module Network.AWS.Sign.V4
( V4 (..)
, v4
) where
import Control.Applicative
import Control.Lens
import qualified Data.CaseInsensitive as CI
import Data.Monoid
import Network.AWS.Data.Body
import Network.AWS.Data.ByteString
import Network.AWS.Data.Headers
import Network.AWS.Data.Query
import Network.AWS.Data.Time
import Network.AWS.Request
import Network.AWS.Sign.V4.Base
import Network.AWS.Sign.V4.Chunked
import Network.AWS.Types
import Prelude
default (ByteString)
v4 :: Signer
v4 = Signer sign presign
presign :: Seconds -> Algorithm a
presign ex rq a r ts = signRequest meta mempty auth
where
auth = queryString <>~ ("&X-Amz-Signature=" <> toBS (metaSignature meta))
meta = signMetadata a r ts presigner digest (prepare rq)
presigner c shs =
pair (CI.original hAMZAlgorithm) algorithm
. pair (CI.original hAMZCredential) (toBS c)
. pair (CI.original hAMZDate) (Time ts :: AWSTime)
. pair (CI.original hAMZExpires) ex
. pair (CI.original hAMZSignedHeaders) (toBS shs)
. pair (CI.original hAMZToken) (toBS <$> _authToken a)
digest = Tag "UNSIGNED-PAYLOAD"
prepare = rqHeaders .~ []
sign :: Algorithm a
sign rq a r ts =
case _rqBody rq of
Chunked x -> chunked x rq a r ts
Hashed x -> hashed x rq a r ts
hashed :: HashedBody -> Algorithm a
hashed x rq a r ts =
let (meta, auth) = base (Tag (sha256Base16 x)) rq a r ts
in signRequest meta (toRequestBody (Hashed x)) auth