Skip to content

Instantly share code, notes, and snippets.

@yvanin
Last active September 24, 2024 11:24
Show Gist options
  • Save yvanin/0bdf68c1139ad698519e to your computer and use it in GitHub Desktop.
Save yvanin/0bdf68c1139ad698519e to your computer and use it in GitHub Desktop.
This C# code calculates a request signature using Version 4 signing process. It was developed for and tested on Amazon SQS requests, so it does not cover every scenario for the other services, e.g. multipart uploads are not supported. Nevertheless, it's simple and independent single class that can be easily embedded into other projects. .NET Fra…
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Globalization;
using System.Linq;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
namespace AwsV4SignatureCalculator
{
public class AwsV4SignatureCalculator
{
public const string Iso8601DateTimeFormat = "yyyyMMddTHHmmssZ";
public const string Iso8601DateFormat = "yyyyMMdd";
private readonly string _awsSecretKey;
private readonly string _service;
private readonly string _region;
/// <param name="service">AWS service name, e.g. "sqs" or "ec2"</param>
/// <param name="region">AWS region to send requests to</param>
public AwsV4SignatureCalculator(string awsSecretKey, string service, string region = null)
{
_awsSecretKey = awsSecretKey;
_service = service;
_region = region ?? "us-east-1";
}
/// <summary>
/// Calculates request signature string using Signature Version 4.
/// http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
/// </summary>
/// <param name="request">Request</param>
/// <param name="signedHeaders">Canonical headers that are a part of a signing process</param>
/// <param name="requestDate">Date and time when request takes place</param>
/// <returns>Signature</returns>
public string CalculateSignature(HttpRequestMessage request, string[] signedHeaders, DateTime requestDate)
{
signedHeaders = signedHeaders.Select(x => x.Trim().ToLowerInvariant()).OrderBy(x => x).ToArray();
var canonicalRequest = GetCanonicalRequest(request, signedHeaders);
var stringToSign = GetStringToSign(requestDate, canonicalRequest);
return GetSignature(requestDate, stringToSign);
}
// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
private static string GetCanonicalRequest(HttpRequestMessage request, string[] signedHeaders)
{
var canonicalRequest = new StringBuilder();
canonicalRequest.AppendFormat("{0}\n", request.Method.Method);
canonicalRequest.AppendFormat("{0}\n", request.RequestUri.AbsolutePath);
canonicalRequest.AppendFormat("{0}\n", GetCanonicalQueryParameters(request.RequestUri.ParseQueryString()));
canonicalRequest.AppendFormat("{0}\n", GetCanonicalHeaders(request, signedHeaders));
canonicalRequest.AppendFormat("{0}\n", String.Join(";", signedHeaders));
canonicalRequest.Append(GetPayloadHash(request));
return canonicalRequest.ToString();
}
private static string GetCanonicalQueryParameters(NameValueCollection queryParameters)
{
StringBuilder canonicalQueryParameters = new StringBuilder();
foreach (string key in queryParameters)
{
canonicalQueryParameters.AppendFormat("{0}={1}&", Utils.UrlEncode(key),
Utils.UrlEncode(queryParameters[key]));
}
// remove trailing '&'
if (canonicalQueryParameters.Length > 0)
canonicalQueryParameters.Remove(canonicalQueryParameters.Length - 1, 1);
return canonicalQueryParameters.ToString();
}
private static string GetCanonicalHeaders(HttpRequestMessage request, IEnumerable<string> signedHeaders)
{
var headers = request.Headers.ToDictionary(x => x.Key.Trim().ToLowerInvariant(),
x => String.Join(" ", x.Value).Trim());
if (request.Content != null)
{
var contentHeaders = request.Content.Headers.ToDictionary(x => x.Key.Trim().ToLowerInvariant(),
x => String.Join(" ", x.Value).Trim());
foreach (var contentHeader in contentHeaders)
{
headers.Add(contentHeader.Key, contentHeader.Value);
}
}
var sortedHeaders = new SortedDictionary<string, string>(headers);
StringBuilder canonicalHeaders = new StringBuilder();
foreach (var header in sortedHeaders.Where(header => signedHeaders.Contains(header.Key)))
{
canonicalHeaders.AppendFormat("{0}:{1}\n", header.Key, header.Value);
}
return canonicalHeaders.ToString();
}
private static string GetPayloadHash(HttpRequestMessage request)
{
var payload = request.Content != null ? request.Content.ReadAsStringAsync().Result : "";
return Utils.ToHex(Utils.Hash(payload));
}
// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
private string GetStringToSign(DateTime requestDate, string canonicalRequest)
{
var dateStamp = requestDate.ToString(Iso8601DateFormat, CultureInfo.InvariantCulture);
var scope = string.Format("{0}/{1}/{2}/{3}", dateStamp, _region, _service, "aws4_request");
var stringToSign = new StringBuilder();
stringToSign.AppendFormat("AWS4-HMAC-SHA256\n{0}\n{1}\n",
requestDate.ToString(Iso8601DateTimeFormat, CultureInfo.InvariantCulture),
scope);
stringToSign.Append(Utils.ToHex(Utils.Hash(canonicalRequest)));
return stringToSign.ToString();
}
// http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
private string GetSignature(DateTime requestDate, string stringToSign)
{
var kSigning = GetSigningKey(requestDate);
return Utils.ToHex(Utils.GetKeyedHash(kSigning, stringToSign));
}
private byte[] GetSigningKey(DateTime requestDate)
{
var dateStamp = requestDate.ToString(Iso8601DateFormat, CultureInfo.InvariantCulture);
var kDate = Utils.GetKeyedHash("AWS4" + _awsSecretKey, dateStamp);
var kRegion = Utils.GetKeyedHash(kDate, _region);
var kService = Utils.GetKeyedHash(kRegion, _service);
return Utils.GetKeyedHash(kService, "aws4_request");
}
private static class Utils
{
private const string ValidUrlCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~";
public static string UrlEncode(string data)
{
StringBuilder encoded = new StringBuilder();
foreach (char symbol in Encoding.UTF8.GetBytes(data))
{
if (ValidUrlCharacters.IndexOf(symbol) != -1)
{
encoded.Append(symbol);
}
else
{
encoded.Append("%").Append(string.Format(CultureInfo.InvariantCulture, "{0:X2}", (int) symbol));
}
}
return encoded.ToString();
}
public static byte[] Hash(string value)
{
return new SHA256CryptoServiceProvider().ComputeHash(Encoding.UTF8.GetBytes(value));
}
public static byte[] GetKeyedHash(string key, string value)
{
return GetKeyedHash(Encoding.UTF8.GetBytes(key), value);
}
public static byte[] GetKeyedHash(byte[] key, string value)
{
KeyedHashAlgorithm mac = new HMACSHA256(key);
mac.Initialize();
return mac.ComputeHash(Encoding.UTF8.GetBytes(value));
}
public static string ToHex(byte[] data)
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sb.Append(data[i].ToString("x2", CultureInfo.InvariantCulture));
}
return sb.ToString();
}
}
}
}
@OldWarrior3000
Copy link

Thanks @AndrewMaisey, worked great for me!

@rasputino
Copy link

Thanks @AndrewMaisey, after some hours wasting time with another libraries your code works really good!

@jchristn
Copy link

Thanks for posting this @yvanin - I put together a NuGet package which creates AWS V4 signatures and would love your feedback. Cheers, Joel

https://github.com/jchristn/AWSSignatureGenerator/

@priyankasrion
Copy link

Do we have any nuget packager for .net Framework 2.1 application to sign AWS API request?
https://github.com/aws-samples/sigv4a-signing-examples/blob/main/dotnet/ seems to be for dotnet core only.

@TusharGupta329
Copy link

TusharGupta329 commented Sep 24, 2024

Hi ,
I used the logic in this code to calculate AWS V4 signature for putting object in s3 bucket. I am getting below error when I tried it.
"The format of value 'Authorization header value' is invalid."
Has anyone faced this issue? Pointers would be very helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment