aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
Sigv4Signing.h
Go to the documentation of this file.
1#pragma once
7#include <aws/crt/Exports.h>
8
9#include <aws/crt/DateTime.h>
10#include <aws/crt/Types.h>
12
13struct aws_signing_config_aws;
14
15namespace Aws
16{
17 namespace Crt
18 {
19 namespace Auth
20 {
21 class Credentials;
22 class ICredentialsProvider;
23
25 {
26 SigV4 = AWS_SIGNING_ALGORITHM_V4,
27 SigV4A = AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC
28 };
29
30 enum class SignatureType
31 {
32 HttpRequestViaHeaders = AWS_ST_HTTP_REQUEST_HEADERS,
33 HttpRequestViaQueryParams = AWS_ST_HTTP_REQUEST_QUERY_PARAMS,
34 HttpRequestChunk = AWS_ST_HTTP_REQUEST_CHUNK,
35 HttpRequestEvent = AWS_ST_HTTP_REQUEST_EVENT,
36 };
37
38 namespace SignedBodyValue
39 {
45 AWS_CRT_CPP_API extern const char *EmptySha256;
50 AWS_CRT_CPP_API extern const char *UnsignedPayload;
61 } // namespace SignedBodyValue
62
64 {
65 None = AWS_SBHT_NONE,
66 XAmzContentSha256 = AWS_SBHT_X_AMZ_CONTENT_SHA256,
67 };
68
69 using ShouldSignHeaderCb = bool (*)(const Crt::ByteCursor *, void *);
70
76 {
77 public:
79 virtual ~AwsSigningConfig();
80
81 virtual SigningConfigType GetType() const noexcept override { return SigningConfigType::Aws; }
82
86 SigningAlgorithm GetSigningAlgorithm() const noexcept;
87
91 void SetSigningAlgorithm(SigningAlgorithm algorithm) noexcept;
92
96 SignatureType GetSignatureType() const noexcept;
97
101 void SetSignatureType(SignatureType signatureType) noexcept;
102
106 const Crt::String &GetRegion() const noexcept;
107
111 void SetRegion(const Crt::String &region) noexcept;
112
116 const Crt::String &GetService() const noexcept;
117
121 void SetService(const Crt::String &service) noexcept;
122
126 DateTime GetSigningTimepoint() const noexcept;
127
131 void SetSigningTimepoint(const DateTime &date) noexcept;
132
133 /*
134 * We assume the uri will be encoded once in preparation for transmission. Certain services
135 * do not decode before checking signature, requiring us to actually double-encode the uri in the
136 * canonical request in order to pass a signature check.
137 */
138
143 bool GetUseDoubleUriEncode() const noexcept;
144
149 void SetUseDoubleUriEncode(bool useDoubleUriEncode) noexcept;
150
154 bool GetShouldNormalizeUriPath() const noexcept;
155
159 void SetShouldNormalizeUriPath(bool shouldNormalizeUriPath) noexcept;
160
165 bool GetOmitSessionToken() const noexcept;
166
171 void SetOmitSessionToken(bool omitSessionToken) noexcept;
172
176 ShouldSignHeaderCb GetShouldSignHeaderCallback() const noexcept;
177
182 void SetShouldSignHeaderCallback(ShouldSignHeaderCb shouldSignHeaderCb) noexcept;
183
187 void *GetShouldSignHeaderUserData() const noexcept;
188
192 void SetShouldSignHeaderUserData(void *userData) noexcept;
193
198 const Crt::String &GetSignedBodyValue() const noexcept;
199
207 void SetSignedBodyValue(const Crt::String &signedBodyValue) noexcept;
208
212 SignedBodyHeaderType GetSignedBodyHeader() const noexcept;
213
217 void SetSignedBodyHeader(SignedBodyHeaderType signedBodyHeader) noexcept;
218
222 uint64_t GetExpirationInSeconds() const noexcept;
223
227 void SetExpirationInSeconds(uint64_t expirationInSeconds) noexcept;
228
229 /*
230 * For Sigv4 signing, either the credentials provider or the credentials must be set.
231 * Credentials, if set, takes precedence over the provider.
232 */
233
237 const std::shared_ptr<ICredentialsProvider> &GetCredentialsProvider() const noexcept;
238
242 void SetCredentialsProvider(const std::shared_ptr<ICredentialsProvider> &credsProvider) noexcept;
243
247 const std::shared_ptr<Credentials> &GetCredentials() const noexcept;
248
252 void SetCredentials(const std::shared_ptr<Credentials> &credentials) noexcept;
253
255 const struct aws_signing_config_aws *GetUnderlyingHandle() const noexcept;
256
257 private:
258 Allocator *m_allocator;
259 std::shared_ptr<ICredentialsProvider> m_credentialsProvider;
260 std::shared_ptr<Credentials> m_credentials;
261 struct aws_signing_config_aws m_config;
262 Crt::String m_signingRegion;
263 Crt::String m_serviceName;
264 Crt::String m_signedBodyValue;
265 };
266
271 {
272 public:
274 virtual ~Sigv4HttpRequestSigner() = default;
275
276 bool IsValid() const override { return true; }
280 virtual bool SignRequest(
281 const std::shared_ptr<Aws::Crt::Http::HttpRequest> &request,
282 const ISigningConfig &config,
283 const OnHttpRequestSigningComplete &completionCallback) override;
284
285 private:
286 Allocator *m_allocator;
287 };
288 } // namespace Auth
289 } // namespace Crt
290} // namespace Aws
#define AWS_CRT_CPP_API
Definition: Exports.h:37
Definition: Sigv4Signing.h:76
virtual SigningConfigType GetType() const noexcept override
Definition: Sigv4Signing.h:81
Definition: Credentials.h:38
Definition: Credentials.h:105
Definition: Signing.h:63
Definition: Signing.h:42
Definition: Sigv4Signing.h:271
bool IsValid() const override
Definition: Sigv4Signing.h:276
Definition: DateTime.h:53
AWS_CRT_CPP_API const char * StreamingAws4HmacSha256Payload
Definition: Sigv4Signing.cpp:25
AWS_CRT_CPP_API const char * StreamingAws4HmacSha256Events
Definition: Sigv4Signing.cpp:26
AWS_CRT_CPP_API const char * UnsignedPayload
Definition: Sigv4Signing.cpp:24
AWS_CRT_CPP_API const char * EmptySha256
Definition: Sigv4Signing.cpp:23
SigningAlgorithm
Definition: Sigv4Signing.h:25
SigningConfigType
Definition: Signing.h:26
SignedBodyHeaderType
Definition: Sigv4Signing.h:64
std::function< void(const std::shared_ptr< Aws::Crt::Http::HttpRequest > &, int)> OnHttpRequestSigningComplete
Definition: Signing.h:35
bool(*)(const Crt::ByteCursor *, void *) ShouldSignHeaderCb
Definition: Sigv4Signing.h:69
SignatureType
Definition: Sigv4Signing.h:31
aws_byte_cursor ByteCursor
Definition: Types.h:33
aws_allocator Allocator
Definition: StlAllocator.h:17
AWS_CRT_CPP_API Allocator * g_allocator
Definition: Api.cpp:21
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition: Types.h:47
Definition: Api.h:17
Definition: StringView.h:846