1 // 2 // Copyright 2020 gRPC authors. 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_REQUEST_SIGNER_H 18 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_REQUEST_SIGNER_H 19 20 #include <grpc/support/port_platform.h> 21 22 #include <map> 23 #include <string> 24 25 #include "src/core/lib/iomgr/error.h" 26 #include "src/core/lib/uri/uri_parser.h" 27 28 namespace grpc_core { 29 30 // Implements an AWS API request signer based on the AWS Signature Version 4 31 // signing process. 32 // https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html 33 // To retrieve the subject token in AwsExternalAccountCredentials, we need to 34 // sign an AWS request server and use the signed request as the subject token. 35 // This class is a utility to sign an AWS request. 36 class AwsRequestSigner { 37 public: 38 // Construct a signer with the necessary information to sign a request. 39 // `access_key_id`, `secret_access_key` and `token` are the AWS credentials 40 // required for signing. `method` and `url` are the HTTP method and url of the 41 // request. `region` is the region of the AWS environment. `request_payload` 42 // is the payload of the HTTP request. `additional_headers` are additional 43 // headers to be inject into the request. 44 AwsRequestSigner(std::string access_key_id, std::string secret_access_key, 45 std::string token, std::string method, std::string url, 46 std::string region, std::string request_payload, 47 std::map<std::string, std::string> additional_headers, 48 grpc_error** error); 49 50 // This method triggers the signing process then returns the headers of the 51 // signed request as a map. In case there is an error, the input `error` 52 // parameter will be updated and an empty map will be returned if there is 53 // error. 54 std::map<std::string, std::string> GetSignedRequestHeaders(); 55 56 private: 57 std::string access_key_id_; 58 std::string secret_access_key_; 59 std::string token_; 60 std::string method_; 61 URI url_; 62 std::string region_; 63 std::string request_payload_; 64 std::map<std::string, std::string> additional_headers_; 65 66 std::string static_request_date_; 67 std::map<std::string, std::string> request_headers_; 68 }; 69 70 } // namespace grpc_core 71 72 #endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_REQUEST_SIGNER_H 73