Grcov report - sigv4_signer

1

#pragma once

2

3

#include "source/common/singleton/const_singleton.h"

4

#include "source/extensions/common/aws/credentials_provider.h"

5

#include "source/extensions/common/aws/signer_base_impl.h"

6

7

namespace Envoy {

8

namespace Extensions {

9

namespace Common {

10

namespace Aws {

11

12

using SigV4SignatureHeaders = ConstSingleton<SignatureHeaderValues>;

13

14

class SigV4SignatureConstants : public SignatureConstants {

15

public:

16

  static constexpr absl::string_view SigV4AuthorizationHeaderFormat{

17

      "{} Credential={}, SignedHeaders={}, Signature={}"};

18

  static constexpr absl::string_view SigV4CredentialScopeFormat{"{}/{}/{}/aws4_request"};

19

  static constexpr absl::string_view SigV4SignatureVersion{"AWS4"};

20

  static constexpr absl::string_view SigV4StringToSignFormat{"{}\n{}\n{}\n{}"};

21

  static constexpr absl::string_view SigV4Algorithm{"AWS4-HMAC-SHA256"};

22

};

23

24

using AwsSigningHeaderMatcherVector = std::vector<envoy::type::matcher::v3::StringMatcher>;

25

26

/**

27

 * Implementation of the Signature V4 signing process.

28

 * See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html

29

30

 * Query parameter support is implemented as per:

31

 * https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

32

*/

33

class SigV4SignerImpl : public SignerBaseImpl {

34

35

  // Allow friend access for signer corpus testing

36

  friend class SigV4SignerImplFriend;

37

38

public:

39

  SigV4SignerImpl(absl::string_view service_name, absl::string_view region,

40

                  const CredentialsProviderChainSharedPtr& credentials_provider,

41

                  Server::Configuration::CommonFactoryContext& context,

42

                  const AwsSigningHeaderMatcherVector& exclude_matcher_config,

43

                  const AwsSigningHeaderMatcherVector& include_matcher_config,

44

                  const bool query_string = false,

45

                  const uint16_t expiration_time = SignatureQueryParameterValues::DefaultExpiration)

46

266

      : SignerBaseImpl(service_name, region, credentials_provider, context, exclude_matcher_config,

47

266

                       include_matcher_config, query_string, expiration_time) {}

48

49

private:

50

  std::string createCredentialScope(const absl::string_view short_date,

51

                                    const absl::string_view override_region) const override;

52

53

  std::string createStringToSign(const absl::string_view canonical_request,

54

                                 const absl::string_view long_date,

55

                                 const absl::string_view credential_scope) const override;

56

57

  std::string createSignature(ABSL_ATTRIBUTE_UNUSED const absl::string_view access_key_id,

58

                              const absl::string_view secret_access_key,

59

                              const absl::string_view short_date,

60

                              const absl::string_view string_to_sign,

61

                              const absl::string_view override_region) const override;

62

63

  std::string createAuthorizationHeader(const absl::string_view access_key_id,

64

                                        const absl::string_view credential_scope,

65

                                        const std::map<std::string, std::string>& canonical_headers,

66

                                        const absl::string_view signature) const override;

67

68

  absl::string_view getAlgorithmString() const override;

69

};

70

71

} // namespace Aws

72

} // namespace Common

73

} // namespace Extensions

74

} // namespace Envoy