Struct AwsSign 

pub struct AwsSign<'a, T>
where
    &'a T: IntoIterator<Item = (&'a String, &'a String)>,
    T: Debug + 'a,
{
    method: &'a str,
    url: Url,
    datetime: &'a DateTime<Utc>,
    region: &'a str,
    access_key: &'a str,
    secret_key: &'a str,
    headers: T,
    payload_override: Option<String>,
    service: &'a str,
    body: &'a [u8],
}

Low-level AWS Signature Version 4 signing primitive.

Holds all inputs needed to produce the canonical request, string-to-sign, and final Authorization header value. Construct via AwsSign::new and then call AwsSign::sign to obtain the header value.

Fields

method: &'a str

url: Url

datetime: &'a DateTime<Utc>

region: &'a str

access_key: &'a str

secret_key: &'a str

headers: T

payload_override: Option<String>

service: &'a str

body: &'a [u8]

body, such as in an http POST

Implementations

impl<'a> AwsSign<'a, HashMap<String, String>>

Create a new AwsSign instance

Arguments

• method - HTTP method (GET, POST, etc.)
• url - URL to sign
• datetime - Date and time of the request
• headers - HTTP headers
• region - AWS region
• access_key - AWS access key
• secret_key - AWS secret key
• service - AWS service code
• body - Request body
• signed_headers - Optional list of signed headers, used to check inbound request signature

Returns

A new instance of AwsSign

pub fn new<B: AsRef<[u8]> + ?Sized>( method: &'a str, url: &'a str, datetime: &'a DateTime<Utc>, headers: &'a HeaderMap, region: &'a str, access_key: &'a str, secret_key: &'a str, service: &'a str, body: &'a B, _signed_headers: Option<&'a Vec<String>>, ) -> Self

impl<'a, T> AwsSign<'a, T>

where &'a T: IntoIterator<Item = (&'a String, &'a String)>, T: Debug,

pub fn set_payload_override(&mut self, h: String)

for streaming uploads, we need to override the payload hash with the actual payload hash this is used for the UNSIGNED-PAYLOAD case and for the payload_override case Override the payload hash used in the canonical request.

Use "UNSIGNED-PAYLOAD" for presigned URLs or streaming uploads where the body hash is not computed up front.

pub fn canonical_header_string(&'a self) -> String

Return the canonicalized header string for inclusion in the canonical request.

Headers are sorted lexicographically by name and each entry is formatted as lowercase-name:trimmed-value\n.

IMPORTANT: Sort must be by key name only, not by the full key:value string. Otherwise x-amz-copy-source-if-match would sort before x-amz-copy-source because - (ASCII 45) < : (ASCII 58).

pub fn signed_header_string(&'a self) -> String

Return the semicolon-separated list of signed header names (lowercase, sorted).

pub fn canonical_request(&'a self) -> String

Build the canonical request string as defined in the AWS SigV4 spec.

Format: METHOD\nURI\nQUERY\nHEADERS\nSIGNED_HEADERS\nPAYLOAD_HASH

pub fn sign(&'a self) -> String

Compute and return the complete Authorization header value.

The returned string can be set directly on the outgoing request with request.insert_header("authorization", sign_result).

Optimised to sort the header map once and compute the credential scope once, avoiding the redundant work that would occur if canonical_request() and signed_header_string() were called separately.

Trait Implementations

impl<'a, T> Debug for AwsSign<'a, T>

where &'a T: IntoIterator<Item = (&'a String, &'a String)>, T: Debug,

custom debug implementation to redact secret_key

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.