in source/aws_signing.c [773:880]
static int s_add_authorization_query_params(
struct aws_signing_state_aws *state,
struct aws_array_list *unencoded_query_params) {
if (state->config.signature_type != AWS_ST_HTTP_REQUEST_QUERY_PARAMS) {
return AWS_OP_SUCCESS;
}
int result = AWS_OP_ERR;
/* X-Amz-Algorithm */
struct aws_uri_param algorithm_param = {
.key = aws_byte_cursor_from_string(g_aws_signing_algorithm_query_param_name),
};
if (s_get_signature_type_cursor(state, &algorithm_param.value)) {
goto done;
}
if (s_add_authorization_query_param(state, unencoded_query_params, &algorithm_param)) {
goto done;
}
/* X-Amz-Credential */
struct aws_uri_param credential_param = {
.key = aws_byte_cursor_from_string(g_aws_signing_credential_query_param_name),
.value = aws_byte_cursor_from_buf(&state->access_credential_scope),
};
if (s_add_authorization_query_param(state, unencoded_query_params, &credential_param)) {
goto done;
}
/* X-Amz-Date */
struct aws_uri_param date_param = {
.key = aws_byte_cursor_from_string(g_aws_signing_date_name),
.value = aws_byte_cursor_from_buf(&state->date),
};
if (s_add_authorization_query_param(state, unencoded_query_params, &date_param)) {
goto done;
}
/* X-Amz-SignedHeaders */
struct aws_uri_param signed_headers_param = {
.key = aws_byte_cursor_from_string(g_aws_signing_signed_headers_query_param_name),
.value = aws_byte_cursor_from_buf(&state->signed_headers),
};
if (s_add_authorization_query_param(state, unencoded_query_params, &signed_headers_param)) {
goto done;
}
/* X-Amz-Expires */
uint64_t expiration_in_seconds = state->config.expiration_in_seconds;
if (expiration_in_seconds > 0) {
struct aws_uri_param expires_param = {
.key = aws_byte_cursor_from_string(g_aws_signing_expires_query_param_name),
.value = aws_byte_cursor_from_c_str(state->expiration_array),
};
if (s_add_authorization_query_param(state, unencoded_query_params, &expires_param)) {
goto done;
}
}
/* X-Amz-Security-token */
struct aws_byte_cursor security_token_name_cur = aws_byte_cursor_from_string(g_aws_signing_security_token_name);
struct aws_byte_cursor session_token_cursor = aws_credentials_get_session_token(state->config.credentials);
if (session_token_cursor.len > 0) {
struct aws_uri_param security_token_param = {
.key = security_token_name_cur,
.value = session_token_cursor,
};
/* If omit_session_token is true, then security token is added to the
* final signing result, but is treated as "unsigned" and does not
* contribute to the authorization signature */
if (state->config.flags.omit_session_token) {
if (s_add_query_param_to_signing_result(state, &security_token_param)) {
goto done;
}
} else {
if (s_add_authorization_query_param(state, unencoded_query_params, &security_token_param)) {
goto done;
}
}
}
/* X-Amz-Region-Set */
if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
struct aws_uri_param region_set_param = {
.key = aws_byte_cursor_from_string(g_aws_signing_region_set_name),
.value = state->config.region,
};
if (s_add_authorization_query_param(state, unencoded_query_params, ®ion_set_param)) {
goto done;
}
}
/* NOTE: Update MAX_AUTHORIZATION_QUERY_PARAM_COUNT if more params added */
result = AWS_OP_SUCCESS;
done:
return result;
}