AwsSignatureV4Private Class Reference

Private implementation for AwsSignatureV4. More...

Inheritance diagram for AwsSignatureV4Private:

Collaboration diagram for AwsSignatureV4Private:

Public Member Functions
	AwsSignatureV4Private (const QCryptographicHash::Algorithm hashAlgorithm, AwsSignatureV4 *const q)
	Constructs a new AwsSignatureV4Private object. More...
void	setAuthorizationHeader (const AwsAbstractCredentials &credentials, const QNetworkAccessManager::Operation operation, QNetworkRequest &request, const QByteArray &payload, const QDateTime &timestamp) const
	Set authorization header on a network request. More...
QDateTime	setDateHeader (QNetworkRequest &request, const QDateTime &dateTime=QDateTime::currentDateTimeUtc()) const
	Set the AWS custom date header. More...
Public Member Functions inherited from AwsAbstractSignaturePrivate
virtual	~AwsAbstractSignaturePrivate ()
	AwsAbstractSignaturePrivate destructor. More...
	AwsAbstractSignaturePrivate (AwsAbstractSignature *const q)
	Constructs a new AwsAbstractSignaturePrivate object. More...
QString	canonicalPath (const QUrl &url) const
	Create an AWS Signature canonical path. More...
QByteArray	canonicalQuery (const QUrlQuery &query) const
	Create an AWS Signature canonical query. More...
QString	httpMethod (const QNetworkAccessManager::Operation operation) const
	Create an AWS Signature request method string. More...
bool	setQueryItem (QUrlQuery &query, const QString &key, const QString &value, const bool warnOnNonIdenticalDuplicate=true) const
	Set a query item, checking for existing values first. More...

Protected Member Functions
QByteArray	algorithmDesignation (const QCryptographicHash::Algorithm algorithm) const
	Create an AWS V4 Signature algorithm designation. More...
QByteArray	authorizationHeaderValue (const AwsAbstractCredentials &credentials, const QNetworkAccessManager::Operation operation, QNetworkRequest &request, const QByteArray &payload, const QDateTime &timestamp) const
	Create an AWS V4 Signature authorization header value. More...
QByteArray	canonicalHeader (const QByteArray &headerName, const QByteArray &headerValue) const
	Create an AWS V4 Signature canonical header string. More...
QByteArray	canonicalHeaders (const QNetworkRequest &request, QByteArray *const signedHeaders) const
	Create an AWS V4 Signature canonical headers string. More...
QByteArray	canonicalRequest (const QNetworkAccessManager::Operation operation, const QNetworkRequest &request, const QByteArray &payload, QByteArray *const signedHeaders) const
	Create an AWS V4 Signature canonical request. More...
QByteArray	credentialScope (const QDate &date, const QString &region, const QString &service) const
	Create an AWS V4 Signature credential scope. More...
QByteArray	signingKey (const AwsAbstractCredentials &credentials, const QDate &date, const QString &region, const QString &service) const
	Create an AWS V4 Signature signing key. More...
QByteArray	stringToSign (const QByteArray &algorithmDesignation, const QDateTime &requestDate, const QByteArray &credentialScope, const QByteArray &canonicalRequest) const
	Create an AWS V4 Signature string to sign. More...

Protected Attributes
const QCryptographicHash::Algorithm	hashAlgorithm
	Hash algorithm to use when signing.
Protected Attributes inherited from AwsAbstractSignaturePrivate
AwsAbstractSignature *const	q_ptr
	Internal q-pointer.

Static Protected Attributes
static const QLatin1String	DateFormat
	Format V4 signatures use to represent dates in canonical form.
static const QLatin1String	DateTimeFormat
	Format V4 signatures use to represent timestamps in canonical form.

Friends
class	TestAwsSignatureV4

Detailed Description

Private implementation for AwsSignatureV4.

See also

http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html

Definition at line 36 of file awssignaturev4_p.h.

Constructor & Destructor Documentation

AwsSignatureV4Private::AwsSignatureV4Private	(	const QCryptographicHash::Algorithm	hashAlgorithm,
		AwsSignatureV4 *const	q
	)

Constructs a new AwsSignatureV4Private object.

Parameters

hashAlgorithm	The algorithm to use during various stages of signing.
q	Pointer to this object's public AwsSignatureV4 instance.

Definition at line 95 of file awssignaturev4.cpp.

    : AwsAbstractSignaturePrivate(q), hashAlgorithm(hashAlgorithm)
{

}

Member Function Documentation

QByteArray AwsSignatureV4Private::algorithmDesignation ( const QCryptographicHash::Algorithm  algorithm ) const

protected

Create an AWS V4 Signature algorithm designation.

This function returns an algorithm designation, as defined by Amazon, for use with V4 signatures.

For example, if the algorith is QCryptographicHash::Sha256, this function will return AWS4-HMAC-SHA256.

Parameters

algorithm

The hash algorithm to get the canonical designation for.

Returns

An AWS V4 Signature algorithm designation.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html

Definition at line 117 of file awssignaturev4.cpp.

Referenced by authorizationHeaderValue().

{
    switch (algorithm) {
        case QCryptographicHash::Md4:      return "AWS4-HMAC-MD4";
        case QCryptographicHash::Md5:      return "AWS4-HMAC-MD5";
        case QCryptographicHash::Sha1:     return "AWS4-HMAC-SHA1";
        case QCryptographicHash::Sha224:   return "AWS4-HMAC-SHA224";
        case QCryptographicHash::Sha256:   return "AWS4-HMAC-SHA256";
        case QCryptographicHash::Sha384:   return "AWS4-HMAC-SHA384";
        case QCryptographicHash::Sha512:   return "AWS4-HMAC-SHA512";
        default:
            Q_ASSERT_X(false, Q_FUNC_INFO, "invalid algorithm");
            return "invalid-algorithm";
    }
}

QByteArray AwsSignatureV4Private::authorizationHeaderValue ( const AwsAbstractCredentials &  credentials, const QNetworkAccessManager::Operation  operation, QNetworkRequest &  request, const QByteArray &  payload, const QDateTime &  timestamp  ) const

protected

Create an AWS V4 Signature authorization header value.

This function builds an V4 signature, and returns it to the caller. The returned header value is then suitable for adding as a Authorization header in the HTTP request, to be accepted by Amazon.

Parameters

credentials	The AWS credentials to use to sign the request.
operation	The HTTP method being used for the request.
request	The network request to generate a signature for.
payload	Optional data being submitted in the request (eg for PUT and POST operations).
timestamp	The timestamp to use when signing the request.

Returns

An AWS V4 Signature authorization header value.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

setAuthorizationHeader

Definition at line 151 of file awssignaturev4.cpp.

References AwsAbstractCredentials::accessKeyId(), algorithmDesignation(), canonicalRequest(), credentialScope(), hashAlgorithm, signingKey(), and stringToSign().

Referenced by setAuthorizationHeader().

{
    const QByteArray algorithmDesignation = this->algorithmDesignation(hashAlgorithm);
    const AwsEndpoint endpoint(request.url().host());

    const QByteArray credentialScope = this->credentialScope(timestamp.date(), endpoint.regionName(), endpoint.serviceName());
    QByteArray signedHeaders;
    const QByteArray canonicalRequest = this->canonicalRequest(operation, request, payload, &signedHeaders);

    const QByteArray stringToSign = this->stringToSign(algorithmDesignation, timestamp, credentialScope, canonicalRequest);
    const QByteArray signingKey = this->signingKey(credentials, timestamp.date(), endpoint.regionName(), endpoint.serviceName());
    const QByteArray signature = QMessageAuthenticationCode::hash(stringToSign, signingKey, hashAlgorithm);

    return algorithmDesignation + " Credential=" + credentials.accessKeyId().toUtf8() + '/' + credentialScope +
            ", SignedHeaders=" + signedHeaders + ", Signature=" + signature.toHex();
}

QByteArray AwsSignatureV4Private::canonicalHeader ( const QByteArray &  headerName, const QByteArray &  headerValue  ) const

protected

Create an AWS V4 Signature canonical header string.

In canonical form, header name and value are combined with a single semi-colon separator, with all whitespace removed from both, except for whitespace within double-quotes.

Parameters

headerName	Name of the HTTP header to convert to canonical form.
headerValue	Value of the HTTP header to convert to canonical form.

Returns

An AWS V4 Signature canonical header string.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

canonicalHeaders

Definition at line 186 of file awssignaturev4.cpp.

Referenced by canonicalHeaders().

{
    QByteArray header = headerName.toLower() + ':';
    const QByteArray trimmedHeaderValue = headerValue.trimmed();
    bool isInQuotes = false;
    char previousChar = '\0';
    for (int index = 0; index < trimmedHeaderValue.size(); ++index) {
        char thisChar = trimmedHeaderValue.at(index);
        header += thisChar;
        if (isInQuotes) {
            if ((thisChar == '"') && (previousChar != '\\'))
                isInQuotes = false;
        } else {
            if ((thisChar == '"') && (previousChar != '\\')) {
                isInQuotes = true;
            } else if (isspace(thisChar)) {
                while ((index < trimmedHeaderValue.size()-1) &&
                       (isspace(trimmedHeaderValue.at(index+1))))
                    ++index;
            }
        }
        previousChar = thisChar;
    }
    return header;
}

QByteArray AwsSignatureV4Private::canonicalHeaders ( const QNetworkRequest &  request, QByteArray *const  signedHeaders  ) const

protected

Create an AWS V4 Signature canonical headers string.

This function constructs a canonical string containing all of the headers in the given request.

Note

request will typically not include a Host header at this stage, however Qt will add an appropriate Host header when the request is performed. So, if request does not include a Host header yet, this function will include a derived Host header in the canonical headers to allow for it.

Parameters

[in]	request	The network request to fetch the canonical headers from.
[out]	signedHeaders	A semi-colon separated list of the names of all headers included in the result.

Returns

An AWS V4 Signature canonical headers string.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

canonicalHeader

Definition at line 233 of file awssignaturev4.cpp.

References canonicalHeader().

Referenced by canonicalRequest().

{
    Q_CHECK_PTR(signedHeaders);
    signedHeaders->clear();

    /* Note, Amazon says we should combine duplicate headers with comma separators...
     * conveniently for us, QNetworkRequest requires that to have been done already.
     * See note in QNetworkRequest::setRawHeader.
     */

    // Convert the raw headers list to a map to sort on (lowercased) header names only.
    QMap<QByteArray,QByteArray> headers;
    foreach (const QByteArray &rawHeader, request.rawHeaderList()) {
        headers.insert(rawHeader.toLower(), request.rawHeader(rawHeader));
    }
    // The "host" header is not included in QNetworkRequest::rawHeaderList, but will be sent by Qt.
    headers.insert("host", request.url().host().toUtf8());

    // Convert the headers map to a canonical string, keeping track of which headers we've included too.
    QByteArray canonicalHeaders;
    for (QMap<QByteArray,QByteArray>::const_iterator iter = headers.constBegin(); iter != headers.constEnd(); ++iter) {
        canonicalHeaders += canonicalHeader(iter.key(), iter.value()) + '\n';
        if (!signedHeaders->isEmpty()) *signedHeaders += ';';
        *signedHeaders += iter.key();
    }
    return canonicalHeaders;
}

QByteArray AwsSignatureV4Private::canonicalRequest ( const QNetworkAccessManager::Operation  operation, const QNetworkRequest &  request, const QByteArray &  payload, QByteArray *const  signedHeaders  ) const

protected

Create an AWS V4 Signature canonical request.

Parameters

[in]	operation	The HTTP method being used for the request.
[in]	request	The network request to generate a canonical request for.
[in]	payload	Optional data being submitted in the request (eg for PUT and POST operations).
[out]	signedHeaders	A semi-colon separated list of the names of all headers included in the result.

Returns

An AWS V4 Signature canonical request.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

Definition at line 274 of file awssignaturev4.cpp.

References canonicalHeaders(), AwsAbstractSignaturePrivate::canonicalPath(), AwsAbstractSignaturePrivate::canonicalQuery(), hashAlgorithm, and AwsAbstractSignaturePrivate::httpMethod().

Referenced by authorizationHeaderValue().

{
    return httpMethod(operation).toUtf8() + '\n' +
           canonicalPath(request.url()).toUtf8() + '\n' +
           canonicalQuery(QUrlQuery(request.url()))  + '\n' +
           canonicalHeaders(request, signedHeaders) + '\n' +
           *signedHeaders + '\n' +
           QCryptographicHash::hash(payload, hashAlgorithm).toHex();
}

QByteArray AwsSignatureV4Private::credentialScope ( const QDate &  date, const QString &  region, const QString &  service  ) const

protected

Create an AWS V4 Signature credential scope.

Parameters

date	Date to include in the credential scope.
region	Region name to include in the credential scope.
service	Service name to include in the credential scope.

Returns

An AWS V4 Signature credential scope.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html

Definition at line 297 of file awssignaturev4.cpp.

References DateFormat.

Referenced by authorizationHeaderValue().

{
    return date.toString(DateFormat).toUtf8() + '/' + region.toUtf8() + '/' + service.toUtf8() + "/aws4_request";
}

void AwsSignatureV4Private::setAuthorizationHeader	(	const AwsAbstractCredentials &	credentials,
		const QNetworkAccessManager::Operation	operation,
		QNetworkRequest &	request,
		const QByteArray &	payload,
		const QDateTime &	timestamp
	)		const

Set authorization header on a network request.

This function will calculate the authorization header value and set it as the Authorization HTTP header on request.

Parameters

[in]	credentials	The AWS credentials to use to sign the request.
[in]	operation	The HTTP method being used for the request.
[in,out]	request	The network request to add the authorization header to.
[in]	payload	Optional data being submitted in the request (eg for PUT and POST operations).
[in]	timestamp	The timestamp to use when signing the request.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

authorizationHeaderValue

Definition at line 317 of file awssignaturev4.cpp.

References authorizationHeaderValue().

{
    Q_ASSERT(!request.hasRawHeader("Authorization"));
    request.setRawHeader("Authorization", authorizationHeaderValue(credentials, operation, request, payload, timestamp));
}

QDateTime AwsSignatureV4Private::setDateHeader	(	QNetworkRequest &	request,
		const QDateTime &	dateTime = QDateTime::currentDateTimeUtc()
	)		const

Set the AWS custom date header.

This function will set a custom x-amz-date header to the value of dateTime formatted to AwsSignatureV4Private::DateTimeFormat.

Note

Although Amazon labels this as a "date", it is in fact a full timestamp.

Parameters

request	The network request to add the date header to.
dateTime	The timestamp to set the date header's value to.

Returns

dateTime verbatim (just a convenience for some callers).

Definition at line 339 of file awssignaturev4.cpp.

References DateTimeFormat.

{
    Q_ASSERT(!request.hasRawHeader("x-amz-date"));
    request.setRawHeader("x-amz-date", dateTime.toString(DateTimeFormat).toUtf8());
    return dateTime;
}

QByteArray AwsSignatureV4Private::signingKey ( const AwsAbstractCredentials &  credentials, const QDate &  date, const QString &  region, const QString &  service  ) const

protected

Create an AWS V4 Signature signing key.

Parameters

credentials	AWS credentials to use when generating the signing key.
date	Date to include in the signing key.
region	Region name to include in the signing key.
service	Service name to include in the signing key.

Returns

An AWS V4 Signature signing key.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

Definition at line 358 of file awssignaturev4.cpp.

References DateFormat, hashAlgorithm, and AwsAbstractCredentials::secretKey().

Referenced by authorizationHeaderValue().

{
    return QMessageAuthenticationCode::hash("aws4_request",
           QMessageAuthenticationCode::hash(service.toUtf8(),
           QMessageAuthenticationCode::hash(region.toUtf8(),
           QMessageAuthenticationCode::hash(date.toString(DateFormat).toUtf8(), "AWS4"+credentials.secretKey().toUtf8(),
           hashAlgorithm), hashAlgorithm), hashAlgorithm), hashAlgorithm);
}

QByteArray AwsSignatureV4Private::stringToSign ( const QByteArray &  algorithmDesignation, const QDateTime &  requestDate, const QByteArray &  credentialScope, const QByteArray &  canonicalRequest  ) const

protected

Create an AWS V4 Signature string to sign.

Parameters

algorithmDesignation	AWS designation for the hash algorithm used to sign the request.
requestDate	AWS request timestamp.
credentialScope	Aws credential scope used to sign the request.
canonicalRequest	AWS request in canonical form.

Returns

An AWS V4 Signature string to sign.

See also

http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html

algorithmDesignation

canonicalRequest

credentialScope

Definition at line 383 of file awssignaturev4.cpp.

References DateTimeFormat, and hashAlgorithm.

Referenced by authorizationHeaderValue().

{
    return algorithmDesignation + '\n' +
           requestDate.toString(DateTimeFormat).toUtf8() + '\n' +
           credentialScope + '\n' +
           QCryptographicHash::hash(canonicalRequest, hashAlgorithm).toHex();
}

---

The documentation for this class was generated from the following files:

• core/awssignaturev4_p.h
• core/awssignaturev4.cpp