|
public abstract GetCredentials ( ) : |
||
| return | ||
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <returns></returns>
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
var policyBytes = Encoding.UTF8.GetBytes(policy.Trim());
var base64Policy = Convert.ToBase64String(policyBytes);
string signature = null;
signature = CryptoUtilFactory.CryptoInstance.HMACSign(Encoding.UTF8.GetBytes(base64Policy), credentials.GetCredentials().SecretKey, SigningAlgorithm.HmacSHA1);
return new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = credentials.GetCredentials().AccessKey
};
}
private void SignRequest(IRequest request, AbstractAWSSigner signer, RequestMetrics metrics)
{
// Check if request should be signed
if (credentials is AnonymousAWSCredentials)
{
return;
}
metrics.StartEvent(RequestMetrics.Metric.CredentialsRequestTime);
using (ImmutableCredentials immutableCredentials = credentials.GetCredentials())
{
metrics.StopEvent(RequestMetrics.Metric.CredentialsRequestTime);
if (immutableCredentials.UseToken)
{
ClientProtocol protocol = DetermineProtocol(signer);
switch (protocol)
{
case ClientProtocol.QueryStringProtocol:
request.Parameters["SecurityToken"] = immutableCredentials.Token;
break;
case ClientProtocol.RestProtocol:
request.Headers["x-amz-security-token"] = immutableCredentials.Token;
break;
default:
throw new InvalidDataException("Cannot determine protocol");
}
}
signer.Sign(request, this.config, immutableCredentials.AccessKey, immutableCredentials.ClearSecretKey, immutableCredentials.SecureSecretKey);
}
}
private void SignRequest(IRequest request, AbstractAWSSigner signer)
{
using (ImmutableCredentials immutableCredentials = credentials.GetCredentials())
{
ValidateAuthentication(immutableCredentials);
if (immutableCredentials.UseToken)
{
ClientProtocol protocol = DetermineProtocol(signer);
switch (protocol)
{
case ClientProtocol.QueryStringProtocol:
request.Parameters["SecurityToken"] = immutableCredentials.Token;
break;
case ClientProtocol.RestProtocol:
request.Headers["x-amz-security-token"] = immutableCredentials.Token;
break;
default:
throw new InvalidDataException("Cannot determine protocol");
}
}
signer.Sign(request, this.config, immutableCredentials.AccessKey, immutableCredentials.ClearSecretKey, immutableCredentials.SecureSecretKey);
}
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <returns>A signed policy object for use with an S3PostUploadRequest.</returns>
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
ImmutableCredentials iCreds = credentials.GetCredentials();
var policyBytes = iCreds.UseToken
? addTokenToPolicy(policy, iCreds.Token)
: Encoding.UTF8.GetBytes(policy.Trim());
var base64Policy = Convert.ToBase64String(policyBytes);
string signature = CryptoUtilFactory.CryptoInstance.HMACSign(Encoding.UTF8.GetBytes(base64Policy), iCreds.SecretKey, SigningAlgorithm.HmacSHA1);
return new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = iCreds.AccessKey,
SecurityToken = iCreds.Token,
SignatureVersion = "2"
};
}
private static AmazonSecurityTokenService ConstructSTSClient(AWSCredentials credentials, AmazonSecurityTokenServiceConfig config)
{
using (ImmutableCredentials immmutableCredentials = credentials.GetCredentials())
{
if (immmutableCredentials.UseToken)
{
throw new ArgumentException("Session credentials cannot be used to create refreshing session credentials");
}
AmazonSecurityTokenServiceClient stsClient;
if (immmutableCredentials.UseSecureStringForSecretKey)
{
stsClient = new AmazonSecurityTokenServiceClient(immmutableCredentials.AccessKey, GetClearSecretKey(immmutableCredentials.SecureSecretKey), config);
}
else
{
stsClient = new AmazonSecurityTokenServiceClient(immmutableCredentials.AccessKey, immmutableCredentials.ClearSecretKey, config);
}
return(stsClient);
}
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <param name="region">Service region endpoint.</param>
/// <returns>A signed policy object for use with an S3PostUploadRequest.</returns>
public static S3PostUploadSignedPolicy GetSignedPolicyV4(string policy, AWSCredentials credentials, RegionEndpoint region)
{
var signedAt = AWSSDKUtils.CorrectedUtcNow;
ImmutableCredentials iCreds = credentials.GetCredentials();
var algorithm = "AWS4-HMAC-SHA256";
var dateStamp = Runtime.Internal.Auth.AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateFormat);
var dateTimeStamp = Runtime.Internal.Auth.AWS4Signer.FormatDateTime(signedAt, AWSSDKUtils.ISO8601BasicDateTimeFormat);
var credentialString = string.Format(CultureInfo.InvariantCulture, "{0}/{1}/{2}/{3}/{4}/", iCreds.AccessKey, dateStamp, region.SystemName, "s3", Runtime.Internal.Auth.AWS4Signer.Terminator);
Dictionary<string, string> extraConditions = new Dictionary<string, string> {
{ S3Constants.PostFormDataXAmzCredential, credentialString },
{ S3Constants.PostFormDataXAmzAlgorithm, algorithm },
{ S3Constants.PostFormDataXAmzDate, dateTimeStamp }
};
if (iCreds.UseToken) { extraConditions[S3Constants.PostFormDataSecurityToken] = iCreds.Token; }
var policyBytes = addConditionsToPolicy(policy, extraConditions);
var base64Policy = Convert.ToBase64String(policyBytes);
var signingKey = Runtime.Internal.Auth.AWS4Signer.ComposeSigningKey(iCreds.SecretKey, region.SystemName, dateStamp, "s3");
var signature = AWSSDKUtils.ToHex(Runtime.Internal.Auth.AWS4Signer.ComputeKeyedHash(SigningAlgorithm.HmacSHA256, signingKey, base64Policy), true);
return new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = iCreds.AccessKey,
SecurityToken = iCreds.Token,
SignatureVersion = "4",
Algorithm = algorithm,
Date = dateTimeStamp,
Credential = credentialString
};
}
/// <summary>
/// Returns an instance of ImmutableCredentials for this instance
/// </summary>
/// <returns></returns>
public override ImmutableCredentials GetCredentials()
{
return(_wrappedCredentials.GetCredentials());
}
private static AmazonSecurityTokenService ConstructSTSClient(AWSCredentials credentials, AmazonSecurityTokenServiceConfig config)
{
using (ImmutableCredentials immmutableCredentials = credentials.GetCredentials())
{
if (immmutableCredentials.UseToken)
throw new ArgumentException("Session credentials cannot be used to create refreshing session credentials");
AmazonSecurityTokenServiceClient stsClient;
if (immmutableCredentials.UseSecureStringForSecretKey)
{
stsClient = new AmazonSecurityTokenServiceClient(immmutableCredentials.AccessKey, GetClearSecretKey(immmutableCredentials.SecureSecretKey), config);
}
else
{
stsClient = new AmazonSecurityTokenServiceClient(immmutableCredentials.AccessKey, immmutableCredentials.ClearSecretKey, config);
}
return stsClient;
}
}
/// <summary>
/// Given a policy and AWS credentials, produce a S3PostUploadSignedPolicy.
/// </summary>
/// <param name="policy">JSON string representing the policy to sign</param>
/// <param name="credentials">Credentials to sign the policy with</param>
/// <returns></returns>
public static S3PostUploadSignedPolicy GetSignedPolicy(string policy, AWSCredentials credentials)
{
var policyBytes = Encoding.UTF8.GetBytes(policy.Trim().Replace("\r","").Replace("\n",""));
var base64Policy = Convert.ToBase64String(policyBytes);
string signature = null;
if (credentials.GetCredentials().UseSecureStringForSecretKey)
signature = AWSSDKUtils.HMACSign(Encoding.UTF8.GetBytes(base64Policy), credentials.GetCredentials().SecureSecretKey, new HMACSHA1());
else
signature = AWSSDKUtils.HMACSign(Encoding.UTF8.GetBytes(base64Policy), credentials.GetCredentials().ClearSecretKey, new HMACSHA1());
return new S3PostUploadSignedPolicy
{
Policy = base64Policy,
Signature = signature,
AccessKeyId = credentials.GetCredentials().AccessKey
};
}
/// <summary>
/// Generate a presigned URL based on a <see cref="SynthesizeSpeechRequest"/>.
/// </summary>
/// <param name="credentials">The credentials to use in the presigned URL.</param>
/// <param name="region">The region for the URL.</param>
/// <param name="request">The request to base the presigned URL on.</param>
/// <returns></returns>
public static string GeneratePresignedUrl(AWSCredentials credentials, RegionEndpoint region, SynthesizeSpeechRequest request)
{
if (credentials == null)
throw new ArgumentNullException("credentials");
if (region == null)
throw new ArgumentNullException("region");
if (request == null)
throw new ArgumentNullException("request");
// Marshall this request and prepare it to be signed
var marshaller = new SynthesizeSpeechRequestMarshaller();
var iRequest = marshaller.Marshall(request);
iRequest.UseQueryString = true;
iRequest.HttpMethod = HTTPGet;
iRequest.Endpoint = new UriBuilder(HTTPS, region.GetEndpointForService(PollyServiceName).Hostname).Uri;
iRequest.Parameters[XAmzExpires] = ((int)FifteenMinutes.TotalSeconds).ToString(CultureInfo.InvariantCulture);
if (request.IsSetLexiconNames())
{
var sortedLexiconNames = new List<string>(request.LexiconNames);
sortedLexiconNames.Sort(StringComparer.Ordinal);
iRequest.Parameters[LexiconNamesParameter] = JsonMapper.ToJson(sortedLexiconNames);
}
if (request.IsSetOutputFormat())
iRequest.Parameters["OutputFormat"] = request.OutputFormat.ToString();
if (request.IsSetSampleRate())
iRequest.Parameters["SampleRate"] = request.SampleRate.ToString();
if (request.IsSetText())
iRequest.Parameters["Text"] = request.Text;
if (request.IsSetTextType())
iRequest.Parameters["TextType"] = request.TextType.ToString();
if (request.IsSetVoiceId())
iRequest.Parameters["VoiceId"] = request.VoiceId;
var immutableCredentials = credentials.GetCredentials();
if (immutableCredentials.UseToken)
{
// Don't use HeaderKeys.XAmzSecurityTokenHeader because Polly treats this as case-sensitive
iRequest.Parameters["X-Amz-Security-Token"] = immutableCredentials.Token;
}
// Only the host header should be signed, and the signer adds that.
// So clear out headers.
iRequest.Headers.Clear();
// Create presigned URL and assign it
var signingResult = SynthesizeSpeechPresignedUrlSigner.SignSynthesizeSpeechRequest(iRequest, new RequestMetrics(),
immutableCredentials.AccessKey, immutableCredentials.SecretKey, PollyServiceName, region.SystemName);
var authorization = "&" + signingResult.ForQueryParameters;
return ComposeUrl(iRequest).AbsoluteUri + authorization;
}