diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentials.h b/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentials.h index 600a60bd56a..36894165ce3 100644 --- a/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentials.h +++ b/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentials.h @@ -9,6 +9,7 @@ #include #include #include +#include namespace Aws { namespace Auth @@ -98,6 +99,104 @@ namespace Aws m_expiration(expiration), m_accountId(accountId) {} + /** + * Copy constructor. + */ + AWSCredentials(const AWSCredentials& other) + : m_accessKeyId(other.m_accessKeyId), + m_secretKey(other.m_secretKey), + m_sessionToken(other.m_sessionToken), + m_expiration(other.m_expiration), + m_accountId(other.m_accountId), + m_context(other.m_context) + { + } + + /** + * Move constructor. + */ + AWSCredentials(AWSCredentials&& other) noexcept + : m_accessKeyId(std::move(other.m_accessKeyId)), + m_secretKey(std::move(other.m_secretKey)), + m_sessionToken(std::move(other.m_sessionToken)), + m_expiration(std::move(other.m_expiration)), + m_accountId(std::move(other.m_accountId)), + m_context(std::move(other.m_context)) + { + } + + /** + * Destructor that securely clears sensitive credential data from memory. + */ + ~AWSCredentials() + { + // Securely clear sensitive credential data + if (!m_secretKey.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_secretKey[0]), m_secretKey.size()); + } + if (!m_sessionToken.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_sessionToken[0]), m_sessionToken.size()); + } + } + + /** + * Copy assignment operator that securely clears old credential data before assignment. + */ + AWSCredentials& operator=(const AWSCredentials& other) + { + if (this != &other) + { + // Clear old sensitive data before overwriting + if (!m_secretKey.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_secretKey[0]), m_secretKey.size()); + } + if (!m_sessionToken.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_sessionToken[0]), m_sessionToken.size()); + } + + // Copy all members + m_accessKeyId = other.m_accessKeyId; + m_secretKey = other.m_secretKey; + m_sessionToken = other.m_sessionToken; + m_expiration = other.m_expiration; + m_accountId = other.m_accountId; + m_context = other.m_context; + } + return *this; + } + + /** + * Move assignment operator that securely clears old credential data before assignment. + */ + AWSCredentials& operator=(AWSCredentials&& other) noexcept + { + if (this != &other) + { + // Clear old sensitive data before overwriting + if (!m_secretKey.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_secretKey[0]), m_secretKey.size()); + } + if (!m_sessionToken.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_sessionToken[0]), m_sessionToken.size()); + } + + // Move all members + m_accessKeyId = std::move(other.m_accessKeyId); + m_secretKey = std::move(other.m_secretKey); + m_sessionToken = std::move(other.m_sessionToken); + m_expiration = std::move(other.m_expiration); + m_accountId = std::move(other.m_accountId); + m_context = std::move(other.m_context); + } + return *this; + } + bool operator == (const AWSCredentials& other) const { return m_accessKeyId == other.m_accessKeyId @@ -184,6 +283,11 @@ namespace Aws */ inline void SetAWSSecretKey(const Aws::String& secretKey) { + // Clear old value before setting new one + if (!m_secretKey.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_secretKey[0]), m_secretKey.size()); + } m_secretKey = secretKey; } @@ -192,6 +296,11 @@ namespace Aws */ inline void SetSessionToken(const Aws::String& sessionToken) { + // Clear old value before setting new one + if (!m_sessionToken.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_sessionToken[0]), m_sessionToken.size()); + } m_sessionToken = sessionToken; } @@ -217,6 +326,11 @@ namespace Aws */ inline void SetAWSSecretKey(const char* secretKey) { + // Clear old value before setting new one + if (!m_secretKey.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_secretKey[0]), m_secretKey.size()); + } m_secretKey = secretKey; } @@ -225,6 +339,11 @@ namespace Aws */ inline void SetSessionToken(const char* sessionToken) { + // Clear old value before setting new one + if (!m_sessionToken.empty()) + { + Aws::Security::SecureMemClear(reinterpret_cast(&m_sessionToken[0]), m_sessionToken.size()); + } m_sessionToken = sessionToken; }