Class AbstractAWSSigner

java.lang.Object
com.amazonaws.auth.AbstractAWSSigner
All Implemented Interfaces:
Signer
Direct Known Subclasses:
AWS3Signer, AWS4Signer, QueryStringSigner

public abstract class AbstractAWSSigner extends Object implements Signer
Abstract base class for AWS signing protocol implementations. Provides utilities commonly needed by signing protocols such as computing canonicalized host names, query string parameters, etc.

Not intended to be sub-classed by developers.

  • Field Details

    • EMPTY_STRING_SHA256_HEX

      public static final String EMPTY_STRING_SHA256_HEX
  • Constructor Details

    • AbstractAWSSigner

      public AbstractAWSSigner()
  • Method Details

    • signAndBase64Encode

      protected String signAndBase64Encode(String data, String key, SigningAlgorithm algorithm) throws AmazonClientException
      Computes an RFC 2104-compliant HMAC signature and returns the result as a Base64 encoded string.
      Throws:
      AmazonClientException
    • signAndBase64Encode

      protected String signAndBase64Encode(byte[] data, String key, SigningAlgorithm algorithm) throws AmazonClientException
      Computes an RFC 2104-compliant HMAC signature for an array of bytes and returns the result as a Base64 encoded string.
      Throws:
      AmazonClientException
    • sign

      public byte[] sign(String stringData, byte[] key, SigningAlgorithm algorithm) throws AmazonClientException
      Throws:
      AmazonClientException
    • signWithMac

      public byte[] signWithMac(String stringData, Mac mac)
    • sign

      protected byte[] sign(byte[] data, byte[] key, SigningAlgorithm algorithm) throws AmazonClientException
      Throws:
      AmazonClientException
    • hash

      public byte[] hash(String text) throws AmazonClientException
      Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.
      Parameters:
      text - The string to hash.
      Returns:
      The hashed bytes from the specified string.
      Throws:
      AmazonClientException - If the hash cannot be computed.
    • hash

      protected byte[] hash(InputStream input) throws AmazonClientException
      Throws:
      AmazonClientException
    • hash

      public byte[] hash(byte[] data) throws AmazonClientException
      Hashes the binary data using the SHA-256 algorithm.
      Parameters:
      data - The binary data to hash.
      Returns:
      The hashed bytes from the specified data.
      Throws:
      AmazonClientException - If the hash cannot be computed.
    • getCanonicalizedQueryString

      protected String getCanonicalizedQueryString(Map<String,List<String>> parameters)
      Examines the specified query string parameters and returns a canonicalized form.

      The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an '&'.

      Parameters:
      parameters - The query string parameters to be canonicalized.
      Returns:
      A canonicalized form for the specified query string parameters.
    • getCanonicalizedQueryString

      protected String getCanonicalizedQueryString(SignableRequest<?> request)
    • getBinaryRequestPayload

      protected byte[] getBinaryRequestPayload(SignableRequest<?> request)
      Returns the request's payload as binary data.
      Parameters:
      request - The request
      Returns:
      The data from the request's payload, as binary data.
    • getRequestPayload

      protected String getRequestPayload(SignableRequest<?> request)
      Returns the request's payload as a String.
      Parameters:
      request - The request
      Returns:
      The data from the request's payload, as a string.
    • getRequestPayloadWithoutQueryParams

      protected String getRequestPayloadWithoutQueryParams(SignableRequest<?> request)
      Returns the request's payload contents as a String, without processing any query string params (i.e. no form encoding for query params).
      Parameters:
      request - The request
      Returns:
      the request's payload contents as a String, not including any form encoding of query string params.
    • getBinaryRequestPayloadWithoutQueryParams

      protected byte[] getBinaryRequestPayloadWithoutQueryParams(SignableRequest<?> request)
      Returns the request's payload contents as binary data, without processing any query string params (i.e. no form encoding for query params).
      Parameters:
      request - The request
      Returns:
      The request's payload contents as binary data, not including any form encoding of query string params.
    • getBinaryRequestPayloadStream

      protected InputStream getBinaryRequestPayloadStream(SignableRequest<?> request)
    • getBinaryRequestPayloadStreamWithoutQueryParams

      protected InputStream getBinaryRequestPayloadStreamWithoutQueryParams(SignableRequest<?> request)
    • getCanonicalizedResourcePath

      protected String getCanonicalizedResourcePath(String resourcePath)
    • getCanonicalizedResourcePath

      protected String getCanonicalizedResourcePath(String resourcePath, boolean urlEncode)
    • getCanonicalizedEndpoint

      protected String getCanonicalizedEndpoint(URI endpoint)
    • sanitizeCredentials

      protected AWSCredentials sanitizeCredentials(AWSCredentials credentials)
      Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.

      Returns either a BasicSessionCredentials or a BasicAWSCredentials object, depending on the input type.

      Parameters:
      credentials -
      Returns:
      A new credentials object with the sanitized credentials.
    • newString

      protected String newString(byte[] bytes)
      Safely converts a UTF-8 encoded byte array into a String.
      Parameters:
      bytes - UTF-8 encoded binary character data.
      Returns:
      The converted String object.
    • getSignatureDate

      protected Date getSignatureDate(int offsetInSeconds)
      Returns the current time minus the given offset in seconds. The intent is to adjust the current time in the running JVM to the corresponding wall clock time at AWS for request signing purposes.
      Parameters:
      offsetInSeconds - offset in seconds
    • getTimeOffset

      @Deprecated protected int getTimeOffset(SignableRequest<?> request)
      Deprecated.
      Returns the time offset in seconds.
    • addSessionCredentials

      protected abstract void addSessionCredentials(SignableRequest<?> request, AWSSessionCredentials credentials)
      Adds session credentials to the request given.
      Parameters:
      request - The request to add session credentials information to
      credentials - The session credentials to add to the request