nlansing/DedicatedServerCourse
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lesson 35 - Get Compute Auth Token Working

Browse Source
This commit is contained in:
Norman Lansing
2026-02-28 12:32:28 -05:00
parent 1d477ee42a
commit 4fde462bce
7743 changed files with 1397833 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/auth.h Normal file
View File

@@ -0,0 +1,94 @@
#ifndef AWS_AUTH_AUTH_H
#define AWS_AUTH_AUTH_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/auth/exports.h>
#include <aws/io/logging.h>
#include <aws/sdkutils/sdkutils.h>
AWS_PUSH_SANE_WARNING_LEVEL
#define AWS_C_AUTH_PACKAGE_ID 6
/**
* Auth-specific error codes
*/
enum aws_auth_errors {
AWS_AUTH_PROFILE_PARSE_RECOVERABLE_ERROR = AWS_ERROR_SDKUTILS_PARSE_RECOVERABLE,
AWS_AUTH_PROFILE_PARSE_FATAL_ERROR = AWS_ERROR_SDKUTILS_PARSE_FATAL,
AWS_AUTH_SIGNING_UNSUPPORTED_ALGORITHM = AWS_ERROR_ENUM_BEGIN_RANGE(AWS_C_AUTH_PACKAGE_ID),
AWS_AUTH_SIGNING_MISMATCHED_CONFIGURATION,
AWS_AUTH_SIGNING_NO_CREDENTIALS,
AWS_AUTH_SIGNING_ILLEGAL_REQUEST_QUERY_PARAM,
AWS_AUTH_SIGNING_ILLEGAL_REQUEST_HEADER,
AWS_AUTH_SIGNING_INVALID_CONFIGURATION,
AWS_AUTH_CREDENTIALS_PROVIDER_INVALID_ENVIRONMENT,
AWS_AUTH_CREDENTIALS_PROVIDER_INVALID_DELEGATE,
AWS_AUTH_CREDENTIALS_PROVIDER_PROFILE_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_IMDS_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_STS_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_HTTP_STATUS_FAILURE,
AWS_AUTH_PROVIDER_PARSER_UNEXPECTED_RESPONSE,
AWS_AUTH_CREDENTIALS_PROVIDER_ECS_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_X509_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_PROCESS_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_STS_WEB_IDENTITY_SOURCE_FAILURE,
AWS_AUTH_SIGNING_UNSUPPORTED_SIGNATURE_TYPE,
AWS_AUTH_SIGNING_MISSING_PREVIOUS_SIGNATURE,
AWS_AUTH_SIGNING_INVALID_CREDENTIALS,
AWS_AUTH_CANONICAL_REQUEST_MISMATCH,
AWS_AUTH_SIGV4A_SIGNATURE_VALIDATION_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_COGNITO_SOURCE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_DELEGATE_FAILURE,
AWS_AUTH_SSO_TOKEN_PROVIDER_SOURCE_FAILURE,
AWS_AUTH_SSO_TOKEN_INVALID,
AWS_AUTH_SSO_TOKEN_EXPIRED,
AWS_AUTH_CREDENTIALS_PROVIDER_SSO_SOURCE_FAILURE,
AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE,
AWS_AUTH_PROFILE_STS_CREDENTIALS_PROVIDER_CYCLE_FAILURE,
AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_TOKEN_FILE_PATH,
AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST,
AWS_AUTH_ERROR_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_AUTH_PACKAGE_ID)
};
/**
* Auth-specific logging subjects
*/
enum aws_auth_log_subject {
AWS_LS_AUTH_GENERAL = AWS_LOG_SUBJECT_BEGIN_RANGE(AWS_C_AUTH_PACKAGE_ID),
AWS_LS_AUTH_PROFILE,
AWS_LS_AUTH_CREDENTIALS_PROVIDER,
AWS_LS_AUTH_SIGNING,
AWS_LS_IMDS_CLIENT,
AWS_LS_AUTH_LAST = AWS_LOG_SUBJECT_END_RANGE(AWS_C_AUTH_PACKAGE_ID)
};
AWS_EXTERN_C_BEGIN
/**
* Initializes internal datastructures used by aws-c-auth.
* Must be called before using any functionality in aws-c-auth.
*
* @param allocator memory allocator to use for any module-level memory allocation
*/
AWS_AUTH_API
void aws_auth_library_init(struct aws_allocator *allocator);
/**
* Clean up internal datastructures used by aws-c-auth.
* Must not be called until application is done using functionality in aws-c-auth.
*/
AWS_AUTH_API
void aws_auth_library_clean_up(void);
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_AUTH_AUTH_H */

489
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/aws_imds_client.h Normal file
View File

@@ -0,0 +1,489 @@
#ifndef AWS_AUTH_IMDS_CLIENT_H
#define AWS_AUTH_IMDS_CLIENT_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/auth/auth.h>
#include <aws/auth/credentials.h>
#include <aws/common/array_list.h>
#include <aws/common/date_time.h>
#include <aws/http/connection_manager.h>
#include <aws/io/retry_strategy.h>
AWS_PUSH_SANE_WARNING_LEVEL
typedef void(aws_imds_client_shutdown_completed_fn)(void *user_data);
/**
* Optional callback and user data to be invoked when an imds client has fully shut down
*/
struct aws_imds_client_shutdown_options {
aws_imds_client_shutdown_completed_fn *shutdown_callback;
void *shutdown_user_data;
};
/**
* Configuration options when creating an imds client
*/
struct aws_imds_client_options {
/*
* Completion callback to be invoked when the client has fully shut down
*/
struct aws_imds_client_shutdown_options shutdown_options;
/*
* Client bootstrap to use when this client makes network connections
*/
struct aws_client_bootstrap *bootstrap;
/*
* Retry strategy instance that governs how failed requests are retried
*/
struct aws_retry_strategy *retry_strategy;
/*
* What version of the imds protocol to use
*
* Defaults to IMDS_PROTOCOL_V2
*/
enum aws_imds_protocol_version imds_version;
/*
* If true, fallback from v2 to v1 will be disabled for all cases
*/
bool ec2_metadata_v1_disabled;
/*
* Table holding all cross-system functional dependencies for an imds client.
*
* For mocking the http layer in tests, leave NULL otherwise
*/
struct aws_auth_http_system_vtable *function_table;
};
/*
* Standard callback for instance metadata queries
*/
typedef void(
aws_imds_client_on_get_resource_callback_fn)(const struct aws_byte_buf *resource, int error_code, void *user_data);
/**
* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html
*/
struct aws_imds_iam_profile {
struct aws_date_time last_updated;
struct aws_byte_cursor instance_profile_arn;
struct aws_byte_cursor instance_profile_id;
};
/**
* Block of per-instance EC2-specific data
*
* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
*/
struct aws_imds_instance_info {
/* an array of aws_byte_cursor */
struct aws_array_list marketplace_product_codes;
struct aws_byte_cursor availability_zone;
struct aws_byte_cursor private_ip;
struct aws_byte_cursor version;
struct aws_byte_cursor instance_id;
/* an array of aws_byte_cursor */
struct aws_array_list billing_products;
struct aws_byte_cursor instance_type;
struct aws_byte_cursor account_id;
struct aws_byte_cursor image_id;
struct aws_date_time pending_time;
struct aws_byte_cursor architecture;
struct aws_byte_cursor kernel_id;
struct aws_byte_cursor ramdisk_id;
struct aws_byte_cursor region;
};
/* the item typed stored in array is pointer to aws_byte_cursor */
typedef void(
aws_imds_client_on_get_array_callback_fn)(const struct aws_array_list *array, int error_code, void *user_data);
typedef void(aws_imds_client_on_get_credentials_callback_fn)(
const struct aws_credentials *credentials,
int error_code,
void *user_data);
typedef void(aws_imds_client_on_get_iam_profile_callback_fn)(
const struct aws_imds_iam_profile *iam_profile_info,
int error_code,
void *user_data);
typedef void(aws_imds_client_on_get_instance_info_callback_fn)(
const struct aws_imds_instance_info *instance_info,
int error_code,
void *user_data);
/**
* AWS EC2 Metadata Client is used to retrieve AWS EC2 Instance Metadata info.
*/
struct aws_imds_client;
AWS_EXTERN_C_BEGIN
/**
* Creates a new imds client
*
* @param allocator memory allocator to use for creation and queries
* @param options configuration options for the imds client
*
* @return a newly-constructed imds client, or NULL on failure
*/
AWS_AUTH_API
struct aws_imds_client *aws_imds_client_new(
struct aws_allocator *allocator,
const struct aws_imds_client_options *options);
/**
* Increments the ref count on the client
*
* @param client imds client to acquire a reference to
*/
AWS_AUTH_API
void aws_imds_client_acquire(struct aws_imds_client *client);
/**
* Decrements the ref count on the client
*
* @param client imds client to release a reference to
*/
AWS_AUTH_API
void aws_imds_client_release(struct aws_imds_client *client);
/**
* Queries a generic resource (string) from the ec2 instance metadata document
*
* @param client imds client to use for the query
* @param resource_path path of the resource to query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_resource_async(
struct aws_imds_client *client,
struct aws_byte_cursor resource_path,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the ami id of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_ami_id(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the ami launch index of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_ami_launch_index(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the ami manifest path of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_ami_manifest_path(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the list of ancestor ami ids of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_ancestor_ami_ids(
struct aws_imds_client *client,
aws_imds_client_on_get_array_callback_fn callback,
void *user_data);
/**
* Gets the instance-action of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_instance_action(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the instance id of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_instance_id(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the instance type of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_instance_type(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the mac address of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_mac_address(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the private ip address of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_private_ip_address(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the availability zone of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_availability_zone(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the product codes of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_product_codes(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the public key of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_public_key(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the ramdisk id of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_ramdisk_id(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the reservation id of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_reservation_id(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the list of the security groups of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_security_groups(
struct aws_imds_client *client,
aws_imds_client_on_get_array_callback_fn callback,
void *user_data);
/**
* Gets the list of block device mappings of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_block_device_mapping(
struct aws_imds_client *client,
aws_imds_client_on_get_array_callback_fn callback,
void *user_data);
/**
* Gets the attached iam role of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_attached_iam_role(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets temporary credentials based on the attached iam role of the ec2 instance
*
* @param client imds client to use for the query
* @param iam_role_name iam role name to get temporary credentials through
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_credentials(
struct aws_imds_client *client,
struct aws_byte_cursor iam_role_name,
aws_imds_client_on_get_credentials_callback_fn callback,
void *user_data);
/**
* Gets the iam profile information of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_iam_profile(
struct aws_imds_client *client,
aws_imds_client_on_get_iam_profile_callback_fn callback,
void *user_data);
/**
* Gets the user data of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_user_data(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the signature of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_instance_signature(
struct aws_imds_client *client,
aws_imds_client_on_get_resource_callback_fn callback,
void *user_data);
/**
* Gets the instance information data block of the ec2 instance from the instance metadata document
*
* @param client imds client to use for the query
* @param callback callback function to invoke on query success or failure
* @param user_data opaque data to invoke the completion callback with
* @return AWS_OP_SUCCESS if the query was successfully started, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_imds_client_get_instance_info(
struct aws_imds_client *client,
aws_imds_client_on_get_instance_info_callback_fn callback,
void *user_data);
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_AUTH_IMDS_CLIENT_H */

1206
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/credentials.h Normal file
View File

File diff suppressed because it is too large Load Diff

29
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/exports.h Normal file
View File

@@ -0,0 +1,29 @@
#ifndef AWS_AUTH_EXPORTS_H
#define AWS_AUTH_EXPORTS_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#if defined(USE_WINDOWS_DLL_SEMANTICS) || defined(WIN32)
# ifdef AWS_AUTH_USE_IMPORT_EXPORT
# ifdef AWS_AUTH_EXPORTS
# define AWS_AUTH_API __declspec(dllexport)
# else
# define AWS_AUTH_API __declspec(dllimport)
# endif /* AWS_AUTH_EXPORTS */
# else
# define AWS_AUTH_API
# endif /*USE_IMPORT_EXPORT */
#else
# if ((__GNUC__ >= 4) || defined(__clang__)) && defined(AWS_AUTH_USE_IMPORT_EXPORT) && defined(AWS_AUTH_EXPORTS)
# define AWS_AUTH_API __attribute__((visibility("default")))
# else
# define AWS_AUTH_API
# endif /* __GNUC__ >= 4 || defined(__clang__) */
#endif /* defined(USE_WINDOWS_DLL_SEMANTICS) || defined(WIN32) */
#endif /* AWS_AUTH_EXPORTS_H */

237
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/signable.h Normal file
View File

@@ -0,0 +1,237 @@
#ifndef AWS_AUTH_SIGNABLE_H
#define AWS_AUTH_SIGNABLE_H
#include <aws/auth/auth.h>
AWS_PUSH_SANE_WARNING_LEVEL
struct aws_http_message;
struct aws_http_headers;
struct aws_input_stream;
struct aws_signable;
struct aws_string;
/*
* While not referenced directly in this file, this is the structure expected to be in the property lists
*/
struct aws_signable_property_list_pair {
struct aws_byte_cursor name;
struct aws_byte_cursor value;
};
typedef int(aws_signable_get_property_fn)(
const struct aws_signable *signable,
const struct aws_string *name,
struct aws_byte_cursor *out_value);
typedef int(aws_signable_get_property_list_fn)(
const struct aws_signable *signable,
const struct aws_string *name,
struct aws_array_list **out_list);
typedef int(aws_signable_get_payload_stream_fn)(
const struct aws_signable *signable,
struct aws_input_stream **out_input_stream);
typedef void(aws_signable_destroy_fn)(struct aws_signable *signable);
struct aws_signable_vtable {
aws_signable_get_property_fn *get_property;
aws_signable_get_property_list_fn *get_property_list;
aws_signable_get_payload_stream_fn *get_payload_stream;
aws_signable_destroy_fn *destroy;
};
/**
* Signable is a generic interface for any kind of object that can be cryptographically signed.
*
* Like signing_result, the signable interface presents
*
* (1) Properties - A set of key-value pairs
* (2) Property Lists - A set of named key-value pair lists
*
* as well as
*
* (3) A message payload modeled as a stream
*
* When creating a signable "subclass" the query interface should map to retrieving
* the properties of the underlying object needed by signing algorithms that can operate on it.
*
* As an example, if a signable implementation wrapped an http request, you would query
* request elements like method and uri from the property interface, headers would be queried
* via the property list interface, and the request body would map to the payload stream.
*
* String constants that map to agreed on keys for particular signable types
* ("METHOD", "URI", "HEADERS", etc...) are exposed in appropriate header files.
*/
struct aws_signable {
struct aws_allocator *allocator;
void *impl;
struct aws_signable_vtable *vtable;
};
AWS_EXTERN_C_BEGIN
/**
* Cleans up and frees all resources associated with a signable instance
*
* @param signable signable object to destroy
*/
AWS_AUTH_API
void aws_signable_destroy(struct aws_signable *signable);
/**
* Retrieves a property (key-value pair) from a signable. Global property name constants are
* included below.
*
* @param signable signable object to retrieve a property from
* @param name name of the property to query
* @param out_value output parameter for the property's value
*
* @return AWS_OP_SUCCESS if the property was successfully fetched, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signable_get_property(
const struct aws_signable *signable,
const struct aws_string *name,
struct aws_byte_cursor *out_value);
/**
* Retrieves a named property list (list of key-value pairs) from a signable. Global property list name
* constants are included below.
*
* @param signable signable object to retrieve a property list from
* @param name name of the property list to fetch
* @param out_property_list output parameter for the fetched property list
*
* @return AWS_OP_SUCCESS if the property list was successfully fetched, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signable_get_property_list(
const struct aws_signable *signable,
const struct aws_string *name,
struct aws_array_list **out_property_list);
/**
* Retrieves the signable's message payload as a stream.
*
* @param signable signable to get the payload of
* @param out_input_stream output parameter for the payload stream
*
* @return AWS_OP_SUCCESS if successful, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signable_get_payload_stream(const struct aws_signable *signable, struct aws_input_stream **out_input_stream);
/*
* Some global property and property-list name constants
*/
/**
* Name of the property list that wraps the headers of an http request
*/
AWS_AUTH_API extern const struct aws_string *g_aws_http_headers_property_list_name;
/**
* Name of the property list that wraps the query params of an http request. Only used by signing_result.
* For input to a http signing algorithm, query params are assumed to be part of the uri.
*/
AWS_AUTH_API extern const struct aws_string *g_aws_http_query_params_property_list_name;
/**
* Name of the property that holds the method of an http request
*/
AWS_AUTH_API extern const struct aws_string *g_aws_http_method_property_name;
/**
* Name of the property that holds the URI of an http request
*/
AWS_AUTH_API extern const struct aws_string *g_aws_http_uri_property_name;
/**
* Name of the property that holds the signature value. This is always added to signing results.
* Depending on the requested signature type, the signature may be padded or encoded differently:
* (1) Header - hex encoding of the binary signature value
* (2) QueryParam - hex encoding of the binary signature value
* (3) Chunk/Sigv4 - hex encoding of the binary signature value
* (4) Chunk/Sigv4a - fixed-size-rhs-padded (with AWS_SIGV4A_SIGNATURE_PADDING_BYTE) hex encoding of the
* binary signature value
* (5) Event - binary signature value (NYI)
*/
AWS_AUTH_API extern const struct aws_string *g_aws_signature_property_name;
/**
* Name of the property that holds the (hex-encoded) signature value of the signing event that preceded this one.
* This property must appear on signables that represent chunks or events.
*/
AWS_AUTH_API extern const struct aws_string *g_aws_previous_signature_property_name;
/**
* Name of the property that holds the canonical request associated with this signable.
* This property must appear on signables that represent an http request's canonical request.
*/
AWS_AUTH_API extern const struct aws_string *g_aws_canonical_request_property_name;
/*
* Common signable constructors
*/
/**
* Creates a signable wrapper around an http request.
*
* @param allocator memory allocator to use to create the signable
* @param request http request to create a signable for
*
* @return the new signable object, or NULL if failure
*/
AWS_AUTH_API
struct aws_signable *aws_signable_new_http_request(struct aws_allocator *allocator, struct aws_http_message *request);
/**
* Creates a signable that represents a unit of chunked encoding within an http request.
* This can also be used for Transcribe event signing with encoded payload as chunk_data.
*
* @param allocator memory allocator use to create the signable
* @param chunk_data stream representing the data in the chunk; it should be in its final, encoded form
* @param previous_signature the signature computed in the most recent signing that preceded this one. It can be
* found by copying the "signature" property from the signing_result of that most recent signing.
*
* @return the new signable object, or NULL if failure
*/
AWS_AUTH_API
struct aws_signable *aws_signable_new_chunk(
struct aws_allocator *allocator,
struct aws_input_stream *chunk_data,
struct aws_byte_cursor previous_signature);
/**
* Creates a signable wrapper around a set of headers.
*
* @param allocator memory allocator use to create the signable
* @param trailing_headers http headers to create a signable for
* @param previous_signature the signature computed in the most recent signing that preceded this one. It can be
* found by copying the "signature" property from the signing_result of that most recent signing.
*
* @return the new signable object, or NULL if failure
*/
AWS_AUTH_API
struct aws_signable *aws_signable_new_trailing_headers(
struct aws_allocator *allocator,
struct aws_http_headers *trailing_headers,
struct aws_byte_cursor previous_signature);
/**
* Creates a signable that represents a pre-computed canonical request from an http request
* @param allocator memory allocator use to create the signable
* @param canonical_request text of the canonical request
* @return the new signable object, or NULL if failure
*/
AWS_AUTH_API
struct aws_signable *aws_signable_new_canonical_request(
struct aws_allocator *allocator,
struct aws_byte_cursor canonical_request);
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_AUTH_SIGNABLE_H */

138
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/signing.h Normal file
View File

@@ -0,0 +1,138 @@
#ifndef AWS_AUTH_SIGNER_H
#define AWS_AUTH_SIGNER_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/auth/auth.h>
#include <aws/auth/signing_config.h>
AWS_PUSH_SANE_WARNING_LEVEL
struct aws_ecc_key_pair;
struct aws_signable;
struct aws_signing_result;
/**
* Gets called by the signing function when the signing is complete.
*
* Note that result will be destroyed after this function returns, so either copy it,
* or do all necessary adjustments inside the callback.
*
* When performing event or chunk signing, you will need to copy out the signature value in order
* to correctly configure the signable that wraps the event or chunk you want signed next. The signature is
* found in the "signature" property on the signing result. This value must be added as the
* "previous-signature" property on the next signable.
*/
typedef void(aws_signing_complete_fn)(struct aws_signing_result *result, int error_code, void *userdata);
AWS_EXTERN_C_BEGIN
/*
* Takes a signable object and a configuration struct and computes the changes to the signable necessary
* for compliance with the signer's signing algorithm.
*
* This signing function currently supports only the sigv4 algorithm.
*
* When using this signing function to sign AWS http requests:
*
* (1) Do not add the following headers to requests before signing:
* x-amz-content-sha256,
* X-Amz-Date,
* Authorization
*
* (2) Do not add the following query params to requests before signing:
* X-Amz-Signature,
* X-Amz-Date,
* X-Amz-Credential,
* X-Amz-Algorithm,
* X-Amz-SignedHeaders
*
* The signing result will tell exactly what header and/or query params to add to the request
* to become a fully-signed AWS http request.
*
*
* When using this signing function to sign chunks:
*
* (1) Use aws_signable_new_chunk() to create the signable object representing the chunk
*
* The signing result will include the chunk's signature as the "signature" property.
*
*
*/
/**
* (Asynchronous) entry point to sign something (a request, a chunk, an event) with an AWS signing process.
* Depending on the configuration, the signing process may or may not complete synchronously.
*
* @param allocator memory allocator to use throughout the signing process
* @param signable the thing to be signed. See signable.h for common constructors for signables that
* wrap different types.
* @param base_config pointer to a signing configuration, currently this must be of type aws_signing_config_aws
* @param on_complete completion callback to be invoked when signing has finished
* @param user_data opaque user data that will be passed to the completion callback
*
* @return AWS_OP_SUCCESS if the signing attempt was *initiated* successfully, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_sign_request_aws(
struct aws_allocator *allocator,
const struct aws_signable *signable,
const struct aws_signing_config_base *base_config,
aws_signing_complete_fn *on_complete,
void *userdata);
/**
* Test-only API used for cross-library signing verification tests
*
* Verifies:
* (1) The canonical request generated during sigv4a signing of the request matches what is passed in
* (2) The signature passed in is a valid ECDSA signature of the hashed string-to-sign derived from the
* canonical request
*
* @param allocator memory allocator to use throughout the signing verification process
* @param signable the thing to be signed. See signable.h for common constructors for signables that
* wrap different types.
* @param base_config pointer to a signing configuration, currently this must be of type aws_signing_config_aws
* @param expected_canonical_request_cursor expected result when building the canonical request
* @param signature_cursor the actual signature computed from a previous signing of the signable
* @param ecc_key_pub_x the x coordinate of the public part of the ecc key to verify the signature
* @param ecc_key_pub_y the y coordinate of the public part of the ecc key to verify the signature
*
* @return AWS_OP_SUCCESS if the signing attempt was *initiated* successfully, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_verify_sigv4a_signing(
struct aws_allocator *allocator,
const struct aws_signable *signable,
const struct aws_signing_config_base *base_config,
struct aws_byte_cursor expected_canonical_request_cursor,
struct aws_byte_cursor signature_cursor,
struct aws_byte_cursor ecc_key_pub_x,
struct aws_byte_cursor ecc_key_pub_y);
/**
* Another helper function to check a computed sigv4a signature.
*/
AWS_AUTH_API
int aws_validate_v4a_authorization_value(
struct aws_allocator *allocator,
struct aws_ecc_key_pair *ecc_key,
struct aws_byte_cursor string_to_sign_cursor,
struct aws_byte_cursor signature_value_cursor);
/**
* Removes any padding added to the end of a sigv4a signature. Signature must be hex-encoded.
* @param signature signature to remove padding from
* @return cursor that ranges over only the valid hex encoding of the sigv4a signature
*/
AWS_AUTH_API
struct aws_byte_cursor aws_trim_padded_sigv4a_signature(struct aws_byte_cursor signature);
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_AUTH_SIGNER_H */

314
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/signing_config.h Normal file
View File

@@ -0,0 +1,314 @@
#ifndef AWS_AUTH_SIGNING_CONFIG_H
#define AWS_AUTH_SIGNING_CONFIG_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/auth/auth.h>
#include <aws/common/byte_buf.h>
#include <aws/common/date_time.h>
AWS_PUSH_SANE_WARNING_LEVEL
struct aws_credentials;
typedef bool(aws_should_sign_header_fn)(const struct aws_byte_cursor *name, void *userdata);
/**
* A primitive RTTI indicator for signing configuration structs
*
* There must be one entry per config structure type and it's a fatal error
* to put the wrong value in the "config_type" member of your config structure.
*/
enum aws_signing_config_type { AWS_SIGNING_CONFIG_AWS = 1 };
/**
* All signing configuration structs must match this by having
* the config_type member as the first member.
*/
struct aws_signing_config_base {
enum aws_signing_config_type config_type;
};
/**
* What version of the AWS signing process should we use.
*/
enum aws_signing_algorithm {
AWS_SIGNING_ALGORITHM_V4,
AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC,
AWS_SIGNING_ALGORITHM_V4_S3EXPRESS,
};
/**
* What sort of signature should be computed from the signable?
*/
enum aws_signature_type {
/**
* A signature for a full http request should be computed, with header updates applied to the signing result.
*/
AWS_ST_HTTP_REQUEST_HEADERS,
/**
* A signature for a full http request should be computed, with query param updates applied to the signing result.
*/
AWS_ST_HTTP_REQUEST_QUERY_PARAMS,
/**
* Compute a signature for a payload chunk. The signable's input stream should be the chunk data and the
* signable should contain the most recent signature value (either the original http request or the most recent
* chunk) in the "previous-signature" property.
*/
AWS_ST_HTTP_REQUEST_CHUNK,
/**
* Compute a signature for an event stream event. The signable's input stream should be the encoded event-stream
* message (headers + payload), the signable should contain the most recent signature value (either the original
* http request or the most recent event) in the "previous-signature" property.
*
* This option is only supported for Sigv4 for now.
*/
AWS_ST_HTTP_REQUEST_EVENT,
/**
* Compute a signature for an http request via it's already-computed canonical request. Only the authorization
* signature header is added to the signing result.
*/
AWS_ST_CANONICAL_REQUEST_HEADERS,
/**
* Compute a signature for an http request via it's already-computed canonical request. Only the authorization
* signature query param is added to the signing result.
*/
AWS_ST_CANONICAL_REQUEST_QUERY_PARAMS,
/**
* Compute a signature for the trailing headers.
* the signable should contain the most recent signature value (either the original http request or the most recent
* chunk) in the "previous-signature" property.
*/
AWS_ST_HTTP_REQUEST_TRAILING_HEADERS
};
/**
* The SHA-256 of an empty string:
* 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_empty_sha256;
/**
* 'UNSIGNED-PAYLOAD'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_unsigned_payload;
/**
* 'STREAMING-UNSIGNED-PAYLOAD-TRAILER'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_streaming_unsigned_payload_trailer;
/**
* 'STREAMING-AWS4-HMAC-SHA256-PAYLOAD'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_streaming_aws4_hmac_sha256_payload;
/**
* 'STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_streaming_aws4_hmac_sha256_payload_trailer;
/**
* 'STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_streaming_aws4_ecdsa_p256_sha256_payload;
/**
* 'STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD-TRAILER'
* For use with `aws_signing_config_aws.signed_body_value`.
*/
AWS_AUTH_API extern const struct aws_byte_cursor
g_aws_signed_body_value_streaming_aws4_ecdsa_p256_sha256_payload_trailer;
/**
* 'STREAMING-AWS4-HMAC-SHA256-EVENTS'
* For use with `aws_signing_config_aws.signed_body_value`.
*
* Event signing is only supported for Sigv4 for now.
*/
AWS_AUTH_API extern const struct aws_byte_cursor g_aws_signed_body_value_streaming_aws4_hmac_sha256_events;
/**
* Controls if signing adds a header containing the canonical request's body value
*/
enum aws_signed_body_header_type {
/**
* Do not add a header
*/
AWS_SBHT_NONE,
/**
* Add the "x-amz-content-sha256" header with the canonical request's body value
*/
AWS_SBHT_X_AMZ_CONTENT_SHA256,
};
/**
* A configuration structure for use in AWS-related signing. Currently covers sigv4 only, but is not required to.
*/
struct aws_signing_config_aws {
/**
* What kind of config structure is this?
*/
enum aws_signing_config_type config_type;
/**
* What signing algorithm to use.
*/
enum aws_signing_algorithm algorithm;
/**
* What sort of signature should be computed?
*/
enum aws_signature_type signature_type;
/*
* Region-related configuration
* (1) If Sigv4, the region to sign against
* (2) If Sigv4a, the value of the X-amzn-region-set header (added in signing)
*/
struct aws_byte_cursor region;
/**
* name of service to sign a request for
*/
struct aws_byte_cursor service;
/**
* Raw date to use during the signing process.
*/
struct aws_date_time date;
/**
* Optional function to control which headers are a part of the canonical request.
* Skipping auth-required headers will result in an unusable signature. Headers injected by the signing process
* are not skippable.
*
* This function does not override the internal check function (x-amzn-trace-id, user-agent), but rather
* supplements it. In particular, a header will get signed if and only if it returns true to both
* the internal check (skips x-amzn-trace-id, user-agent) and this function (if defined).
*/
aws_should_sign_header_fn *should_sign_header;
void *should_sign_header_ud;
/*
* Put all flags in here at the end. If this grows, stay aware of bit-space overflow and ABI compatibilty.
*/
struct {
/**
* We assume the uri will be encoded once in preparation for transmission. Certain services
* do not decode before checking signature, requiring us to actually double-encode the uri in the canonical
* request in order to pass a signature check.
*/
uint32_t use_double_uri_encode : 1;
/**
* Controls whether or not the uri paths should be normalized when building the canonical request
*/
uint32_t should_normalize_uri_path : 1;
/**
* Controls whether "X-Amz-Security-Token" is omitted from the canonical request.
* "X-Amz-Security-Token" is added during signing, as a header or
* query param, when credentials have a session token.
* If false (the default), this parameter is included in the canonical request.
* If true, this parameter is still added, but omitted from the canonical request.
*/
uint32_t omit_session_token : 1;
} flags;
/**
* Optional string to use as the canonical request's body value.
* If string is empty, a value will be calculated from the payload during signing.
* Typically, this is the SHA-256 of the (request/chunk/event) payload, written as lowercase hex.
* If this has been precalculated, it can be set here. Special values used by certain services can also be set
* (e.g. "UNSIGNED-PAYLOAD" "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" "STREAMING-AWS4-HMAC-SHA256-EVENTS").
*/
struct aws_byte_cursor signed_body_value;
/**
* Controls what body "hash" header, if any, should be added to the canonical request and the signed request:
* AWS_SBHT_NONE - no header should be added
* AWS_SBHT_X_AMZ_CONTENT_SHA256 - the body "hash" should be added in the X-Amz-Content-Sha256 header
*/
enum aws_signed_body_header_type signed_body_header;
/*
* Signing key control:
*
* If "credentials" is valid:
* use it
* Else if "credentials_provider" is valid
* query credentials from the provider
* If sigv4a is being used
* use the ecc-based credentials derived from the query result
* Else
* use the query result
* Else
* fail
*
*/
/*
* AWS Credentials to sign with. If Sigv4a is the algorithm and the credentials supplied are not ecc-based,
* a temporary ecc-based credentials object will be built and used instead.
*/
const struct aws_credentials *credentials;
/*
* AWS credentials provider to fetch credentials from. If the signing algorithm is asymmetric sigv4, then the
* ecc-based credentials will be derived from the fetched credentials.
*/
struct aws_credentials_provider *credentials_provider;
/**
* If non-zero and the signing transform is query param, then signing will add X-Amz-Expires to the query
* string, equal to the value specified here. If this value is zero or if header signing is being used then
* this parameter has no effect.
*/
uint64_t expiration_in_seconds;
};
AWS_EXTERN_C_BEGIN
/**
* Returns a c-string that describes the supplied signing algorithm
*
* @param algorithm signing algorithm to get a friendly string name for
*
* @return friendly string name of the supplied algorithm, or "Unknown" if the algorithm is not recognized
*/
AWS_AUTH_API
const char *aws_signing_algorithm_to_string(enum aws_signing_algorithm algorithm);
/**
* Checks a signing configuration for invalid settings combinations.
*
* @param config signing configuration to validate
*
* @return - AWS_OP_SUCCESS if the configuration is valid, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_validate_aws_signing_config_aws(const struct aws_signing_config_aws *config);
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_AUTH_SIGNING_CONFIG_H */

169
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/auth/signing_result.h Normal file
View File

@@ -0,0 +1,169 @@
#ifndef AWS_AUTH_SIGNING_RESULT_H
#define AWS_AUTH_SIGNING_RESULT_H
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/auth/auth.h>
#include <aws/common/hash_table.h>
AWS_PUSH_SANE_WARNING_LEVEL
struct aws_array_list;
struct aws_byte_cursor;
struct aws_http_message;
struct aws_string;
struct aws_signing_result_property {
struct aws_string *name;
struct aws_string *value;
};
/**
* A structure for tracking all the signer-requested changes to a signable. Interpreting
* these changes is signing-algorithm specific.
*
* A signing result consists of
*
* (1) Properties - A set of key-value pairs
* (2) Property Lists - A set of named key-value pair lists
*
* The hope is that these two generic structures are enough to model the changes required
* by any generic message-signing algorithm.
*
* Note that the key-value pairs of a signing_result are different types (but same intent) as
* the key-value pairs in the signable interface. This is because the signing result stands alone
* and owns its own copies of all values, whereas a signable can wrap an existing object and thus
* use non-owning references (like byte cursors) if appropriate to its implementation.
*/
struct aws_signing_result {
struct aws_allocator *allocator;
struct aws_hash_table properties;
struct aws_hash_table property_lists;
};
AWS_EXTERN_C_BEGIN
/**
* Initialize a signing result to its starting state
*
* @param result signing result to initialize
* @param allocator allocator to use for all memory allocation
*
* @return AWS_OP_SUCCESS if initialization was successful, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signing_result_init(struct aws_signing_result *result, struct aws_allocator *allocator);
/**
* Clean up all resources held by the signing result
*
* @param result signing result to clean up resources for
*/
AWS_AUTH_API
void aws_signing_result_clean_up(struct aws_signing_result *result);
/**
* Sets the value of a property on a signing result
*
* @param result signing result to modify
* @param property_name name of the property to set
* @param property_value value that the property should assume
*
* @return AWS_OP_SUCCESS if the set was successful, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signing_result_set_property(
struct aws_signing_result *result,
const struct aws_string *property_name,
const struct aws_byte_cursor *property_value);
/**
* Gets the value of a property on a signing result
*
* @param result signing result to query from
* @param property_name name of the property to query the value of
* @param out_property_value output parameter for the property value
*
* @return AWS_OP_SUCCESS if the get was successful, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signing_result_get_property(
const struct aws_signing_result *result,
const struct aws_string *property_name,
struct aws_string **out_property_value);
/**
* Adds a key-value pair to a named property list. If the named list does not yet exist, it will be created as
* an empty list before the pair is added. No uniqueness checks are made against existing pairs.
*
* @param result signing result to modify
* @param list_name name of the list to add the property key-value pair to
* @param property_name key value of the key-value pair to append
* @param property_value property value of the key-value pair to append
*
* @return AWS_OP_SUCCESS if the operation was successful, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_signing_result_append_property_list(
struct aws_signing_result *result,
const struct aws_string *list_name,
const struct aws_byte_cursor *property_name,
const struct aws_byte_cursor *property_value);
/**
* Gets a named property list on the signing result. If the list does not exist, *out_list will be set to null
*
* @param result signing result to query
* @param list_name name of the list of key-value pairs to get
* @param out_list output parameter for the list of key-value pairs
*
*/
AWS_AUTH_API
void aws_signing_result_get_property_list(
const struct aws_signing_result *result,
const struct aws_string *list_name,
struct aws_array_list **out_list);
/**
* Looks for a property within a named property list on the signing result. If the list does not exist, or the property
* does not exist within the list, *out_value will be set to NULL.
*
* @param result signing result to query
* @param list_name name of the list of key-value pairs to search through for the property
* @param property_name name of the property to search for within the list
* @param out_value output parameter for the property value, if found
*
*/
AWS_AUTH_API
void aws_signing_result_get_property_value_in_property_list(
const struct aws_signing_result *result,
const struct aws_string *list_name,
const struct aws_string *property_name,
struct aws_string **out_value);
/*
* Specific implementation that applies a signing result to a mutable http request
*
* @param request http request to apply the signing result to
* @param allocator memory allocator to use for all memory allocation
* @param result signing result to apply to the request
*
* @return AWS_OP_SUCCESS if the application operation was successful, AWS_OP_ERR otherwise
*/
AWS_AUTH_API
int aws_apply_signing_result_to_http_request(
struct aws_http_message *request,
struct aws_allocator *allocator,
const struct aws_signing_result *result);
AWS_AUTH_API extern const struct aws_string *g_aws_signing_authorization_header_name;
AWS_AUTH_API extern const struct aws_string *g_aws_signing_authorization_query_param_name;
AWS_EXTERN_C_END
AWS_POP_SANE_WARNING_LEVEL
#endif /* AWS_AUTH_SIGNING_RESULT_H */