in source/aws_signing.c [1610:1669]
static int s_build_credential_scope(struct aws_signing_state_aws *state) {
AWS_ASSERT(state->credential_scope.len == 0);
const struct aws_signing_config_aws *config = &state->config;
struct aws_byte_buf *dest = &state->credential_scope;
/*
* date output uses the non-dynamic append, so make sure there's enough room first
*/
if (aws_byte_buf_reserve_relative(dest, AWS_DATE_TIME_STR_MAX_LEN)) {
return AWS_OP_ERR;
}
if (aws_date_time_to_utc_time_short_str(&config->date, AWS_DATE_FORMAT_ISO_8601_BASIC, dest)) {
return AWS_OP_ERR;
}
if (aws_byte_buf_append_byte_dynamic(dest, '/')) {
return AWS_OP_ERR;
}
if (config->algorithm != AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
if (aws_byte_buf_append_dynamic(dest, &config->region)) {
return AWS_OP_ERR;
}
if (aws_byte_buf_append_byte_dynamic(dest, '/')) {
return AWS_OP_ERR;
}
}
if (aws_byte_buf_append_dynamic(dest, &config->service)) {
return AWS_OP_ERR;
}
if (aws_byte_buf_append_byte_dynamic(dest, '/')) {
return AWS_OP_ERR;
}
if (s_append_credential_scope_terminator(state->config.algorithm, dest)) {
return AWS_OP_ERR;
}
/* While we're at it, build the accesskey/credential scope string which is used during query param signing*/
struct aws_byte_cursor access_key_cursor = aws_credentials_get_access_key_id(state->config.credentials);
if (aws_byte_buf_append_dynamic(&state->access_credential_scope, &access_key_cursor)) {
return AWS_OP_ERR;
}
if (aws_byte_buf_append_byte_dynamic(&state->access_credential_scope, '/')) {
return AWS_OP_ERR;
}
struct aws_byte_cursor credential_scope_cursor = aws_byte_cursor_from_buf(&state->credential_scope);
if (aws_byte_buf_append_dynamic(&state->access_credential_scope, &credential_scope_cursor)) {
return AWS_OP_ERR;
}
return AWS_OP_SUCCESS;
}