/** * Test string to sign generation */ static void test_string_to_sign(void) { ASSERT_STRING_EQUALS("GET\n\n\nFri, 17 May 2013 19:35:26 GMT\n/rienzo-vault/troporocks.mp3", aws_s3_string_to_sign("GET", "rienzo-vault", "troporocks.mp3", "", "", "Fri, 17 May 2013 19:35:26 GMT")); ASSERT_STRING_EQUALS("GET\nc8fdb181845a4ca6b8fec737b3581d76\naudio/mpeg\nThu, 17 Nov 2005 18:49:58 GMT\n/foo/man.chu", aws_s3_string_to_sign("GET", "foo", "man.chu", "audio/mpeg", "c8fdb181845a4ca6b8fec737b3581d76", "Thu, 17 Nov 2005 18:49:58 GMT")); ASSERT_STRING_EQUALS("\n\n\n\n//", aws_s3_string_to_sign("", "", "", "", "", "")); ASSERT_STRING_EQUALS("\n\n\n\n//", aws_s3_string_to_sign(NULL, NULL, NULL, NULL, NULL, NULL)); ASSERT_STRING_EQUALS("PUT\n\naudio/wav\nWed, 12 Jun 2013 13:16:58 GMT\n/bucket/voicemails/recording.wav", aws_s3_string_to_sign("PUT", "bucket", "voicemails/recording.wav", "audio/wav", "", "Wed, 12 Jun 2013 13:16:58 GMT")); }
/** * Create an authentication signature for AWS S3 * @param authentication buffer to store result * @param authentication_length maximum result length * @param verb (PUT/GET) * @param url address (virtual-host-style) * @param content_type optional content type * @param content_md5 optional content MD5 checksum * @param aws_access_key_id secret access key identifier * @param aws_secret_access_key secret access key * @param date header * @return signature for Authorization header */ char *aws_s3_authentication_create(const char *verb, const char *url, const char *content_type, const char *content_md5, const char *aws_access_key_id, const char *aws_secret_access_key, const char *date) { char signature[S3_SIGNATURE_LENGTH_MAX]; char *string_to_sign; char *url_dup = strdup(url); char *bucket; char *object; /* create base64 encoded signature */ aws_s3_parse_url(url_dup, &bucket, &object); string_to_sign = aws_s3_string_to_sign(verb, bucket, object, content_type, content_md5, date); signature[0] = '\0'; aws_s3_signature(signature, S3_SIGNATURE_LENGTH_MAX, string_to_sign, aws_secret_access_key); free(string_to_sign); free(url_dup); return switch_mprintf("AWS %s:%s", aws_access_key_id, signature); }
/** * Create a pre-signed URL for AWS S3 * @param verb (PUT/GET) * @param url address (virtual-host-style) * @param content_type optional content type * @param content_md5 optional content MD5 checksum * @param aws_access_key_id secret access key identifier * @param aws_secret_access_key secret access key * @param expires seconds since the epoch * @return presigned_url */ char *aws_s3_presigned_url_create(const char *verb, const char *url, const char *content_type, const char *content_md5, const char *aws_access_key_id, const char *aws_secret_access_key, const char *expires) { char signature[S3_SIGNATURE_LENGTH_MAX]; char signature_url_encoded[S3_SIGNATURE_LENGTH_MAX]; char *string_to_sign; char *url_dup = strdup(url); char *bucket; char *object; /* create URL encoded signature */ aws_s3_parse_url(url_dup, &bucket, &object); string_to_sign = aws_s3_string_to_sign(verb, bucket, object, content_type, content_md5, expires); signature[0] = '\0'; aws_s3_signature(signature, S3_SIGNATURE_LENGTH_MAX, string_to_sign, aws_secret_access_key); switch_url_encode(signature, signature_url_encoded, S3_SIGNATURE_LENGTH_MAX); free(string_to_sign); free(url_dup); /* create the presigned URL */ return switch_mprintf("%s?Signature=%s&Expires=%s&AWSAccessKeyId=%s", url, signature_url_encoded, expires, aws_access_key_id); }