public class SignatureUtils
extends java.lang.Object
RestUtils
.Modifier and Type | Field and Description |
---|---|
protected static java.text.SimpleDateFormat |
awsFlavouredISO8601DateParser |
Constructor and Description |
---|
SignatureUtils() |
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
awsRegionForRequest(java.net.URI requestURI)
Determine the AWS Region to which a request will be sent based on the
request's Host endpoint.
|
static java.lang.String |
awsV4BuildAuthorizationHeaderValue(java.lang.String accessKey,
java.lang.String requestSignature,
java.lang.String requestSignatureVersion,
java.lang.String canonicalRequestString,
java.lang.String timestampISO8601,
java.lang.String region)
Build the Authorization header value for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static java.lang.String |
awsV4BuildCanonicalRequestString(org.apache.http.client.methods.HttpUriRequest httpMethod,
java.lang.String requestPayloadHexSha256Hash)
Build the canonical request string for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static java.lang.String |
awsV4BuildCanonicalRequestString(java.net.URI uri,
java.lang.String httpMethod,
java.util.Map<java.lang.String,java.lang.String> headersMap,
java.lang.String requestPayloadHexSha256Hash)
Build the canonical request string for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static byte[] |
awsV4BuildSigningKey(java.lang.String secretAccessKey,
java.lang.String timestampISO8601,
java.lang.String region)
Build the signing key for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static java.lang.String |
awsV4BuildStringToSign(java.lang.String requestSignatureVersion,
java.lang.String canonicalRequestString,
java.lang.String timestampISO8601,
java.lang.String region)
Build the string to sign for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static java.net.URI |
awsV4CorrectHostnameForRegion(java.net.URI uri,
java.lang.String region)
Replace the hostname of the given URI endpoint to match the given region.
|
static java.lang.String |
awsV4EncodeURI(java.lang.CharSequence input,
boolean encodeSlash)
Slightly modified version of "uri-encode" from:
"http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"
|
static java.lang.String |
awsV4GetOrCalculatePayloadHash(org.apache.http.client.methods.HttpUriRequest httpMethod)
Return SHA256 payload hash value already set on HTTP request, or if none
is yet set calculate this value if possible.
|
static java.lang.String |
awsV4ParseAndFormatDate(org.apache.http.client.methods.HttpUriRequest httpMethod)
Extract the request timestamp from the given HTTP request, from either
the "x-amz-date" metadata header or the Date header, and convert it
into an AWS-flavoured ISO8601 string format suitable for us in
request authorization for AWS version 4 signatures.
|
static void |
awsV4SignRequestAuthorizationHeader(java.lang.String requestSignatureVersion,
org.apache.http.client.methods.HttpUriRequest httpMethod,
ProviderCredentials providerCredentials,
java.lang.String requestPayloadHexSha256Hash,
java.lang.String region)
Calculate AWS Version 4 signature for a HTTP request and apply the
appropriate "Authorization" header value to authorize it.
|
static java.lang.String |
formatAwsFlavouredISO8601Date(java.util.Date date) |
static java.util.Date |
parseAwsFlavouredISO8601Date(java.lang.String dateString) |
protected static final java.text.SimpleDateFormat awsFlavouredISO8601DateParser
public static java.lang.String formatAwsFlavouredISO8601Date(java.util.Date date)
date
- public static java.util.Date parseAwsFlavouredISO8601Date(java.lang.String dateString) throws java.text.ParseException
dateString
- date string representation that is hopefully AWS-flavoured ISO8601java.text.ParseException
public static java.lang.String awsRegionForRequest(java.net.URI requestURI)
requestURI
- public static void awsV4SignRequestAuthorizationHeader(java.lang.String requestSignatureVersion, org.apache.http.client.methods.HttpUriRequest httpMethod, ProviderCredentials providerCredentials, java.lang.String requestPayloadHexSha256Hash, java.lang.String region)
httpMethod
- the request's HTTP method just prior to sendingrequestSignatureVersion
- request signature version string, e.g. "AWS4-HMAC-SHA256"providerCredentials
- account holder's access and secret key credentialsrequestPayloadHexSha256Hash
- hex-encoded SHA256 hash of request's payload.region
- region to which the request will be sent
"http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"public static java.lang.String awsV4GetOrCalculatePayloadHash(org.apache.http.client.methods.HttpUriRequest httpMethod)
httpMethod
- the request's HTTP method just prior to sendingpublic static java.lang.String awsV4ParseAndFormatDate(org.apache.http.client.methods.HttpUriRequest httpMethod)
httpMethod
- request containing at least one of the "x-amz-date" or Date headers with
a timestamp value in one of the supported formats: RFC 822, ISO 8601,
AWS-flavoured ISO 8601.public static java.lang.String awsV4BuildCanonicalRequestString(org.apache.http.client.methods.HttpUriRequest httpMethod, java.lang.String requestPayloadHexSha256Hash)
httpMethod
- the request's HTTP method just prior to sendingrequestPayloadHexSha256Hash
- hex-encoded SHA256 hash of request's payload.
May be null or "" in which case the default SHA256 hash of an empty string is used.
May also be "UNSIGNED-PAYLOAD" for generating pre-signed request signatures.public static java.lang.String awsV4BuildCanonicalRequestString(java.net.URI uri, java.lang.String httpMethod, java.util.Map<java.lang.String,java.lang.String> headersMap, java.lang.String requestPayloadHexSha256Hash)
uri
- httpMethod
- the request's HTTP method just prior to sendingheadersMap
- requestPayloadHexSha256Hash
- hex-encoded SHA256 hash of request's payload. May be null or "" in
which case the default SHA256 hash of an empty string is used.public static java.lang.String awsV4BuildStringToSign(java.lang.String requestSignatureVersion, java.lang.String canonicalRequestString, java.lang.String timestampISO8601, java.lang.String region)
requestSignatureVersion
- request signature version string, e.g. "AWS4-HMAC-SHA256"canonicalRequestString
- canonical request string as generated by awsV4BuildCanonicalRequestString(HttpUriRequest, String)
timestampISO8601
- timestamp of request creation in ISO8601 formatregion
- region to which the request will be sent
"http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"public static byte[] awsV4BuildSigningKey(java.lang.String secretAccessKey, java.lang.String timestampISO8601, java.lang.String region)
secretAccessKey
- account holder's secret access keytimestampISO8601
- timestamp of request creation in ISO8601 formatregion
- region to which the request will be sent
"http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"public static java.lang.String awsV4BuildAuthorizationHeaderValue(java.lang.String accessKey, java.lang.String requestSignature, java.lang.String requestSignatureVersion, java.lang.String canonicalRequestString, java.lang.String timestampISO8601, java.lang.String region)
accessKey
- account holder's access keyrequestSignature
- request signature as generated signing the string to sign from
awsV4BuildStringToSign(String, String, String, String)
with the key from
awsV4BuildSigningKey(String, String, String)
requestSignatureVersion
- request signature version string, e.g. "AWS4-HMAC-SHA256"canonicalRequestString
- canonical request string as generated by
awsV4BuildCanonicalRequestString(HttpUriRequest, String)
timestampISO8601
- timestamp of request creation in ISO8601 formatregion
- region to which request will be sent, see
"http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"public static java.net.URI awsV4CorrectHostnameForRegion(java.net.URI uri, java.lang.String region)
uri
- region
- public static java.lang.String awsV4EncodeURI(java.lang.CharSequence input, boolean encodeSlash)
input
- URI or URI-fragment string to encode.encodeSlash
- true if slash (/) character should be encoded.