Package com.amazonaws.auth
Class AbstractAWSSigner
java.lang.Object
com.amazonaws.auth.AbstractAWSSigner
- All Implemented Interfaces:
Signer
- Direct Known Subclasses:
AWS3Signer
,AWS4Signer
,QueryStringSigner
Abstract base class for AWS signing protocol implementations. Provides
utilities commonly needed by signing protocols such as computing
canonicalized host names, query string parameters, etc.
Not intended to be sub-classed by developers.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract void
addSessionCredentials
(SignableRequest<?> request, AWSSessionCredentials credentials) Adds session credentials to the request given.protected byte[]
getBinaryRequestPayload
(SignableRequest<?> request) Returns the request's payload as binary data.protected InputStream
getBinaryRequestPayloadStream
(SignableRequest<?> request) protected InputStream
protected byte[]
Returns the request's payload contents as binary data, without processing any query string params (i.e. no form encoding for query params).protected String
getCanonicalizedEndpoint
(URI endpoint) protected String
getCanonicalizedQueryString
(SignableRequest<?> request) protected String
getCanonicalizedQueryString
(Map<String, List<String>> parameters) Examines the specified query string parameters and returns a canonicalized form.protected String
getCanonicalizedResourcePath
(String resourcePath) protected String
getCanonicalizedResourcePath
(String resourcePath, boolean urlEncode) protected String
getRequestPayload
(SignableRequest<?> request) Returns the request's payload as a String.protected String
getRequestPayloadWithoutQueryParams
(SignableRequest<?> request) Returns the request's payload contents as a String, without processing any query string params (i.e. no form encoding for query params).protected Date
getSignatureDate
(int offsetInSeconds) Returns the current time minus the given offset in seconds.protected int
getTimeOffset
(SignableRequest<?> request) Deprecated.byte[]
hash
(byte[] data) Hashes the binary data using the SHA-256 algorithm.protected byte[]
hash
(InputStream input) byte[]
Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.protected String
newString
(byte[] bytes) Safely converts a UTF-8 encoded byte array into a String.protected AWSCredentials
sanitizeCredentials
(AWSCredentials credentials) Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.protected byte[]
sign
(byte[] data, byte[] key, SigningAlgorithm algorithm) byte[]
sign
(String stringData, byte[] key, SigningAlgorithm algorithm) protected String
signAndBase64Encode
(byte[] data, String key, SigningAlgorithm algorithm) Computes an RFC 2104-compliant HMAC signature for an array of bytes and returns the result as a Base64 encoded string.protected String
signAndBase64Encode
(String data, String key, SigningAlgorithm algorithm) Computes an RFC 2104-compliant HMAC signature and returns the result as a Base64 encoded string.byte[]
signWithMac
(String stringData, Mac mac)
-
Field Details
-
EMPTY_STRING_SHA256_HEX
-
-
Constructor Details
-
AbstractAWSSigner
public AbstractAWSSigner()
-
-
Method Details
-
signAndBase64Encode
protected String signAndBase64Encode(String data, String key, SigningAlgorithm algorithm) throws AmazonClientException Computes an RFC 2104-compliant HMAC signature and returns the result as a Base64 encoded string.- Throws:
AmazonClientException
-
signAndBase64Encode
protected String signAndBase64Encode(byte[] data, String key, SigningAlgorithm algorithm) throws AmazonClientException Computes an RFC 2104-compliant HMAC signature for an array of bytes and returns the result as a Base64 encoded string.- Throws:
AmazonClientException
-
sign
public byte[] sign(String stringData, byte[] key, SigningAlgorithm algorithm) throws AmazonClientException - Throws:
AmazonClientException
-
signWithMac
-
sign
protected byte[] sign(byte[] data, byte[] key, SigningAlgorithm algorithm) throws AmazonClientException - Throws:
AmazonClientException
-
hash
Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.- Parameters:
text
- The string to hash.- Returns:
- The hashed bytes from the specified string.
- Throws:
AmazonClientException
- If the hash cannot be computed.
-
hash
- Throws:
AmazonClientException
-
hash
Hashes the binary data using the SHA-256 algorithm.- Parameters:
data
- The binary data to hash.- Returns:
- The hashed bytes from the specified data.
- Throws:
AmazonClientException
- If the hash cannot be computed.
-
getCanonicalizedQueryString
Examines the specified query string parameters and returns a canonicalized form.The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an 'invalid input: '&''.
- Parameters:
parameters
- The query string parameters to be canonicalized.- Returns:
- A canonicalized form for the specified query string parameters.
-
getCanonicalizedQueryString
-
getBinaryRequestPayload
Returns the request's payload as binary data.- Parameters:
request
- The request- Returns:
- The data from the request's payload, as binary data.
-
getRequestPayload
Returns the request's payload as a String.- Parameters:
request
- The request- Returns:
- The data from the request's payload, as a string.
-
getRequestPayloadWithoutQueryParams
Returns the request's payload contents as a String, without processing any query string params (i.e. no form encoding for query params).- Parameters:
request
- The request- Returns:
- the request's payload contents as a String, not including any form encoding of query string params.
-
getBinaryRequestPayloadWithoutQueryParams
Returns the request's payload contents as binary data, without processing any query string params (i.e. no form encoding for query params).- Parameters:
request
- The request- Returns:
- The request's payload contents as binary data, not including any form encoding of query string params.
-
getBinaryRequestPayloadStream
-
getBinaryRequestPayloadStreamWithoutQueryParams
-
getCanonicalizedResourcePath
-
getCanonicalizedResourcePath
-
getCanonicalizedEndpoint
-
sanitizeCredentials
Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.Returns either a
BasicSessionCredentials
or aBasicAWSCredentials
object, depending on the input type.- Parameters:
credentials
-- Returns:
- A new credentials object with the sanitized credentials.
-
newString
Safely converts a UTF-8 encoded byte array into a String.- Parameters:
bytes
- UTF-8 encoded binary character data.- Returns:
- The converted String object.
-
getSignatureDate
Returns the current time minus the given offset in seconds. The intent is to adjust the current time in the running JVM to the corresponding wall clock time at AWS for request signing purposes.- Parameters:
offsetInSeconds
- offset in seconds
-
getTimeOffset
Deprecated.Returns the time offset in seconds. -
addSessionCredentials
protected abstract void addSessionCredentials(SignableRequest<?> request, AWSSessionCredentials credentials) Adds session credentials to the request given.- Parameters:
request
- The request to add session credentials information tocredentials
- The session credentials to add to the request
-