예제 #1
0
/**
 * @brief  Create an AWS V4 Signature authorization header value.
 *
 * This function builds an V4 signature, and returns it to the caller.  The returned
 * header value is then suitable for adding as a `Authorization` header in the HTTP
 * request, to be accepted by Amazon.
 *
 * @param  credentials  The AWS credentials to use to sign the request.
 * @param  operation    The HTTP method being used for the request.
 * @param  request      The network request to generate a signature for.
 * @param  payload      Optional data being submitted in the request (eg for `PUT` and `POST` operations).
 * @param  timestamp    The timestamp to use when signing the request.
 *
 * @return  An AWS V4 Signature authorization header value.
 *
 * @see    http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
 * @see    setAuthorizationHeader
 */
QByteArray AwsSignatureV4Private::authorizationHeaderValue(const AwsAbstractCredentials &credentials,
                                                           const QNetworkAccessManager::Operation operation,
                                                           QNetworkRequest &request, const QByteArray &payload,
                                                           const QDateTime &timestamp) const
{
    const QByteArray algorithmDesignation = this->algorithmDesignation(hashAlgorithm);
    const AwsEndpoint endpoint(request.url().host());

    const QByteArray credentialScope = this->credentialScope(timestamp.date(), endpoint.regionName(), endpoint.serviceName());
    QByteArray signedHeaders;
    const QByteArray canonicalRequest = this->canonicalRequest(operation, request, payload, &signedHeaders);

    const QByteArray stringToSign = this->stringToSign(algorithmDesignation, timestamp, credentialScope, canonicalRequest);
    const QByteArray signingKey = this->signingKey(credentials, timestamp.date(), endpoint.regionName(), endpoint.serviceName());
    const QByteArray signature = QMessageAuthenticationCode::hash(stringToSign, signingKey, hashAlgorithm);

    return algorithmDesignation + " Credential=" + credentials.accessKeyId().toUtf8() + '/' + credentialScope +
            ", SignedHeaders=" + signedHeaders + ", Signature=" + signature.toHex();
}
예제 #2
0
/**
 * @brief  Create an AWS V3 Signature authorization header value.
 *
 * This function builds a V3 signature, and returns it to the caller.  The returned
 * header value is then suitable for adding as an `Authorization` header in the HTTP
 * request, to be accepted by Amazon.
 *
 * @param  credentials  The AWS credentials to use to sign the request.
 * @param  operation    The HTTP method being used for the request.
 * @param  request      The network request to generate a signature for.
 * @param  payload      Optional data being submitted in the request (eg for `PUT` and `POST` operations).
 *
 * @return  An AWS V3 Signature authorization header value.
 *
 * @see    http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html
 * @see    setAuthorizationHeader
 */
QByteArray AwsSignatureV3Private::authorizationHeaderValue(const AwsAbstractCredentials &credentials,
                                                           const QNetworkAccessManager::Operation operation,
                                                           QNetworkRequest &request, const QByteArray &payload) const
{
    // Calculate the signature.
    QByteArray signedHeaders;
    QByteArray stringToSign = canonicalRequest(operation, request, payload, &signedHeaders);
    if (!isHttps(request)) {
        stringToSign = QCryptographicHash::hash(stringToSign, hashAlgorithm);
    }
    const QByteArray signature = QMessageAuthenticationCode::hash(
                stringToSign, credentials.secretKey().toUtf8(), hashAlgorithm);

    // Build and return the authorization header value.
    return
        QByteArray((isHttps(request)) ? "AWS3-HTTPS " : "AWS3 ") +
        "AWSAccessKeyId=" + credentials.accessKeyId().toUtf8() + ","
        "Algorithm=" + algorithmDesignation(hashAlgorithm) + "," +
        ((!isHttps(request)) ? "SignedHeaders=" + signedHeaders + ',' : "") +
        "Signature=" + signature.toBase64();
}