Class AbstractAWSSigner

  • All Implemented Interfaces:
    Signer
    Direct Known Subclasses:
    AWS3Signer, AWS4Signer, QueryStringSigner

    public abstract class AbstractAWSSigner
    extends Object
    implements Signer
    Abstract base class for AWS signing protocol implementations. Provides utilities commonly needed by signing protocols such as computing canonicalized host names, query string parameters, etc.

    Not intended to be sub-classed by developers.

    • Field Detail

      • EMPTY_STRING_SHA256_HEX

        public static final String EMPTY_STRING_SHA256_HEX
    • Constructor Detail

      • AbstractAWSSigner

        public AbstractAWSSigner()
    • Method Detail

      • signWithMac

        public byte[] signWithMac​(String stringData,
                                  Mac mac)
      • hash

        public byte[] hash​(String text)
                    throws AmazonClientException
        Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.
        Parameters:
        text - The string to hash.
        Returns:
        The hashed bytes from the specified string.
        Throws:
        AmazonClientException - If the hash cannot be computed.
      • hash

        public byte[] hash​(byte[] data)
                    throws AmazonClientException
        Hashes the binary data using the SHA-256 algorithm.
        Parameters:
        data - The binary data to hash.
        Returns:
        The hashed bytes from the specified data.
        Throws:
        AmazonClientException - If the hash cannot be computed.
      • getCanonicalizedQueryString

        protected String getCanonicalizedQueryString​(Map<String,​List<String>> parameters)
        Examines the specified query string parameters and returns a canonicalized form.

        The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an '&'.

        Parameters:
        parameters - The query string parameters to be canonicalized.
        Returns:
        A canonicalized form for the specified query string parameters.
      • getCanonicalizedQueryString

        protected String getCanonicalizedQueryString​(SignableRequest<?> request)
      • getBinaryRequestPayload

        protected byte[] getBinaryRequestPayload​(SignableRequest<?> request)
        Returns the request's payload as binary data.
        Parameters:
        request - The request
        Returns:
        The data from the request's payload, as binary data.
      • getRequestPayload

        protected String getRequestPayload​(SignableRequest<?> request)
        Returns the request's payload as a String.
        Parameters:
        request - The request
        Returns:
        The data from the request's payload, as a string.
      • getRequestPayloadWithoutQueryParams

        protected String getRequestPayloadWithoutQueryParams​(SignableRequest<?> request)
        Returns the request's payload contents as a String, without processing any query string params (i.e. no form encoding for query params).
        Parameters:
        request - The request
        Returns:
        the request's payload contents as a String, not including any form encoding of query string params.
      • getBinaryRequestPayloadWithoutQueryParams

        protected byte[] getBinaryRequestPayloadWithoutQueryParams​(SignableRequest<?> request)
        Returns the request's payload contents as binary data, without processing any query string params (i.e. no form encoding for query params).
        Parameters:
        request - The request
        Returns:
        The request's payload contents as binary data, not including any form encoding of query string params.
      • getBinaryRequestPayloadStreamWithoutQueryParams

        protected InputStream getBinaryRequestPayloadStreamWithoutQueryParams​(SignableRequest<?> request)
      • getCanonicalizedResourcePath

        protected String getCanonicalizedResourcePath​(String resourcePath)
      • getCanonicalizedResourcePath

        protected String getCanonicalizedResourcePath​(String resourcePath,
                                                      boolean urlEncode)
      • getCanonicalizedEndpoint

        protected String getCanonicalizedEndpoint​(URI endpoint)
      • sanitizeCredentials

        protected AWSCredentials sanitizeCredentials​(AWSCredentials credentials)
        Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.

        Returns either a BasicSessionCredentials or a BasicAWSCredentials object, depending on the input type.

        Parameters:
        credentials -
        Returns:
        A new credentials object with the sanitized credentials.
      • newString

        protected String newString​(byte[] bytes)
        Safely converts a UTF-8 encoded byte array into a String.
        Parameters:
        bytes - UTF-8 encoded binary character data.
        Returns:
        The converted String object.
      • getSignatureDate

        protected Date getSignatureDate​(int offsetInSeconds)
        Returns the current time minus the given offset in seconds. The intent is to adjust the current time in the running JVM to the corresponding wall clock time at AWS for request signing purposes.
        Parameters:
        offsetInSeconds - offset in seconds
      • getTimeOffset

        @Deprecated
        protected int getTimeOffset​(SignableRequest<?> request)
        Deprecated.
        Returns the time offset in seconds.
      • addSessionCredentials

        protected abstract void addSessionCredentials​(SignableRequest<?> request,
                                                      AWSSessionCredentials credentials)
        Adds session credentials to the request given.
        Parameters:
        request - The request to add session credentials information to
        credentials - The session credentials to add to the request