Crate warheadhateus [−] [src]
AWS Signature Generation (AWS Signature Version 4 & Version 2)
AWS Signature Version 4
The Signature Version 4 signing process describes how to add authentication information to
AWS requests. This library provides the ability to generate the auth_header version or the
query_string version of v4 signatures.
AWS Signature Version 2
Some AWS Query APIs don't support v4 signatures yet. You should use Signature Version 2 in
these cases. When configured to use version 2, the library provides the ability to generate the
signature for v2.
Examples
v4 Authorization Header
The String generated here would be sent with the actual request in the Authorization header.
use chrono::UTC; use chrono::offset::TimeZone; use std::io::{self, Write}; use warheadhateus::{AWSAuth, AWSAuthError, hashed_data, HttpRequestMethod, Region, Service}; const EX_STDOUT: &'static str = "Unable to write to stdout!"; const ACCESS_KEY_ID: &'static str = "AKIAIOSFODNN7EXAMPLE"; const DATE_TIME_FMT: &'static str = "%Y%m%dT%H%M%SZ"; const HOST: &'static str = "examplebucket.s3.amazonaws.com"; const SCOPE_DATE: &'static str = "20130524T000000Z"; const SECRET_ACCESS_KEY: &'static str = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"; const URL_1: &'static str = "https://examplebucket.s3.amazonaws.com/test.txt"; const AWS_TEST_1: &'static str = "AWS4-HMAC-SHA256 \ Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,\ SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,\ Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41"; fn run() -> Result<(), AWSAuthError> { let mut auth = try!(AWSAuth::new(URL_1)); let payload_hash = try!(hashed_data(None)); let scope_date = try!(UTC.datetime_from_str(SCOPE_DATE, DATE_TIME_FMT)); auth.set_request_type(HttpRequestMethod::GET); auth.set_payload_hash(&payload_hash); auth.set_date(scope_date); auth.set_service(Service::S3); auth.set_access_key_id(ACCESS_KEY_ID); auth.set_secret_access_key(SECRET_ACCESS_KEY); auth.set_region(Region::UsEast1); auth.add_header("HOST", HOST); auth.add_header("x-amz-content-sha256", &payload_hash); auth.add_header("x-amz-date", SCOPE_DATE); auth.add_header("Range", "bytes=0-9"); let ah = try!(auth.auth_header()); assert!(ah == AWS_TEST_1); writeln!(io::stdout(), "\x1b[32;1m{}\x1b[0m{}", "Authorization: ", ah).expect(EX_STDOUT); Ok(()) } env_logger::init().expect("Failed to initialize logging!"); run().expect("Failed to generate Authorization header!");
v4 Query String
v2 Signature
Special Modes
AWS S3 Chunked (or Streaming) mode is handled a bit differently than a normal signing request.
See Streaming SIG4 for Amazon docs or s3_multi.rs in the examples directory, but the gist
is:
- Calculate the total content length based on the payload size. Use the
content_lengthfunction to get this value. - Create a seed signature from the headers. Use the
seed_signaturefunction after setting theseedflag to true. - For each chunk, generate a chunk signature. Use the
chunk_signaturefunction to do this. In the case of the first chunk, use theseed_signatureas theprevious_signaturevalue. - Generate the chunk body after the signature. This is what will be streamed. Use the
chunk_bodyfunction to do this. - After the last chunk with data is created, generate a chunk signature and chunk body for a 0-byte payload. This will be the last chunk streamed, and signals the end of your payload.
Structs
| AWSAuth |
Amazon Web Service Authorization Header struct |
| ParseRegionError |
Thrown when a given region cannot be parsed. |
| ParseServiceError |
Thrown when a given service cannot be parsed. |
Enums
| AWSAuthError |
Authentication Error Types |
| HttpRequestMethod |
See RFC7231 |
| Mode |
Amazon S3 Mode of Operation |
| Region |
AWS Region |
| SAM |
Singing Algorithm Moniker |
| Service |
AWS Services |
| SigningVersion |
Amazon AWS Signing Version |
Functions
| hashed_data |
Hash the given data (or an empty string) with SHA256. |
| signed_data |
Sign the given data with the given key (HMAC-SHA256). |
Type Definitions
| AWSAuthResult |
AWS Authentication Header Generation Result. |