Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   *
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
   *
   *  http://aws.amazon.com/apache2.0
   *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.auth;
 
 import static com.amazonaws.util.StringUtils.UTF8;
 
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
 
Signer implementation that signs requests with the AWS3 signing protocol.
 
 public class AWS3Signer extends AbstractAWSSigner {
     private static final String AUTHORIZATION_HEADER = "X-Amzn-Authorization";
     private static final String NONCE_HEADER = "x-amz-nonce";
     private static final String HTTP_SCHEME = "AWS3";
     private static final String HTTPS_SCHEME = "AWS3-HTTPS";

    
For internal testing only - allows the request's date to be overridden for testing.
 
     private String overriddenDate;
 
     @Deprecated
     protected static final DateUtils dateUtils = new DateUtils();
     private static final InternalLogApi log = InternalLogFactory.getLog(AWS3Signer.class);


    
Signs the specified request with the AWS3 signing protocol by using the AWS account credentials specified when this object was constructed and adding the required AWS3 headers to the request.

Parameters:
request The request to sign.
 
     @Override
     public void sign(SignableRequest<?> requestAWSCredentials credentialsthrows AmazonClientException {
         // annonymous credentials, don't sign
         if ( credentials instanceof AnonymousAWSCredentials ) {
             return;
         }
 
         AWSCredentials sanitizedCredentials = sanitizeCredentials(credentials);
 
         SigningAlgorithm algorithm = .;
         String nonce = UUID.randomUUID().toString();
 
         int timeOffset = request.getTimeOffset();
         Date dateValue = getSignatureDate(timeOffset);
         String date = DateUtils.formatRFC822Date(dateValue);
         boolean isHttps = false;
 
         if ( != nulldate = ;
         request.addHeader("Date"date);
         request.addHeader("X-Amz-Date"date);
 
         // AWS3 HTTP requires that we sign the Host header
         // so we have to have it in the request by the time we sign.
         String hostHeader = request.getEndpoint().getHost();
         if (SdkHttpUtils.isUsingNonDefaultPort(request.getEndpoint())) {
             hostHeader += ":" + request.getEndpoint().getPort();
         }
         request.addHeader("Host"hostHeader);
 
         if ( sanitizedCredentials instanceof AWSSessionCredentials ) {
             addSessionCredentials(request, (AWSSessionCredentialssanitizedCredentials);
         }
         byte[] bytesToSign;
         String stringToSign;
         if (isHttps) {
             request.addHeader(nonce);
             stringToSign = date + nonce;
             bytesToSign = stringToSign.getBytes();
         } else {
            String path = SdkHttpUtils.appendUri(request.getEndpoint().getPath(), request.getResourcePath());
            /*
             * AWS3 requires all query params to be listed on the third line of
             * the string to sign, even if those query params will be sent in
             * the request body and not as a query string. POST formatted query
             * params should *NOT* be included in the request payload.
             */
            stringToSign = request.getHttpMethod().toString() + "\n"
                    + getCanonicalizedResourcePath(path) + "\n"
                    + getCanonicalizedQueryString(request.getParameters()) + "\n"
                    + getCanonicalizedHeadersForStringToSign(request) + "\n"
                    + getRequestPayloadWithoutQueryParams(request);
            bytesToSign = hash(stringToSign);
        }
        if (.isDebugEnabled())
            .debug("Calculated StringToSign: " + stringToSign);
        String signature = signAndBase64Encode(bytesToSign,
                sanitizedCredentials.getAWSSecretKey(), algorithm);
        StringBuilder builder = new StringBuilder();
        builder.append(isHttps ?  : ).append(" ");
        builder.append("AWSAccessKeyId=" + sanitizedCredentials.getAWSAccessKeyId() + ",");
        builder.append("Algorithm=" + algorithm.toString() + ",");
        if (!isHttps) {
            builder.append(getSignedHeadersComponent(request) + ",");
        }
        builder.append("Signature=" + signature);
        request.addHeader(builder.toString());
    }
    private String getSignedHeadersComponent(SignableRequest<?> request) {
        StringBuilder builder = new StringBuilder();
        builder.append("SignedHeaders=");
        boolean first = true;
        for (String header : getHeadersForStringToSign(request)) {
            if (!firstbuilder.append(";");
            builder.append(header);
            first = false;
        }
        return builder.toString();
    }
    protected List<StringgetHeadersForStringToSign(SignableRequest<?> request) {
        List<StringheadersToSign = new ArrayList<String>();
        for (Map.Entry<StringStringentry : request.getHeaders().entrySet()) {
            String key = entry.getKey();
            String lowerCaseKey = key.toLowerCase();
            if (lowerCaseKey.startsWith("x-amz")
                    || lowerCaseKey.equals("host")) {
                headersToSign.add(key);
            }
        }
        Collections.sort(headersToSign);
        return headersToSign;
    }

    
For internal testing only - allows the date to be overridden for internal tests.

Parameters:
date The RFC822 date string to use when signing requests.
    void overrideDate(String date) {
        this. = date;
    }
        List<StringheadersToSign = getHeadersForStringToSign(request);
        for (int i = 0; i < headersToSign.size(); i++) {
            headersToSign.set(iheadersToSign.get(i).toLowerCase());
        }
        SortedMap<StringStringsortedHeaderMap = new TreeMap<StringString>();
        for (Map.Entry<StringStringentry : request.getHeaders().entrySet()) {
            if (headersToSign.contains(entry.getKey().toLowerCase())) {
                sortedHeaderMap.put(entry.getKey().toLowerCase(), entry.getValue());
            }
        }
        StringBuilder builder = new StringBuilder();
        for (Map.Entry<StringStringentry : sortedHeaderMap.entrySet()) {
            builder.append(entry.getKey().toLowerCase()).append(":")
            .append(entry.getValue()).append("\n");
        }
        return builder.toString();
    }
    protected boolean shouldUseHttpsScheme(SignableRequest<?> requestthrows AmazonClientException {
        try {
            String protocol = request.getEndpoint().toURL().getProtocol().toLowerCase();
            if (protocol.equals("http")) {
                return false;
            } else if (protocol.equals("https")) {
                return true;
            } else {
                throw new AmazonClientException("Unknown request endpoint protocol " +
                        "encountered while signing request: " + protocol);
            }
        } catch (MalformedURLException e) {
            throw new AmazonClientException("Unable to parse request endpoint during signing"e);
        }
    }
    @Override
    protected void addSessionCredentials(SignableRequest<?> requestAWSSessionCredentials credentials) {
        request.addHeader("x-amz-security-token"credentials.getSessionToken());
    }
New to GrepCode? Check out our FAQ X