Package org.eclipse.jgit.lfs.server.s3
Class SignerV4
java.lang.Object
org.eclipse.jgit.lfs.server.s3.SignerV4
Signing support for Amazon AWS signing V4
See http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final String
private static final String
private static final String
private static final String
private static final String
private static final String
private static final String
private static final String
(package private) static final String
private static final String
private static final String
(package private) static final String
private static final String
private static final String
(package private) static final String
private static final String
private static final String
(package private) static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static void
addHostHeader
(URL url, Map<String, String> headers) private static void
appendQuery
(StringBuilder s, String key, String value) private static String
canonicalizeHeaderNames
(Map<String, String> headers) private static String
canonicalizeHeaderString
(Map<String, String> headers) private static String
canonicalizeQueryString
(Map<String, String> parameters) private static String
canonicalizeResourcePath
(URL endpoint) private static String
canonicalRequest
(URL endpoint, String httpMethod, String queryParameters, String canonicalizedHeaderNames, String canonicalizedHeaders, String bodyHash) (package private) static String
createAuthorizationQuery
(S3Config bucketConfig, URL url, String httpMethod, Map<String, String> headers, Map<String, String> queryParameters, String bodyHash) Create an AWSV4 authorization for a request, suitable for embedding in query parameters.createHeaderAuthorization
(S3Config bucketConfig, URL url, String httpMethod, Map<String, String> headers, String bodyHash) Sign headers for given bucket, url and HTTP method and add signature in Authorization header.private static byte[]
createSignature
(S3Config bucketConfig, String dateTimeStamp, String dateStamp, String scope, String canonicalRequest) private static String
private static String
dateTimeStampISO8601
(Date now) private static String
formatAuthorizationHeader
(S3Config bucketConfig, String canonicalizedHeaderNames, String scope, byte[] signature) private static String
formatAuthorizationQuery
(Map<String, String> queryParameters) private static byte[]
private static String
private static byte[]
private static String
stringToSign
(String scheme, String algorithm, String dateTime, String scope, String canonicalRequest) private static String
toHex
(byte[] bytes) private static String
-
Field Details
-
UNSIGNED_PAYLOAD
- See Also:
-
ALGORITHM
- See Also:
-
DATE_STRING_FORMAT
- See Also:
-
HEX
- See Also:
-
HMACSHA256
- See Also:
-
ISO8601_BASIC_FORMAT
- See Also:
-
S3
- See Also:
-
SCHEME
- See Also:
-
TERMINATOR
- See Also:
-
UTC
- See Also:
-
X_AMZ_ALGORITHM
- See Also:
-
X_AMZ_CREDENTIAL
- See Also:
-
X_AMZ_DATE
- See Also:
-
X_AMZ_SIGNATURE
- See Also:
-
X_AMZ_SIGNED_HEADERS
- See Also:
-
X_AMZ_CONTENT_SHA256
- See Also:
-
X_AMZ_EXPIRES
- See Also:
-
X_AMZ_STORAGE_CLASS
- See Also:
-
-
Constructor Details
-
SignerV4
SignerV4()
-
-
Method Details
-
createAuthorizationQuery
static String createAuthorizationQuery(S3Config bucketConfig, URL url, String httpMethod, Map<String, String> headers, Map<String, String> queryParameters, String bodyHash) Create an AWSV4 authorization for a request, suitable for embedding in query parameters.- Parameters:
bucketConfig
- configuration of S3 storage bucket this request should be signed forurl
- HTTP request URLhttpMethod
- HTTP methodheaders
- The HTTP request headers; 'Host' and 'X-Amz-Date' will be added to this set.queryParameters
- Any query parameters that will be added to the endpoint. The parameters should be specified in canonical format.bodyHash
- Pre-computed SHA256 hash of the request body content; this value should also be set as the header 'X-Amz-Content-SHA256' for non-streaming uploads.- Returns:
- The computed authorization string for the request. This value needs to be set as the header 'Authorization' on the subsequent HTTP request.
-
formatAuthorizationQuery
-
appendQuery
-
createHeaderAuthorization
static Map<String,String> createHeaderAuthorization(S3Config bucketConfig, URL url, String httpMethod, Map<String, String> headers, String bodyHash) Sign headers for given bucket, url and HTTP method and add signature in Authorization header.- Parameters:
bucketConfig
- configuration of S3 storage bucket this request should be signed forurl
- HTTP request URLhttpMethod
- HTTP methodheaders
- HTTP headers to signbodyHash
- Pre-computed SHA256 hash of the request body content; this value should also be set as the header 'X-Amz-Content-SHA256' for non-streaming uploads.- Returns:
- HTTP headers signd by an Authorization header added to the headers
-
formatAuthorizationHeader
-
addHostHeader
-
canonicalizeHeaderNames
-
canonicalizeHeaderString
-
dateStamp
-
dateTimeStampISO8601
-
scope
-
canonicalizeQueryString
-
canonicalRequest
-
canonicalizeResourcePath
-
hash
-
sign
-
stringToSign
-
toHex
-
urlEncode
-
createSignature
-