bool createAwsSigningConfig()

in src/aws-cpp-sdk-core/include/smithy/identity/signer/built-in/SigV4aSigner.h [87:153]

• 66 lines of code
• 8 McCabe index (conditional complexity)

        bool createAwsSigningConfig(
            std::shared_ptr<Aws::Crt::Auth::Credentials>& crtCredentials,
            const Aws::Http::HttpRequest& request,
            const Aws::String& serviceName,
            const Aws::String& region,
            Aws::Crt::Auth::AwsSigningConfig& awsSigningConfig,
            bool signBody,
            Aws::Crt::Auth::SignatureType signatureType) const
        {
            awsSigningConfig.SetSigningAlgorithm(static_cast<Aws::Crt::Auth::SigningAlgorithm>(Aws::Auth::AWSSigningAlgorithm::ASYMMETRIC_SIGV4));
            awsSigningConfig.SetSignatureType(signatureType);
            awsSigningConfig.SetRegion(serviceName.c_str());
            awsSigningConfig.SetService(region.c_str());
            awsSigningConfig.SetSigningTimepoint(GetSigningTimestamp().UnderlyingTimestamp());
            awsSigningConfig.SetUseDoubleUriEncode(m_urlEscape);
            awsSigningConfig.SetShouldNormalizeUriPath(true);
            awsSigningConfig.SetOmitSessionToken(false);
            awsSigningConfig.SetShouldSignHeaderUserData(reinterpret_cast<void*>(const_cast<Aws::Set<Aws::String>*>(&m_unsignedHeaders)));
            awsSigningConfig.SetShouldSignHeaderCallback([](const Aws::Crt::ByteCursor *name, void *user_data) {
                Aws::Set<Aws::String>* unsignedHeaders = static_cast<Aws::Set<Aws::String>*>(user_data);
                Aws::String headerKey(reinterpret_cast<const char*>(name->ptr), name->len);
                return unsignedHeaders->find(Aws::Utils::StringUtils::ToLower(headerKey.c_str())) == unsignedHeaders->cend();
            });
            if (signatureType == Aws::Crt::Auth::SignatureType::HttpRequestViaHeaders)
            {
                Aws::String payloadHash(UNSIGNED_PAYLOAD);
                if(signBody || request.GetUri().GetScheme() != Aws::Http::Scheme::HTTPS)
                {
                    if (!request.GetContentBody())
                    {
                        AWS_LOGSTREAM_DEBUG(v4AsymmetricLogTag, "Using cached empty string sha256 " << EMPTY_STRING_SHA256 << " because payload is empty.");
                        payloadHash = EMPTY_STRING_SHA256;
                    }
                    else
                    {
                        // The hash will be calculated from the payload during signing.
                        payloadHash = {};
                    }
                }
                else
                {
                    AWS_LOGSTREAM_DEBUG(v4AsymmetricLogTag, "Note: Http payloads are not being signed. signPayloads=" << signBody
                            << " http scheme=" << Aws::Http::SchemeMapper::ToString(request.GetUri().GetScheme()));
                }
                awsSigningConfig.SetSignedBodyValue(payloadHash.c_str());
                awsSigningConfig.SetSignedBodyHeader(m_includeSha256HashHeader ? Aws::Crt::Auth::SignedBodyHeaderType::XAmzContentSha256 : Aws::Crt::Auth::SignedBodyHeaderType::None);
            }
            else if (signatureType == Aws::Crt::Auth::SignatureType::HttpRequestViaQueryParams)
            {
                if (ServiceRequireUnsignedPayload(serviceName))
                {
                    awsSigningConfig.SetSignedBodyValue(UNSIGNED_PAYLOAD);
                }
                else
                {
                    awsSigningConfig.SetSignedBodyValue(EMPTY_STRING_SHA256);
                }
            }
            else
            {
                AWS_LOGSTREAM_ERROR(v4AsymmetricLogTag, "The signature type should be either \"HttpRequestViaHeaders\" or \"HttpRequestViaQueryParams\"");
                return false;
            }
            awsSigningConfig.SetExpirationInSeconds(static_cast<uint64_t>(m_expirationTimeInSeconds));
            awsSigningConfig.SetCredentials(crtCredentials);
            return true;
        }