Package software.amazon.awssdk.crt.auth.signing

Class AwsSigningConfig

java.lang.Object
software.amazon.awssdk.crt.CrtResource
software.amazon.awssdk.crt.auth.signing.AwsSigningConfig
All Implemented Interfaces:
AutoCloseable
public class AwsSigningConfig extends CrtResource
A class representing configuration related to signing something "signable" (an http request, a body chunk, a stream event) via an AWS signing process.

  • Constructor Details

    • AwsSigningConfig

      public AwsSigningConfig()
      Default constructor

  • Method Details

    • clone

      public AwsSigningConfig clone()
      Creates a new signing configuration from this one.
      Returns:
      a clone of this signing configuration

    • setAlgorithm

      public void setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm algorithm)
      Sets what version of the AWS signing process should be used
      Parameters:
      algorithm - desired version of the AWS signing process

    • getAlgorithm

      public AwsSigningConfig.AwsSigningAlgorithm getAlgorithm()
      Gets what version of the AWS signing procecss will be used
      Returns:
      what version of the AWS signing procecss will be used

    • setSignatureType

      public void setSignatureType(AwsSigningConfig.AwsSignatureType signatureType)
      Sets what sort of signature should be computed
      Parameters:
      signatureType - what kind of signature to compute

    • getSignatureType

      public AwsSigningConfig.AwsSignatureType getSignatureType()
      Gets what kind of signature will be computed
      Returns:
      what kind of signature will be computed

    • setRegion

      public void setRegion(String region)
      Sets what to use for region when signing. Depending on the algorithm, this may not be an actual region name and so no validation is done on this parameter. In sigv4a, this value is used for the "region-set" concept.
      Parameters:
      region - region value to use when signing

    • getRegion

      public String getRegion()
      Gets what will be used for the region or region-set concept during signing.
      Returns:
      what will be used for the region or region-set concept during signing

    • setService

      public void setService(String service)
      Sets what service signing name to use.
      Parameters:
      service - signing name of the service that this signing calculation should use

    • getService

      public String getService()
      Gets what service signing name will be used
      Returns:
      what service signing name will be used

    • setTime

      public void setTime(long time)
      Sets the point in time that signing should be relative to. Not Instant for Android API level support reasons. Additionally, for http requests, X-Amz-Date will be added to the request using this time point.
      Parameters:
      time - point in time, as milliseconds since epoch, that signing should be relative to

    • getTime

      public long getTime()
      Gets the point in time (in milliseconds since epoch) that signing will be done relative to
      Returns:
      the point in time (in milliseconds since epoch) that signing will be done relative to

    • setCredentialsProvider

      public void setCredentialsProvider(CredentialsProvider credentialsProvider)
      Sets the provider to use to source credentials from before signing.
      Parameters:
      credentialsProvider - provider to retrieve credentials from prior to signing

    • getCredentialsProvider

      public CredentialsProvider getCredentialsProvider()
      Gets the provider to source credentials from before signing
      Returns:
      the provider to source credentials from before signing

    • setCredentials

      public void setCredentials(Credentials credentials)
      Sets the credentials to use for signing. Overrides the provider setting if non-null.
      Parameters:
      credentials - credentials to use for signing

    • getCredentials

      public Credentials getCredentials()
      Gets the credentials to use for signing.
      Returns:
      credentials to use for signing

    • setShouldSignHeader

      public void setShouldSignHeader(Predicate<String> shouldSignHeader)
      Sets a header-name signing predicate filter. Headers that do not pass the filter will not be signed.
      Parameters:
      shouldSignHeader - header-name signing predicate filter

    • getShouldSignHeader

      public Predicate<String> getShouldSignHeader()
      Gets the header-name signing predicate filter to use
      Returns:
      the header-name signing predicate filter to use

    • setUseDoubleUriEncode

      public void setUseDoubleUriEncode(boolean useDoubleUriEncode)
      Sets whether or not signing should uri encode urls as part of canonical request construction. We assume the uri will be encoded once in preparation for transmission. Certain services do not decode before checking signature, requiring us to actually double-encode the uri in the canonical request in order to pass a signature check.
      Parameters:
      useDoubleUriEncode - should signing uri encode urls in the canonical request

    • getUseDoubleUriEncode

      public boolean getUseDoubleUriEncode()
      Gets whether or not signing will uri encode urls during canonical request construction
      Returns:
      whether or not signing will uri encode urls during canonical request construction

    • setShouldNormalizeUriPath

      public void setShouldNormalizeUriPath(boolean shouldNormalizeUriPath)
      Sets whether or not the uri path should be normalized during canonical request construction
      Parameters:
      shouldNormalizeUriPath - whether or not the uri path should be normalized during canonical request construction

    • getShouldNormalizeUriPath

      public boolean getShouldNormalizeUriPath()
      Gets whether or not the uri path should be normalized during canonical request construction
      Returns:
      whether or not the uri path should be normalized during canonical request construction

    • setOmitSessionToken

      public void setOmitSessionToken(boolean omitSessionToken)
      Sets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials. "X-Amz-Security-Token" is added during signing, as a header or query param, when credentials have a session token. If false (the default), this parameter is included in the canonical request. If true, this parameter is still added, but omitted from the canonical request.
      Parameters:
      omitSessionToken - whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials

    • getOmitSessionToken

      public boolean getOmitSessionToken()
      Gets whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials.
      Returns:
      whether or not X-Amz-Session-Token should be added to the canonical request when signing with session credentials

    • setSignedBodyValue

      public void setSignedBodyValue(String signedBodyValue)
      Sets the payload hash override value to use in canonical request construction. If the signed body header type is not set to null, then the designated header will also take on this value. If this value is NULL, then the signer will compute the SHA256 of the body stream and use that instead.
      Parameters:
      signedBodyValue - payload hash override value to use in canonical request construction

    • getSignedBodyValue

      public String getSignedBodyValue()
      Gets the payload hash override to use in canonical request construction.
      Returns:
      the payload hash override to use in canonical request construction

    • setSignedBodyHeader

      public void setSignedBodyHeader(AwsSigningConfig.AwsSignedBodyHeaderType signedBodyHeader)
      Sets what signed body header should hold the payload hash (or override value).
      Parameters:
      signedBodyHeader - what signed body header should hold the payload hash (or override value)

    • getSignedBodyHeader

      public AwsSigningConfig.AwsSignedBodyHeaderType getSignedBodyHeader()
      Gets what signed body header should hold the payload hash (or override value).
      Returns:
      what signed body header should hold the payload hash (or override value)

    • setExpirationInSeconds

      public void setExpirationInSeconds(long expirationInSeconds)
      Sets the expiration time in seconds when using query param signing (pre-signed url). The appropriate query param will be added to the URL when building the canonical and signed requests.
      Parameters:
      expirationInSeconds - time in seconds that a pre-signed url will be valid for

    • getExpirationInSeconds

      public long getExpirationInSeconds()
      Gets the expiration time in seconds to use when signing to make a pre-signed url.
      Returns:
      the expiration time in seconds for a pre-signed url

    • getDefaultS3SigningConfig

      public static AwsSigningConfig getDefaultS3SigningConfig(String region, CredentialsProvider credentialsProvider)
      Helper to get the default signing Config for S3.
      Parameters:
      region - The region to sign with
      credentialsProvider - The provider while signing request.
      Returns:
      the default signing config for S3