/** * Gets S3 secret key. * * @return S3 secret key. */ public String getSecretAccessKey() { return cred.getAWSSecretKey(); }
/** * Computes the name to be used to reference the signing key in the cache. */ private final String computeSigningCacheKeyName(AWSCredentials credentials, AWS4SignerRequestParams signerRequestParams) { final StringBuilder hashKeyBuilder = new StringBuilder( credentials.getAWSSecretKey()); return hashKeyBuilder.append("-") .append(signerRequestParams.getRegionName()) .append("-") .append(signerRequestParams.getServiceName()).toString(); }
public String getSecretAccessKey() { return iamCredProvider.getCredentials().getAWSSecretKey(); }
public Profile(String profileName, AWSCredentials awsCredentials) { Map<String, String> properties = new LinkedHashMap<String, String>(); properties.put(ProfileKeyConstants.AWS_ACCESS_KEY_ID, awsCredentials.getAWSAccessKeyId()); properties.put(ProfileKeyConstants.AWS_SECRET_ACCESS_KEY, awsCredentials.getAWSSecretKey()); if (awsCredentials instanceof AWSSessionCredentials) { AWSSessionCredentials sessionCred = (AWSSessionCredentials)awsCredentials; properties.put(ProfileKeyConstants.AWS_SESSION_TOKEN, sessionCred.getSessionToken()); } this.profileName = profileName; this.properties = properties; this.awsCredentials = new StaticCredentialsProvider(awsCredentials); }
@Override public AWSCredentials getCredentials() { if (reuseLastProvider && lastUsedProvider != null) { return lastUsedProvider.getCredentials(); } List<String> exceptionMessages = null; for (AWSCredentialsProvider provider : credentialsProviders) { try { AWSCredentials credentials = provider.getCredentials(); if (credentials.getAWSAccessKeyId() != null && credentials.getAWSSecretKey() != null) { log.debug("Loading credentials from " + provider.toString()); lastUsedProvider = provider; return credentials; } } catch (Exception e) { // Ignore any exceptions and move onto the next provider String message = provider + ": " + e.getMessage(); log.debug("Unable to load credentials from " + message); if (exceptionMessages == null) { exceptionMessages = new LinkedList<String>(); } exceptionMessages.add(message); } } throw new SdkClientException("Unable to load AWS credentials from any provider in the chain: " + exceptionMessages); }
private void init() { if(StringUtils.isEmpty(creds.getAWSAccessKeyId())){ throw new AmazonClientException("could not get aws access key from system properties"); } if(StringUtils.isEmpty(creds.getAWSSecretKey())){ throw new AmazonClientException("could not get aws secret key from system properties"); } }
/** * Generates a new signing key from the given parameters and returns it. */ protected byte[] newSigningKey(AWSCredentials credentials, String dateStamp, String regionName, String serviceName) { byte[] kSecret = ("AWS4" + credentials.getAWSSecretKey()) .getBytes(Charset.forName("UTF-8")); byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); return sign(AWS4_TERMINATOR, kService, SigningAlgorithm.HmacSHA256); } }
synchronized (credentials) { accessKeyId = credentials.getAWSAccessKeyId(); secretKey = credentials.getAWSSecretKey(); if ( credentials instanceof AWSSessionCredentials ) { token = ((AWSSessionCredentials) credentials).getSessionToken();
public void sign(SignableRequest<?> request, AWSCredentials credentials) throws SdkClientException { AWSCredentials sanitizedCredentials = sanitizeCredentials(credentials); if ( sanitizedCredentials instanceof AWSSessionCredentials ) { addSessionCredentials(request, (AWSSessionCredentials) sanitizedCredentials); } String expirationInSeconds = Long.toString(expiration.getTime() / 1000L); String canonicalString = RestUtils.makeS3CanonicalString( httpVerb, resourcePath, request, expirationInSeconds); String signature = super.signAndBase64Encode(canonicalString, sanitizedCredentials.getAWSSecretKey(), SigningAlgorithm.HmacSHA1); request.addParameter("AWSAccessKeyId", sanitizedCredentials.getAWSAccessKeyId()); request.addParameter("Expires", expirationInSeconds); request.addParameter("Signature", signature); }
StringBuilder awsKey = new StringBuilder(); awsKey.append(awsCredentials.getAWSAccessKeyId()); awsSecretKey = awsCredentials.getAWSSecretKey(); if (awsCredentials instanceof AWSSessionCredentials) { AWSSessionCredentials sessionCreds = (AWSSessionCredentials) awsCredentials;
if (credentials == null || credentials.getAWSSecretKey() == null) { log.debug("Canonical string will not be signed, as no AWS Secret Key was provided"); return; sanitizedCredentials.getAWSSecretKey(), SigningAlgorithm.HmacSHA1); request.addHeader("Authorization",
sanitizedCredentials.getAWSSecretKey(), algorithm);
sanitizedCredentials.getAWSSecretKey(), algorithm); request.addParameter("Signature", signatureValue);
/** * Computes the name to be used to reference the signing key in the cache. */ private final String computeSigningCacheKeyName(AWSCredentials credentials, AWS4SignerRequestParams signerRequestParams) { final StringBuilder hashKeyBuilder = new StringBuilder( credentials.getAWSSecretKey()); return hashKeyBuilder.append("-") .append(signerRequestParams.getRegionName()) .append("-") .append(signerRequestParams.getServiceName()).toString(); }
public Profile(String profileName, AWSCredentials awsCredentials) { Map<String, String> properties = new LinkedHashMap<String, String>(); properties.put(ProfileKeyConstants.AWS_ACCESS_KEY_ID, awsCredentials.getAWSAccessKeyId()); properties.put(ProfileKeyConstants.AWS_SECRET_ACCESS_KEY, awsCredentials.getAWSSecretKey()); if (awsCredentials instanceof AWSSessionCredentials) { AWSSessionCredentials sessionCred = (AWSSessionCredentials)awsCredentials; properties.put(ProfileKeyConstants.AWS_SESSION_TOKEN, sessionCred.getSessionToken()); } this.profileName = profileName; this.properties = properties; this.awsCredentials = new StaticCredentialsProvider(awsCredentials); }
/** * Generates a new signing key from the given parameters and returns it. */ protected byte[] newSigningKey(AWSCredentials credentials, String dateStamp, String regionName, String serviceName) { byte[] kSecret = ("AWS4" + credentials.getAWSSecretKey()) .getBytes(Charset.forName("UTF-8")); byte[] kDate = sign(dateStamp, kSecret, SigningAlgorithm.HmacSHA256); byte[] kRegion = sign(regionName, kDate, SigningAlgorithm.HmacSHA256); byte[] kService = sign(serviceName, kRegion, SigningAlgorithm.HmacSHA256); return sign(AWS4_TERMINATOR, kService, SigningAlgorithm.HmacSHA256); } }
/** * The SigV4 signing key is made up by consecutively hashing a number of unique pieces of data. * @param dateStamp the current date in short date format. * @param regionName AWS region name. * @param serviceName service name for IoT service. * @param credentials AWS credential set to be used in signing. * @return byte array containing the SigV4 signing key. */ private byte[] getSigningKey(String dateStamp, String regionName, String serviceName, AWSCredentials credentials) { // AWS4 uses a series of derived keys, formed by hashing different pieces of data byte[] signingSecret = (KEY_PREFIX + credentials.getAWSSecretKey()).getBytes(); byte[] signingDate = sign(dateStamp, signingSecret, SigningAlgorithm.HmacSHA256); byte[] signingRegion = sign(regionName, signingDate, SigningAlgorithm.HmacSHA256); byte[] signingService = sign(serviceName, signingRegion, SigningAlgorithm.HmacSHA256); return sign(TERMINATOR, signingService, SigningAlgorithm.HmacSHA256); }
private void verifyCredentialsMocks() { verify(credentialsProvider).getCredentials(); verify(credentials).getAWSAccessKeyId(); verify(credentials).getAWSSecretKey(); }
@Override public AWSCredentials getCredentials() { if (reuseLastProvider && lastUsedProvider != null) { return lastUsedProvider.getCredentials(); } for (AWSCredentialsProvider provider : credentialsProviders) { try { AWSCredentials credentials = provider.getCredentials(); if (credentials.getAWSAccessKeyId() != null && credentials.getAWSSecretKey() != null) { log.debug("Loading credentials from " + provider.toString()); lastUsedProvider = provider; return credentials; } } catch (Exception e) { // Ignore any exceptions and move onto the next provider log.debug("Unable to load credentials from " + provider.toString() + ": " + e.getMessage()); } } throw new AmazonClientException( "Unable to load AWS credentials from any provider in the chain"); }
@Override public void sign(Request<?> request, AWSCredentials credentials) { AWSCredentials sanitizedCredentials = sanitizeCredentials(credentials); if (sanitizedCredentials instanceof AWSSessionCredentials) { addSessionCredentials(request, (AWSSessionCredentials) sanitizedCredentials); } String expirationInSeconds = Long.toString(expiration.getTime() / TIME_TO_SECONDS); String canonicalString = RestUtils.makeS3CanonicalString( httpVerb, resourcePath, request, expirationInSeconds); String signature = super.signAndBase64Encode(canonicalString, sanitizedCredentials.getAWSSecretKey(), SigningAlgorithm.HmacSHA1); request.addParameter("AWSAccessKeyId", sanitizedCredentials.getAWSAccessKeyId()); request.addParameter("Expires", expirationInSeconds); request.addParameter("Signature", signature); }