AWS SDK for C++  1.9.1
AWS SDK for C++
AWSAuthSigner.h
Go to the documentation of this file.
1 
6 #pragma once
7 
9 
10 #include <aws/core/Region.h>
14 #include <aws/core/utils/Array.h>
18 
19 #include <memory>
20 #include <atomic>
21 #include <chrono>
22 
23 namespace Aws
24 {
25  namespace Http
26  {
27  class HttpClientFactory;
28  class HttpRequest;
29  } // namespace Http
30 
31  namespace Utils
32  {
33  namespace Event
34  {
35  class Message;
36  }
37  } // namespace Utils
38 
39  namespace Auth
40  {
41  class AWSCredentials;
42  class AWSCredentialsProvider;
43  AWS_CORE_API extern const char SIGV4_SIGNER[];
44  AWS_CORE_API extern const char EVENTSTREAM_SIGV4_SIGNER[];
45  AWS_CORE_API extern const char SIGNATURE[];
46  AWS_CORE_API extern const char NULL_SIGNER[];
47  } // namespace Auth
48 
49  namespace Client
50  {
51  struct ClientConfiguration;
52 
57  {
58  public:
59  AWSAuthSigner() : m_clockSkew() { m_clockSkew.store(std::chrono::milliseconds(0L)); }
60  virtual ~AWSAuthSigner() = default;
61 
65  virtual bool SignRequest(Aws::Http::HttpRequest& request) const = 0;
66 
72  virtual bool SignRequest(Aws::Http::HttpRequest& request, bool signBody) const
73  {
74  AWS_UNREFERENCED_PARAM(signBody);
75  return SignRequest(request);
76  }
77 
84  virtual bool SignRequest(Aws::Http::HttpRequest& request, const char* region, bool signBody) const
85  {
86  AWS_UNREFERENCED_PARAM(signBody);
87  AWS_UNREFERENCED_PARAM(region);
88  return SignRequest(request);
89  }
90 
98  virtual bool SignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, bool signBody) const
99  {
100  AWS_UNREFERENCED_PARAM(signBody);
101  AWS_UNREFERENCED_PARAM(region);
102  AWS_UNREFERENCED_PARAM(serviceName);
103  return SignRequest(request);
104  }
105 
118  virtual bool SignEventMessage(Aws::Utils::Event::Message&, Aws::String& /* priorSignature */) const { return false; }
119 
124  virtual bool PresignRequest(Aws::Http::HttpRequest& request, long long expirationInSeconds) const = 0;
125 
131  virtual bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, long long expirationInSeconds = 0) const = 0;
132 
139  virtual bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, long long expirationInSeconds = 0) const = 0;
140 
144  virtual const char* GetName() const = 0;
145 
150  virtual void SetClockSkew(const std::chrono::milliseconds& clockSkew) { m_clockSkew = clockSkew; }
151 
155  virtual Aws::Utils::DateTime GetSigningTimestamp() const { return Aws::Utils::DateTime::Now() + GetClockSkewOffset(); }
156 
157  protected:
158  virtual std::chrono::milliseconds GetClockSkewOffset() const { return m_clockSkew.load(); }
159 
160  std::atomic<std::chrono::milliseconds> m_clockSkew;
161  };
162 
168  {
169 
170  public:
175  {
179  RequestDependent,
183  Always,
187  Never
188  };
198  AWSAuthV4Signer(const std::shared_ptr<Auth::AWSCredentialsProvider>& credentialsProvider,
199  const char* serviceName, const Aws::String& region, PayloadSigningPolicy signingPolicy = PayloadSigningPolicy::RequestDependent,
200  bool urlEscapePath = true);
201 
202  virtual ~AWSAuthV4Signer();
203 
208  const char* GetName() const override { return Aws::Auth::SIGV4_SIGNER; }
209 
214  bool SignRequest(Aws::Http::HttpRequest& request) const override
215  {
216  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), true/*signBody*/);
217  }
218 
224  bool SignRequest(Aws::Http::HttpRequest& request, bool signBody) const override
225  {
226  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), signBody);
227  }
228 
234  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, bool signBody) const override
235  {
236  return SignRequest(request, region, m_serviceName.c_str(), signBody);
237  }
238 
244  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, bool signBody) const override;
245 
253  bool PresignRequest(Aws::Http::HttpRequest& request, long long expirationInSeconds = 0) const override;
254 
262  bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, long long expirationInSeconds = 0) const override;
263 
272  bool PresignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, long long expirationInSeconds = 0) const override;
273 
274  Aws::String GetServiceName() const { return m_serviceName; }
275  Aws::String GetRegion() const { return m_region; }
277  const Aws::String& stringToSign, const Aws::String& simpleDate) const;
278  bool ShouldSignHeader(const Aws::String& header) const;
279 
280  protected:
282 
283  private:
284 
285  Aws::String GenerateSignature(const Aws::Auth::AWSCredentials& credentials,
286  const Aws::String& stringToSign, const Aws::String& simpleDate, const Aws::String& region,
287  const Aws::String& serviceName) const;
288 
289  Aws::String GenerateSignature(const Aws::String& stringToSign, const Aws::Utils::ByteBuffer& key) const;
290  bool ServiceRequireUnsignedPayload(const Aws::String& serviceName) const;
291  Aws::String ComputePayloadHash(Aws::Http::HttpRequest&) const;
292  Aws::String GenerateStringToSign(const Aws::String& dateValue, const Aws::String& simpleDate,
293  const Aws::String& canonicalRequestHash, const Aws::String& region,
294  const Aws::String& serviceName) const;
295  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey, const Aws::String& simpleDate) const;
296  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey,
297  const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
298 
299 
300  std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
301  const Aws::String m_serviceName;
302  const Aws::String m_region;
305 
306  Aws::Set<Aws::String> m_unsignedHeaders;
307 
308  //these next four fields are ONLY for caching purposes and do not change
309  //the logical state of the signer. They are marked mutable so the
310  //interface can remain const.
311  mutable Aws::Utils::ByteBuffer m_partialSignature;
312  mutable Aws::String m_currentDateStr;
313  mutable Aws::String m_currentSecretKey;
314  mutable Utils::Threading::ReaderWriterLock m_partialSignatureLock;
315  PayloadSigningPolicy m_payloadSigningPolicy;
316  bool m_urlEscapePath;
317  };
318 
320  {
321  public:
322  AWSAuthEventStreamV4Signer(const std::shared_ptr<Auth::AWSCredentialsProvider>& credentialsProvider,
323  const char* serviceName, const Aws::String& region);
324 
325  const char* GetName() const override { return Aws::Auth::EVENTSTREAM_SIGV4_SIGNER; }
326 
327  bool SignEventMessage(Aws::Utils::Event::Message&, Aws::String& priorSignature) const override;
328 
329  bool SignRequest(Aws::Http::HttpRequest& request) const override
330  {
331  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), true);
332  }
333 
334  bool SignRequest(Aws::Http::HttpRequest& request, bool signBody) const override
335  {
336  return SignRequest(request, m_region.c_str(), m_serviceName.c_str(), signBody);
337  }
338 
339  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, bool signBody) const override
340  {
341  return SignRequest(request, region, m_serviceName.c_str(), signBody);
342  }
343 
344  bool SignRequest(Aws::Http::HttpRequest& request, const char* region, const char* serviceName, bool signBody) const override;
345 
349  bool PresignRequest(Aws::Http::HttpRequest&, long long) const override { return false; }
350 
354  bool PresignRequest(Aws::Http::HttpRequest&, const char*, long long) const override { return false; }
355 
359  bool PresignRequest(Aws::Http::HttpRequest&, const char*, const char*, long long) const override { return false; }
360 
361  bool ShouldSignHeader(const Aws::String& header) const;
362  private:
363  Utils::ByteBuffer GenerateSignature(const Aws::Auth::AWSCredentials& credentials,
364  const Aws::String& stringToSign, const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
365  Utils::ByteBuffer GenerateSignature(const Aws::String& stringToSign, const Aws::Utils::ByteBuffer& key) const;
366  Aws::String GenerateStringToSign(const Aws::String& dateValue, const Aws::String& simpleDate,
367  const Aws::String& canonicalRequestHash, const Aws::String& region,
368  const Aws::String& serviceName) const;
369  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey, const Aws::String& simpleDate) const;
370  Aws::Utils::ByteBuffer ComputeHash(const Aws::String& secretKey,
371  const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
372  const Aws::String m_serviceName;
373  const Aws::String m_region;
374  mutable Aws::Utils::Crypto::Sha256 m_hash;
375  mutable Aws::Utils::Crypto::Sha256HMAC m_HMAC;
376  mutable Utils::Threading::ReaderWriterLock m_derivedKeyLock;
377  mutable Aws::Utils::ByteBuffer m_derivedKey;
378  mutable Aws::String m_currentDateStr;
379  mutable Aws::String m_currentSecretKey;
380  Aws::Vector<Aws::String> m_unsignedHeaders;
381  std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
382  };
383 
384 
389  {
390  public:
395  const char* GetName() const override { return Aws::Auth::NULL_SIGNER; }
396 
400  bool SignRequest(Aws::Http::HttpRequest&) const override { return true; }
401 
405  bool SignEventMessage(Aws::Utils::Event::Message&, Aws::String& /* priorSignature */) const override { return true; }
406 
410  bool PresignRequest(Aws::Http::HttpRequest&, long long) const override { return false; }
411 
415  bool PresignRequest(Aws::Http::HttpRequest&, const char*, long long) const override { return false; }
416 
420  bool PresignRequest(Aws::Http::HttpRequest&, const char*, const char*, long long) const override { return false; }
421  };
422 
423  } // namespace Client
424 } // namespace Aws
425 
Aws::Utils::DateTime
Definition: DateTime.h:55
Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy
PayloadSigningPolicy
Definition: AWSAuthSigner.h:175
Aws::Client::AWSAuthV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, long long expirationInSeconds=0) const override
Aws::Client::AWSAuthSigner::PresignRequest
virtual bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, long long expirationInSeconds=0) const =0
Aws::Client::AWSAuthSigner::GetSigningTimestamp
virtual Aws::Utils::DateTime GetSigningTimestamp() const
Definition: AWSAuthSigner.h:155
Aws::Client::AWSAuthV4Signer::AWSAuthV4Signer
AWSAuthV4Signer(const std::shared_ptr< Auth::AWSCredentialsProvider > &credentialsProvider, const char *serviceName, const Aws::String &region, PayloadSigningPolicy signingPolicy=PayloadSigningPolicy::RequestDependent, bool urlEscapePath=true)
Aws::Utils::DateTime::Now
static DateTime Now()
Aws::Client::AWSAuthSigner
Definition: AWSAuthSigner.h:57
AWS_CORE_API
#define AWS_CORE_API
Definition: Core_EXPORTS.h:25
Aws::Client::AWSAuthEventStreamV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, long long) const override
Definition: AWSAuthSigner.h:349
Aws::Client::AWSAuthSigner::GetName
virtual const char * GetName() const =0
Aws::Client::AWSAuthEventStreamV4Signer::SignEventMessage
bool SignEventMessage(Aws::Utils::Event::Message &, Aws::String &priorSignature) const override
Sha256HMAC.h
Aws::Http::HttpRequest
Definition: HttpRequest.h:73
Aws::IoTWireless::Model::Event
Event
Definition: Event.h:17
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, bool signBody) const
Definition: AWSAuthSigner.h:98
Aws::Client::AWSAuthSigner::PresignRequest
virtual bool PresignRequest(Aws::Http::HttpRequest &request, long long expirationInSeconds) const =0
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, bool signBody) const override
Definition: AWSAuthSigner.h:224
Aws::Client::AWSAuthV4Signer::ShouldSignHeader
bool ShouldSignHeader(const Aws::String &header) const
DateTime.h
Aws::Auth::SIGV4_SIGNER
AWS_CORE_API const char SIGV4_SIGNER[]
Definition: AWSClient.h:63
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, bool signBody) const override
Definition: AWSAuthSigner.h:334
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request) const override
Definition: AWSAuthSigner.h:329
Aws::Client::AWSAuthSigner::~AWSAuthSigner
virtual ~AWSAuthSigner()=default
Aws::Vector
std::vector< T, Aws::Allocator< T > > Vector
Definition: AWSVector.h:17
Aws::Client::AWSAuthSigner::GetClockSkewOffset
virtual std::chrono::milliseconds GetClockSkewOffset() const
Definition: AWSAuthSigner.h:158
Sha256.h
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, bool signBody) const override
Definition: AWSAuthSigner.h:234
Aws::Set
std::set< T, std::less< T >, Aws::Allocator< T > > Set
Definition: AWSSet.h:17
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request, bool signBody) const
Definition: AWSAuthSigner.h:72
Aws::Client::AWSNullSigner::GetName
const char * GetName() const override
Definition: AWSAuthSigner.h:395
Aws::Client::AWSNullSigner
Definition: AWSAuthSigner.h:389
Aws::Client::AWSAuthSigner::AWSAuthSigner
AWSAuthSigner()
Definition: AWSAuthSigner.h:59
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, bool signBody) const override
Definition: AWSAuthSigner.h:339
Aws::Client::AWSAuthV4Signer::~AWSAuthV4Signer
virtual ~AWSAuthV4Signer()
Aws::Client::AWSAuthV4Signer::m_includeSha256HashHeader
bool m_includeSha256HashHeader
Definition: AWSAuthSigner.h:281
Aws::Utils::Crypto::Sha256HMAC
Definition: Sha256HMAC.h:38
ReaderWriterLock.h
Aws::Client::AWSAuthEventStreamV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, bool signBody) const override
Aws::Utils::Crypto::Sha256
Definition: Sha256.h:39
Aws::Client::AWSAuthV4Signer::GetRegion
Aws::String GetRegion() const
Definition: AWSAuthSigner.h:275
Aws::Client::AWSAuthV4Signer
Definition: AWSAuthSigner.h:168
Aws::Auth::AWSCredentials
Definition: AWSCredentials.h:19
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request) const override
Definition: AWSAuthSigner.h:214
Aws::Client::AWSAuthEventStreamV4Signer::AWSAuthEventStreamV4Signer
AWSAuthEventStreamV4Signer(const std::shared_ptr< Auth::AWSCredentialsProvider > &credentialsProvider, const char *serviceName, const Aws::String &region)
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request) const =0
Aws::Client::AWSAuthSigner::SignEventMessage
virtual bool SignEventMessage(Aws::Utils::Event::Message &, Aws::String &) const
Definition: AWSAuthSigner.h:118
Aws::Client::AWSNullSigner::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, long long) const override
Definition: AWSAuthSigner.h:415
Aws::Utils::Array< unsigned char >
Aws::Client::AWSAuthV4Signer::SignRequest
bool SignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, bool signBody) const override
Aws::Client::AWSAuthEventStreamV4Signer::GetName
const char * GetName() const override
Definition: AWSAuthSigner.h:325
Aws::Client::AWSAuthSigner::PresignRequest
virtual bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, long long expirationInSeconds=0) const =0
Aws::Client::AWSAuthV4Signer::GenerateSignature
Aws::String GenerateSignature(const Aws::Auth::AWSCredentials &credentials, const Aws::String &stringToSign, const Aws::String &simpleDate) const
Region.h
Aws::Client::AWSAuthV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &request, const char *region, const char *serviceName, long long expirationInSeconds=0) const override
Aws::Utils::Threading::ReaderWriterLock
Definition: ReaderWriterLock.h:26
Aws::Utils::Event::Message
Definition: EventMessage.h:30
Aws::UniquePtr
std::unique_ptr< T, Deleter< T > > UniquePtr
Definition: AWSMemory.h:249
AWS_UNREFERENCED_PARAM
#define AWS_UNREFERENCED_PARAM(x)
Definition: UnreferencedParam.h:16
Core_EXPORTS.h
Aws::Client::AWSAuthV4Signer::GetName
const char * GetName() const override
Definition: AWSAuthSigner.h:208
Aws::Client::AWSAuthSigner::SignRequest
virtual bool SignRequest(Aws::Http::HttpRequest &request, const char *region, bool signBody) const
Definition: AWSAuthSigner.h:84
Aws
Definition: AccessManagementClient.h:15
AWSMemory.h
Array.h
Aws::Client::AWSNullSigner::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, long long) const override
Definition: AWSAuthSigner.h:410
Aws::Client::AWSAuthSigner::SetClockSkew
virtual void SetClockSkew(const std::chrono::milliseconds &clockSkew)
Definition: AWSAuthSigner.h:150
Aws::String
std::basic_string< char, std::char_traits< char >, Aws::Allocator< char > > String
Definition: AWSString.h:97
AWSSet.h
Aws::Client::AWSAuthSigner::m_clockSkew
std::atomic< std::chrono::milliseconds > m_clockSkew
Definition: AWSAuthSigner.h:160
Aws::Client::AWSNullSigner::SignEventMessage
bool SignEventMessage(Aws::Utils::Event::Message &, Aws::String &) const override
Definition: AWSAuthSigner.h:405
Aws::Client::AWSAuthEventStreamV4Signer::ShouldSignHeader
bool ShouldSignHeader(const Aws::String &header) const
Aws::Auth::SIGNATURE
AWS_CORE_API const char SIGNATURE[]
Aws::Client::AWSAuthV4Signer::GetServiceName
Aws::String GetServiceName() const
Definition: AWSAuthSigner.h:274
Aws::Client::AWSAuthEventStreamV4Signer
Definition: AWSAuthSigner.h:320
Aws::Client::AWSNullSigner::SignRequest
bool SignRequest(Aws::Http::HttpRequest &) const override
Definition: AWSAuthSigner.h:400
Aws::Client::AWSAuthEventStreamV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, long long) const override
Definition: AWSAuthSigner.h:354
Aws::Auth::EVENTSTREAM_SIGV4_SIGNER
AWS_CORE_API const char EVENTSTREAM_SIGV4_SIGNER[]
Aws::Client::AWSAuthEventStreamV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, const char *, long long) const override
Definition: AWSAuthSigner.h:359
Aws::Client::AWSAuthV4Signer::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &request, long long expirationInSeconds=0) const override
Aws::Client::AWSNullSigner::PresignRequest
bool PresignRequest(Aws::Http::HttpRequest &, const char *, const char *, long long) const override
Definition: AWSAuthSigner.h:420
Aws::Auth::NULL_SIGNER
AWS_CORE_API const char NULL_SIGNER[]
Definition: AWSClient.h:64