Package com.amazonaws.auth
Class AbstractAWSSigner
- java.lang.Object
-
- com.amazonaws.auth.AbstractAWSSigner
-
- All Implemented Interfaces:
Signer
- Direct Known Subclasses:
AWS3Signer
,AWS4Signer
,QueryStringSigner
public abstract class AbstractAWSSigner extends Object implements Signer
Abstract base class for AWS signing protocol implementations. Provides utilities commonly needed by signing protocols such as computing canonicalized host names, query string parameters, etc.Not intended to be sub-classed by developers.
-
-
Field Summary
Fields Modifier and Type Field Description static String
EMPTY_STRING_SHA256_HEX
-
Constructor Summary
Constructors Constructor Description AbstractAWSSigner()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected abstract void
addSessionCredentials(SignableRequest<?> request, AWSSessionCredentials credentials)
Adds session credentials to the request given.protected byte[]
getBinaryRequestPayload(SignableRequest<?> request)
Returns the request's payload as binary data.protected InputStream
getBinaryRequestPayloadStream(SignableRequest<?> request)
protected InputStream
getBinaryRequestPayloadStreamWithoutQueryParams(SignableRequest<?> request)
protected byte[]
getBinaryRequestPayloadWithoutQueryParams(SignableRequest<?> request)
Returns the request's payload contents as binary data, without processing any query string params (i.e.protected String
getCanonicalizedEndpoint(URI endpoint)
protected String
getCanonicalizedQueryString(SignableRequest<?> request)
protected String
getCanonicalizedQueryString(Map<String,List<String>> parameters)
Examines the specified query string parameters and returns a canonicalized form.protected String
getCanonicalizedResourcePath(String resourcePath)
protected String
getCanonicalizedResourcePath(String resourcePath, boolean urlEncode)
protected String
getRequestPayload(SignableRequest<?> request)
Returns the request's payload as a String.protected String
getRequestPayloadWithoutQueryParams(SignableRequest<?> request)
Returns the request's payload contents as a String, without processing any query string params (i.e.protected Date
getSignatureDate(int offsetInSeconds)
Returns the current time minus the given offset in seconds.protected int
getTimeOffset(SignableRequest<?> request)
Deprecated.byte[]
hash(byte[] data)
Hashes the binary data using the SHA-256 algorithm.protected byte[]
hash(InputStream input)
byte[]
hash(String text)
Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.protected String
newString(byte[] bytes)
Safely converts a UTF-8 encoded byte array into a String.protected AWSCredentials
sanitizeCredentials(AWSCredentials credentials)
Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.protected byte[]
sign(byte[] data, byte[] key, SigningAlgorithm algorithm)
byte[]
sign(String stringData, byte[] key, SigningAlgorithm algorithm)
protected String
signAndBase64Encode(byte[] data, String key, SigningAlgorithm algorithm)
Computes an RFC 2104-compliant HMAC signature for an array of bytes and returns the result as a Base64 encoded string.protected String
signAndBase64Encode(String data, String key, SigningAlgorithm algorithm)
Computes an RFC 2104-compliant HMAC signature and returns the result as a Base64 encoded string.byte[]
signWithMac(String stringData, Mac mac)
-
-
-
Field Detail
-
EMPTY_STRING_SHA256_HEX
public static final String EMPTY_STRING_SHA256_HEX
-
-
Method Detail
-
signAndBase64Encode
protected String signAndBase64Encode(String data, String key, SigningAlgorithm algorithm) throws AmazonClientException
Computes an RFC 2104-compliant HMAC signature and returns the result as a Base64 encoded string.- Throws:
AmazonClientException
-
signAndBase64Encode
protected String signAndBase64Encode(byte[] data, String key, SigningAlgorithm algorithm) throws AmazonClientException
Computes an RFC 2104-compliant HMAC signature for an array of bytes and returns the result as a Base64 encoded string.- Throws:
AmazonClientException
-
sign
public byte[] sign(String stringData, byte[] key, SigningAlgorithm algorithm) throws AmazonClientException
- Throws:
AmazonClientException
-
sign
protected byte[] sign(byte[] data, byte[] key, SigningAlgorithm algorithm) throws AmazonClientException
- Throws:
AmazonClientException
-
hash
public byte[] hash(String text) throws AmazonClientException
Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.- Parameters:
text
- The string to hash.- Returns:
- The hashed bytes from the specified string.
- Throws:
AmazonClientException
- If the hash cannot be computed.
-
hash
protected byte[] hash(InputStream input) throws AmazonClientException
- Throws:
AmazonClientException
-
hash
public byte[] hash(byte[] data) throws AmazonClientException
Hashes the binary data using the SHA-256 algorithm.- Parameters:
data
- The binary data to hash.- Returns:
- The hashed bytes from the specified data.
- Throws:
AmazonClientException
- If the hash cannot be computed.
-
getCanonicalizedQueryString
protected String getCanonicalizedQueryString(Map<String,List<String>> parameters)
Examines the specified query string parameters and returns a canonicalized form.The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an '&'.
- Parameters:
parameters
- The query string parameters to be canonicalized.- Returns:
- A canonicalized form for the specified query string parameters.
-
getCanonicalizedQueryString
protected String getCanonicalizedQueryString(SignableRequest<?> request)
-
getBinaryRequestPayload
protected byte[] getBinaryRequestPayload(SignableRequest<?> request)
Returns the request's payload as binary data.- Parameters:
request
- The request- Returns:
- The data from the request's payload, as binary data.
-
getRequestPayload
protected String getRequestPayload(SignableRequest<?> request)
Returns the request's payload as a String.- Parameters:
request
- The request- Returns:
- The data from the request's payload, as a string.
-
getRequestPayloadWithoutQueryParams
protected String getRequestPayloadWithoutQueryParams(SignableRequest<?> request)
Returns the request's payload contents as a String, without processing any query string params (i.e. no form encoding for query params).- Parameters:
request
- The request- Returns:
- the request's payload contents as a String, not including any form encoding of query string params.
-
getBinaryRequestPayloadWithoutQueryParams
protected byte[] getBinaryRequestPayloadWithoutQueryParams(SignableRequest<?> request)
Returns the request's payload contents as binary data, without processing any query string params (i.e. no form encoding for query params).- Parameters:
request
- The request- Returns:
- The request's payload contents as binary data, not including any form encoding of query string params.
-
getBinaryRequestPayloadStream
protected InputStream getBinaryRequestPayloadStream(SignableRequest<?> request)
-
getBinaryRequestPayloadStreamWithoutQueryParams
protected InputStream getBinaryRequestPayloadStreamWithoutQueryParams(SignableRequest<?> request)
-
getCanonicalizedResourcePath
protected String getCanonicalizedResourcePath(String resourcePath, boolean urlEncode)
-
sanitizeCredentials
protected AWSCredentials sanitizeCredentials(AWSCredentials credentials)
Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.Returns either a
BasicSessionCredentials
or aBasicAWSCredentials
object, depending on the input type.- Parameters:
credentials
-- Returns:
- A new credentials object with the sanitized credentials.
-
newString
protected String newString(byte[] bytes)
Safely converts a UTF-8 encoded byte array into a String.- Parameters:
bytes
- UTF-8 encoded binary character data.- Returns:
- The converted String object.
-
getSignatureDate
protected Date getSignatureDate(int offsetInSeconds)
Returns the current time minus the given offset in seconds. The intent is to adjust the current time in the running JVM to the corresponding wall clock time at AWS for request signing purposes.- Parameters:
offsetInSeconds
- offset in seconds
-
getTimeOffset
@Deprecated protected int getTimeOffset(SignableRequest<?> request)
Deprecated.Returns the time offset in seconds.
-
addSessionCredentials
protected abstract void addSessionCredentials(SignableRequest<?> request, AWSSessionCredentials credentials)
Adds session credentials to the request given.- Parameters:
request
- The request to add session credentials information tocredentials
- The session credentials to add to the request
-
-