/**
* @brief Create an AWS V3 Signature authorization header value.
*
* This function builds a V3 signature, and returns it to the caller. The returned
* header value is then suitable for adding as an `Authorization` header in the HTTP
* request, to be accepted by Amazon.
*
* @param credentials The AWS credentials to use to sign the request.
* @param operation The HTTP method being used for the request.
* @param request The network request to generate a signature for.
* @param payload Optional data being submitted in the request (eg for `PUT` and `POST` operations).
*
* @return An AWS V3 Signature authorization header value.
*
* @see http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html
* @see setAuthorizationHeader
*/
QByteArray AwsSignatureV3Private::authorizationHeaderValue(const AwsAbstractCredentials &credentials,
const QNetworkAccessManager::Operation operation,
QNetworkRequest &request, const QByteArray &payload) const
{
// Calculate the signature.
QByteArray signedHeaders;
QByteArray stringToSign = canonicalRequest(operation, request, payload, &signedHeaders);
if (!isHttps(request)) {
stringToSign = QCryptographicHash::hash(stringToSign, hashAlgorithm);
}
const QByteArray signature = QMessageAuthenticationCode::hash(
stringToSign, credentials.secretKey().toUtf8(), hashAlgorithm);
// Build and return the authorization header value.
return
QByteArray((isHttps(request)) ? "AWS3-HTTPS " : "AWS3 ") +
"AWSAccessKeyId=" + credentials.accessKeyId().toUtf8() + ","
"Algorithm=" + algorithmDesignation(hashAlgorithm) + "," +
((!isHttps(request)) ? "SignedHeaders=" + signedHeaders + ',' : "") +
"Signature=" + signature.toBase64();
}
/**
* @brief Create an AWS V4 Signature authorization header value.
*
* This function builds an V4 signature, and returns it to the caller. The returned
* header value is then suitable for adding as a `Authorization` header in the HTTP
* request, to be accepted by Amazon.
*
* @param credentials The AWS credentials to use to sign the request.
* @param operation The HTTP method being used for the request.
* @param request The network request to generate a signature for.
* @param payload Optional data being submitted in the request (eg for `PUT` and `POST` operations).
* @param timestamp The timestamp to use when signing the request.
*
* @return An AWS V4 Signature authorization header value.
*
* @see http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
* @see setAuthorizationHeader
*/
QByteArray AwsSignatureV4Private::authorizationHeaderValue(const AwsAbstractCredentials &credentials,
const QNetworkAccessManager::Operation operation,
QNetworkRequest &request, const QByteArray &payload,
const QDateTime ×tamp) const
{
const QByteArray algorithmDesignation = this->algorithmDesignation(hashAlgorithm);
const AwsEndpoint endpoint(request.url().host());
const QByteArray credentialScope = this->credentialScope(timestamp.date(), endpoint.regionName(), endpoint.serviceName());
QByteArray signedHeaders;
const QByteArray canonicalRequest = this->canonicalRequest(operation, request, payload, &signedHeaders);
const QByteArray stringToSign = this->stringToSign(algorithmDesignation, timestamp, credentialScope, canonicalRequest);
const QByteArray signingKey = this->signingKey(credentials, timestamp.date(), endpoint.regionName(), endpoint.serviceName());
const QByteArray signature = QMessageAuthenticationCode::hash(stringToSign, signingKey, hashAlgorithm);
return algorithmDesignation + " Credential=" + credentials.accessKeyId().toUtf8() + '/' + credentialScope +
", SignedHeaders=" + signedHeaders + ", Signature=" + signature.toHex();
}
/**
* @brief Create an AWS V4 Signature signing key.
*
* @param credentials AWS credentials to use when generating the signing key.
* @param date Date to include in the signing key.
* @param region Region name to include in the signing key.
* @param service Service name to include in the signing key.
*
* @return An AWS V4 Signature signing key.
*
* @see http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
*/
QByteArray AwsSignatureV4Private::signingKey(const AwsAbstractCredentials &credentials, const QDate &date,
const QString ®ion, const QString &service) const
{
return QMessageAuthenticationCode::hash("aws4_request",
QMessageAuthenticationCode::hash(service.toUtf8(),
QMessageAuthenticationCode::hash(region.toUtf8(),
QMessageAuthenticationCode::hash(date.toString(DateFormat).toUtf8(), "AWS4"+credentials.secretKey().toUtf8(),
hashAlgorithm), hashAlgorithm), hashAlgorithm), hashAlgorithm);
}
