Version 2 of the AWS Mobile SDK for iOS 2.0.6.

AWSCore/AWSCore.h

@@ -15,18 +15,16 @@
 
 #import <Foundation/Foundation.h>
 
-#import "AmazonCore.h"
-
 #import "AWSService.h"
 #import "AWSNetworking.h"
 #import "AWSCredentialsProvider.h"
 #import "AWSValidation.h"
 #import "AWSURLRequestSerialization.h"
 #import "AWSURLResponseSerialization.h"
 #import "AWSClientContext.h"
+#import "AWSCategory.h"
+#import "AWSLogging.h"
 
 #import "STS.h"
 #import "CognitoIdentityService.h"
-
-#import "EventRecorderService.h"
 #import "MobileAnalytics.h"

AWSCore/Authentication/AWSCredentialsProvider.h

@@ -73,17 +73,21 @@ typedef NS_ENUM(NSInteger, AWSCognitoLoginProviderKey) {
 
 @property (nonatomic, strong) NSString *webIdentityToken;
 @property (nonatomic, strong) NSString *roleArn;
-@property (nonatomic, strong) NSString *provider;
+@property (nonatomic, strong) NSString *roleSessionName;
+
+@property (nonatomic, strong) NSString *providerId;
 
 + (instancetype)credentialsWithRegionType:(AWSRegionType)regionType
-                                 provider:(NSString *)provider
-                         webIdentityToken:(NSString *)webIdentityToken
-                                  roleArn:(NSString *)roleArn;
+                               providerId:(NSString *)providerId
+                                  roleArn:(NSString *)roleArn
+                          roleSessionName:(NSString *)roleSessionName
+                         webIdentityToken:(NSString *)webIdentityToken;
 
 - (instancetype)initWithRegionType:(AWSRegionType)regionType
-                          provider:(NSString *)provider
-                  webIdentityToken:(NSString *)webIdentityToken
-                           roleArn:(NSString *)roleArn;
+                        providerId:(NSString *)providerId
+                           roleArn:(NSString *)roleArn
+                   roleSessionName:(NSString *)roleSessionName
+                  webIdentityToken:(NSString *)webIdentityToken;
 
 - (BFTask *)refresh;
 
@@ -142,4 +146,6 @@ typedef NS_ENUM(NSInteger, AWSCognitoLoginProviderKey) {
 
 - (void)clearKeychain;
 
+- (void)clearCredentials;
+
 @end

AWSCore/Authentication/AWSCredentialsProvider.m

@@ -16,6 +16,7 @@
 #import "AWSCredentialsProvider.h"
 #import "STS.h"
 #import "UICKeyChainStore.h"
+#import "AWSLogging.h"
 
 NSString *const AWSCognitoIdentityIdChangedNotification = @"com.amazonaws.services.cognitoidentity.AWSCognitoIdentityIdChangedNotification";
 NSString *const AWSCognitoNotificationPreviousId = @"PREVID";
@@ -76,25 +77,29 @@ @interface AWSWebIdentityCredentialsProvider()
 @implementation AWSWebIdentityCredentialsProvider
 
 + (instancetype)credentialsWithRegionType:(AWSRegionType)regionType
-                                 provider:(NSString *)provider
-                         webIdentityToken:(NSString *)webIdentityToken
-                                  roleArn:(NSString *)roleArn {
+                               providerId:(NSString *)providerId
+                                  roleArn:(NSString *)roleArn
+                          roleSessionName:(NSString *)roleSessionName
+                         webIdentityToken:(NSString *)webIdentityToken {
     AWSWebIdentityCredentialsProvider *credentialsProvider = [[AWSWebIdentityCredentialsProvider alloc] initWithRegionType:regionType
-                                                                                                                  provider:provider
-                                                                                                          webIdentityToken:webIdentityToken
-                                                                                                                   roleArn:roleArn];
+                                                                                                                providerId:providerId
+                                                                                                                   roleArn:roleArn
+                                                                                                           roleSessionName:roleSessionName
+                                                                                                          webIdentityToken:webIdentityToken];
     return credentialsProvider;
 }
 
 - (instancetype)initWithRegionType:(AWSRegionType)regionType
-                          provider:(NSString *)provider
-                  webIdentityToken:(NSString *)webIdentityToken
-                           roleArn:(NSString *)roleArn {
+                        providerId:(NSString *)providerId
+                           roleArn:(NSString *)roleArn
+                   roleSessionName:(NSString *)roleSessionName
+                  webIdentityToken:(NSString *)webIdentityToken {
     if (self = [super init]) {
-        _keychain = [UICKeyChainStore keyChainStoreWithService:[NSString stringWithFormat:@"%@.%@.%@", provider, webIdentityToken, roleArn]];
-        _provider = provider;
-        _webIdentityToken = webIdentityToken;
+        _keychain = [UICKeyChainStore keyChainStoreWithService:[NSString stringWithFormat:@"%@.%@.%@", providerId, webIdentityToken, roleArn]];
+        _providerId = providerId;
         _roleArn = roleArn;
+        _roleSessionName = roleSessionName;
+        _webIdentityToken = webIdentityToken;
 
         AWSAnonymousCredentialsProvider *credentialsProvider = [AWSAnonymousCredentialsProvider new];
         AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:regionType
@@ -109,9 +114,11 @@ - (instancetype)initWithRegionType:(AWSRegionType)regionType
 - (BFTask *)refresh {
     // request new credentials
     AWSSTSAssumeRoleWithWebIdentityRequest *webIdentityRequest = [AWSSTSAssumeRoleWithWebIdentityRequest new];
+    webIdentityRequest.providerId = self.providerId;
     webIdentityRequest.roleArn = self.roleArn;
+    webIdentityRequest.roleSessionName = self.roleSessionName;
     webIdentityRequest.webIdentityToken = self.webIdentityToken;
-    webIdentityRequest.roleSessionName = @"iOS-Provider";
+
     return [[self.sts assumeRoleWithWebIdentity:webIdentityRequest] continueWithBlock:^id(BFTask *task) {
         if (task.result) {
             AWSSTSAssumeRoleWithWebIdentityResponse *wifResponse = task.result;
@@ -132,6 +139,7 @@ - (BFTask *)refresh {
                 [self.keychain removeItemForKey:@"secretKey"];
                 [self.keychain removeItemForKey:@"sessionKey"];
                 [self.keychain removeItemForKey:@"expiration"];
+                [self.keychain synchronize];
             }
         }
 
@@ -285,12 +293,12 @@ - (BFTask *)refresh {
                     return task;
                 }
 
-                AZLogError(@"GetOpenIdToken failed. Error is [%@]", task.error);
-                AZLogVerbose(@"Calling GetId");
+                AWSLogError(@"GetOpenIdToken failed. Error is [%@]", task.error);
+                AWSLogVerbose(@"Calling GetId");
                 // if it's auth, reset id and refetch
                 [self clearKeychain];
                 return [[self getIdentityId] continueWithSuccessBlock:^id(BFTask *task) {
-                    AZLogVerbose(@"Retrying GetOpenIdToken");
+                    AWSLogVerbose(@"Retrying GetOpenIdToken");
 
                     // retry get token
                     AWSCognitoIdentityServiceGetOpenIdTokenInput *tokenRetry = [AWSCognitoIdentityServiceGetOpenIdTokenInput new];
@@ -338,20 +346,14 @@ - (BFTask *)refresh {
                 }
             } else {
                 // reset the values for the credentials
-                @synchronized(self) {
-                    self.keychain[@"accessKey"] = nil;
-                    self.keychain[@"secretKey"] = nil;
-                    self.keychain[@"sessionKey"] = nil;
-                    self.keychain[@"expiration"] = nil;
-                    [self.keychain synchronize];
-                }
+                [self clearCredentials];
             }
 
             return task;
         }];
     }] continueWithBlock:^id(BFTask *task) {
         if (task.error) {
-            AZLogError(@"Unable to refresh. Error is [%@]", task.error);
+            AWSLogError(@"Unable to refresh. Error is [%@]", task.error);
         }
 
         dispatch_semaphore_signal(semaphore);
@@ -376,7 +378,7 @@ - (BFTask *)getIdentityId {
 
                 return [[self.cib getId:getIdInput] continueWithBlock:^id(BFTask *task) {
                     if (task.error) {
-                        AZLogError(@"GetId failed. Error is [%@]", task.error);
+                        AWSLogError(@"GetId failed. Error is [%@]", task.error);
                     } else {
                         AWSCognitoIdentityServiceGetIdResponse *getIdResponse = task.result;
                         [self postIdentityIdChangedNotification:getIdResponse.identityId];
@@ -398,11 +400,17 @@ - (BFTask *)getIdentityId {
 
 - (void)clearKeychain {
     @synchronized(self) {
-        self.keychain[@"identityId"] = nil;
-        self.keychain[@"accessKey"] = nil;
-        self.keychain[@"secretKey"] = nil;
-        self.keychain[@"sessionKey"] = nil;
-        self.keychain[@"expiration"] = nil;
+        [self.keychain removeItemForKey:@"identityId"];
+        [self clearCredentials];
+    }
+}
+
+- (void)clearCredentials {
+    @synchronized(self) {
+        [self.keychain removeItemForKey:@"accessKey"];
+        [self.keychain removeItemForKey:@"secretKey"];
+        [self.keychain removeItemForKey:@"sessionKey"];
+        [self.keychain removeItemForKey:@"expiration"];
         [self.keychain synchronize];
     }
 }
@@ -444,6 +452,9 @@ - (NSDate *)expiration {
 
 - (void)setLogins:(NSDictionary *)logins {
     _logins = [self updateKeysForLogins:logins];
+    // invalidate the credentials, so next time we
+    // are forced to get a new token (and perhaps merge)
+    [self clearCredentials];
 }
 
 - (NSDictionary *)updateKeysForLogins:(NSDictionary *)logins {

AWSCore/Authentication/AWSSignature.h

@@ -14,7 +14,7 @@
  */
 
 #import <Foundation/Foundation.h>
-#import "AZNetworking.h"
+#import "AWSNetworking.h"
 
 @class AWSEndpoint;
 
@@ -29,7 +29,7 @@
 
 @end
 
-@interface AWSSignatureV4Signer : NSObject <AZNetworkingRequestInterceptor>
+@interface AWSSignatureV4Signer : NSObject <AWSNetworkingRequestInterceptor>
 
 @property (nonatomic, strong, readonly) id<AWSCredentialsProvider> credentialsProvider;
 
@@ -41,7 +41,7 @@
 
 @end
 
-@interface AWSSignatureV2Signer : NSObject <AZNetworkingRequestInterceptor>
+@interface AWSSignatureV2Signer : NSObject <AWSNetworkingRequestInterceptor>
 
 @property (nonatomic, strong, readonly) id<AWSCredentialsProvider> credentialsProvider;
 

AWSCore/Authentication/AWSSignature.m

@@ -18,10 +18,10 @@
 #import <CommonCrypto/CommonDigest.h>
 #import <CommonCrypto/CommonHMAC.h>
 #import <CommonCrypto/CommonCryptor.h>
-#import "AZCategory.h"
+#import "AWSCategory.h"
 #import "AWSService.h"
 #import "AWSCredentialsProvider.h"
-#import "AZLogging.h"
+#import "AWSLogging.h"
 
 NSString *const AWSSigV4Marker = @"AWS4";
 NSString *const AWSSigV4Algorithm = @"AWS4-HMAC-SHA256";
@@ -110,7 +110,7 @@ + (NSString *)HMACSign:(NSData *)data withKey:(NSString *)key usingAlgorithm:(CC
 
     NSData *digestData = [NSData dataWithBytes:digestRaw length:digestLength];
 
-    return [digestData az_base64EncodedString];
+    return [digestData aws_base64EncodedString];
 }
 
 @end
@@ -185,8 +185,8 @@ - (NSString *)signS3RequestV4:(NSMutableURLRequest *)urlRequest {
     //    }
 
     NSDate *date = [NSDate date];
-    NSString *dateStamp = [date az_stringValue:AZDateShortDateFormat1];
-    //NSString *dateTime  = [date az_stringValue:AZDateAmzDateFormat];
+    NSString *dateStamp = [date aws_stringValue:AWSDateShortDateFormat1];
+    //NSString *dateTime  = [date aws_stringValue:AWSDateAmzDateFormat];
 
     NSString *scope = [NSString stringWithFormat:@"%@/%@/%@/%@", dateStamp, self.endpoint.regionName, self.endpoint.serviceName, AWSSigV4Terminator];
     NSString *signingCredentials = [NSString stringWithFormat:@"%@/%@", self.credentialsProvider.accessKey, scope];
@@ -199,7 +199,7 @@ - (NSString *)signS3RequestV4:(NSMutableURLRequest *)urlRequest {
         path = [NSString stringWithFormat:@"/"];
     } else {
         // SigV4 signs escaped path string
-        path = [[path az_stringWithURLEncoding] stringByReplacingOccurrencesOfString:@"\%2F" withString:@"/"];
+        path = [[path aws_stringWithURLEncoding] stringByReplacingOccurrencesOfString:@"\%2F" withString:@"/"];
     }
     NSString *query = urlRequest.URL.query;
     if (query == nil) {
@@ -238,14 +238,14 @@ - (NSString *)signS3RequestV4:(NSMutableURLRequest *)urlRequest {
                                                          query:query
                                                        headers:headers
                                                  contentSha256:contentSha256];
-    AZLogDebug(@"Canonical request: [%@]", canonicalRequest);
+    AWSLogDebug(@"Canonical request: [%@]", canonicalRequest);
 
     NSString *stringToSign = [NSString stringWithFormat:@"%@\n%@\n%@\n%@",
                               AWSSigV4Algorithm,
                               [urlRequest valueForHTTPHeaderField:@"X-Amz-Date"],
                               scope,
                               [AWSSignatureSignerUtility hexEncode:[AWSSignatureSignerUtility hashString:canonicalRequest]]];
-    AZLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
+    AWSLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
 
     NSData *kSigning  = [self getV4DerivedKey:self.credentialsProvider.secretKey
                                          date:dateStamp
@@ -282,12 +282,12 @@ - (NSString *)signRequestV4:(NSURLRequest *)request{
         return nil;
     }
 
-    NSDate *xAmzDate = [NSDate az_dateFromString:[request valueForHTTPHeaderField:@"X-Amz-Date"]
-                                          format:AZDateISO8601DateFormat2];
+    NSDate *xAmzDate = [NSDate aws_dateFromString:[request valueForHTTPHeaderField:@"X-Amz-Date"]
+                                          format:AWSDateISO8601DateFormat2];
 
-    NSString *dateStamp = [xAmzDate az_stringValue:AZDateShortDateFormat1];
+    NSString *dateStamp = [xAmzDate aws_stringValue:AWSDateShortDateFormat1];
 
-    NSString *path = [request.URL.path az_stringWithURLEncodingPath];
+    NSString *path = [request.URL.path aws_stringWithURLEncodingPath];
     if (path.length == 0) {
         path = [NSString stringWithFormat:@"/"];
     }
@@ -304,8 +304,8 @@ - (NSString *)signRequestV4:(NSURLRequest *)request{
                                                        headers:request.allHTTPHeaderFields
                                                  contentSha256:contentSha256];
 
-    AZLogDebug(@"AWS4 Canonical Request: [%@]", canonicalRequest);
-    AZLogDebug(@"payload %@",[[NSString alloc] initWithData:request.HTTPBody encoding:NSUTF8StringEncoding]);
+    AWSLogDebug(@"AWS4 Canonical Request: [%@]", canonicalRequest);
+    AWSLogDebug(@"payload %@",[[NSString alloc] initWithData:request.HTTPBody encoding:NSUTF8StringEncoding]);
 
     NSString *scope = [NSString stringWithFormat:@"%@/%@/%@/%@",
                        dateStamp,
@@ -321,7 +321,7 @@ - (NSString *)signRequestV4:(NSURLRequest *)request{
                               scope,
                               [AWSSignatureSignerUtility hexEncode:[AWSSignatureSignerUtility hashString:canonicalRequest]]];
 
-    AZLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
+    AWSLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
 
     NSData *kSigning  = [self getV4DerivedKey:self.credentialsProvider.secretKey
                                          date:dateStamp
@@ -455,9 +455,9 @@ + (NSString *)canonicalizedQueryString:(NSDictionary *)parameters {
         NSString *key   = [sortedKeys objectAtIndex:index];
         NSString *value = (NSString *)[parameters valueForKey:key];
 
-        [mutableHTTPBodyString appendString:[key az_stringWithURLEncoding]];
+        [mutableHTTPBodyString appendString:[key aws_stringWithURLEncoding]];
         [mutableHTTPBodyString appendString:@"="];
-        [mutableHTTPBodyString appendString:[value az_stringWithURLEncoding]];
+        [mutableHTTPBodyString appendString:[value aws_stringWithURLEncoding]];
 
         if (index < [sortedKeys count] - 1) {
             [mutableHTTPBodyString appendString:@"&"];
@@ -527,7 +527,7 @@ - (BFTask *)interceptRequest:(NSMutableURLRequest *)request {
         [parameters setObject:@"HmacSHA256" forKey:@"SignatureMethod"];
         [parameters setObject:@"2" forKey:@"SignatureVersion"];
         [parameters setObject:self.credentialsProvider.accessKey forKey:@"AWSAccessKeyId"];
-        [parameters setObject:[[NSDate date] az_stringValue:AZDateISO8601DateFormat3]
+        [parameters setObject:[[NSDate date] aws_stringValue:AWSDateISO8601DateFormat3]
                        forKey:@"Timestamp"];
         //Added SecurityToken field in QueryString for SigV2 if STS has been used.
         if ([self.credentialsProvider respondsToSelector:@selector(sessionKey)]) {
@@ -540,7 +540,7 @@ - (BFTask *)interceptRequest:(NSMutableURLRequest *)request {
         NSString *signature = [AWSSignatureSignerUtility HMACSign:dataToSign
                                                           withKey:self.credentialsProvider.secretKey
                                                    usingAlgorithm:kCCHmacAlgSHA256];
-        [canonicalizedQueryString appendFormat:@"&Signature=%@", [signature az_stringWithURLEncoding]];
+        [canonicalizedQueryString appendFormat:@"&Signature=%@", [signature aws_stringWithURLEncoding]];
         request.HTTPBody = [canonicalizedQueryString dataUsingEncoding:NSUTF8StringEncoding];
 
         return nil;
@@ -639,7 +639,7 @@ - (BOOL)nextChunk {
     NSData *data = [NSData dataWithBytesNoCopy:chunkBuffer length:read];
     [self.chunkData appendData:[self getSignedChunk:data]];
 
-    AZLogDebug(@"stream read: %ld, chunk size: %lu", (long)read, (unsigned long)[self.chunkData length]);
+    AWSLogDebug(@"stream read: %ld, chunk size: %lu", (long)read, (unsigned long)[self.chunkData length]);
 
     return YES;
 }
@@ -650,18 +650,18 @@ - (NSData *)getSignedChunk:(NSData *)data {
     NSString *stringToSign = [NSString stringWithFormat:
                               @"%@\n%@\n%@\n%@\n%@\n%@",
                               @"AWS4-HMAC-SHA256-PAYLOAD",
-                              [self.date az_stringValue:AZDateISO8601DateFormat2],
+                              [self.date aws_stringValue:AWSDateISO8601DateFormat2],
                               self.scope,
                               self.priorSha256,
                               emptyStringSha256,
                               chunkSha256];
-    AZLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
+    AWSLogDebug(@"AWS4 String to Sign: [%@]", stringToSign);
 
     NSData *signature = [AWSSignatureSignerUtility sha256HMacWithData:[stringToSign dataUsingEncoding:NSUTF8StringEncoding]
                                                               withKey:self.kSigning];
     self.priorSha256 = [self dataToHexString:signature];
     NSString *chunkedHeader = [NSString stringWithFormat:@"%06lx;chunk-signature=%@\r\n", (unsigned long)[data length], self.priorSha256];
-    AZLogDebug(@"AWS4 Chunked Header: [%@]", chunkedHeader);
+    AWSLogDebug(@"AWS4 Chunked Header: [%@]", chunkedHeader);
 
     NSMutableData *signedChunk = [NSMutableData data];
     [signedChunk appendData:[chunkedHeader dataUsingEncoding:NSUTF8StringEncoding]];