public final class AwsAuthUtils
extends Object
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_ENCODING
The default encoding used for text data: UTF-8.
|
Constructor and Description |
---|
AwsAuthUtils() |
Modifier and Type | Method and Description |
---|---|
static String |
awsV4BuildAuthorizationHeaderValue(String service,
String accessKey,
String requestSignature,
String requestSignatureVersion,
String canonicalRequestString,
String timestampISO8601,
String region)
Build the Authorization header value for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static String |
awsV4BuildCanonicalRequestString(org.apache.http.client.methods.HttpUriRequest httpMethod,
String requestPayloadHexSha256Hash)
Build the canonical request string for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static String |
awsV4BuildCanonicalRequestString(URI uri,
String httpMethod,
Map<String,String> headersMap,
String requestPayloadHexSha256Hash)
Build the canonical request string for a REST/HTTP request to a storage
service for the AWS Request Signature version 4.
|
static byte[] |
awsV4BuildSigningKey(String service,
String secretAccessKey,
String timestampISO8601,
String region)
Aws V 4 build signing key.
|
static String |
awsV4BuildStringToSign(String service,
String requestSignatureVersion,
String canonicalRequestString,
String timestampISO8601,
String region)
Build the string to sign for a REST/HTTP request to a storage service for
the AWS Request Signature version 4.
|
static String |
awsV4EncodeURI(CharSequence input,
boolean encodeSlash)
Slightly modified version of "uri-encode" from:
"http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html"
|
static String |
awsV4GetOrCalculatePayloadHash(org.apache.http.client.methods.HttpUriRequest httpMethod)
Return SHA256 payload hash value already set on HTTP request, or if none
is yet set calculate this value if possible.
|
static String |
encodeUrlString(String path)
Encodes a URL string, and ensures that spaces are encoded as "%20"
instead of "+" to keep fussy web browsers happier.
|
static byte[] |
hash(byte[] data,
String cryptoHash)
Hash.
|
static byte[] |
hash(InputStream dataIS,
String cryptoHash,
boolean resetInsteadOfClose)
Hash.
|
static byte[] |
hash(String data,
String cryptoHash)
Hash.
|
static byte[] |
hashSHA256(InputStream dataIS)
Hash SHA 256.
|
static byte[] |
hashSHA256(InputStream dataIS,
boolean resetInsteadOfClose)
Hash SHA 256.
|
static byte[] |
hmac(byte[] key,
byte[] data,
String cryptoAlgorithm)
Hmac.
|
static byte[] |
hmacSHA256(byte[] key,
byte[] data)
Hmac SHA 256.
|
static byte[] |
hmacSHA256(String key,
String data)
Return lowercase hex-encoded HMAC message digest of given data using the
given key, using a crypto hash like "SHA256".
|
static void |
signAwsRequest(org.apache.http.client.methods.HttpRequestBase request,
String user,
String password,
String region,
String service)
Sign aws request.
|
static byte[] |
stringToBytes(String str)
String to bytes.
|
static String |
toHex(byte[] data)
Converts byte data to a Hex-encoded string.
|
public static String DEFAULT_ENCODING
public static byte[] stringToBytes(String str)
str
- the strpublic static byte[] hmac(byte[] key, byte[] data, String cryptoAlgorithm)
key
- key for HMACdata
- data to be HMAC'dcryptoAlgorithm
- cryptographic algorithm to use for HMAC, e.g. "SHA-256"public static byte[] hmacSHA256(String key, String data)
key
- the keydata
- the datapublic static byte[] hmacSHA256(byte[] key, byte[] data)
key
- the keydata
- the datapublic static String toHex(byte[] data)
data
- data to hex encode.public static byte[] hash(byte[] data, String cryptoHash)
data
- the datacryptoHash
- the crypto hashpublic static byte[] hash(InputStream dataIS, String cryptoHash, boolean resetInsteadOfClose) throws IOException
dataIS
- the data IScryptoHash
- the crypto hashresetInsteadOfClose
- if true, input stream is reset instead of closed after hash is
generated.IOException
- Signals that an I/O exception has occurred.public static byte[] hash(String data, String cryptoHash)
data
- the datacryptoHash
- the crypto hashpublic static String encodeUrlString(String path)
path
- the pathpublic static String awsV4BuildStringToSign(String service, String requestSignatureVersion, String canonicalRequestString, String timestampISO8601, String region)
service
- the servicerequestSignatureVersion
- request signature version string, e.g. "AWS4-HMAC-SHA256"canonicalRequestString
- canonical request string as generated by
awsV4BuildCanonicalRequestString(HttpUriRequest, String)
timestampISO8601
- timestamp of request creation in ISO8601 formatregion
- region to which the request will be sent
"http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"public static byte[] awsV4BuildSigningKey(String service, String secretAccessKey, String timestampISO8601, String region)
service
- the servicesecretAccessKey
- the secret access keytimestampISO8601
- the timestamp ISO 8601region
- the regionpublic static String awsV4BuildAuthorizationHeaderValue(String service, String accessKey, String requestSignature, String requestSignatureVersion, String canonicalRequestString, String timestampISO8601, String region)
service
- the serviceaccessKey
- account holder's access keyrequestSignature
- request signature as generated signing the string to sign from
awsV4BuildStringToSign(String, String, String, String)}
with the key from
awsV4BuildSigningKey(String, String, String)}requestSignatureVersion
- request signature version string, e.g. "AWS4-HMAC-SHA256"canonicalRequestString
- canonical request string as generated by
awsV4BuildCanonicalRequestString(HttpUriRequest, String)}timestampISO8601
- timestamp of request creation in ISO8601 formatregion
- region to which request will be sent, see
"http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region"public static String awsV4EncodeURI(CharSequence input, boolean encodeSlash)
input
- URI or URI-fragment string to encode.encodeSlash
- true if slash (/) character should be encoded.public static byte[] hashSHA256(InputStream dataIS, boolean resetInsteadOfClose) throws IOException
dataIS
- the data ISresetInsteadOfClose
- the reset instead of closeIOException
- Signals that an I/O exception has occurred.public static byte[] hashSHA256(InputStream dataIS) throws IOException
dataIS
- the data ISIOException
- Signals that an I/O exception has occurred.public static String awsV4GetOrCalculatePayloadHash(org.apache.http.client.methods.HttpUriRequest httpMethod)
httpMethod
- the request's HTTP method just prior to sendingpublic static String awsV4BuildCanonicalRequestString(org.apache.http.client.methods.HttpUriRequest httpMethod, String requestPayloadHexSha256Hash)
httpMethod
- the request's HTTP method just prior to sendingrequestPayloadHexSha256Hash
- hex-encoded SHA256 hash of request's payload. May be null or
"" in which case the default SHA256 hash of an empty string is
used. May also be "UNSIGNED-PAYLOAD" for generating pre-signed
request signatures.public static String awsV4BuildCanonicalRequestString(URI uri, String httpMethod, Map<String,String> headersMap, String requestPayloadHexSha256Hash)
uri
- the urihttpMethod
- the request's HTTP method just prior to sendingheadersMap
- the headers maprequestPayloadHexSha256Hash
- hex-encoded SHA256 hash of request's payload. May be null or
"" in which case the default SHA256 hash of an empty string is
used.public static void signAwsRequest(org.apache.http.client.methods.HttpRequestBase request, String user, String password, String region, String service) throws Exception
request
- the requestuser
- the userpassword
- the passwordregion
- the regionservice
- the serviceException
- the exceptionCopyright © 2010-2020 Toolsverse. All Rights Reserved.