[−][src]Trait aws_sig_verify::AWSSigV4Algorithm

pub trait AWSSigV4Algorithm {
    fn get_canonical_uri_path(
        &self, 
        req: &Request
    ) -> Result<String, SignatureError> { ... }
    fn get_canonical_query_string(
        &self, 
        req: &Request
    ) -> Result<String, SignatureError> { ... }
    fn get_authorization_header_parameters(
        &self, 
        req: &Request
    ) -> Result<HashMap<String, String>, SignatureError> { ... }
    fn get_signed_headers(
        &self, 
        req: &Request
    ) -> Result<BTreeMap<String, Vec<Vec<u8>>>, SignatureError> { ... }
    fn get_request_timestamp(
        &self, 
        req: &Request
    ) -> Result<DateTime<Utc>, SignatureError> { ... }
    fn get_credential_scope(
        &self, 
        req: &Request
    ) -> Result<String, SignatureError> { ... }
    fn get_access_key(&self, req: &Request) -> Result<String, SignatureError> { ... }
    fn get_session_token(
        &self, 
        req: &Request
    ) -> Result<Option<String>, SignatureError> { ... }
    fn get_request_signature(
        &self, 
        req: &Request
    ) -> Result<String, SignatureError> { ... }
    fn get_canonical_request(
        &self, 
        req: &Request
    ) -> Result<Vec<u8>, SignatureError> { ... }
    fn get_body_digest(&self, req: &Request) -> Result<String, SignatureError> { ... }
    fn get_string_to_sign(
        &self, 
        req: &Request
    ) -> Result<Vec<u8>, SignatureError> { ... }
    fn get_expected_signature(
        &self, 
        req: &Request, 
        signing_key_kind: SigningKeyKind, 
        signing_key_fn: SigningKeyFn
    ) -> Result<(Principal, String), SignatureError> { ... }
    fn verify_at(
        &self, 
        req: &Request, 
        signing_key_kind: SigningKeyKind, 
        signing_key_fn: SigningKeyFn, 
        server_timestamp: &DateTime<Utc>, 
        allowed_mismatch: Option<Duration>
    ) -> Result<Principal, SignatureError> { ... }
    fn verify(
        &self, 
        req: &Request, 
        signing_key_kind: SigningKeyKind, 
        signing_key_fn: SigningKeyFn, 
        allowed_mismatch: Option<Duration>
    ) -> Result<Principal, SignatureError> { ... }
}

Trait for calculating various attributes of a SigV4 signature according to variants of the SigV4 algorithm.

Provided methods

`fn get_canonical_uri_path( &self, req: &Request ) -> Result<String, SignatureError>`

The canonicalized URI path for a request.

`fn get_canonical_query_string( &self, req: &Request ) -> Result<String, SignatureError>`

The canonical query string from the query parameters.

This takes the query_string from the request, merges it with the body if the request has a body of type application/x-www-form-urlencoded, and orders the parameters.

`fn get_authorization_header_parameters( &self, req: &Request ) -> Result<HashMap<String, String>, SignatureError>`

The parameters from the Authorization header (only -- not the query parameter). If the Authorization header is not present or is not an AWS SigV4 header, an Err(SignatureError) is returned.

`fn get_signed_headers( &self, req: &Request ) -> Result<BTreeMap<String, Vec<Vec<u8>>>, SignatureError>`

Returns a sorted dictionary containing the signed header names and their values.

`fn get_request_timestamp( &self, req: &Request ) -> Result<DateTime<Utc>, SignatureError>`

The timestamp of the request.

This returns the first value found from:

The X-Amz-Date query parameter.
The X-Amz-Date HTTP header.
The Date HTTP header.

The timestamp should be in ISO 8601 YYYYMMDDTHHMMSSZ format without milliseconds (must per AWS documentation). However, the AWS SigV4 test suite includes a variety of date formats, including RFC 2822, RFC 3339, and ISO 8601. This routine allows all of these formats.

`fn get_credential_scope(&self, req: &Request) -> Result<String, SignatureError>`

The scope of the credentials to use, as calculated by the service's region and name, but using the timestamp of the request.

The result is a string in the form YYYYMMDD/region/service/aws4_request.

`fn get_access_key(&self, req: &Request) -> Result<String, SignatureError>`

The access key used to sign the request.

If the credential scope does not match our expected credential scope, a SignatureError is returned.

`fn get_session_token( &self, req: &Request ) -> Result<Option<String>, SignatureError>`

The session token sent with the access key.

Session tokens are used only for temporary credentials. If a long-term credential was used, the result is Ok(None).

`fn get_request_signature(&self, req: &Request) -> Result<String, SignatureError>`

The signature passed into the request.

`fn get_canonical_request( &self, req: &Request ) -> Result<Vec<u8>, SignatureError>`

The AWS SigV4 canonical request given parameters from the HTTP request, as outlined in the AWS documentation.

The canonical request is:

    request_method + '\n' +
    canonical_uri_path + '\n' +
    canonical_query_string + '\n' +
    signed_headers + '\n' +
    sha256(body).hexdigest()

`fn get_body_digest(&self, req: &Request) -> Result<String, SignatureError>`

The SHA-256 hex digest of the body.

`fn get_string_to_sign(&self, req: &Request) -> Result<Vec<u8>, SignatureError>`

The string to sign for the request.

`fn get_expected_signature( &self, req: &Request, signing_key_kind: SigningKeyKind, signing_key_fn: SigningKeyFn ) -> Result<(Principal, String), SignatureError>`

The principal and expected signature for the request.

`fn verify_at( &self, req: &Request, signing_key_kind: SigningKeyKind, signing_key_fn: SigningKeyFn, server_timestamp: &DateTime<Utc>, allowed_mismatch: Option<Duration> ) -> Result<Principal, SignatureError>`

Verify that the request timestamp is not beyond the allowed timestamp mismatch and that the request signature matches our expected signature.

This version allows you to specify the server timestamp for testing. For normal use, use verify().

`fn verify( &self, req: &Request, signing_key_kind: SigningKeyKind, signing_key_fn: SigningKeyFn, allowed_mismatch: Option<Duration> ) -> Result<Principal, SignatureError>`

Verify that the request timestamp is not beyond the allowed timestamp mismatch and that the request signature matches our expected signature.

Loading content...

Implementors

`impl AWSSigV4Algorithm for AWSSigV4`[src]

Loading content...

[−][src]Trait aws_sig_verify::AWSSigV4Algorithm

Provided methods

fn get_canonical_uri_path( &self, req: &Request) -> Result<String, SignatureError>

fn get_canonical_query_string( &self, req: &Request) -> Result<String, SignatureError>

fn get_authorization_header_parameters( &self, req: &Request) -> Result<HashMap<String, String>, SignatureError>

fn get_signed_headers( &self, req: &Request) -> Result<BTreeMap<String, Vec<Vec<u8>>>, SignatureError>

fn get_request_timestamp( &self, req: &Request) -> Result<DateTime<Utc>, SignatureError>

fn get_credential_scope(&self, req: &Request) -> Result<String, SignatureError>

fn get_access_key(&self, req: &Request) -> Result<String, SignatureError>

fn get_session_token( &self, req: &Request) -> Result<Option<String>, SignatureError>

fn get_request_signature(&self, req: &Request) -> Result<String, SignatureError>

fn get_canonical_request( &self, req: &Request) -> Result<Vec<u8>, SignatureError>

fn get_body_digest(&self, req: &Request) -> Result<String, SignatureError>

fn get_string_to_sign(&self, req: &Request) -> Result<Vec<u8>, SignatureError>

fn get_expected_signature( &self, req: &Request, signing_key_kind: SigningKeyKind, signing_key_fn: SigningKeyFn) -> Result<(Principal, String), SignatureError>

fn verify_at( &self, req: &Request, signing_key_kind: SigningKeyKind, signing_key_fn: SigningKeyFn, server_timestamp: &DateTime<Utc>, allowed_mismatch: Option<Duration>) -> Result<Principal, SignatureError>

fn verify( &self, req: &Request, signing_key_kind: SigningKeyKind, signing_key_fn: SigningKeyFn, allowed_mismatch: Option<Duration>) -> Result<Principal, SignatureError>