AWS SDK for C++  1.9.155
AWS SDK for C++
AWSAuthSigner.h
Go to the documentation of this file.
1 
6 #pragma once
7 
9 
10 #include <aws/core/Region.h>
14 #include <aws/core/utils/Array.h>
18 #include <aws/crt/auth/Sigv4Signing.h>
19 
20 #include <memory>
21 #include <atomic>
22 #include <chrono>
23 
24 namespace Aws
25 {
26  namespace Http
27  {
28  class HttpClientFactory;
29  class HttpRequest;
30  } // namespace Http
31 
32  namespace Utils
33  {
34  namespace Event
35  {
36  class Message;
37  }
38  } // namespace Utils
39 
40  namespace Auth
41  {
42  class AWSCredentials;
43  class AWSCredentialsProvider;
44 
46  {
47  SIGV4 = static_cast<int>(Aws::Crt::Auth::SigningAlgorithm::SigV4),
48  ASYMMETRIC_SIGV4 = static_cast<int>(Aws::Crt::Auth::SigningAlgorithm::SigV4A),
49  };
50 
51  AWS_CORE_API extern const char SIGV4_SIGNER[];
52  AWS_CORE_API extern const char ASYMMETRIC_SIGV4_SIGNER[];
53  AWS_CORE_API extern const char EVENTSTREAM_SIGV4_SIGNER[];
54  AWS_CORE_API extern const char SIGNATURE[];
55  AWS_CORE_API extern const char NULL_SIGNER[];
56  } // namespace Auth
57 
58  namespace Client
59  {
60  struct ClientConfiguration;
61 
66  {
67  public:
68  AWSAuthSigner() : m_clockSkew() { m_clockSkew.store(std::chrono::milliseconds(0L)); }
69  virtual ~AWSAuthSigner() = default;
70 
74  virtual bool SignRequest(Aws::Http::HttpRequest& request) const = 0;
75 
81  virtual bool SignRequest(Aws::Http::HttpRequest& request, bool signBody) const
82  {
83  AWS_UNREFERENCED_PARAM(signBody);
84  return SignRequest(request);
85  }
86 
93  virtual bool SignRequest(Aws::Http::HttpRequest& request, const char* region, bool signBody) const
94  {
95  AWS_UNREFERENCED_PARAM(signBody);
96  AWS_UNREFERENCED_PARAM(region);
97  return SignRequest(request);
98  }
99 
107  virtual bool SignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, bool signBody) const
108  {
109  AWS_UNREFERENCED_PARAM(signBody);
110  AWS_UNREFERENCED_PARAM(region);
111  AWS_UNREFERENCED_PARAM(serviceName);
112  return SignRequest(request);
113  }
114 
127  virtual bool SignEventMessage(Aws::Utils::Event::Message&, Aws::String& /* priorSignature */) const { return false; }
128 
133  virtual bool PresignRequest(Aws::Http::HttpRequest& request, long long expirationInSeconds) const = 0;
134 
140  virtual bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, long long expirationInSeconds = 0) const = 0;
141 
148  virtual bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, long long expirationInSeconds = 0) const = 0;
149 
153  virtual const char* GetName() const = 0;
154 
159  virtual void SetClockSkew(const std::chrono::milliseconds& clockSkew) { m_clockSkew = clockSkew; }
160 
164  virtual Aws::Utils::DateTime GetSigningTimestamp() const { return Aws::Utils::DateTime::Now() + GetClockSkewOffset(); }
165 
166  protected:
167  virtual std::chrono::milliseconds GetClockSkewOffset() const { return m_clockSkew.load(); }
168 
169  std::atomic<std::chrono::milliseconds> m_clockSkew;
170  };
171 
177  {
178 
179  public:
184  {
188  RequestDependent,
192  Always,
196  Never
197  };
207  AWSAuthV4Signer(const std::shared_ptr<Auth::AWSCredentialsProvider>& credentialsProvider,
208  const char* serviceName, const Aws::String& region, PayloadSigningPolicy signingPolicy = PayloadSigningPolicy::RequestDependent,
209  bool urlEscapePath = true, Aws::Auth::AWSSigningAlgorithm signingAlgorithm = Aws::Auth::AWSSigningAlgorithm::SIGV4);
210 
211  virtual ~AWSAuthV4Signer();
212 
217  const char* GetName() const override
218  {
219  if (m_signingAlgorithm == Aws::Auth::AWSSigningAlgorithm::ASYMMETRIC_SIGV4)
220  {
222  }
223  else
224  {
226  }
227  }
228 
233  bool SignRequest(Aws::Http::HttpRequest& request) const override
234  {
235  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), true/*signBody*/);
236  }
237 
243  bool SignRequest(Aws::Http::HttpRequest& request, bool signBody) const override
244  {
245  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), signBody);
246  }
247 
253  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, bool signBody) const override
254  {
255  return SignRequest(request, region, m_serviceName.c_str(), signBody);
256  }
257 
263  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, bool signBody) const override;
264 
272  bool PresignRequest(Aws::Http::HttpRequest& request, long long expirationInSeconds = 0) const override;
273 
281  bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, long long expirationInSeconds = 0) const override;
282 
291  bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, long long expirationInSeconds = 0) const override;
292 
293  Aws::String GetServiceName() const { return m_serviceName; }
294  Aws::String GetRegion() const { return m_region; }
296  const Aws::String& stringToSign, const Aws::String& simpleDate) const;
297  bool ShouldSignHeader(const Aws::String& header) const;
298 
299  protected:
301 
302  private:
303 
304  Aws::String GenerateSignature(const Aws::Auth::AWSCredentials& credentials,
305  const Aws::String& stringToSign, const Aws::String& simpleDate, const Aws::String& region,
306  const Aws::String& serviceName) const;
307 
308  Aws::String GenerateSignature(const Aws::String& stringToSign, const Aws::Utils::ByteBuffer& key) const;
309  bool ServiceRequireUnsignedPayload(const Aws::String& serviceName) const;
310  Aws::String ComputePayloadHash(Aws::Http::HttpRequest&) const;
311  Aws::String GenerateStringToSign(const Aws::String& dateValue, const Aws::String& simpleDate,
312  const Aws::String& canonicalRequestHash, const Aws::String& region,
313  const Aws::String& serviceName) const;
314  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey, const Aws::String& simpleDate) const;
315  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey,
316  const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
317  bool SignRequestWithSigV4a(Aws::Http::HttpRequest& request, const char* region, const char* serviceName,
318  bool signBody, long long expirationTimeInSeconds, Aws::Crt::Auth::SignatureType signatureType) const;
319 
320  Aws::Auth::AWSSigningAlgorithm m_signingAlgorithm;
321  std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
322  const Aws::String m_serviceName;
323  const Aws::String m_region;
326 
327  Aws::Set<Aws::String> m_unsignedHeaders;
328 
329  //these next four fields are ONLY for caching purposes and do not change
330  //the logical state of the signer. They are marked mutable so the
331  //interface can remain const.
332  mutable Aws::Utils::ByteBuffer m_partialSignature;
333  mutable Aws::String m_currentDateStr;
334  mutable Aws::String m_currentSecretKey;
335  mutable Utils::Threading::ReaderWriterLock m_partialSignatureLock;
336  PayloadSigningPolicy m_payloadSigningPolicy;
337  bool m_urlEscapePath;
338  };
339 
341  {
342  public:
343  AWSAuthEventStreamV4Signer(const std::shared_ptr<Auth::AWSCredentialsProvider>& credentialsProvider,
344  const char* serviceName, const Aws::String& region);
345 
346  const char* GetName() const override { return Aws::Auth::EVENTSTREAM_SIGV4_SIGNER; }
347 
348  bool SignEventMessage(Aws::Utils::Event::Message&, Aws::String& priorSignature) const override;
349 
350  bool SignRequest(Aws::Http::HttpRequest& request) const override
351  {
352  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), true);
353  }
354 
355  bool SignRequest(Aws::Http::HttpRequest& request, bool signBody) const override
356  {
357  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), signBody);
358  }
359 
360  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, bool signBody) const override
361  {
362  return SignRequest(request, region, m_serviceName.c_str(), signBody);
363  }
364 
365  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, bool signBody) const override;
366 
370  bool PresignRequest(Aws::Http::HttpRequest&, long long) const override { return false; }
371 
375  bool PresignRequest(Aws::Http::HttpRequest&, const char*, long long) const override { return false; }
376 
380  bool PresignRequest(Aws::Http::HttpRequest&, const char*, const char*, long long) const override { return false; }
381 
382  bool ShouldSignHeader(const Aws::String& header) const;
383  private:
384  Utils::ByteBuffer GenerateSignature(const Aws::Auth::AWSCredentials& credentials,
385  const Aws::String& stringToSign, const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
386  Utils::ByteBuffer GenerateSignature(const Aws::String& stringToSign, const Aws::Utils::ByteBuffer& key) const;
387  Aws::String GenerateStringToSign(const Aws::String& dateValue, const Aws::String& simpleDate,
388  const Aws::String& canonicalRequestHash, const Aws::String& region,
389  const Aws::String& serviceName) const;
390  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey, const Aws::String& simpleDate) const;
391  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey,
392  const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
393  const Aws::String m_serviceName;
394  const Aws::String m_region;
395  mutable Aws::Utils::Crypto::Sha256 m_hash;
396  mutable Aws::Utils::Crypto::Sha256HMAC m_HMAC;
397  mutable Utils::Threading::ReaderWriterLock m_derivedKeyLock;
398  mutable Aws::Utils::ByteBuffer m_derivedKey;
399  mutable Aws::String m_currentDateStr;
400  mutable Aws::String m_currentSecretKey;
401  Aws::Vector<Aws::String> m_unsignedHeaders;
402  std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
403  };
404 
405 
410  {
411  public:
416  const char* GetName() const override { return Aws::Auth::NULL_SIGNER; }
417 
421  bool SignRequest(Aws::Http::HttpRequest&) const override { return true; }
422 
426  bool SignEventMessage(Aws::Utils::Event::Message&, Aws::String& /* priorSignature */) const override { return true; }
427 
431  bool PresignRequest(Aws::Http::HttpRequest&, long long) const override { return false; }
432 
436  bool PresignRequest(Aws::Http::HttpRequest&, const char*, long long) const override { return false; }
437 
441  bool PresignRequest(Aws::Http::HttpRequest&, const char*, const char*, long long) const override { return false; }
442  };
443 
444  } // namespace Client
445 } // namespace Aws
446 
Aws::Utils::DateTime
Definition: DateTime.h:55
Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy
PayloadSigningPolicy
Definition: AWSAuthSigner.h:184
Aws::Client::AWSAuthV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, long long expirationInSeconds=0) const override
Aws::Client::AWSAuthSigner::PresignRequest
virtual bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, long long expirationInSeconds=0) const =0
Aws::Client::AWSAuthSigner::GetSigningTimestamp
virtual Aws::Utils::DateTime GetSigningTimestamp() const
Definition: AWSAuthSigner.h:164
Aws::Utils::DateTime::Now
static DateTime Now()
Aws::Client::AWSAuthSigner
Definition: AWSAuthSigner.h:66
AWS_CORE_API
#define AWS_CORE_API
Definition: Core_EXPORTS.h:25
Aws::Client::AWSAuthEventStreamV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, long long) const override
Definition: AWSAuthSigner.h:370
Aws::Client::AWSAuthSigner::GetName
virtual const char * GetName() const =0
Aws::Client::AWSAuthEventStreamV4Signer::SignEventMessage
bool SignEventMessage(Aws::Utils::Event::Message &, Aws::String &priorSignature) const override
Sha256HMAC.h
Aws::Http::HttpRequest
Definition: HttpRequest.h:73
Aws::IoTWireless::Model::Event
Event
Definition: Event.h:17
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, bool signBody) const
Definition: AWSAuthSigner.h:107
Aws::Client::AWSAuthSigner::PresignRequest
virtual bool PresignRequest(Aws::Http::HttpRequest &request, long long expirationInSeconds) const =0
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, bool signBody) const override
Definition: AWSAuthSigner.h:243
Aws::Client::AWSAuthV4Signer::AWSAuthV4Signer
AWSAuthV4Signer(const std::shared_ptr< Auth::AWSCredentialsProvider > &credentialsProvider, const char *serviceName, const Aws::String &region, PayloadSigningPolicy signingPolicy=PayloadSigningPolicy::RequestDependent, bool urlEscapePath=true, Aws::Auth::AWSSigningAlgorithm signingAlgorithm=Aws::Auth::AWSSigningAlgorithm::SIGV4)
Aws::Client::AWSAuthV4Signer::ShouldSignHeader
bool ShouldSignHeader(const Aws::String &header) const
DateTime.h
Aws::Auth::SIGV4_SIGNER
AWS_CORE_API const char SIGV4_SIGNER[]
Definition: AWSClient.h:63
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, bool signBody) const override
Definition: AWSAuthSigner.h:355
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request) const override
Definition: AWSAuthSigner.h:350
Aws::Client::AWSAuthSigner::~AWSAuthSigner
virtual ~AWSAuthSigner()=default
Aws::Vector
std::vector< T, Aws::Allocator< T > > Vector
Definition: AWSVector.h:17
Aws::Client::AWSAuthSigner::GetClockSkewOffset
virtual std::chrono::milliseconds GetClockSkewOffset() const
Definition: AWSAuthSigner.h:167
Sha256.h
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, bool signBody) const override
Definition: AWSAuthSigner.h:253
Aws::Set
std::set< T, std::less< T >, Aws::Allocator< T > > Set
Definition: AWSSet.h:17
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request, bool signBody) const
Definition: AWSAuthSigner.h:81
Aws::Client::AWSNullSigner::GetName
const char * GetName() const override
Definition: AWSAuthSigner.h:416
Aws::Client::AWSNullSigner
Definition: AWSAuthSigner.h:410
Aws::Client::AWSAuthSigner::AWSAuthSigner
AWSAuthSigner()
Definition: AWSAuthSigner.h:68
Aws::Auth::AWSSigningAlgorithm
AWSSigningAlgorithm
Definition: AWSAuthSigner.h:46
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, bool signBody) const override
Definition: AWSAuthSigner.h:360
Aws::Client::AWSAuthV4Signer::~AWSAuthV4Signer
virtual ~AWSAuthV4Signer()
Aws::Client::AWSAuthV4Signer::m_includeSha256HashHeader
bool m_includeSha256HashHeader
Definition: AWSAuthSigner.h:300
Aws::Utils::Crypto::Sha256HMAC
Definition: Sha256HMAC.h:38
ReaderWriterLock.h
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, bool signBody) const override
Aws::Utils::Crypto::Sha256
Definition: Sha256.h:39
Aws::Client::AWSAuthV4Signer::GetRegion
Aws::String GetRegion() const
Definition: AWSAuthSigner.h:294
Aws::Client::AWSAuthV4Signer
Definition: AWSAuthSigner.h:177
Aws::Auth::AWSCredentials
Definition: AWSCredentials.h:19
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request) const override
Definition: AWSAuthSigner.h:233
Aws::Client::AWSAuthEventStreamV4Signer::AWSAuthEventStreamV4Signer
AWSAuthEventStreamV4Signer(const std::shared_ptr< Auth::AWSCredentialsProvider > &credentialsProvider, const char *serviceName, const Aws::String &region)
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request) const =0
Aws::Client::AWSAuthSigner::SignEventMessage
virtual bool SignEventMessage(Aws::Utils::Event::Message &, Aws::String &) const
Definition: AWSAuthSigner.h:127
Aws::Client::AWSNullSigner::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, long long) const override
Definition: AWSAuthSigner.h:436
Aws::Utils::Array< unsigned char >
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, bool signBody) const override
Aws::Auth::AWSSigningAlgorithm::SIGV4
@ SIGV4
Aws::Client::AWSAuthEventStreamV4Signer::GetName
const char * GetName() const override
Definition: AWSAuthSigner.h:346
Aws::Client::AWSAuthSigner::PresignRequest
virtual bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, long long expirationInSeconds=0) const =0
Aws::Client::AWSAuthV4Signer::GenerateSignature
Aws::String GenerateSignature(const Aws::Auth::AWSCredentials &credentials, const Aws::String &stringToSign, const Aws::String &simpleDate) const
Region.h
Aws::Client::AWSAuthV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, long long expirationInSeconds=0) const override
Aws::Utils::Threading::ReaderWriterLock
Definition: ReaderWriterLock.h:26
Aws::Utils::Event::Message
Definition: EventMessage.h:30
Aws::UniquePtr
std::unique_ptr< T, Deleter< T > > UniquePtr
Definition: AWSMemory.h:249
AWS_UNREFERENCED_PARAM
#define AWS_UNREFERENCED_PARAM(x)
Definition: UnreferencedParam.h:16
Core_EXPORTS.h
Aws::Client::AWSAuthV4Signer::GetName
const char * GetName() const override
Definition: AWSAuthSigner.h:217
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request, const char *region, bool signBody) const
Definition: AWSAuthSigner.h:93
Aws
Definition: AccessManagementClient.h:15
AWSMemory.h
Array.h
Aws::Auth::ASYMMETRIC_SIGV4_SIGNER
AWS_CORE_API const char ASYMMETRIC_SIGV4_SIGNER[]
Aws::Client::AWSNullSigner::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, long long) const override
Definition: AWSAuthSigner.h:431
Aws::Client::AWSAuthSigner::SetClockSkew
virtual void SetClockSkew(const std::chrono::milliseconds &clockSkew)
Definition: AWSAuthSigner.h:159
Aws::String
std::basic_string< char, std::char_traits< char >, Aws::Allocator< char > > String
Definition: AWSString.h:97
AWSSet.h
Aws::Client::AWSAuthSigner::m_clockSkew
std::atomic< std::chrono::milliseconds > m_clockSkew
Definition: AWSAuthSigner.h:169
Aws::Client::AWSNullSigner::SignEventMessage
bool SignEventMessage(Aws::Utils::Event::Message &, Aws::String &) const override
Definition: AWSAuthSigner.h:426
Aws::Client::AWSAuthEventStreamV4Signer::ShouldSignHeader
bool ShouldSignHeader(const Aws::String &header) const
Aws::Auth::SIGNATURE
AWS_CORE_API const char SIGNATURE[]
Aws::Client::AWSAuthV4Signer::GetServiceName
Aws::String GetServiceName() const
Definition: AWSAuthSigner.h:293
Aws::Client::AWSAuthEventStreamV4Signer
Definition: AWSAuthSigner.h:341
Aws::Client::AWSNullSigner::SignRequest
bool SignRequest(Aws::Http::HttpRequest &) const override
Definition: AWSAuthSigner.h:421
Aws::Client::AWSAuthEventStreamV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, long long) const override
Definition: AWSAuthSigner.h:375
Aws::Auth::EVENTSTREAM_SIGV4_SIGNER
AWS_CORE_API const char EVENTSTREAM_SIGV4_SIGNER[]
Aws::Client::AWSAuthEventStreamV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, const char *, long long) const override
Definition: AWSAuthSigner.h:380
Aws::Client::AWSAuthV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &request, long long expirationInSeconds=0) const override
Aws::Client::AWSNullSigner::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, const char *, long long) const override
Definition: AWSAuthSigner.h:441
Aws::Auth::NULL_SIGNER
AWS_CORE_API const char NULL_SIGNER[]
Definition: AWSClient.h:64