Leigh-/AWSSignature4-Task3.cfm

## AWSSignature4-Task3.cfm
<!---
    CFML translation of Amazon Web Services Example - Task 3:
    http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
--->
<h1>Task 3: Calculate the AWS Signature Version 4</h1>

<div>
    <strong>Pseudocode for deriving a signing key</strong>
    <pre>
        kSecret = Your AWS Secret Access Key
        kDate = HMAC("AWS4" + kSecret, Date)
        kRegion = HMAC(kDate, Region)
        kService = HMAC(kRegion, Service)
        kSigning = HMAC(kService, "aws4_request")
    </pre>
</div>

<div>
    The example uses the same parameters from the request in Task 1 and Task 2 and shows the inputs
    to derive a signing key and the resulting output, where:

    <pre>
    AWS secret key   = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
    date string      = "20150830"
    region name      = "us-east-1"
    service name     = "iam"
    string to sign   = AWS4-HMAC-SHA256
              20150830T123600Z
              20150830/us-east-1/iam/aws4_request
              f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59
    </pre>
</div>
<div>
    <strong>Example signing key</strong>
    <pre>
        196 175 177 204 87 113 216 113 118 58 57 62 68 183 3 87 27 85 204 40 66 77 26 94 134 218 110 211 193 84 164 185
    </pre>

    (Encoded as hexadecimal)
    <pre>
        c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9
    </pre>
</div>
<div>
    <strong>Example signature</strong>
    <pre>
        5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
    </pre>

<cfscript>

    /*
        STEP 1: Derive your signing key.

        Signing key is derived by generating a series of HMAC-SHA256 codes.
        The result of each call function becomes input for the next one.

    */
    //Initialize with the same parameters we used for the request in Task 1 and Task 2
    yourAWSSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
    regionName = "us-east-1";
    serviceName = "iam";
    // For the example, use the sample date and time instead of now() in UTC
    sampleDateTime = createDateTime(2015,8,30,12,36,0);
    dateString = dateFormat(sampleDateTime, "YYYYMMDD");
    writeDump(dateString);


    // a) Generate initial key by concatentating version and AWS secret key
    kSecret = charsetDecode("AWS4" & yourAWSSecretKey, "UTF-8");

    // b) Generate HMAC of date string, using initial key value
    kDate     = binaryDecode( HMAC( lcase(dateString), kSecret, "HMACSHA256", "UTF-8"), "hex" );

    // c) Generate HMAC of region name, ie "us-east-1", using previous result as key
    kRegion     = binaryDecode( HMAC( lcase(regionName), kDate, "HMACSHA256", "UTF-8"), "hex" );

    // d) Generate HMAC of service name,ie "iam", using previous result as key
    kService     = binaryDecode( HMAC( lcase(serviceName), kRegion, "HMACSHA256", "UTF-8"), "hex" );

    // e) Finally, generate HMAC of termination string, ie "aws4_request"
    kSigning = binaryDecode( HMAC("aws4_request", kService, "HMACSHA256", "UTF-8"), "hex" );
    // Expected result: c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9
    writeOutput("<br>kSigning:<code>"& lcase(binaryEncode( kSigning, "hex")) &"</code>");

    /*
        STEP 2: Calculate the signature.
    */


    // Initialize with the string already generated in Task 2
    stringToSign = "AWS4-HMAC-SHA256"& chr(10)
                    & "20150830T123600Z"& chr(10)
                    & "20150830/us-east-1/iam/aws4_request"& chr(10)
                    & "f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59";

    // Use the signing key that you derived and the string to sign as inputs to the keyed hash function.
    // After you calculate the signature as a digest, convert the binary value to a hexadecimal representation.
    // ie signature = HexEncode(HMAC(derived-signing-key, string-to-sign))

    signature = lcase( HMAC( stringToSign, kSigning, "HMACSHA256", "UTF-8" ) );
    writeOutput("<br>signature: <code>"& signature &"</code>");

</cfscript>
	<!---
	CFML translation of Amazon Web Services Example - Task 3:
	http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
	--->
	<h1>Task 3: Calculate the AWS Signature Version 4</h1>

	<div>
	<strong>Pseudocode for deriving a signing key</strong>
	<pre>
	kSecret = Your AWS Secret Access Key
	kDate = HMAC("AWS4" + kSecret, Date)
	kRegion = HMAC(kDate, Region)
	kService = HMAC(kRegion, Service)
	kSigning = HMAC(kService, "aws4_request")
	</pre>
	</div>

	<div>
	The example uses the same parameters from the request in Task 1 and Task 2 and shows the inputs
	to derive a signing key and the resulting output, where:

	<pre>
	AWS secret key = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
	date string = "20150830"
	region name = "us-east-1"
	service name = "iam"
	string to sign = AWS4-HMAC-SHA256
	20150830T123600Z
	20150830/us-east-1/iam/aws4_request
	f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59
	</pre>
	</div>
	<div>
	<strong>Example signing key</strong>
	<pre>
	196 175 177 204 87 113 216 113 118 58 57 62 68 183 3 87 27 85 204 40 66 77 26 94 134 218 110 211 193 84 164 185
	</pre>

	(Encoded as hexadecimal)
	<pre>
	c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9
	</pre>
	</div>
	<div>
	<strong>Example signature</strong>
	<pre>
	5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
	</pre>

	<cfscript>

	/*
	STEP 1: Derive your signing key.

	Signing key is derived by generating a series of HMAC-SHA256 codes.
	The result of each call function becomes input for the next one.

	*/
	//Initialize with the same parameters we used for the request in Task 1 and Task 2
	yourAWSSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
	regionName = "us-east-1";
	serviceName = "iam";
	// For the example, use the sample date and time instead of now() in UTC
	sampleDateTime = createDateTime(2015,8,30,12,36,0);
	dateString = dateFormat(sampleDateTime, "YYYYMMDD");
	writeDump(dateString);


	// a) Generate initial key by concatentating version and AWS secret key
	kSecret = charsetDecode("AWS4" & yourAWSSecretKey, "UTF-8");

	// b) Generate HMAC of date string, using initial key value
	kDate = binaryDecode( HMAC( lcase(dateString), kSecret, "HMACSHA256", "UTF-8"), "hex" );

	// c) Generate HMAC of region name, ie "us-east-1", using previous result as key
	kRegion = binaryDecode( HMAC( lcase(regionName), kDate, "HMACSHA256", "UTF-8"), "hex" );

	// d) Generate HMAC of service name,ie "iam", using previous result as key
	kService = binaryDecode( HMAC( lcase(serviceName), kRegion, "HMACSHA256", "UTF-8"), "hex" );

	// e) Finally, generate HMAC of termination string, ie "aws4_request"
	kSigning = binaryDecode( HMAC("aws4_request", kService, "HMACSHA256", "UTF-8"), "hex" );
	// Expected result: c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9
	writeOutput("<br>kSigning:<code>"& lcase(binaryEncode( kSigning, "hex")) &"</code>");

	/*
	STEP 2: Calculate the signature.
	*/


	// Initialize with the string already generated in Task 2
	stringToSign = "AWS4-HMAC-SHA256"& chr(10)
	& "20150830T123600Z"& chr(10)
	& "20150830/us-east-1/iam/aws4_request"& chr(10)
	& "f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59";

	// Use the signing key that you derived and the string to sign as inputs to the keyed hash function.
	// After you calculate the signature as a digest, convert the binary value to a hexadecimal representation.
	// ie signature = HexEncode(HMAC(derived-signing-key, string-to-sign))

	signature = lcase( HMAC( stringToSign, kSigning, "HMACSHA256", "UTF-8" ) );
	writeOutput("<br>signature: <code>"& signature &"</code>");

	</cfscript>