AWSSignatureV4Signer

Objective-C

@interface AWSSignatureV4Signer : NSObject <AWSNetworkingRequestInterceptor>

@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> _Nonnull credentialsProvider;

- (instancetype _Nonnull)initWithCredentialsProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                   endpoint:(AWSEndpoint * _Nonnull)endpoint;

/**
 Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as
 part of the signed query paramters.

 @param credentialsProvider credentials provider to get accessKey, secretKey, and optional sessionKey
 @param httpMethod the HTTP method (e.g., "GET", "POST", etc)
 @param expireDuration when should the signed URL expire
 @param endpoint the endpoint of the service for which the URL is being generated
 @param keyPath the request path
 @param requestHeaders the headers to sign as part of the request
 @param requestParameters the URL parameters to sign
 @param signBody if true and the httpMethod is GET, sign an empty string as part of the signature content
 @return a task containing the signed URL
 */
+ (AWSTask<NSURL *> * _Nonnull)generateQueryStringForSignatureV4WithCredentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                                                            httpMethod:(AWSHTTPMethod)httpMethod
                                                                        expireDuration:(int32_t)expireDuration
                                                                              endpoint:(AWSEndpoint * _Nonnull)endpoint
                                                                               keyPath:(NSString * _Nullable)keyPath
                                                                        requestHeaders:(NSDictionary<NSString *, NSString *> * _Nullable)requestHeaders
                                                                     requestParameters:(NSDictionary<NSString *, id> * _Nullable)requestParameters
                                                                              signBody:(BOOL)signBody;

/**
 Returns a URL signed using the SigV4 algorithm.

 This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format
 "<service>.<region>.amazonaws.com", so we can't necessarily derive the region and service from the URL.

 In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing,
 but in practice, callers should use `-[NSDate aws_clockSkewFixedDate]` as this value.

 @param request the NSURLRequest to sign
 @param credentialsProvider credentials provider to get accessKey, secretKey, and optional sessionKey
 @param regionName the string representing the AWS region of the endpoint to be signed.
 @param serviceName the name of the AWS service the request is for
 @param date the date of the signed credential
 @param expireDuration the duration in seconds the signed URL will be valid for
 @param signBody if true and the httpMethod is GET, sign an empty string as part of the signature content
 @param signSessionToken if true, include the sessionKey returned by the credentialsProvider in the signed payload.
        If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters
 @return a task containing the signed URL
 */
+ (AWSTask<NSURL *> * _Nonnull)sigV4SignedURLWithRequest:(NSURLRequest * _Nonnull)request
                                      credentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                              regionName:(NSString * _Nonnull)regionName
                                             serviceName:(NSString * _Nonnull)serviceName
                                                    date:(NSDate * _Nonnull)date
                                          expireDuration:(int32_t)expireDuration
                                                signBody:(BOOL)signBody
                                        signSessionToken:(BOOL)signSessionToken;

+ (NSString * _Nonnull)getCanonicalizedRequest:(NSString * _Nonnull)method
                                 path:(NSString * _Nonnull)path
                                query:(NSString * _Nullable)query
                              headers:(NSDictionary * _Nullable)headers
                        contentSha256:(NSString * _Nullable)contentSha256;

+ (NSData * _Nonnull)getV4DerivedKey:(NSString * _Nullable)secret
                       date:(NSString * _Nullable)dateStamp
                     region:(NSString * _Nullable)regionName
                    service:(NSString * _Nullable)serviceName;

+ (NSString * _Nonnull)getSignedHeadersString:(NSDictionary * _Nullable)headers;

@end

Swift

class AWSSignatureV4Signer : NSObject, AWSNetworkingRequestInterceptorProtocol

Undocumented

  • Undocumented

    Declaration

    Objective-C

    @property (nonatomic, strong, readonly) id<AWSCredentialsProvider> _Nonnull credentialsProvider

    Swift

    var credentialsProvider: AWSCredentialsProvider { get }
  • Undocumented

    Declaration

    Objective-C

    - (instancetype _Nonnull)initWithCredentialsProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                       endpoint:(AWSEndpoint * _Nonnull)endpoint;

    Swift

    init(credentialsProvider: AWSCredentialsProvider, endpoint: AWSEndpoint)
  • Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as part of the signed query paramters.

    Declaration

    Objective-C

    + (AWSTask<NSURL *> *_Nonnull)
        generateQueryStringForSignatureV4WithCredentialProvider:
            (id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                                                     httpMethod:
                                                         (AWSHTTPMethod)httpMethod
                                                 expireDuration:
                                                     (int32_t)expireDuration
                                                       endpoint:
                                                           (AWSEndpoint *_Nonnull)
                                                               endpoint
                                                        keyPath:
                                                            (NSString *_Nullable)
                                                                keyPath
                                                 requestHeaders:
                                                     (NSDictionary<NSString *,
                                                                   NSString *>
                                                          *_Nullable)requestHeaders
                                              requestParameters:
                                                  (NSDictionary<NSString *, id>
                                                       *_Nullable)requestParameters
                                                       signBody:(BOOL)signBody;

    Swift

    class func generateQueryStringForSignatureV4(withCredentialProvider credentialsProvider: AWSCredentialsProvider, httpMethod: AWSHTTPMethod, expireDuration: Int32, endpoint: AWSEndpoint, keyPath: String?, requestHeaders: [String : String]?, requestParameters: [String : Any]?, signBody: Bool) -> AWSTask

    Parameters

    credentialsProvider

    credentials provider to get accessKey, secretKey, and optional sessionKey

    httpMethod

    the HTTP method (e.g., “GET”, “POST”, etc)

    expireDuration

    when should the signed URL expire

    endpoint

    the endpoint of the service for which the URL is being generated

    keyPath

    the request path

    requestHeaders

    the headers to sign as part of the request

    requestParameters

    the URL parameters to sign

    signBody

    if true and the httpMethod is GET, sign an empty string as part of the signature content

    Return Value

    a task containing the signed URL

  • Returns a URL signed using the SigV4 algorithm.

    This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format “..amazonaws.com”, so we can’t necessarily derive the region and service from the URL.

    In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing, but in practice, callers should use -[NSDate aws_clockSkewFixedDate] as this value.

    Declaration

    Objective-C

    + (AWSTask<NSURL *> *_Nonnull)
        sigV4SignedURLWithRequest:(NSURLRequest *_Nonnull)request
               credentialProvider:
                   (id<AWSCredentialsProvider> _Nonnull)credentialsProvider
                       regionName:(NSString *_Nonnull)regionName
                      serviceName:(NSString *_Nonnull)serviceName
                             date:(NSDate *_Nonnull)date
                   expireDuration:(int32_t)expireDuration
                         signBody:(BOOL)signBody
                 signSessionToken:(BOOL)signSessionToken;

    Swift

    class func sigV4SignedURL(with request: URLRequest, credentialProvider credentialsProvider: AWSCredentialsProvider, regionName: String, serviceName: String, date: Date, expireDuration: Int32, signBody: Bool, signSessionToken: Bool) -> AWSTask

    Parameters

    request

    the NSURLRequest to sign

    credentialsProvider

    credentials provider to get accessKey, secretKey, and optional sessionKey

    regionName

    the string representing the AWS region of the endpoint to be signed.

    serviceName

    the name of the AWS service the request is for

    date

    the date of the signed credential

    expireDuration

    the duration in seconds the signed URL will be valid for

    signBody

    if true and the httpMethod is GET, sign an empty string as part of the signature content

    signSessionToken

    if true, include the sessionKey returned by the credentialsProvider in the signed payload. If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters

    Return Value

    a task containing the signed URL

  • Undocumented

    Declaration

    Objective-C

    + (NSString * _Nonnull)getCanonicalizedRequest:(NSString * _Nonnull)method
                                     path:(NSString * _Nonnull)path
                                    query:(NSString * _Nullable)query
                                  headers:(NSDictionary * _Nullable)headers
                            contentSha256:(NSString * _Nullable)contentSha256;

    Swift

    class func getCanonicalizedRequest(_ method: String, path: String, query: String?, headers: [AnyHashable : Any]?, contentSha256: String?) -> String
  • Undocumented

    Declaration

    Objective-C

    + (NSData * _Nonnull)getV4DerivedKey:(NSString * _Nullable)secret
                           date:(NSString * _Nullable)dateStamp
                         region:(NSString * _Nullable)regionName
                        service:(NSString * _Nullable)serviceName;

    Swift

    class func getV4DerivedKey(_ secret: String?, date dateStamp: String?, region regionName: String?, service serviceName: String?) -> Data
  • Undocumented

    Declaration

    Objective-C

    + (NSString * _Nonnull)getSignedHeadersString:(NSDictionary * _Nullable)headers;

    Swift

    class func getSignedHeadersString(_ headers: [AnyHashable : Any]?) -> String