AWSSignature

@interface AWSSignature : NSObject

Utility class to calculate AWS Signature’s (v4).

  • The the workflow for most AWS requests is this:

    • Create a mutable request
    • Modify the request as needed
    • Sign the request using one of the methods below
    • Send the request to Amazon

    @important You MUST NOT modify the request after it’s been signed. Doing so will invalidate the signature, and AWS will then reject the request.

    Declaration

    Objective-C

    + (BOOL)signRequest:(nonnull NSMutableURLRequest *)request
             withRegion:(AWSRegion)region
                service:(AWSService)service
            accessKeyID:(nonnull NSString *)accessKeyID
                 secret:(nonnull NSString *)secret
                session:(nullable NSString *)session;

    Swift

    class func sign(_ request: NSMutableURLRequest, with region: AWSRegion, service: AWSService, accessKeyID: String, secret: String, session: String?) -> Bool

    Parameters

    request

    The request to sign. The request may optionally contain an HTTPBody.

    region

    The region to which the request will be sent

    service

    The service which will be handling the request

    accessKeyID

    Component of AWS credentials

    secret

    Component of AWS credentials

    session

    Component of AWS credentials (may be nil for IAM registered users)

    Return Value

    YES if the signature was added to the request. NO if one of the parameters was invalid.

  • The the workflow for most AWS requests is this:

    • Create a mutable request
    • Modify the request as needed
    • Sign the request using one of the methods below
    • Send the request to Amazon

    @important You MUST NOT modify the request after it’s been signed. Doing so will invalidate the signature, and AWS will then reject the request.

    Declaration

    Objective-C

    + (BOOL)signRequest:(nonnull NSMutableURLRequest *)request
             withRegion:(AWSRegion)region
                service:(AWSService)service
            accessKeyID:(nonnull NSString *)accessKeyID
                 secret:(nonnull NSString *)secret
                session:(nullable NSString *)session
             payloadSig:(nullable NSString *)sha256HashInLowercaseHex;

    Swift

    class func sign(_ request: NSMutableURLRequest, with region: AWSRegion, service: AWSService, accessKeyID: String, secret: String, session: String?, payloadSig sha256HashInLowercaseHex: String?) -> Bool

    Parameters

    request

    The request to sign. The request may optionally contain an HTTPBody (but the payloadSig parameter takes precedence).

    region

    The region to which the request will be sent

    service

    The service which will be handling the request

    accessKeyID

    Component of AWS credentials

    secret

    Component of AWS credentials

    session

    Component of AWS credentials (may be nil for IAM registered users)

    Return Value

    YES if the signature was added to the request. NO if one of the parameters was invalid.

  • The ‘Content-Type’ header is required in order for some requests to work properly. The code is cleanest when this is done automatically, if needed, within the signature code.

    However, although this is beneficial for real world code, it makes it difficult for unit testing. That is, there are several examples from Amazon where the example request doesn’t contain this header. So we make it possible to disable the functionality, primarily for unit testing purposes.

    Declaration

    Objective-C

    + (void)setContentTypeHeaderAutomatically:(BOOL)flag;

    Swift

    class func setContentTypeHeaderAutomatically(_ flag: Bool)