public static string GetStringToSign( CredentialScope scope, string timestamp, string canonicalRequest) { #region Preconditions if (scope == null) { throw new ArgumentNullException(nameof(scope)); } if (timestamp == null) { throw new ArgumentNullException(nameof(timestamp)); } if (canonicalRequest == null) { throw new ArgumentNullException(nameof(canonicalRequest)); } #endregion var hashedCanonicalRequest = HexString.FromBytes(ComputeSHA256(canonicalRequest)); return(string.Join("\n", "AWS4-HMAC-SHA256", // Algorithm + \n timestamp, // Timestamp + \n scope.ToString(), // Scope + \n hashedCanonicalRequest // Hex(SHA256(CanonicalRequest)) )); }
public string GetStringToSign(CredentialScope scope, HttpRequestMessage request) { #region Preconditions if (scope == null) { throw new ArgumentNullException(nameof(scope)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } #endregion string timestamp; if (request.Headers.TryGetValues("x-amz-date", out IEnumerable <string> dateHeaderValues)) { timestamp = dateHeaderValues.First(); } else { throw new Exception("Missing 'x-amz-date' header"); } return(GetStringToSign( scope: scope, timestamp: timestamp, canonicalRequest: GetCanonicalRequest(request) )); }
public static byte[] GetSigningKey(IAwsCredential credential, CredentialScope scope) { #region Preconditions if (credential == null) { throw new ArgumentNullException(nameof(credential)); } if (scope == null) { throw new ArgumentNullException(nameof(scope)); } #endregion var kSecret = Encoding.ASCII.GetBytes("AWS4" + credential.SecretAccessKey); var kDate = HMACSHA256(kSecret, scope.Date.ToString("yyyyMMdd")); var kRegion = HMACSHA256(kDate, scope.Region.Name); var kService = HMACSHA256(kRegion, scope.Service.Name); var signingKey = HMACSHA256(kService, "aws4_request"); return(signingKey); }
public string GetStringToSign(CredentialScope scope, HttpRequestMessage request) { #region Preconditions if (scope == null) { throw new ArgumentNullException(nameof(scope)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } #endregion IEnumerable <string> dateHeaderValues; if (!request.Headers.TryGetValues("x-amz-date", out dateHeaderValues)) { throw new Exception("Missing x-amz-date header"); } var timestamp = dateHeaderValues.First(); var canonicalRequest = HexString.FromBytes(ComputeSHA256(GetCanonicalRequest(request))); return(string.Join("\n", "AWS4-HMAC-SHA256", // Algorithm + \n timestamp, // Timestamp + \n scope.ToString(), // Scope + \n canonicalRequest // Hex(SHA256(CanonicalRequest)) )); }
public static string GetStringToSign(CredentialScope scope, HttpRequestMessage request, out List <string> signedHeaders) { string timestamp = request.Headers.TryGetValues("x-amz-date", out IEnumerable <string> dateHeaderValues) ? dateHeaderValues.First() : throw new Exception("Missing 'x-amz-date' header"); return(GetStringToSign( scope: scope, timestamp: timestamp, canonicalRequest: GetCanonicalRequest(request, out signedHeaders) )); }
public static string GetStringToSign(CredentialScope scope, string timestamp, string canonicalRequest) { string hashedCanonicalRequest = HexString.FromBytes(ComputeSHA256(canonicalRequest)); var sb = StringBuilderCache.Aquire(); sb.AppendJoin('\n', new string[] { algorithmName, // Algorithm + \n timestamp, // Timestamp + \n scope.ToString(), // Scope + \n hashedCanonicalRequest // Hex(SHA256(CanonicalRequest)) }); return(StringBuilderCache.ExtractAndRelease(sb)); }
public SignatureInfo GetInfo(IAwsCredentials credentials, CredentialScope scope, HttpRequestMessage request) { var signingKey = GetSigningKey(credentials, scope); var stringToSign = GetStringToSign(scope, request); var signature = Signature.ComputeHmacSha256(signingKey, Encoding.UTF8.GetBytes(stringToSign)).ToHexString(); var signedHeaders = GetSignedHeaders(request); var auth = $"AWS4-HMAC-SHA256 Credential={credentials.AccessKeyId}/{scope},SignedHeaders={signedHeaders},Signature={signature}"; return(new SignatureInfo { CanonicalizedString = GetCanonicalRequest(request), StringToSign = stringToSign, Auth = auth }); }
public string GetStringToSign(CredentialScope scope, HttpRequestMessage request) { string timestamp; if (request.Headers.TryGetValues("x-amz-date", out IEnumerable <string> dateHeaderValues)) { timestamp = dateHeaderValues.First(); } else { throw new Exception("Missing 'x-amz-date' header"); } return(GetStringToSign( scope: scope, timestamp: timestamp, canonicalRequest: GetCanonicalRequest(request) )); }
public void Sign(IAwsCredential credential, CredentialScope scope, HttpRequestMessage request) { #region Preconditions if (credential == null) { throw new ArgumentNullException(nameof(credential)); } if (scope == null) { throw new ArgumentNullException(nameof(scope)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } #endregion // If we're using S3, ensure the request content has been signed if (scope.Service == AwsService.S3 && !request.Headers.Contains("x-amz-content-sha256")) { request.Headers.Add("x-amz-content-sha256", ComputeSHA256(request.Content)); } var signingKey = GetSigningKey(credential, scope); var stringToSign = GetStringToSign(scope, request); var signature = Signature.ComputeHmacSha256(signingKey, Encoding.UTF8.GetBytes(stringToSign)).ToHexString(); var signedHeaders = GetSignedHeaders(request); // AWS4-HMAC-SHA256 Credential={0},SignedHeaders={0},Signature={0} var auth = $"AWS4-HMAC-SHA256 Credential={credential.AccessKeyId}/{scope},SignedHeaders={signedHeaders},Signature={signature}"; request.Headers.TryAddWithoutValidation("Authorization", auth); }
public void Sign(IAwsCredentials credentials, CredentialScope scope, HttpRequestMessage request) { #region Preconditions if (credentials == null) { throw new ArgumentNullException(nameof(credentials)); } if (scope == null) { throw new ArgumentNullException(nameof(scope)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } #endregion // If we're using S3, ensure the request content has been signed if (scope.Service == AwsService.S3 && !request.Headers.Contains("x-amz-content-sha256")) { request.Headers.Add("x-amz-content-sha256", ComputeSHA256(request.Content)); } var signingKey = GetSigningKey(credentials, scope); var stringToSign = GetStringToSign(scope, request); var signature = Signature.ComputeHmacSha256(signingKey, Encoding.UTF8.GetBytes(stringToSign)).ToHexString(); var signedHeaders = GetSignedHeaders(request); // AWS4-HMAC-SHA256 Credential={0},SignedHeaders={0},Signature={0} var auth = $"AWS4-HMAC-SHA256 Credential={credentials.AccessKeyId}/{scope},SignedHeaders={signedHeaders},Signature={signature}"; // AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20120228/us-east-1/iam/aws4_request,SignedHeaders=content-type;host;x-amz-date,Signature=HexEncode(calculated-signature-from-task-3) request.Headers.TryAddWithoutValidation("Authorization", auth); }
// http://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html public void Presign( IAwsCredential credential, CredentialScope scope, DateTime date, TimeSpan expires, HttpRequestMessage request) { #region Preconditions if (credential == null) { throw new ArgumentNullException(nameof(credential)); } if (scope == null) { throw new ArgumentNullException(nameof(scope)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } #endregion var signingKey = GetSigningKey(credential, scope); var queryParameters = new SortedDictionary <string, string>(); foreach (var pair in ParseQueryString(request.RequestUri.Query)) { queryParameters[pair.Key] = pair.Value; } var timestamp = date.ToString(format: isoDateTimeFormat); queryParameters["X-Amz-Algorithm"] = "AWS4-HMAC-SHA256"; queryParameters["X-Amz-Credential"] = $"{credential.AccessKeyId}/{scope}"; if (credential.SecurityToken != null) { queryParameters["X-Amz-Security-Token"] = credential.SecurityToken; } queryParameters["X-Amz-Date"] = timestamp; queryParameters["X-Amz-Expires"] = expires.TotalSeconds.ToString(); // in seconds queryParameters["X-Amz-SignedHeaders"] = "host"; var canonicalHeaders = "host:" + request.RequestUri.Host; if (!request.RequestUri.IsDefaultPort) { canonicalHeaders += ":" + request.RequestUri.Port; } var canonicalRequest = GetCanonicalRequest( method: request.Method, canonicalURI: request.RequestUri.AbsolutePath, canonicalQueryString: CanonicizeQueryString(queryParameters), canonicalHeaders: canonicalHeaders, signedHeaders: "host", payloadHash: emptySha256 ); var stringToSign = GetStringToSign( scope, timestamp, canonicalRequest ); var signature = Signature.ComputeHmacSha256( key: signingKey, data: Encoding.UTF8.GetBytes(stringToSign) ).ToHexString(); /* * queryString = Action=action * queryString += &X-Amz-Algorithm=algorithm * queryString += &X-Amz-Credential= urlencode(access_key_ID + '/' + credential_scope) * queryString += &X-Amz-Date=date * queryString += &X-Amz-Expires=timeout interval * queryString += &X-Amz-SignedHeaders=signed_headers */ var queryString = string.Join("&", queryParameters.Select(pair => WebUtility.UrlEncode(pair.Key) + "=" + WebUtility.UrlEncode(pair.Value)) ) + "&X-Amz-Signature=" + signature; var url = request.RequestUri.ToString(); request.RequestUri = new Uri( url.Substring(0, url.IndexOf("?")) + "?" + queryString ); }
private const string isoDateTimeFormat = "yyyyMMddTHHmmssZ"; // ISO8601 public static string GetStringToSign(CredentialScope scope, HttpRequestMessage request) { return(GetStringToSign(scope, request, out _)); }