Crate warheadhateus [−] [src]
AWS Signature Generation (AWS Signature Version 4 & Version 2)
AWS Signature Version 4
The Signature Version 4 signing process describes how to add authentication information to
AWS requests. This library provides the ability to generate the auth_header
version or the
query_string
version of v4 signatures.
AWS Signature Version 2
Some AWS Query APIs don't support v4 signatures yet. You should use Signature Version 2 in
these cases. When configured to use version 2, the library provides the ability to generate the
signature
for v2.
Examples
v4 Authorization Header
The String generated here would be sent with the actual request in the Authorization
header.
use chrono::UTC; use chrono::offset::TimeZone; use std::io::{self, Write}; use warheadhateus::{AWSAuth, AWSAuthError, hashed_data, HttpRequestMethod, Region, Service}; const EX_STDOUT: &'static str = "Unable to write to stdout!"; const ACCESS_KEY_ID: &'static str = "AKIAIOSFODNN7EXAMPLE"; const DATE_TIME_FMT: &'static str = "%Y%m%dT%H%M%SZ"; const HOST: &'static str = "examplebucket.s3.amazonaws.com"; const SCOPE_DATE: &'static str = "20130524T000000Z"; const SECRET_ACCESS_KEY: &'static str = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"; const URL_1: &'static str = "https://examplebucket.s3.amazonaws.com/test.txt"; const AWS_TEST_1: &'static str = "AWS4-HMAC-SHA256 \ Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,\ SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,\ Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41"; fn run() -> Result<(), AWSAuthError> { let mut auth = try!(AWSAuth::new(URL_1)); let payload_hash = try!(hashed_data(None)); let scope_date = try!(UTC.datetime_from_str(SCOPE_DATE, DATE_TIME_FMT)); auth.set_request_type(HttpRequestMethod::GET); auth.set_payload_hash(&payload_hash); auth.set_date(scope_date); auth.set_service(Service::S3); auth.set_access_key_id(ACCESS_KEY_ID); auth.set_secret_access_key(SECRET_ACCESS_KEY); auth.set_region(Region::UsEast1); auth.add_header("HOST", HOST); auth.add_header("x-amz-content-sha256", &payload_hash); auth.add_header("x-amz-date", SCOPE_DATE); auth.add_header("Range", "bytes=0-9"); let ah = try!(auth.auth_header()); assert!(ah == AWS_TEST_1); writeln!(io::stdout(), "\x1b[32;1m{}\x1b[0m{}", "Authorization: ", ah).expect(EX_STDOUT); Ok(()) } env_logger::init().expect("Failed to initialize logging!"); run().expect("Failed to generate Authorization header!");
v4 Query String
v2 Signature
Special Modes
AWS S3 Chunked (or Streaming) mode is handled a bit differently than a normal signing request.
See Streaming SIG4 for Amazon docs or s3_multi.rs
in the examples directory, but the gist
is:
- Calculate the total content length based on the payload size. Use the
content_length
function to get this value. - Create a seed signature from the headers. Use the
seed_signature
function after setting theseed
flag to true. - For each chunk, generate a chunk signature. Use the
chunk_signature
function to do this. In the case of the first chunk, use theseed_signature
as theprevious_signature
value. - Generate the chunk body after the signature. This is what will be streamed. Use the
chunk_body
function to do this. - After the last chunk with data is created, generate a chunk signature and chunk body for a 0-byte payload. This will be the last chunk streamed, and signals the end of your payload.
Structs
AWSAuth |
Amazon Web Service Authorization Header struct |
ParseRegionError |
Thrown when a given region cannot be parsed. |
ParseServiceError |
Thrown when a given service cannot be parsed. |
Enums
AWSAuthError |
Authentication Error Types |
HttpRequestMethod |
See RFC7231 |
Mode |
Amazon S3 Mode of Operation |
Region |
AWS Region |
SAM |
Singing Algorithm Moniker |
Service |
AWS Services |
SigningVersion |
Amazon AWS Signing Version |
Functions
hashed_data |
Hash the given data (or an empty string) with SHA256. |
signed_data |
Sign the given data with the given key (HMAC-SHA256). |
Type Definitions
AWSAuthResult |
AWS Authentication Header Generation Result. |