Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
   *
   *  http://aws.amazon.com/apache2.0
   *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.services.s3.internal;
 
 import java.util.Date;
 import java.util.Set;
 
 
Implementation of the com.amazonaws.auth.Signer interface specific to S3's signing algorithm.
 
 public class S3Signer extends AbstractAWSSigner {

    
Shared log for signing debug output
 
     private static final Log log = LogFactory.getLog(S3Signer.class);

    
The HTTP verb (GET, PUT, HEAD, DELETE) the request to sign is using. TODO: We need to know the HTTP verb in order to create the authentication signature, but we don't have easy access to it through the request object. Maybe it'd be better for the S3 signer (or all signers?) to work directly off of the HttpRequest instead of the Request object?
 
     private final String httpVerb;

    
The canonical resource path portion of the S3 string to sign. Examples: "/", "/<bucket name>/", or "/<bucket name>/<key>" TODO: We don't want to hold the resource path as member data in the S3 signer, but we need access to it and can't get it through the request yet.
 
     private final String resourcePath;

    
The names of all the user-specified query parameters that should be included in the canonical request, in addition to those default parameters that are always signed.

 
     private final Set<StringadditionalQueryParamsToSign;

    
Create a dummy instance of the S3Signer. This constructor will be invoked by internal config via reflection.
 
     public S3Signer() {
         /*
          * NOTE: don't delegate to the other ctors, otherwise an IAE will be
          * thrown since the resourcePath is lazily initialized to null.
          */
         this. = null;
         this. = null;
         this. = null;
     }

    
Constructs a new S3Signer to sign requests based on the AWS credentials, HTTP method and canonical S3 resource path.

Parameters:
httpVerb The HTTP verb (GET, PUT, POST, HEAD, DELETE) the request is using.
resourcePath The canonical S3 resource path (ex: "/", "/<bucket name>/", or "/<bucket name>/<key>".
    public S3Signer(String httpVerbString resourcePath) {
        this(httpVerbresourcePathnull);
    }

    
Constructs a new S3Signer to sign requests based on the AWS credentials, HTTP method and canonical S3 resource path.

Parameters:
httpVerb The HTTP verb (GET, PUT, POST, HEAD, DELETE) the request is using.
resourcePath The canonical S3 resource path (ex: "/", "/<bucket name>/", or "/<bucket name>/<key>".
additionalQueryParamsToSign A collection of user-specified query parameters that should be included in the canonical request, in addition to those default parameters that are always signed.
See also:
RestUtils.makeS3CanonicalString(java.lang.String,java.lang.String,com.amazonaws.SignableRequest,java.lang.String)
    public S3Signer(String httpVerbString resourcePath,
            Collection<StringadditionalQueryParamsToSign) {
        if (resourcePath == null)
            throw new IllegalArgumentException(
                    "Parameter resourcePath is empty");
        this. = httpVerb;
        this. = resourcePath;
        this. = additionalQueryParamsToSign == null
                ? null
                : Collections.unmodifiableSet(new HashSet<String>(
                        additionalQueryParamsToSign));
    }
    @Override
    public void sign(SignableRequest<?> requestAWSCredentials credentials) {
        if ( == null) {
            throw new UnsupportedOperationException(
                    "Cannot sign a request using a dummy S3Signer instance with "
                            + "no resource path");
        }
        if (credentials == null || credentials.getAWSSecretKey() == null) {
            .debug("Canonical string will not be signed, as no AWS Secret Key was provided");
            return;
        }
        AWSCredentials sanitizedCredentials = sanitizeCredentials(credentials);
        if (sanitizedCredentials instanceof AWSSessionCredentials) {
            addSessionCredentials(request,
                    (AWSSessionCredentialssanitizedCredentials);
        }
        /*
         * In s3 sigv2, the way slash characters are encoded should be
         * consistent in both the request url and the encoded resource path.
         * Since we have to encode "//" to "/%2F" in the request url to make
         * httpclient works, we need to do the same encoding here for the
         * resource path.
         */
        String encodedResourcePath = SdkHttpUtils.appendUri(
                request.getEndpoint().getPath(), true);
        int timeOffset = request.getTimeOffset();
        Date date = getSignatureDate(timeOffset);
        request.addHeader(., ServiceUtils.formatRfc822Date(date));
        String canonicalString = RestUtils.makeS3CanonicalString(,
                encodedResourcePathrequestnull);
        .debug("Calculated string to sign:\n\"" + canonicalString + "\"");
        String signature = super.signAndBase64Encode(canonicalString,
                sanitizedCredentials.getAWSSecretKey(),
                .);
        request.addHeader("Authorization",
                "AWS " + sanitizedCredentials.getAWSAccessKeyId() + ":"
                        + signature);
    }
    @Override
    protected void addSessionCredentials(SignableRequest<?> request,
            AWSSessionCredentials credentials) {
        request.addHeader("x-amz-security-token"credentials.getSessionToken());
    }
New to GrepCode? Check out our FAQ X