AWSSignatureV4Signer Class Reference

Inherits from NSObject
Conforms to AWSNetworkingRequestInterceptor
Declared in AWSSignature.h
AWSSignature.m

+ generateQueryStringForSignatureV4WithCredentialProvider:httpMethod:expireDuration:endpoint:keyPath:requestHeaders:requestParameters:signBody:

Returns a URL signed using the SigV4 algorithm, using the current date, and including the session token (if any) as part of the signed query paramters.

+ (AWSTask<NSURL*> *)generateQueryStringForSignatureV4WithCredentialProvider:(id<AWSCredentialsProvider>)credentialsProvider httpMethod:(AWSHTTPMethod)httpMethod expireDuration:(int32_t)expireDuration endpoint:(AWSEndpoint *)endpoint keyPath:(NSString *)keyPath requestHeaders:(NSDictionary<NSString*,NSString*> *)requestHeaders requestParameters:(NSDictionary<NSString*,id> *)requestParameters signBody:(BOOL)signBody

Parameters

credentialsProvider

credentials provider to get accessKey, secretKey, and optional sessionKey

httpMethod

the HTTP method (e.g., “GET”, “POST”, etc)

expireDuration

when should the signed URL expire

endpoint

the endpoint of the service for which the URL is being generated

keyPath

the request path

requestHeaders

the headers to sign as part of the request

requestParameters

the URL parameters to sign

signBody

if true and the httpMethod is GET, sign an empty string as part of the signature content

Return Value

a task containing the signed URL

Declared In

AWSSignature.h

+ sigV4SignedURLWithRequest:credentialProvider:regionName:serviceName:date:expireDuration:signBody:signSessionToken:

Returns a URL signed using the SigV4 algorithm.

+ (AWSTask<NSURL*> *)sigV4SignedURLWithRequest:(NSURLRequest *_Nonnull)request credentialProvider:(id<AWSCredentialsProvider> _Nonnull)credentialsProvider regionName:(NSString *_Nonnull)regionName serviceName:(NSString *_Nonnull)serviceName date:(NSDate *_Nonnull)date expireDuration:(int32_t)expireDuration signBody:(BOOL)signBody signSessionToken:(BOOL)signSessionToken

Parameters

request

the NSURLRequest to sign

credentialsProvider

credentials provider to get accessKey, secretKey, and optional sessionKey

regionName

the string representing the AWS region of the endpoint to be signed.

serviceName

the name of the AWS service the request is for

date

the date of the signed credential

expireDuration

the duration in seconds the signed URL will be valid for

signBody

if true and the httpMethod is GET, sign an empty string as part of the signature content

signSessionToken

if true, include the sessionKey returned by the credentialsProvider in the signed payload. If false, appends the X-AMZ-Security-Token to the end of the signed URL request parameters

Return Value

a task containing the signed URL

Discussion

This method requires both regionName and serviceName, because not all AWS service endpoints have the URL format “..amazonaws.com”, so we can’t necessarily derive the region and service from the URL.

In addition, the method requires the caller to specify a date to use for the signing. This allows for ease of testing, but in practice, callers should use -[NSDate aws_clockSkewFixedDate] as this value.

Declared In

AWSSignature.h