Skip to content

Commit 321c4aa

Browse files
author
Yosuke Matsuda
committed
Version 2 of the AWS Mobile SDK for iOS 2.0.6.
1 parent c1f1bda commit 321c4aa

File tree

206 files changed

+27686
-22120
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

206 files changed

+27686
-22120
lines changed

AWSCore/AWSCore.h

+2-4
Original file line numberDiff line numberDiff line change
@@ -15,18 +15,16 @@
1515

1616
#import <Foundation/Foundation.h>
1717

18-
#import "AmazonCore.h"
19-
2018
#import "AWSService.h"
2119
#import "AWSNetworking.h"
2220
#import "AWSCredentialsProvider.h"
2321
#import "AWSValidation.h"
2422
#import "AWSURLRequestSerialization.h"
2523
#import "AWSURLResponseSerialization.h"
2624
#import "AWSClientContext.h"
25+
#import "AWSCategory.h"
26+
#import "AWSLogging.h"
2727

2828
#import "STS.h"
2929
#import "CognitoIdentityService.h"
30-
31-
#import "EventRecorderService.h"
3230
#import "MobileAnalytics.h"

AWSCore/Authentication/AWSCredentialsProvider.h

+13-7
Original file line numberDiff line numberDiff line change
@@ -73,17 +73,21 @@ typedef NS_ENUM(NSInteger, AWSCognitoLoginProviderKey) {
7373

7474
@property (nonatomic, strong) NSString *webIdentityToken;
7575
@property (nonatomic, strong) NSString *roleArn;
76-
@property (nonatomic, strong) NSString *provider;
76+
@property (nonatomic, strong) NSString *roleSessionName;
77+
78+
@property (nonatomic, strong) NSString *providerId;
7779

7880
+ (instancetype)credentialsWithRegionType:(AWSRegionType)regionType
79-
provider:(NSString *)provider
80-
webIdentityToken:(NSString *)webIdentityToken
81-
roleArn:(NSString *)roleArn;
81+
providerId:(NSString *)providerId
82+
roleArn:(NSString *)roleArn
83+
roleSessionName:(NSString *)roleSessionName
84+
webIdentityToken:(NSString *)webIdentityToken;
8285

8386
- (instancetype)initWithRegionType:(AWSRegionType)regionType
84-
provider:(NSString *)provider
85-
webIdentityToken:(NSString *)webIdentityToken
86-
roleArn:(NSString *)roleArn;
87+
providerId:(NSString *)providerId
88+
roleArn:(NSString *)roleArn
89+
roleSessionName:(NSString *)roleSessionName
90+
webIdentityToken:(NSString *)webIdentityToken;
8791

8892
- (BFTask *)refresh;
8993

@@ -142,4 +146,6 @@ typedef NS_ENUM(NSInteger, AWSCognitoLoginProviderKey) {
142146

143147
- (void)clearKeychain;
144148

149+
- (void)clearCredentials;
150+
145151
@end

AWSCore/Authentication/AWSCredentialsProvider.m

+41-30
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
#import "AWSCredentialsProvider.h"
1717
#import "STS.h"
1818
#import "UICKeyChainStore.h"
19+
#import "AWSLogging.h"
1920

2021
NSString *const AWSCognitoIdentityIdChangedNotification = @"com.amazonaws.services.cognitoidentity.AWSCognitoIdentityIdChangedNotification";
2122
NSString *const AWSCognitoNotificationPreviousId = @"PREVID";
@@ -76,25 +77,29 @@ @interface AWSWebIdentityCredentialsProvider()
7677
@implementation AWSWebIdentityCredentialsProvider
7778

7879
+ (instancetype)credentialsWithRegionType:(AWSRegionType)regionType
79-
provider:(NSString *)provider
80-
webIdentityToken:(NSString *)webIdentityToken
81-
roleArn:(NSString *)roleArn {
80+
providerId:(NSString *)providerId
81+
roleArn:(NSString *)roleArn
82+
roleSessionName:(NSString *)roleSessionName
83+
webIdentityToken:(NSString *)webIdentityToken {
8284
AWSWebIdentityCredentialsProvider *credentialsProvider = [[AWSWebIdentityCredentialsProvider alloc] initWithRegionType:regionType
83-
provider:provider
84-
webIdentityToken:webIdentityToken
85-
roleArn:roleArn];
85+
providerId:providerId
86+
roleArn:roleArn
87+
roleSessionName:roleSessionName
88+
webIdentityToken:webIdentityToken];
8689
return credentialsProvider;
8790
}
8891

8992
- (instancetype)initWithRegionType:(AWSRegionType)regionType
90-
provider:(NSString *)provider
91-
webIdentityToken:(NSString *)webIdentityToken
92-
roleArn:(NSString *)roleArn {
93+
providerId:(NSString *)providerId
94+
roleArn:(NSString *)roleArn
95+
roleSessionName:(NSString *)roleSessionName
96+
webIdentityToken:(NSString *)webIdentityToken {
9397
if (self = [super init]) {
94-
_keychain = [UICKeyChainStore keyChainStoreWithService:[NSString stringWithFormat:@"%@.%@.%@", provider, webIdentityToken, roleArn]];
95-
_provider = provider;
96-
_webIdentityToken = webIdentityToken;
98+
_keychain = [UICKeyChainStore keyChainStoreWithService:[NSString stringWithFormat:@"%@.%@.%@", providerId, webIdentityToken, roleArn]];
99+
_providerId = providerId;
97100
_roleArn = roleArn;
101+
_roleSessionName = roleSessionName;
102+
_webIdentityToken = webIdentityToken;
98103

99104
AWSAnonymousCredentialsProvider *credentialsProvider = [AWSAnonymousCredentialsProvider new];
100105
AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:regionType
@@ -109,9 +114,11 @@ - (instancetype)initWithRegionType:(AWSRegionType)regionType
109114
- (BFTask *)refresh {
110115
// request new credentials
111116
AWSSTSAssumeRoleWithWebIdentityRequest *webIdentityRequest = [AWSSTSAssumeRoleWithWebIdentityRequest new];
117+
webIdentityRequest.providerId = self.providerId;
112118
webIdentityRequest.roleArn = self.roleArn;
119+
webIdentityRequest.roleSessionName = self.roleSessionName;
113120
webIdentityRequest.webIdentityToken = self.webIdentityToken;
114-
webIdentityRequest.roleSessionName = @"iOS-Provider";
121+
115122
return [[self.sts assumeRoleWithWebIdentity:webIdentityRequest] continueWithBlock:^id(BFTask *task) {
116123
if (task.result) {
117124
AWSSTSAssumeRoleWithWebIdentityResponse *wifResponse = task.result;
@@ -132,6 +139,7 @@ - (BFTask *)refresh {
132139
[self.keychain removeItemForKey:@"secretKey"];
133140
[self.keychain removeItemForKey:@"sessionKey"];
134141
[self.keychain removeItemForKey:@"expiration"];
142+
[self.keychain synchronize];
135143
}
136144
}
137145

@@ -285,12 +293,12 @@ - (BFTask *)refresh {
285293
return task;
286294
}
287295

288-
AZLogError(@"GetOpenIdToken failed. Error is [%@]", task.error);
289-
AZLogVerbose(@"Calling GetId");
296+
AWSLogError(@"GetOpenIdToken failed. Error is [%@]", task.error);
297+
AWSLogVerbose(@"Calling GetId");
290298
// if it's auth, reset id and refetch
291299
[self clearKeychain];
292300
return [[self getIdentityId] continueWithSuccessBlock:^id(BFTask *task) {
293-
AZLogVerbose(@"Retrying GetOpenIdToken");
301+
AWSLogVerbose(@"Retrying GetOpenIdToken");
294302

295303
// retry get token
296304
AWSCognitoIdentityServiceGetOpenIdTokenInput *tokenRetry = [AWSCognitoIdentityServiceGetOpenIdTokenInput new];
@@ -338,20 +346,14 @@ - (BFTask *)refresh {
338346
}
339347
} else {
340348
// reset the values for the credentials
341-
@synchronized(self) {
342-
self.keychain[@"accessKey"] = nil;
343-
self.keychain[@"secretKey"] = nil;
344-
self.keychain[@"sessionKey"] = nil;
345-
self.keychain[@"expiration"] = nil;
346-
[self.keychain synchronize];
347-
}
349+
[self clearCredentials];
348350
}
349351

350352
return task;
351353
}];
352354
}] continueWithBlock:^id(BFTask *task) {
353355
if (task.error) {
354-
AZLogError(@"Unable to refresh. Error is [%@]", task.error);
356+
AWSLogError(@"Unable to refresh. Error is [%@]", task.error);
355357
}
356358

357359
dispatch_semaphore_signal(semaphore);
@@ -376,7 +378,7 @@ - (BFTask *)getIdentityId {
376378

377379
return [[self.cib getId:getIdInput] continueWithBlock:^id(BFTask *task) {
378380
if (task.error) {
379-
AZLogError(@"GetId failed. Error is [%@]", task.error);
381+
AWSLogError(@"GetId failed. Error is [%@]", task.error);
380382
} else {
381383
AWSCognitoIdentityServiceGetIdResponse *getIdResponse = task.result;
382384
[self postIdentityIdChangedNotification:getIdResponse.identityId];
@@ -398,11 +400,17 @@ - (BFTask *)getIdentityId {
398400

399401
- (void)clearKeychain {
400402
@synchronized(self) {
401-
self.keychain[@"identityId"] = nil;
402-
self.keychain[@"accessKey"] = nil;
403-
self.keychain[@"secretKey"] = nil;
404-
self.keychain[@"sessionKey"] = nil;
405-
self.keychain[@"expiration"] = nil;
403+
[self.keychain removeItemForKey:@"identityId"];
404+
[self clearCredentials];
405+
}
406+
}
407+
408+
- (void)clearCredentials {
409+
@synchronized(self) {
410+
[self.keychain removeItemForKey:@"accessKey"];
411+
[self.keychain removeItemForKey:@"secretKey"];
412+
[self.keychain removeItemForKey:@"sessionKey"];
413+
[self.keychain removeItemForKey:@"expiration"];
406414
[self.keychain synchronize];
407415
}
408416
}
@@ -444,6 +452,9 @@ - (NSDate *)expiration {
444452

445453
- (void)setLogins:(NSDictionary *)logins {
446454
_logins = [self updateKeysForLogins:logins];
455+
// invalidate the credentials, so next time we
456+
// are forced to get a new token (and perhaps merge)
457+
[self clearCredentials];
447458
}
448459

449460
- (NSDictionary *)updateKeysForLogins:(NSDictionary *)logins {

AWSCore/Authentication/AWSSignature.h

+3-3
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
*/
1515

1616
#import <Foundation/Foundation.h>
17-
#import "AZNetworking.h"
17+
#import "AWSNetworking.h"
1818

1919
@class AWSEndpoint;
2020

@@ -29,7 +29,7 @@
2929

3030
@end
3131

32-
@interface AWSSignatureV4Signer : NSObject <AZNetworkingRequestInterceptor>
32+
@interface AWSSignatureV4Signer : NSObject <AWSNetworkingRequestInterceptor>
3333

3434
@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> credentialsProvider;
3535

@@ -41,7 +41,7 @@
4141

4242
@end
4343

44-
@interface AWSSignatureV2Signer : NSObject <AZNetworkingRequestInterceptor>
44+
@interface AWSSignatureV2Signer : NSObject <AWSNetworkingRequestInterceptor>
4545

4646
@property (nonatomic, strong, readonly) id<AWSCredentialsProvider> credentialsProvider;
4747

AWSCore/Authentication/AWSSignature.m

+23-23
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@
1818
#import <CommonCrypto/CommonDigest.h>
1919
#import <CommonCrypto/CommonHMAC.h>
2020
#import <CommonCrypto/CommonCryptor.h>
21-
#import "AZCategory.h"
21+
#import "AWSCategory.h"
2222
#import "AWSService.h"
2323
#import "AWSCredentialsProvider.h"
24-
#import "AZLogging.h"
24+
#import "AWSLogging.h"
2525

2626
NSString *const AWSSigV4Marker = @"AWS4";
2727
NSString *const AWSSigV4Algorithm = @"AWS4-HMAC-SHA256";
@@ -110,7 +110,7 @@ + (NSString *)HMACSign:(NSData *)data withKey:(NSString *)key usingAlgorithm:(CC
110110

111111
NSData *digestData = [NSData dataWithBytes:digestRaw length:digestLength];
112112

113-
return [digestData az_base64EncodedString];
113+
return [digestData aws_base64EncodedString];
114114
}
115115

116116
@end
@@ -185,8 +185,8 @@ - (NSString *)signS3RequestV4:(NSMutableURLRequest *)urlRequest {
185185
// }
186186

187187
NSDate *date = [NSDate date];
188-
NSString *dateStamp = [date az_stringValue:AZDateShortDateFormat1];
189-
//NSString *dateTime = [date az_stringValue:AZDateAmzDateFormat];
188+
NSString *dateStamp = [date aws_stringValue:AWSDateShortDateFormat1];
189+
//NSString *dateTime = [date aws_stringValue:AWSDateAmzDateFormat];
190190

191191
NSString *scope = [NSString stringWithFormat:@"%@/%@/%@/%@", dateStamp, self.endpoint.regionName, self.endpoint.serviceName, AWSSigV4Terminator];
192192
NSString *signingCredentials = [NSString stringWithFormat:@"%@/%@", self.credentialsProvider.accessKey, scope];
@@ -199,7 +199,7 @@ - (NSString *)signS3RequestV4:(NSMutableURLRequest *)urlRequest {
199199
path = [NSString stringWithFormat:@"/"];
200200
} else {
201201
// SigV4 signs escaped path string
202-
path = [[path az_stringWithURLEncoding] stringByReplacingOccurrencesOfString:@"\%2F" withString:@"/"];
202+
path = [[path aws_stringWithURLEncoding] stringByReplacingOccurrencesOfString:@"\%2F" withString:@"/"];
203203
}
204204
NSString *query = urlRequest.URL.query;
205205
if (query == nil) {
@@ -238,14 +238,14 @@ - (NSString *)signS3RequestV4:(NSMutableURLRequest *)urlRequest {
238238
query:query
239239
headers:headers
240240
contentSha256:contentSha256];
241-
AZLogDebug(@"Canonical request: [%@]", canonicalRequest);
241+
AWSLogDebug(@"Canonical request: [%@]", canonicalRequest);
242242

243243
NSString *stringToSign = [NSString stringWithFormat:@"%@\n%@\n%@\n%@",
244244
AWSSigV4Algorithm,
245245
[urlRequest valueForHTTPHeaderField:@"X-Amz-Date"],
246246
scope,
247247
[AWSSignatureSignerUtility hexEncode:[AWSSignatureSignerUtility hashString:canonicalRequest]]];
248-
AZLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
248+
AWSLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
249249

250250
NSData *kSigning = [self getV4DerivedKey:self.credentialsProvider.secretKey
251251
date:dateStamp
@@ -282,12 +282,12 @@ - (NSString *)signRequestV4:(NSURLRequest *)request{
282282
return nil;
283283
}
284284

285-
NSDate *xAmzDate = [NSDate az_dateFromString:[request valueForHTTPHeaderField:@"X-Amz-Date"]
286-
format:AZDateISO8601DateFormat2];
285+
NSDate *xAmzDate = [NSDate aws_dateFromString:[request valueForHTTPHeaderField:@"X-Amz-Date"]
286+
format:AWSDateISO8601DateFormat2];
287287

288-
NSString *dateStamp = [xAmzDate az_stringValue:AZDateShortDateFormat1];
288+
NSString *dateStamp = [xAmzDate aws_stringValue:AWSDateShortDateFormat1];
289289

290-
NSString *path = [request.URL.path az_stringWithURLEncodingPath];
290+
NSString *path = [request.URL.path aws_stringWithURLEncodingPath];
291291
if (path.length == 0) {
292292
path = [NSString stringWithFormat:@"/"];
293293
}
@@ -304,8 +304,8 @@ - (NSString *)signRequestV4:(NSURLRequest *)request{
304304
headers:request.allHTTPHeaderFields
305305
contentSha256:contentSha256];
306306

307-
AZLogDebug(@"AWS4 Canonical Request: [%@]", canonicalRequest);
308-
AZLogDebug(@"payload %@",[[NSString alloc] initWithData:request.HTTPBody encoding:NSUTF8StringEncoding]);
307+
AWSLogDebug(@"AWS4 Canonical Request: [%@]", canonicalRequest);
308+
AWSLogDebug(@"payload %@",[[NSString alloc] initWithData:request.HTTPBody encoding:NSUTF8StringEncoding]);
309309

310310
NSString *scope = [NSString stringWithFormat:@"%@/%@/%@/%@",
311311
dateStamp,
@@ -321,7 +321,7 @@ - (NSString *)signRequestV4:(NSURLRequest *)request{
321321
scope,
322322
[AWSSignatureSignerUtility hexEncode:[AWSSignatureSignerUtility hashString:canonicalRequest]]];
323323

324-
AZLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
324+
AWSLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
325325

326326
NSData *kSigning = [self getV4DerivedKey:self.credentialsProvider.secretKey
327327
date:dateStamp
@@ -455,9 +455,9 @@ + (NSString *)canonicalizedQueryString:(NSDictionary *)parameters {
455455
NSString *key = [sortedKeys objectAtIndex:index];
456456
NSString *value = (NSString *)[parameters valueForKey:key];
457457

458-
[mutableHTTPBodyString appendString:[key az_stringWithURLEncoding]];
458+
[mutableHTTPBodyString appendString:[key aws_stringWithURLEncoding]];
459459
[mutableHTTPBodyString appendString:@"="];
460-
[mutableHTTPBodyString appendString:[value az_stringWithURLEncoding]];
460+
[mutableHTTPBodyString appendString:[value aws_stringWithURLEncoding]];
461461

462462
if (index < [sortedKeys count] - 1) {
463463
[mutableHTTPBodyString appendString:@"&"];
@@ -527,7 +527,7 @@ - (BFTask *)interceptRequest:(NSMutableURLRequest *)request {
527527
[parameters setObject:@"HmacSHA256" forKey:@"SignatureMethod"];
528528
[parameters setObject:@"2" forKey:@"SignatureVersion"];
529529
[parameters setObject:self.credentialsProvider.accessKey forKey:@"AWSAccessKeyId"];
530-
[parameters setObject:[[NSDate date] az_stringValue:AZDateISO8601DateFormat3]
530+
[parameters setObject:[[NSDate date] aws_stringValue:AWSDateISO8601DateFormat3]
531531
forKey:@"Timestamp"];
532532
//Added SecurityToken field in QueryString for SigV2 if STS has been used.
533533
if ([self.credentialsProvider respondsToSelector:@selector(sessionKey)]) {
@@ -540,7 +540,7 @@ - (BFTask *)interceptRequest:(NSMutableURLRequest *)request {
540540
NSString *signature = [AWSSignatureSignerUtility HMACSign:dataToSign
541541
withKey:self.credentialsProvider.secretKey
542542
usingAlgorithm:kCCHmacAlgSHA256];
543-
[canonicalizedQueryString appendFormat:@"&Signature=%@", [signature az_stringWithURLEncoding]];
543+
[canonicalizedQueryString appendFormat:@"&Signature=%@", [signature aws_stringWithURLEncoding]];
544544
request.HTTPBody = [canonicalizedQueryString dataUsingEncoding:NSUTF8StringEncoding];
545545

546546
return nil;
@@ -639,7 +639,7 @@ - (BOOL)nextChunk {
639639
NSData *data = [NSData dataWithBytesNoCopy:chunkBuffer length:read];
640640
[self.chunkData appendData:[self getSignedChunk:data]];
641641

642-
AZLogDebug(@"stream read: %ld, chunk size: %lu", (long)read, (unsigned long)[self.chunkData length]);
642+
AWSLogDebug(@"stream read: %ld, chunk size: %lu", (long)read, (unsigned long)[self.chunkData length]);
643643

644644
return YES;
645645
}
@@ -650,18 +650,18 @@ - (NSData *)getSignedChunk:(NSData *)data {
650650
NSString *stringToSign = [NSString stringWithFormat:
651651
@"%@\n%@\n%@\n%@\n%@\n%@",
652652
@"AWS4-HMAC-SHA256-PAYLOAD",
653-
[self.date az_stringValue:AZDateISO8601DateFormat2],
653+
[self.date aws_stringValue:AWSDateISO8601DateFormat2],
654654
self.scope,
655655
self.priorSha256,
656656
emptyStringSha256,
657657
chunkSha256];
658-
AZLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
658+
AWSLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
659659

660660
NSData *signature = [AWSSignatureSignerUtility sha256HMacWithData:[stringToSign dataUsingEncoding:NSUTF8StringEncoding]
661661
withKey:self.kSigning];
662662
self.priorSha256 = [self dataToHexString:signature];
663663
NSString *chunkedHeader = [NSString stringWithFormat:@"%06lx;chunk-signature=%@\r\n", (unsigned long)[data length], self.priorSha256];
664-
AZLogDebug(@"AWS4 Chunked Header: [%@]", chunkedHeader);
664+
AWSLogDebug(@"AWS4 Chunked Header: [%@]", chunkedHeader);
665665

666666
NSMutableData *signedChunk = [NSMutableData data];
667667
[signedChunk appendData:[chunkedHeader dataUsingEncoding:NSUTF8StringEncoding]];

0 commit comments

Comments
 (0)