org.jets3t.service.utils

Class SignatureUtils

java.lang.Object

org.jets3t.service.utils.SignatureUtils

public class SignatureUtils
extends java.lang.Object

Utility methods for signing HTTP requests, mainly for newer signature versions as legacy implementations remain in RestUtils.

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.text.SimpleDateFormat	awsFlavouredISO8601DateParser

Constructor Summary

Constructors

Constructor and Description
SignatureUtils()

Method Summary

Modifier and Type	Method and Description
static java.lang.String	awsRegionForRequest(java.net.URI requestURI) Determine the AWS Region to which a request will be sent based on the request's Host endpoint.
static java.lang.String	awsV4BuildAuthorizationHeaderValue(java.lang.String accessKey, java.lang.String requestSignature, java.lang.String requestSignatureVersion, java.lang.String canonicalRequestString, java.lang.String timestampISO8601, java.lang.String region) Build the Authorization header value for a REST/HTTP request to a storage service for the AWS Request Signature version 4.
static java.lang.String	awsV4BuildCanonicalRequestString(org.apache.http.client.methods.HttpUriRequest httpMethod, java.lang.String requestPayloadHexSha256Hash) Build the canonical request string for a REST/HTTP request to a storage service for the AWS Request Signature version 4.
static java.lang.String	awsV4BuildCanonicalRequestString(java.net.URI uri, java.lang.String httpMethod, java.util.Map<java.lang.String,java.lang.String> headersMap, java.lang.String requestPayloadHexSha256Hash) Build the canonical request string for a REST/HTTP request to a storage service for the AWS Request Signature version 4.
static byte[]	awsV4BuildSigningKey(java.lang.String secretAccessKey, java.lang.String timestampISO8601, java.lang.String region) Build the signing key for a REST/HTTP request to a storage service for the AWS Request Signature version 4.
static java.lang.String	awsV4BuildStringToSign(java.lang.String requestSignatureVersion, java.lang.String canonicalRequestString, java.lang.String timestampISO8601, java.lang.String region) Build the string to sign for a REST/HTTP request to a storage service for the AWS Request Signature version 4.
static java.net.URI	awsV4CorrectHostnameForRegion(java.net.URI uri, java.lang.String region) Replace the hostname of the given URI endpoint to match the given region.
static java.lang.String	awsV4EncodeURI(java.lang.CharSequence input, boolean encodeSlash) Slightly modified version of "uri-encode" from: "http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"
static java.lang.String	awsV4GetOrCalculatePayloadHash(org.apache.http.client.methods.HttpUriRequest httpMethod) Return SHA256 payload hash value already set on HTTP request, or if none is yet set calculate this value if possible.
static java.lang.String	awsV4ParseAndFormatDate(org.apache.http.client.methods.HttpUriRequest httpMethod) Extract the request timestamp from the given HTTP request, from either the "x-amz-date" metadata header or the Date header, and convert it into an AWS-flavoured ISO8601 string format suitable for us in request authorization for AWS version 4 signatures.
static void	awsV4SignRequestAuthorizationHeader(java.lang.String requestSignatureVersion, org.apache.http.client.methods.HttpUriRequest httpMethod, ProviderCredentials providerCredentials, java.lang.String requestPayloadHexSha256Hash, java.lang.String region) Calculate AWS Version 4 signature for a HTTP request and apply the appropriate "Authorization" header value to authorize it.
static java.lang.String	formatAwsFlavouredISO8601Date(java.util.Date date)
static java.util.Date	parseAwsFlavouredISO8601Date(java.lang.String dateString)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

awsFlavouredISO8601DateParser

protected static final java.text.SimpleDateFormat awsFlavouredISO8601DateParser

Constructor Detail

SignatureUtils

public SignatureUtils()

Method Detail

formatAwsFlavouredISO8601Date

public static java.lang.String formatAwsFlavouredISO8601Date(java.util.Date date)

Parameters:

date -

Returns:

date formatted as AWS-flavoured ISO8601

parseAwsFlavouredISO8601Date

public static java.util.Date parseAwsFlavouredISO8601Date(java.lang.String dateString)
                                                   throws java.text.ParseException

Parameters:

dateString - date string representation that is hopefully AWS-flavoured ISO8601

Returns:

date parsed from AWS-flavoured ISO8601

Throws:

java.text.ParseException

awsRegionForRequest

public static java.lang.String awsRegionForRequest(java.net.URI requestURI)

Determine the AWS Region to which a request will be sent based on the request's Host endpoint. See "http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"

Parameters:

requestURI -

Returns:

AWS region name corresponding to the request's Host endpoint.

awsV4SignRequestAuthorizationHeader

public static void awsV4SignRequestAuthorizationHeader(java.lang.String requestSignatureVersion,
                                                       org.apache.http.client.methods.HttpUriRequest httpMethod,
                                                       ProviderCredentials providerCredentials,
                                                       java.lang.String requestPayloadHexSha256Hash,
                                                       java.lang.String region)

Calculate AWS Version 4 signature for a HTTP request and apply the appropriate "Authorization" header value to authorize it.

Parameters:

httpMethod - the request's HTTP method just prior to sending

requestSignatureVersion - request signature version string, e.g. "AWS4-HMAC-SHA256"

providerCredentials - account holder's access and secret key credentials

requestPayloadHexSha256Hash - hex-encoded SHA256 hash of request's payload.

region - region to which the request will be sent "http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"

awsV4GetOrCalculatePayloadHash

public static java.lang.String awsV4GetOrCalculatePayloadHash(org.apache.http.client.methods.HttpUriRequest httpMethod)

Return SHA256 payload hash value already set on HTTP request, or if none is yet set calculate this value if possible.

Parameters:

httpMethod - the request's HTTP method just prior to sending

Returns:

hex-encoded SHA256 hash of payload data.

awsV4ParseAndFormatDate

public static java.lang.String awsV4ParseAndFormatDate(org.apache.http.client.methods.HttpUriRequest httpMethod)

Extract the request timestamp from the given HTTP request, from either the "x-amz-date" metadata header or the Date header, and convert it into an AWS-flavoured ISO8601 string format suitable for us in request authorization for AWS version 4 signatures.

Parameters:

httpMethod - request containing at least one of the "x-amz-date" or Date headers with a timestamp value in one of the supported formats: RFC 822, ISO 8601, AWS-flavoured ISO 8601.

Returns:

timestamp formatted as AWS-flavoured ISO8601: "YYYYMMDDTHHmmssZ"

awsV4BuildCanonicalRequestString

public static java.lang.String awsV4BuildCanonicalRequestString(org.apache.http.client.methods.HttpUriRequest httpMethod,
                                                                java.lang.String requestPayloadHexSha256Hash)

Build the canonical request string for a REST/HTTP request to a storage service for the AWS Request Signature version 4. "http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"

Parameters:

httpMethod - the request's HTTP method just prior to sending

requestPayloadHexSha256Hash - hex-encoded SHA256 hash of request's payload. May be null or "" in which case the default SHA256 hash of an empty string is used. May also be "UNSIGNED-PAYLOAD" for generating pre-signed request signatures.

Returns:

canonical request string according to AWS Request Signature version 4

awsV4BuildCanonicalRequestString

public static java.lang.String awsV4BuildCanonicalRequestString(java.net.URI uri,
                                                                java.lang.String httpMethod,
                                                                java.util.Map<java.lang.String,java.lang.String> headersMap,
                                                                java.lang.String requestPayloadHexSha256Hash)

Build the canonical request string for a REST/HTTP request to a storage service for the AWS Request Signature version 4. "http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"

Parameters:

uri -

httpMethod - the request's HTTP method just prior to sending

headersMap -

requestPayloadHexSha256Hash - hex-encoded SHA256 hash of request's payload. May be null or "" in which case the default SHA256 hash of an empty string is used.

Returns:

canonical request string according to AWS Request Signature version 4

awsV4BuildStringToSign

public static java.lang.String awsV4BuildStringToSign(java.lang.String requestSignatureVersion,
                                                      java.lang.String canonicalRequestString,
                                                      java.lang.String timestampISO8601,
                                                      java.lang.String region)

Build the string to sign for a REST/HTTP request to a storage service for the AWS Request Signature version 4. "http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"

Parameters:

requestSignatureVersion - request signature version string, e.g. "AWS4-HMAC-SHA256"

canonicalRequestString - canonical request string as generated by awsV4BuildCanonicalRequestString(HttpUriRequest, String)

timestampISO8601 - timestamp of request creation in ISO8601 format

region - region to which the request will be sent "http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"

Returns:

string to sign according to AWS Request Signature version 4

awsV4BuildSigningKey

public static byte[] awsV4BuildSigningKey(java.lang.String secretAccessKey,
                                          java.lang.String timestampISO8601,
                                          java.lang.String region)

Build the signing key for a REST/HTTP request to a storage service for the AWS Request Signature version 4.

Parameters:

secretAccessKey - account holder's secret access key

timestampISO8601 - timestamp of request creation in ISO8601 format

region - region to which the request will be sent "http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"

Returns:

signing key according to AWS Request Signature version 4

awsV4BuildAuthorizationHeaderValue

public static java.lang.String awsV4BuildAuthorizationHeaderValue(java.lang.String accessKey,
                                                                  java.lang.String requestSignature,
                                                                  java.lang.String requestSignatureVersion,
                                                                  java.lang.String canonicalRequestString,
                                                                  java.lang.String timestampISO8601,
                                                                  java.lang.String region)

Build the Authorization header value for a REST/HTTP request to a storage service for the AWS Request Signature version 4. "http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"

Parameters:

accessKey - account holder's access key

requestSignature - request signature as generated signing the string to sign from awsV4BuildStringToSign(String, String, String, String) with the key from awsV4BuildSigningKey(String, String, String)

requestSignatureVersion - request signature version string, e.g. "AWS4-HMAC-SHA256"

canonicalRequestString - canonical request string as generated by awsV4BuildCanonicalRequestString(HttpUriRequest, String)

timestampISO8601 - timestamp of request creation in ISO8601 format

region - region to which request will be sent, see "http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"

Returns:

string to sign according to AWS Request Signature version 4

awsV4CorrectHostnameForRegion

public static java.net.URI awsV4CorrectHostnameForRegion(java.net.URI uri,
                                                         java.lang.String region)

Replace the hostname of the given URI endpoint to match the given region.

Parameters:

uri -

region -

Returns:

URI with hostname that may or may not have been changed to be appropriate for the given region. For example, the hostname "s3.amazonaws.com" is unchanged for the "us-east-1" region but for the "eu-central-1" region becomes "s3-eu-central-1.amazonaws.com".

awsV4EncodeURI

public static java.lang.String awsV4EncodeURI(java.lang.CharSequence input,
                                              boolean encodeSlash)

Slightly modified version of "uri-encode" from: "http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"

Parameters:

input - URI or URI-fragment string to encode.

encodeSlash - true if slash (/) character should be encoded.

Returns:

URI string encoded per recommendations from AWS.