AWSSignatureV4Signer
Objective-C
@interface AWSSignatureV4Signer : NSObject <AWSNetworkingRequestInterceptor>
@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> _Nonnull credentialsProvider;
- (instancetype _Nonnull)initWithCredentialsProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
endpoint:(AWSEndpoint * _Nonnull)endpoint;
/**
Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as
part of the signed query paramters.
@param credentialsProvider credentials provider to get accessKey, secretKey, and optional sessionKey
@param httpMethod the HTTP method (e.g., "GET", "POST", etc)
@param expireDuration when should the signed URL expire
@param endpoint the endpoint of the service for which the URL is being generated
@param keyPath the request path
@param requestHeaders the headers to sign as part of the request
@param requestParameters the URL parameters to sign
@param signBody if true and the httpMethod is GET, sign an empty string as part of the signature content
@return a task containing the signed URL
*/
+ (AWSTask<NSURL *> * _Nonnull)generateQueryStringForSignatureV4WithCredentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
httpMethod:(AWSHTTPMethod)httpMethod
expireDuration:(int32_t)expireDuration
endpoint:(AWSEndpoint * _Nonnull)endpoint
keyPath:(NSString * _Nullable)keyPath
requestHeaders:(NSDictionary<NSString *, NSString *> * _Nullable)requestHeaders
requestParameters:(NSDictionary<NSString *, id> * _Nullable)requestParameters
signBody:(BOOL)signBody;
/**
Returns a URL signed using the SigV4 algorithm.
This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format
"<service>.<region>.amazonaws.com", so we can't necessarily derive the region and service from the URL.
In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing,
but in practice, callers should use `-[NSDate aws_clockSkewFixedDate]` as this value.
@param request the NSURLRequest to sign
@param credentialsProvider credentials provider to get accessKey, secretKey, and optional sessionKey
@param regionName the string representing the AWS region of the endpoint to be signed.
@param serviceName the name of the AWS service the request is for
@param date the date of the signed credential
@param expireDuration the duration in seconds the signed URL will be valid for
@param signBody if true and the httpMethod is GET, sign an empty string as part of the signature content
@param signSessionToken if true, include the sessionKey returned by the credentialsProvider in the signed payload.
If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters
@return a task containing the signed URL
*/
+ (AWSTask<NSURL *> * _Nonnull)sigV4SignedURLWithRequest:(NSURLRequest * _Nonnull)request
credentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider
regionName:(NSString * _Nonnull)regionName
serviceName:(NSString * _Nonnull)serviceName
date:(NSDate * _Nonnull)date
expireDuration:(int32_t)expireDuration
signBody:(BOOL)signBody
signSessionToken:(BOOL)signSessionToken;
+ (NSString * _Nonnull)getCanonicalizedRequest:(NSString * _Nonnull)method
path:(NSString * _Nonnull)path
query:(NSString * _Nullable)query
headers:(NSDictionary * _Nullable)headers
contentSha256:(NSString * _Nullable)contentSha256;
+ (NSData * _Nonnull)getV4DerivedKey:(NSString * _Nullable)secret
date:(NSString * _Nullable)dateStamp
region:(NSString * _Nullable)regionName
service:(NSString * _Nullable)serviceName;
+ (NSString * _Nonnull)getSignedHeadersString:(NSDictionary * _Nullable)headers;
@end
Swift
class AWSSignatureV4Signer : NSObject, AWSNetworkingRequestInterceptorProtocol
Undocumented
-
Undocumented
Declaration
Objective-C
@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> _Nonnull credentialsProvider
Swift
var credentialsProvider: AWSCredentialsProvider { get }
-
Undocumented
Declaration
Objective-C
- (instancetype _Nonnull)initWithCredentialsProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider endpoint:(AWSEndpoint * _Nonnull)endpoint;
Swift
init(credentialsProvider: AWSCredentialsProvider, endpoint: AWSEndpoint)
-
+generateQueryStringForSignatureV4WithCredentialProvider:
httpMethod: expireDuration: endpoint: keyPath: requestHeaders: requestParameters: signBody: Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as part of the signed query paramters.
Declaration
Objective-C
+ (AWSTask<NSURL *> *_Nonnull) generateQueryStringForSignatureV4WithCredentialProvider: (id<AWSCredentialsProvider> _Nonnull)credentialsProvider httpMethod: (AWSHTTPMethod)httpMethod expireDuration: (int32_t)expireDuration endpoint: (AWSEndpoint *_Nonnull) endpoint keyPath: (NSString *_Nullable) keyPath requestHeaders: (NSDictionary<NSString *, NSString *> *_Nullable)requestHeaders requestParameters: (NSDictionary<NSString *, id> *_Nullable)requestParameters signBody:(BOOL)signBody;
Swift
class func generateQueryStringForSignatureV4(withCredentialProvider credentialsProvider: AWSCredentialsProvider, httpMethod: AWSHTTPMethod, expireDuration: Int32, endpoint: AWSEndpoint, keyPath: String?, requestHeaders: [String : String]?, requestParameters: [String : Any]?, signBody: Bool) -> AWSTask
Parameters
credentialsProvider
credentials provider to get accessKey, secretKey, and optional sessionKey
httpMethod
the HTTP method (e.g., “GET”, “POST”, etc)
expireDuration
when should the signed URL expire
endpoint
the endpoint of the service for which the URL is being generated
keyPath
the request path
requestHeaders
the headers to sign as part of the request
requestParameters
the URL parameters to sign
signBody
if true and the httpMethod is GET, sign an empty string as part of the signature content
Return Value
a task containing the signed URL
-
+sigV4SignedURLWithRequest:
credentialProvider: regionName: serviceName: date: expireDuration: signBody: signSessionToken: Returns a URL signed using the SigV4 algorithm.
This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format “
. .amazonaws.com”, so we can’t necessarily derive the region and service from the URL. In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing, but in practice, callers should use
-[NSDate aws_clockSkewFixedDate]
as this value.Declaration
Objective-C
+ (AWSTask<NSURL *> *_Nonnull) sigV4SignedURLWithRequest:(NSURLRequest *_Nonnull)request credentialProvider: (id<AWSCredentialsProvider> _Nonnull)credentialsProvider regionName:(NSString *_Nonnull)regionName serviceName:(NSString *_Nonnull)serviceName date:(NSDate *_Nonnull)date expireDuration:(int32_t)expireDuration signBody:(BOOL)signBody signSessionToken:(BOOL)signSessionToken;
Swift
class func sigV4SignedURL(with request: URLRequest, credentialProvider credentialsProvider: AWSCredentialsProvider, regionName: String, serviceName: String, date: Date, expireDuration: Int32, signBody: Bool, signSessionToken: Bool) -> AWSTask
Parameters
request
the NSURLRequest to sign
credentialsProvider
credentials provider to get accessKey, secretKey, and optional sessionKey
regionName
the string representing the AWS region of the endpoint to be signed.
serviceName
the name of the AWS service the request is for
date
the date of the signed credential
expireDuration
the duration in seconds the signed URL will be valid for
signBody
if true and the httpMethod is GET, sign an empty string as part of the signature content
signSessionToken
if true, include the sessionKey returned by the credentialsProvider in the signed payload. If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters
Return Value
a task containing the signed URL
-
Undocumented
Declaration
Objective-C
+ (NSString * _Nonnull)getCanonicalizedRequest:(NSString * _Nonnull)method path:(NSString * _Nonnull)path query:(NSString * _Nullable)query headers:(NSDictionary * _Nullable)headers contentSha256:(NSString * _Nullable)contentSha256;
Swift
class func getCanonicalizedRequest(_ method: String, path: String, query: String?, headers: [AnyHashable : Any]?, contentSha256: String?) -> String
-
Undocumented
Declaration
Objective-C
+ (NSData * _Nonnull)getV4DerivedKey:(NSString * _Nullable)secret date:(NSString * _Nullable)dateStamp region:(NSString * _Nullable)regionName service:(NSString * _Nullable)serviceName;
Swift
class func getV4DerivedKey(_ secret: String?, date dateStamp: String?, region regionName: String?, service serviceName: String?) -> Data
-
Undocumented
Declaration
Objective-C
+ (NSString * _Nonnull)getSignedHeadersString:(NSDictionary * _Nullable)headers;
Swift
class func getSignedHeadersString(_ headers: [AnyHashable : Any]?) -> String