Skip to main content

Module signer

object_storage_proxy::credentials

Module signer 

Source
Expand description

AWS Signature Version 4 request signing and verification.

Provides:

Structs§

AwsSign
Low-level AWS Signature Version 4 signing primitive.
ChunkSigner
Stateful per-chunk signer for STREAMING-AWS4-HMAC-SHA256-PAYLOAD uploads.
DateTime 🔒
ISO 8601 combined date and time with time zone.
NaiveDateTime 🔒
ISO 8601 combined date and time without timezone.
StreamingState
Maximum chunk payload we read from the client before signing. (4 MiB is what the Java/AWS SDKs use, but any size works.) Runtime state for an in-progress streaming upload.
Utc 🔒
The UTC time zone. This is the most efficient time zone when you don’t need the local time. It is also used as an offset (which is also a dummy type).

Constants§

EMPTY_HASH 🔒
EMPTY_SHA256 🔒
Pre‑computed because it is constant for every chunk.
LONG_DATETIME 🔒
SHORT_DATE 🔒

Functions§

build_chunk_frame 🔒
Wrap a signed payload frame into the final on‑the‑wire representation.
canonical_query_string
compute_chunk_signature 🔒
Calculate the per‑chunk signature (section Defining the Chunk Body of the AWS doc).
resign_streaming_request
Re-sign an upstream request header for a STREAMING-AWS4-HMAC-SHA256-PAYLOAD upload.
scope_string
Build the credential scope string: YYYYMMDD/<region>/<service>/aws4_request.
sha256_hex 🔒
sign_request 🔒
Sign the request with the AWS V4 signature
signature_is_valid_core 🔒
Core signature validation: compares provided vs computed
signature_is_valid_for_presigned
Validate presigned URL signature
signature_is_valid_for_request
Validate standard S3 Authorization header
signing_key
Derive the SigV4 signing key.
string_to_sign
Build the string-to-sign for AWS SigV4.
uri_encode
wrap_streaming_body
Build a stream whose items are already wrapped in “AWS-chunk-signed” envelopes.