Package software.amazon.awssdk.crt.auth.signing

Class AwsSigningConfig

  • All Implemented Interfaces:
    AutoCloseable
    public class AwsSigningConfig
extends CrtResource
    A class representing configuration related to signing something "signable" (an http request, a body chunk, a stream event) via an AWS signing process.

    • Constructor Detail

      • AwsSigningConfig

        public AwsSigningConfig()
        Default constructor

    • Method Detail

      • clone

        public AwsSigningConfig clone()
        Creates a new signing configuration from this one.
        Returns:
        a clone of this signing configuration

      • setAlgorithm

        public void setAlgorithm​(AwsSigningConfig.AwsSigningAlgorithm algorithm)
        Sets what version of the AWS signing process should be used
        Parameters:
        algorithm - desired version of the AWS signing process

      • getAlgorithm

        public AwsSigningConfig.AwsSigningAlgorithm getAlgorithm()
        Gets what version of the AWS signing procecss will be used
        Returns:
        what version of the AWS signing procecss will be used

      • setSignatureType

        public void setSignatureType​(AwsSigningConfig.AwsSignatureType signatureType)
        Sets what sort of signature should be computed
        Parameters:
        signatureType - what kind of signature to compute

      • getSignatureType

        public AwsSigningConfig.AwsSignatureType getSignatureType()
        Gets what kind of signature will be computed
        Returns:
        what kind of signature will be computed

      • setRegion

        public void setRegion​(String region)
        Sets what to use for region when signing. Depending on the algorithm, this may not be an actual region name and so no validation is done on this parameter. In sigv4a, this value is used for the "region-set" concept.
        Parameters:
        region - region value to use when signing

      • getRegion

        public String getRegion()
        Gets what will be used for the region or region-set concept during signing.
        Returns:
        what will be used for the region or region-set concept during signing

      • setService

        public void setService​(String service)
        Sets what service signing name to use.
        Parameters:
        service - signing name of the service that this signing calculation should use

      • getService

        public String getService()
        Gets what service signing name will be used
        Returns:
        what service signing name will be used

      • setTime

        public void setTime​(long time)
        Sets the point in time that signing should be relative to. Not Instant for Android API level support reasons. Additionally, for http requests, X-Amz-Date will be added to the request using this time point.
        Parameters:
        time - point in time, as milliseconds since epoch, that signing should be relative to

      • getTime

        public long getTime()
        Gets the point in time (in milliseconds since epoch) that signing will be done relative to
        Returns:
        the point in time (in milliseconds since epoch) that signing will be done relative to

      • setCredentialsProvider

        public void setCredentialsProvider​(CredentialsProvider credentialsProvider)
        Sets the provider to use to source credentials from before signing.
        Parameters:
        credentialsProvider - provider to retrieve credentials from prior to signing

      • getCredentialsProvider

        public CredentialsProvider getCredentialsProvider()
        Gets the provider to source credentials from before signing
        Returns:
        the provider to source credentials from before signing

      • setCredentials

        public void setCredentials​(Credentials credentials)
        Sets the credentials to use for signing. Overrides the provider setting if non-null.
        Parameters:
        credentials - credentials to use for signing

      • getCredentials

        public Credentials getCredentials()
        Gets the credentials to use for signing.
        Returns:
        credentials to use for signing

      • setShouldSignHeader

        public void setShouldSignHeader​(Predicate<String> shouldSignHeader)
        Sets a header-name signing predicate filter. Headers that do not pass the filter will not be signed.
        Parameters:
        shouldSignHeader - header-name signing predicate filter

      • getShouldSignHeader

        public Predicate<String> getShouldSignHeader()
        Gets the header-name signing predicate filter to use
        Returns:
        the header-name signing predicate filter to use

      • setUseDoubleUriEncode

        public void setUseDoubleUriEncode​(boolean useDoubleUriEncode)
        Sets whether or not signing should uri encode urls as part of canonical request construction. We assume the uri will be encoded once in preparation for transmission. Certain services do not decode before checking signature, requiring us to actually double-encode the uri in the canonical request in order to pass a signature check.
        Parameters:
        useDoubleUriEncode - should signing uri encode urls in the canonical request

      • getUseDoubleUriEncode

        public boolean getUseDoubleUriEncode()
        Gets whether or not signing will uri encode urls during canonical request construction
        Returns:
        whether or not signing will uri encode urls during canonical request construction

      • setShouldNormalizeUriPath

        public void setShouldNormalizeUriPath​(boolean shouldNormalizeUriPath)
        Sets whether or not the uri path should be normalized during canonical request construction
        Parameters:
        shouldNormalizeUriPath - whether or not the uri path should be normalized during canonical request construction

      • getShouldNormalizeUriPath

        public boolean getShouldNormalizeUriPath()
        Gets whether or not the uri path should be normalized during canonical request construction
        Returns:
        whether or not the uri path should be normalized during canonical request construction

      • setOmitSessionToken

        public void setOmitSessionToken​(boolean omitSessionToken)
        Sets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials. "X-Amz-Security-Token" is added during signing, as a header or query param, when credentials have a session token. If false (the default), this parameter is included in the canonical request. If true, this parameter is still added, but omitted from the canonical request.
        Parameters:
        omitSessionToken - whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials

      • getOmitSessionToken

        public boolean getOmitSessionToken()
        Gets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials.
        Returns:
        whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials

      • setSignedBodyValue

        public void setSignedBodyValue​(String signedBodyValue)
        Sets the payload hash override value to use in canonical request construction. If the signed body header type is not set to null, then the designated header will also take on this value. If this value is NULL, then the signer will compute the SHA256 of the body stream and use that instead.
        Parameters:
        signedBodyValue - payload hash override value to use in canonical request construction

      • getSignedBodyValue

        public String getSignedBodyValue()
        Gets the payload hash override to use in canonical request construction.
        Returns:
        the payload hash override to use in canonical request construction

      • setSignedBodyHeader

        public void setSignedBodyHeader​(AwsSigningConfig.AwsSignedBodyHeaderType signedBodyHeader)
        Sets what signed body header should hold the payload hash (or override value).
        Parameters:
        signedBodyHeader - what signed body header should hold the payload hash (or override value)

      • getSignedBodyHeader

        public AwsSigningConfig.AwsSignedBodyHeaderType getSignedBodyHeader()
        Gets what signed body header should hold the payload hash (or override value).
        Returns:
        what signed body header should hold the payload hash (or override value)

      • setExpirationInSeconds

        public void setExpirationInSeconds​(long expirationInSeconds)
        Sets the expiration time in seconds when using query param signing (pre-signed url). The appropriate query param will be added to the URL when building the canonical and signed requests.
        Parameters:
        expirationInSeconds - time in seconds that a pre-signed url will be valid for

      • getExpirationInSeconds

        public long getExpirationInSeconds()
        Gets the expiration time in seconds to use when signing to make a pre-signed url.
        Returns:
        the expiration time in seconds for a pre-signed url

      • getDefaultS3SigningConfig

        public static AwsSigningConfig getDefaultS3SigningConfig​(String region,
                                                         CredentialsProvider credentialsProvider)
        Helper to get the default signing Config for S3.
        Parameters:
        region - The region to sign with
        credentialsProvider - The provider while signing request.
        Returns:
        the default signing config for S3