AWSSignatureV4Signer

Objective-C

@interface AWSSignatureV4Signer : NSObject <AWSNetworkingRequestInterceptor>

@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> _Nonnull credentialsProvider;

- (instancetype _Nonnull)initWithCredentialsProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                   endpoint:(AWSEndpoint * _Nonnull)endpoint;

/**
 Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as
 part of the signed query paramters.

 @param credentialsProvider credentials provider to get accessKey, secretKey, and optional sessionKey
 @param httpMethod the HTTP method (e.g., "GET", "POST", etc)
 @param expireDuration when should the signed URL expire
 @param endpoint the endpoint of the service for which the URL is being generated
 @param keyPath the request path
 @param requestHeaders the headers to sign as part of the request
 @param requestParameters the URL parameters to sign
 @param signBody if true and the httpMethod is GET, sign an empty string as part of the signature content
 @return a task containing the signed URL
 */
+ (AWSTask<NSURL *> * _Nonnull)generateQueryStringForSignatureV4WithCredentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                                                            httpMethod:(AWSHTTPMethod)httpMethod
                                                                        expireDuration:(int32_t)expireDuration
                                                                              endpoint:(AWSEndpoint * _Nonnull)endpoint
                                                                               keyPath:(NSString * _Nullable)keyPath
                                                                        requestHeaders:(NSDictionary<NSString *, NSString *> * _Nullable)requestHeaders
                                                                     requestParameters:(NSDictionary<NSString *, id> * _Nullable)requestParameters
                                                                              signBody:(BOOL)signBody;

/**
 Returns a URL signed using the SigV4 algorithm.

 This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format
 "<service>.<region>.amazonaws.com", so we can't necessarily derive the region and service from the URL.

 In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing,
 but in practice, callers should use `-[NSDate aws_clockSkewFixedDate]` as this value.

 @param request the NSURLRequest to sign
 @param credentialsProvider credentials provider to get accessKey, secretKey, and optional sessionKey
 @param regionName the string representing the AWS region of the endpoint to be signed.
 @param serviceName the name of the AWS service the request is for
 @param date the date of the signed credential
 @param expireDuration the duration in seconds the signed URL will be valid for
 @param signBody if true and the httpMethod is GET, sign an empty string as part of the signature content
 @param signSessionToken if true, include the sessionKey returned by the credentialsProvider in the signed payload.
        If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters
 @return a task containing the signed URL
 */
+ (AWSTask<NSURL *> * _Nonnull)sigV4SignedURLWithRequest:(NSURLRequest * _Nonnull)request
                                      credentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                              regionName:(NSString * _Nonnull)regionName
                                             serviceName:(NSString * _Nonnull)serviceName
                                                    date:(NSDate * _Nonnull)date
                                          expireDuration:(int32_t)expireDuration
                                                signBody:(BOOL)signBody
                                        signSessionToken:(BOOL)signSessionToken;

+ (NSString * _Nonnull)getCanonicalizedRequest:(NSString * _Nonnull)method
                                 path:(NSString * _Nonnull)path
                                query:(NSString * _Nullable)query
                              headers:(NSDictionary * _Nullable)headers
                        contentSha256:(NSString * _Nullable)contentSha256;

+ (NSData * _Nonnull)getV4DerivedKey:(NSString * _Nullable)secret
                       date:(NSString * _Nullable)dateStamp
                     region:(NSString * _Nullable)regionName
                    service:(NSString * _Nullable)serviceName;

+ (NSString * _Nonnull)getSignedHeadersString:(NSDictionary * _Nullable)headers;

@end

Swift

class AWSSignatureV4Signer : NSObject, AWSNetworkingRequestInterceptorProtocol

Undocumented


                    
                    
                    credentialsProvider

Undocumented

Declaration

Objective-C

@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> _Nonnull credentialsProvider

Swift

var credentialsProvider: AWSCredentialsProvider { get }


                    
                    
                    -initWithCredentialsProvider:endpoint:

Undocumented

Declaration

Objective-C

- (instancetype _Nonnull)initWithCredentialsProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                   endpoint:(AWSEndpoint * _Nonnull)endpoint;

Swift

init(credentialsProvider: AWSCredentialsProvider, endpoint: AWSEndpoint)


                    
                    
                    +generateQueryStringForSignatureV4WithCredentialProvider:httpMethod:expireDuration:endpoint:keyPath:requestHeaders:requestParameters:signBody:

Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as part of the signed query paramters.

Declaration

Objective-C

+ (AWSTask<NSURL *> *_Nonnull)
    generateQueryStringForSignatureV4WithCredentialProvider:
        (id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                                 httpMethod:
                                                     (AWSHTTPMethod)httpMethod
                                             expireDuration:
                                                 (int32_t)expireDuration
                                                   endpoint:
                                                       (AWSEndpoint *_Nonnull)
                                                           endpoint
                                                    keyPath:
                                                        (NSString *_Nullable)
                                                            keyPath
                                             requestHeaders:
                                                 (NSDictionary<NSString *,
                                                               NSString *>
                                                      *_Nullable)requestHeaders
                                          requestParameters:
                                              (NSDictionary<NSString *, id>
                                                   *_Nullable)requestParameters
                                                   signBody:(BOOL)signBody;

Swift

class func generateQueryStringForSignatureV4(withCredentialProvider credentialsProvider: AWSCredentialsProvider, httpMethod: AWSHTTPMethod, expireDuration: Int32, endpoint: AWSEndpoint, keyPath: String?, requestHeaders: [String : String]?, requestParameters: [String : Any]?, signBody: Bool) -> AWSTask

Parameters

`credentialsProvider`	credentials provider to get accessKey, secretKey, and optional sessionKey
`httpMethod`	the HTTP method (e.g., “GET”, “POST”, etc)
`expireDuration`	when should the signed URL expire
`endpoint`	the endpoint of the service for which the URL is being generated
`keyPath`	the request path
`requestHeaders`	the headers to sign as part of the request
`requestParameters`	the URL parameters to sign
`signBody`	if true and the httpMethod is GET, sign an empty string as part of the signature content

Return Value

a task containing the signed URL


                    
                    
                    +sigV4SignedURLWithRequest:credentialProvider:regionName:serviceName:date:expireDuration:signBody:signSessionToken:

Returns a URL signed using the SigV4 algorithm.

This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format “..amazonaws.com”, so we can’t necessarily derive the region and service from the URL.

In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing, but in practice, callers should use -[NSDate aws_clockSkewFixedDate] as this value.

Declaration

Objective-C

+ (AWSTask<NSURL *> *_Nonnull)
    sigV4SignedURLWithRequest:(NSURLRequest *_Nonnull)request
           credentialProvider:
               (id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                   regionName:(NSString *_Nonnull)regionName
                  serviceName:(NSString *_Nonnull)serviceName
                         date:(NSDate *_Nonnull)date
               expireDuration:(int32_t)expireDuration
                     signBody:(BOOL)signBody
             signSessionToken:(BOOL)signSessionToken;

Swift

class func sigV4SignedURL(with request: URLRequest, credentialProvider credentialsProvider: AWSCredentialsProvider, regionName: String, serviceName: String, date: Date, expireDuration: Int32, signBody: Bool, signSessionToken: Bool) -> AWSTask

Parameters

`request`	the NSURLRequest to sign
`credentialsProvider`	credentials provider to get accessKey, secretKey, and optional sessionKey
`regionName`	the string representing the AWS region of the endpoint to be signed.
`serviceName`	the name of the AWS service the request is for
`date`	the date of the signed credential
`expireDuration`	the duration in seconds the signed URL will be valid for
`signBody`	if true and the httpMethod is GET, sign an empty string as part of the signature content
`signSessionToken`	if true, include the sessionKey returned by the credentialsProvider in the signed payload. If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters

Return Value

a task containing the signed URL


                    
                    
                    +getCanonicalizedRequest:path:query:headers:contentSha256:

Undocumented

Declaration

Objective-C

+ (NSString * _Nonnull)getCanonicalizedRequest:(NSString * _Nonnull)method
                                 path:(NSString * _Nonnull)path
                                query:(NSString * _Nullable)query
                              headers:(NSDictionary * _Nullable)headers
                        contentSha256:(NSString * _Nullable)contentSha256;

Swift

class func getCanonicalizedRequest(_ method: String, path: String, query: String?, headers: [AnyHashable : Any]?, contentSha256: String?) -> String


                    
                    
                    +getV4DerivedKey:date:region:service:

Undocumented

Declaration

Objective-C

+ (NSData * _Nonnull)getV4DerivedKey:(NSString * _Nullable)secret
                       date:(NSString * _Nullable)dateStamp
                     region:(NSString * _Nullable)regionName
                    service:(NSString * _Nullable)serviceName;

Swift

class func getV4DerivedKey(_ secret: String?, date dateStamp: String?, region regionName: String?, service serviceName: String?) -> Data


                    
                    
                    +getSignedHeadersString:

Undocumented

Declaration

Objective-C

+ (NSString * _Nonnull)getSignedHeadersString:(NSDictionary * _Nullable)headers;

Swift

class func getSignedHeadersString(_ headers: [AnyHashable : Any]?) -> String