/** * @brief Create an AWS V4 Signature authorization header value. * * This function builds an V4 signature, and returns it to the caller. The returned * header value is then suitable for adding as a `Authorization` header in the HTTP * request, to be accepted by Amazon. * * @param credentials The AWS credentials to use to sign the request. * @param operation The HTTP method being used for the request. * @param request The network request to generate a signature for. * @param payload Optional data being submitted in the request (eg for `PUT` and `POST` operations). * @param timestamp The timestamp to use when signing the request. * * @return An AWS V4 Signature authorization header value. * * @see http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html * @see setAuthorizationHeader */ QByteArray AwsSignatureV4Private::authorizationHeaderValue(const AwsAbstractCredentials &credentials, const QNetworkAccessManager::Operation operation, QNetworkRequest &request, const QByteArray &payload, const QDateTime ×tamp) const { const QByteArray algorithmDesignation = this->algorithmDesignation(hashAlgorithm); const AwsEndpoint endpoint(request.url().host()); const QByteArray credentialScope = this->credentialScope(timestamp.date(), endpoint.regionName(), endpoint.serviceName()); QByteArray signedHeaders; const QByteArray canonicalRequest = this->canonicalRequest(operation, request, payload, &signedHeaders); const QByteArray stringToSign = this->stringToSign(algorithmDesignation, timestamp, credentialScope, canonicalRequest); const QByteArray signingKey = this->signingKey(credentials, timestamp.date(), endpoint.regionName(), endpoint.serviceName()); const QByteArray signature = QMessageAuthenticationCode::hash(stringToSign, signingKey, hashAlgorithm); return algorithmDesignation + " Credential=" + credentials.accessKeyId().toUtf8() + '/' + credentialScope + ", SignedHeaders=" + signedHeaders + ", Signature=" + signature.toHex(); }
/** * @brief Create an AWS V3 Signature authorization header value. * * This function builds a V3 signature, and returns it to the caller. The returned * header value is then suitable for adding as an `Authorization` header in the HTTP * request, to be accepted by Amazon. * * @param credentials The AWS credentials to use to sign the request. * @param operation The HTTP method being used for the request. * @param request The network request to generate a signature for. * @param payload Optional data being submitted in the request (eg for `PUT` and `POST` operations). * * @return An AWS V3 Signature authorization header value. * * @see http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html * @see setAuthorizationHeader */ QByteArray AwsSignatureV3Private::authorizationHeaderValue(const AwsAbstractCredentials &credentials, const QNetworkAccessManager::Operation operation, QNetworkRequest &request, const QByteArray &payload) const { // Calculate the signature. QByteArray signedHeaders; QByteArray stringToSign = canonicalRequest(operation, request, payload, &signedHeaders); if (!isHttps(request)) { stringToSign = QCryptographicHash::hash(stringToSign, hashAlgorithm); } const QByteArray signature = QMessageAuthenticationCode::hash( stringToSign, credentials.secretKey().toUtf8(), hashAlgorithm); // Build and return the authorization header value. return QByteArray((isHttps(request)) ? "AWS3-HTTPS " : "AWS3 ") + "AWSAccessKeyId=" + credentials.accessKeyId().toUtf8() + "," "Algorithm=" + algorithmDesignation(hashAlgorithm) + "," + ((!isHttps(request)) ? "SignedHeaders=" + signedHeaders + ',' : "") + "Signature=" + signature.toBase64(); }