AuthAws C++ Reference Documentation
CkAuthAws
Current Version: 11.5.0
Chilkat.AuthAws
Provide AWS signing settings to
Sign requests using AWS Signature Version 4, including service, region,
credentials, headers, and request payload details.
Use access keys and secret keys directly, or use secret specifiers when
credentials should be resolved from a secure credential source.
Configure the AWS region and service name so signatures are generated
for the correct AWS endpoint.
Include session tokens when signing requests with temporary AWS
credentials from STS, IAM roles, or similar credential flows.
Generate temporary Signature V4 pre-signed URLs when a client needs
limited-time access without sending AWS credentials.
For an extended overview, see
AuthAws Class Overview.
Configure AWS request signing for REST calls and temporary pre-signed URLs.
Chilkat.AuthAws holds the AWS authentication settings used by
Chilkat.Rest when sending signed AWS requests. It supports AWS
Signature Version 4 by default, can optionally use the older Signature
Version 2 where applicable, accepts direct credential values or secure secret
specifiers, and can generate temporary Signature V4 pre-signed URLs for AWS
services.
REST authentication object
Chilkat.Rest so outgoing
requests are authenticated according to AWS requirements.
Signature Version 4
Credentials and secrets
Region and service targeting
Temporary credentials
Pre-signed URLs
AuthAws object with the AWS access key,
secret key or secret specifier, region, service name, and optional session
token, then pass it to Chilkat.Rest before sending the request.
Use AuthAws for AWS request signing; use service-specific
Chilkat classes or Chilkat.Http/Chilkat.Rest for
constructing and sending the actual API request.
Object Creation
// Local variable on the stack CkAuthAws obj; // Dynamically allocate/delete CkAuthAws *pObj = new CkAuthAws(); // ... delete pObj;
Properties
AccessKey
const char *accessKey(void);
void put_AccessKey(const char *newVal);
The AWS access key.
topCanonicalizedResourceV2
const char *canonicalizedResourceV2(void);
void put_CanonicalizedResourceV2(const char *newVal);
If AWS Signature Version V2 is used, then this property must be set. The rules for setting the canonicalized resource for the V2 signature method is described here: Constructing the CanonicalizedResource Element.
DebugLogFilePath
const char *debugLogFilePath(void);
void put_DebugLogFilePath(const char *newVal);
If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.
Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.
Possible causes of hangs include:
- A timeout property set to 0, indicating an infinite timeout.
- A hang occurring within an event callback in the application code.
- An internal bug in the Chilkat code causing the hang.
EnableSecrets
void put_EnableSecrets(bool newVal);
If true a secret specifier of the format "!!part1|part2|.." can be provided instead of the actual value for the AccessKey and SecretKey properties.
The default value is false.
LastErrorHtml
Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastErrorText
Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
LastErrorXml
Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastMethodSuccess
void put_LastMethodSuccess(bool newVal);
Indicates the success or failure of the most recent method call: true means success, false means failure. This property remains unchanged by property setters or getters. This method is present to address challenges in checking for null or Nothing returns in certain programming languages. Note: This property does not apply to methods that return integer values or to boolean-returning methods where the boolean does not indicate success or failure.
PrecomputedMd5
const char *precomputedMd5(void);
void put_PrecomputedMd5(const char *newVal);
This property can optionally be set for AWS requests that have a non-empty request body. This should be the base64 encoding of the 16 bytes of the MD5 hash. The most common need for this is if doing an S3 upload from a stream. (If the pre-computed MD5 is not provided, then Chilkat is forced to stream the entire file into memory so that it can calculate the MD5 for authentication.)
Note: AWS Signature Version 2 uses the MD5, whereas Signature Version 4 uses SHA256.
topPrecomputedSha256
const char *precomputedSha256(void);
void put_PrecomputedSha256(const char *newVal);
This property can optionally be set for AWS requests that have a non-empty request body. This should be the lowercase hex encoding of the 32-bytes of the SHA256 hash. The most common need for this is if doing an S3 upload from a stream. (If the pre-computed SHA-256 is not provided, then Chilkat is forced to stream the entire file into memory so that it can calculate the SHA-256 for authentication.)
Note: AWS Signature Version 4 uses the SHA256 hash. (AWS Signature Version 2 uses MD5)
Region
The AWS region, such as us-east-1, us-west-2, eu-west-1, eu-central-1, etc. The default is us-east-1. It is only used when the SignatureVersion property is set to 4. This property is unused when the SignatureVersion property is set to 2.
SecretKey
const char *secretKey(void);
void put_SecretKey(const char *newVal);
The AWS secret key.
topServiceName
const char *serviceName(void);
void put_ServiceName(const char *newVal);
The AWS service namespace, such as s3, ses, etc. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
This property is unused when the SignatureVersion property is set to 2.
topSignatureVersion
void put_SignatureVersion(int newVal);
The AWS Signature Version to be used in authentication. The default value is 4. This can optionally be set to the value 2 to use the older V2 signature version.
topUtf8
void put_Utf8(bool newVal);
When set to true, all const char * arguments and return values are interpreted as UTF-8 strings. When set to false, they are interpreted as ANSI strings.
In Chilkat v11.0.0 and later, the default value is true. Before v11.0.0, it was false.
VerboseLogging
void put_VerboseLogging(bool newVal);
If set to true, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is false. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
Version
Methods
GenPresignedUrl
const char *genPresignedUrl(const char *httpVerb, bool useHttps, const char *domain, const char *path, int numSecondsValid, const char *awsService);
Generates a temporary pre-signed URL for an Amazon AWS service using AWS Signature V4. Requires that the SecretKey, AccessKey, and Region properties be set to valid values prior to calling this method.
The URL that is generated has this format:
https://<domain>/<path> ?X-Amz-Algorithm=AWS4-HMAC-SHA256 &X-Amz-Credential=<AccessKey>/<currentDate>/<Region>/<awsService>/aws4_request &X-Amz-Date=<currentDateTime> &X-Amz-Expires=<numSecondsValid> &X-Amz-SignedHeaders=host &X-Amz-Signature=<signature-value>
The httpVerb is the HTTP verb such as GET, PUT, POST, DELETE, etc. The awsService is a string naming the AWS service, such as s3, execute-api, etc. If useHttps is true, then the returned URL begins with https://, otherwise it begins with http://.
Note: It is generally not feasible to use pre-signed URLs for POST operations for any AWS service except for S3. See AWS Pre-Signed URLs for POST Operations (non-S3)
Returns true for success, false for failure.
top