Authenticator(true, null, null);
Assert.IsTrue(authenticator.isAnonymous);
var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");
authenticator.Authenticate(request);
Assert.IsFalse(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsTrue(hasPayloadHeader(request, "Content-MD5"));
}
private async Task <ResponseResult> ExecuteTaskCoreAsync(
IEnumerable <ApiResponseErrorHandlingDelegate> errorHandlers,
HttpRequestMessageBuilder requestMessageBuilder,
CancellationToken cancellationToken = default,
bool isSts = false)
{
var startTime = DateTime.Now;
// Logs full url when HTTPtracing is enabled.
if (trace)
{
var fullUrl = requestMessageBuilder.RequestUri;
}
var v4Authenticator = new V4Authenticator(Secure,
AccessKey, SecretKey, Region,
SessionToken);
requestMessageBuilder.AddOrUpdateHeaderParameter("Authorization",
v4Authenticator.Authenticate(requestMessageBuilder, isSts));
var request = requestMessageBuilder.Request;
ResponseResult responseResult;
try
{
var response = await HTTPClient.SendAsync(request,
HttpCompletionOption.ResponseHeadersRead, cancellationToken)
.ConfigureAwait(false);
responseResult = new ResponseResult(request, response);
if (requestMessageBuilder.ResponseWriter != null)
{
requestMessageBuilder.ResponseWriter(responseResult.ContentStream);
}
}
catch (OperationCanceledException)
{
throw;
}
catch (Exception e)
{
responseResult = new ResponseResult(request, e);
}
HandleIfErrorResponse(responseResult, errorHandlers, startTime);
return(responseResult);
}
public void TestInsecureRequestHeaders()
{
// insecure authenticated requests
var authenticator = new V4Authenticator(false, "accesskey", "secretkey");
Assert.IsFalse(authenticator.isSecure);
Assert.IsFalse(authenticator.isAnonymous);
IRestClient restClient = new RestClient("http://localhost:9000");
IRestRequest request = new RestRequest("bucketname/objectname", RestSharp.Method.PUT);
request.AddBody("body of request");
authenticator.Authenticate(restClient, request);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsFalse(hasPayloadHeader(request, "Content-Md5"));
}
public void TestAnonymousSecureRequestHeaders()
{
//test anonymous secure request headers
var authenticator = new V4Authenticator(true, null, null);
Assert.IsTrue(authenticator.isAnonymous);
IRestClient restClient = new RestClient("http://localhost:9000");
IRestRequest request = new RestRequest("bucketname/objectname", RestSharp.Method.PUT);
request.AddBody("body of request");
authenticator.Authenticate(restClient, request);
Assert.IsFalse(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsTrue(hasPayloadHeader(request, "Content-MD5"));
}
public void TestSecureRequestHeaders()
{
// secure authenticated requests
var authenticator = new V4Authenticator(true, "accesskey", "secretkey");
Assert.IsTrue(authenticator.isSecure);
Assert.IsFalse(authenticator.isAnonymous);
var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");
authenticator.Authenticate(request);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
var match = GetHeaderKV(request, "x-amz-content-sha256");
Assert.IsTrue(match != null && match.Item2.Equals("UNSIGNED-PAYLOAD"));
}
public void TestSecureRequestHeaders()
{
// secure authenticated requests
var authenticator = new V4Authenticator(true, "accesskey", "secretkey");
Assert.IsTrue(authenticator.isSecure);
Assert.IsFalse(authenticator.isAnonymous);
IRestClient restClient = new RestClient("http://localhost:9000");
IRestRequest request = new RestRequest("bucketname/objectname", RestSharp.Method.PUT);
request.AddBody("body of request");
authenticator.Authenticate(restClient, request);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsTrue(hasPayloadHeader(request, "Content-Md5"));
Tuple <string, object> match = GetHeaderKV(request, "x-amz-content-sha256");
Assert.IsTrue(match != null && ((string)match.Item2).Equals("UNSIGNED-PAYLOAD"));
}
public void TestPresignedPostPolicy()
{
DateTime requestDate = new DateTime(2020, 05, 01, 15, 45, 33, DateTimeKind.Utc);
var authenticator = new V4Authenticator(false, "my-access-key", "secretkey");
var policy = new PostPolicy();
policy.SetBucket("bucket-name");
policy.SetKey("object-name");
policy.SetAlgorithm("AWS4-HMAC-SHA256");
var region = "mock-location";
policy.SetCredential(authenticator.GetCredentialString(requestDate, region));
policy.SetDate(requestDate);
policy.SetSessionToken(null);
string policyBase64 = policy.Base64();
string signature = authenticator.PresignPostSignature(region, requestDate, policyBase64);
policy.SetPolicy(policyBase64);
policy.SetSignature(signature);
var headers = new Dictionary <string, string>
{
{ "bucket", "bucket-name" },
{ "key", "object-name" },
{ "x-amz-algorithm", "AWS4-HMAC-SHA256" },
{ "x-amz-credential", "my-access-key/20200501/mock-location/s3/aws4_request" },
{ "x-amz-date", "20200501T154533Z" },
{ "policy", "eyJleHBpcmF0aW9uIjoiMDAwMS0wMS0wMVQwMDowMDowMC4wMDBaIiwiY29uZGl0aW9ucyI6W1siZXEiLCIkYnVja2V0IiwiYnVja2V0LW5hbWUiXSxbImVxIiwiJGtleSIsIm9iamVjdC1uYW1lIl0sWyJlcSIsIiR4LWFtei1hbGdvcml0aG0iLCJBV1M0LUhNQUMtU0hBMjU2Il0sWyJlcSIsIiR4LWFtei1jcmVkZW50aWFsIiwibXktYWNjZXNzLWtleS8yMDIwMDUwMS9tb2NrLWxvY2F0aW9uL3MzL2F3czRfcmVxdWVzdCJdLFsiZXEiLCIkeC1hbXotZGF0ZSIsIjIwMjAwNTAxVDE1NDUzM1oiXV19" },
{ "x-amz-signature", "ec6dad862909ee905cfab3ef87ede0e666eebd6b8f00d28e5df104a8fcbd4027" },
};
CollectionAssert.AreEquivalent(headers, policy.GetFormData());
}
