in aws-android-sdk-appsync/src/main/java/com/amazonaws/mobileconnectors/appsync/sigv4/AppSyncSigV4SignerInterceptor.java [116:199]
public Response intercept(Chain chain) throws IOException {
Log.d(TAG, "Signer Interceptor called");
Request req = chain.request();
//Clone the request into a new DefaultRequest object and populate it with credentials
DefaultRequest dr = new DefaultRequest(SERVICE_NAME);
//set the endpoint
dr.setEndpoint(req.url().uri());
//copy all the headers
for(String headerName : req.headers().names()) {
dr.addHeader(headerName, req.header(headerName));
}
//set the http method
dr.setHttpMethod(HttpMethodName.valueOf(req.method()));
//Add User Agent
String userAgent = StringUtils.toHumanReadableAscii(VersionInfoUtils.getUserAgent());
dr.addHeader(HEADER_USER_AGENT, userAgent);
//write the body to a byte array stream.
final Buffer buffer = new Buffer();
req.body().writeTo(buffer);
dr.setContent(buffer.inputStream());
Buffer body = buffer.clone();
//Sign or Decorate request with the required headers
if (AuthMode.IAM.equals(authMode)) {
//get the aws credentials from provider.
try {
//Get credentials - This will refresh the credentials if necessary
AWSCredentials credentials = this.credentialsProvider.getCredentials();
//sign the request
new AppSyncV4Signer(this.awsRegion).sign(dr, credentials);
} catch (Exception e) {
throw new IOException("Failed to read credentials to sign the request.", e);
}
} else if (AuthMode.API_KEY.equals(authMode)) {
dr.addHeader(X_API_KEY, apiKey.getAPIKey());
if (subscriberUUID != null ) {
Log.d(TAG,"Subscriber ID is " + subscriberUUID);
dr.addHeader(X_AMZ_SUBSCRIBER_ID, subscriberUUID);
}
} else if (AuthMode.USERPOOLS_AUTHORIZATION_TOKEN.equals(authMode)) {
try {
dr.addHeader(AUTHORIZATION, cognitoUserPoolsAuthProvider.getLatestAuthToken());
} catch (Exception e) {
IOException ioe = new IOException("Failed to retrieve Cognito User Pools token.", e);
throw ioe;
}
} else if (AuthMode.OIDC_AUTHORIZATION_TOKEN.equals(authMode)) {
try {
dr.addHeader(AUTHORIZATION, oidcAuthProvider.getLatestAuthToken());
} catch (Exception e) {
IOException ioe = new IOException("Failed to retrieve OIDC token.", e);
throw ioe;
}
} else if (AuthMode.AWS_LAMBDA_AUTHORIZATION_TOKEN.equals(authMode)) {
try {
dr.addHeader(AUTHORIZATION, awsLambdaAuthProvider.getLatestAuthToken());
} catch (Exception e) {
IOException ioe = new IOException("Failed to retrieve AWS Lambda authorization token.", e);
throw ioe;
}
}
//Copy the signed/credentialed request back into an OKHTTP Request object.
Request.Builder okReqBuilder = new Request.Builder();
//set the headers from default request, since it contains the signed headers as well.
for (Map.Entry<String, String> e : (Set<Map.Entry<String, String>>)dr.getHeaders().entrySet()) {
okReqBuilder.addHeader(e.getKey(), e.getValue());
}
//Set the URL and Method
okReqBuilder.url(req.url());
okReqBuilder.method(req.method(), RequestBody.create(JSON_MEDIA_TYPE, body.readByteArray()));
//continue with chain.
Response res = chain.proceed(okReqBuilder.build());
return res;
}