aws-sdk-core 2.0.0.rc8 → 2.0.0.rc9

data/lib/aws/api/service_translators/ec2.rb

@@ -0,0 +1,11 @@
+module Aws::Api::ServiceTranslators::EC2
+  class << self
+
+    def translate(api)
+      if api.version >= '2014-05-01'
+        api.plugins << "Aws::Plugins::EC2CopyEncryptedSnapshot"
+      end
+    end
+
+  end
+end

data/lib/aws/api/service_translators/s3.rb

@@ -7,6 +7,7 @@ module Aws::Api::ServiceTranslators::S3
       api.plugins << "Aws::Plugins::S3Md5s"
       api.plugins << "Aws::Plugins::S3Redirects"
       api.plugins << "Aws::Plugins::S3LocationConstraint"
+      api.plugins << "Aws::Plugins::S3SseCpk"
     end
   end
 end

data/lib/aws/credential_provider_chain.rb

@@ -1,9 +1,8 @@
 module Aws
   class CredentialProviderChain
 
-    def initialize(config, foo=nil)
+    def initialize(config)
       @config = config
-      @foo = foo
     end
 
     def resolve

data/lib/aws/error_handler.rb

@@ -41,7 +41,8 @@ module Aws
         400 => 'BadRequest',
         403 => 'Forbidden',
         404 => 'NotFound',
-      }[status_code] || "#{status_code}Error"
+        412 => 'PreconditionFailed',
+      }[status_code] || "Http#{status_code}Error"
     end
 
   end

data/lib/aws/plugins/ec2_copy_encrypted_snapshot.rb

@@ -0,0 +1,86 @@
+module Aws
+  module Plugins
+
+    # This plugin auto populates the following request params for the
+    # CopySnapshot API:
+    #
+    # * `:destination_region`
+    # * `:presigned_url`
+    #
+    # These params are required by EC2 when copying an encrypted snapshot.
+    class EC2CopyEncryptedSnapshot < Seahorse::Client::Plugin
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+
+        def call(context)
+          params = context.params
+          unless params.key?(:destination_region)
+            params[:destination_region] = context.config.region
+            params[:presigned_url] = presigned_url(context.client, params)
+          end
+          @handler.call(context)
+        end
+
+        private
+
+        def presigned_url(client, params)
+          client = source_region_client(client, params)
+          client.handle(PresignHandler, step: :build, priority: 0)
+          client.copy_snapshot(params).data # presigned url
+        end
+
+        def source_region_client(client, params)
+          config = client.config.to_h
+          config.delete(:endpoint)
+          config[:region] = params[:source_region]
+          client.class.new(config)
+        end
+
+      end
+
+      # This handler intentionally does NOT call the next handler in
+      # the stack.  It generates a presigned url from the request
+      # and returns it as the response data.
+      #
+      # Before signing:
+      #
+      # * The HTTP method is changed from POST to GET
+      # * The url-encoded body is moved to the querystring
+      #
+      # @api private
+      class PresignHandler < Seahorse::Client::Handler
+
+        def call(context)
+          convert_post_2_get(context)
+          Seahorse::Client::Response.new(
+            context: context,
+            data: presigned_url(context.http_request, context.config))
+        end
+
+        private
+
+        def convert_post_2_get(context)
+          context.http_request.http_method = 'GET'
+          context.http_request.endpoint = new_endpoint(context)
+          context.http_request.body = ''
+        end
+
+        def new_endpoint(context)
+          body = context.http_request.body_contents
+          endpoint = context.http_request.endpoint.to_s + '?' + body
+          Seahorse::Client::Http::Endpoint.new(endpoint)
+        end
+
+        def presigned_url(http_request, config)
+          signer = Signers::V4.new('ec2', config.credentials, config.region)
+          signer.presigned_url(http_request, expires_in: 3600)
+        end
+
+      end
+
+      handler(Handler, step: :initialize, operations: [:copy_snapshot])
+
+    end
+  end
+end

data/lib/aws/plugins/s3_md5s.rb

@@ -1,13 +1,14 @@
-require 'digest/md5'
+require 'openssl'
 require 'base64'
 
 module Aws
   module Plugins
 
     # @seahorse.client.option [Boolean] :compute_checksums (true)
-    #   When `true` a MD5 checksum will be computed for all requests that
-    #   accept the optional `Content-MD5` header.  Checksum errors returned
-    #   by Amazon S3 are automatically retried up to `:retry_limit` times.
+    #   When `true` a MD5 checksum will be computed for every request that
+    #   sends a body.  When `false`, MD5 checksums will only be computed
+    #   for operations that require them.  Checksum errors returned by Amazon
+    #   S3 are automatically retried up to `:retry_limit` times.
     class S3Md5s < Seahorse::Client::Plugin
 
       # Amazon S3 requires these operations to have an MD5 checksum
@@ -25,13 +26,15 @@ module Aws
         OneMB = 1024 * 1024
 
         def call(context)
-          context.http_request.headers['Content-Md5'] = md5(context)
+          body = context.http_request.body
+          if body.size > 0
+            context.http_request.headers['Content-Md5'] ||= md5(body)
+          end
           @handler.call(context)
         end
 
-        def md5(context)
-          md5 = Digest::MD5.new
-          body = context.http_request.body
+        def md5(body)
+          md5 = OpenSSL::Digest::MD5.new
           while chunk = body.read(OneMB)
             md5.update(chunk)
           end

data/lib/aws/plugins/s3_sse_cpk.rb

@@ -0,0 +1,42 @@
+require 'openssl'
+require 'base64'
+
+module Aws
+  module Plugins
+    class S3SseCpk < Seahorse::Client::Plugin
+
+      class Handler < Seahorse::Client::Handler
+
+        def call(context)
+          compute_key_md5(context.params)
+          @handler.call(context)
+        end
+
+        private
+
+        def compute_key_md5(params)
+          if key = params[:sse_customer_key]
+            params[:sse_customer_key] = base64(key)
+            params[:sse_customer_key_md5] = base64(md5(key))
+          end
+          if key = params[:copy_source_sse_customer_key]
+            params[:copy_source_sse_customer_key] = base64(key)
+            params[:copy_source_sse_customer_key_md5] = base64(md5(key))
+          end
+        end
+
+        def md5(str)
+          OpenSSL::Digest::MD5.digest(str)
+        end
+
+        def base64(str)
+          Base64.encode64(str).strip
+        end
+
+      end
+
+      handler(Handler, step: :initialize)
+
+    end
+  end
+end

data/lib/aws/query/builder.rb

@@ -38,6 +38,10 @@ module Aws
       end
 
       def list(param_list, shape, prefix, values)
+        if values.empty?
+          param_list.set(prefix, '')
+          return
+        end
         member_shape = shape.members
         if flat?(shape)
           if member_shape.serialized_name

data/lib/aws/query/param.rb

@@ -17,7 +17,7 @@ module Aws
 
       # @return [String]
       def to_s
-        value ? "#{escape(name)}=#{escape(value)}" : escape(name)
+        value ? "#{escape(name)}=#{escape(value)}" : "#{escape(name)}="
       end
 
       # @api private

data/lib/aws/signers/base.rb

@@ -1,3 +1,5 @@
+require 'openssl'
+
 module Aws
   module Signers
     class Base

data/lib/aws/signers/s3.rb

@@ -1,6 +1,5 @@
 require 'set'
 require 'time'
-require 'digest/sha1'
 require 'openssl'
 require 'uri'
 

data/lib/aws/signers/v4.rb

@@ -1,5 +1,4 @@
 require 'time'
-require 'digest/sha1'
 require 'openssl'
 
 module Aws
@@ -8,8 +7,8 @@ module Aws
 
       def self.sign(context)
         new(
-          context.config.credentials,
           context.config.sigv4_name,
+          context.config.credentials,
           context.config.sigv4_region
         ).sign(context.http_request)
       end
@@ -20,48 +19,94 @@ module Aws
       #   the endpoint prefix.
       # @param [String] region The region (e.g. 'us-west-1') the request
       #   will be made to.
-      def initialize(credentials, service_name, region)
-        @credentials = credentials
+      def initialize(service_name, credentials, region)
         @service_name = service_name
+        @credentials = credentials
         @region = region
       end
 
       # @param [Seahorse::Client::Http::Request] request
       # @return [Seahorse::Client::Http::Request] the signed request.
-      def sign(request)
+      def sign(req)
         datetime = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
-        request.headers['X-Amz-Date'] = datetime
-        request.headers['Host'] = request.endpoint.host
-        request.headers['X-Amz-Security-Token'] = credentials.session_token if
+        body_digest = req.headers['X-Amz-Content-Sha256'] || hexdigest(req.body)
+        req.headers['X-Amz-Date'] = datetime
+        req.headers['Host'] = req.endpoint.host
+        req.headers['X-Amz-Security-Token'] = credentials.session_token if
           credentials.session_token
-        request.headers['X-Amz-Content-Sha256'] ||= hexdigest(request.body)
-        request.headers['Authorization'] = authorization(request, datetime)
-        request
+        req.headers['X-Amz-Content-Sha256'] ||= body_digest
+        req.headers['Authorization'] = authorization(req, datetime, body_digest)
+        req
       end
 
-      def authorization(request, datetime)
+      # Generates an returns a presigned URL.
+      # @param [Seahorse::Client::Http::Request] request
+      # @option options [required, Integer<Seconds>] :expires_in
+      # @option options [optional, String] :body_digest The SHA256 hexdigest of
+      #   the payload to sign.  For S3, this should be the string literal
+      #   `UNSIGNED-PALOAD`.
+      # @return [Seahorse::Client::Http::Request] the signed request.
+      # @api private
+      def presigned_url(request, options = {})
+        now = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
+        body_digest = options[:body_digest] || hexdigest(request.body)
+
+        params = Query::ParamList.new
+
+        request.headers['Host'] ||= request.endpoint.host
+        request.headers.each do |header_name, header_value|
+          if header_name.match(/^x-amz/)
+            params.set(header_name, header_value)
+          end
+          unless %w(host content-md5).include?(header_name)
+            request.headers.delete(header_name)
+          end
+        end
+
+        params.set("X-Amz-Algorithm", "AWS4-HMAC-SHA256")
+        params.set("X-Amz-Date", now)
+        params.set("X-Amz-SignedHeaders", signed_headers(request))
+        params.set("X-Amz-Expires", options[:expires_in].to_s)
+        params.set('X-Amz-Security-Token', credentials.session_token) if
+          credentials.session_token
+        params.set("X-Amz-Credential", credential(now))
+
+        endpoint = request.endpoint
+        if endpoint.querystring
+          endpoint.request_uri += '&' + params.to_s
+        else
+          endpoint.request_uri += '?' + params.to_s
+        end
+        endpoint.to_s + '&X-Amz-Signature=' + signature(request, now, body_digest)
+      end
+
+      def authorization(request, datetime, body_digest)
         parts = []
-        parts << "AWS4-HMAC-SHA256 Credential=#{credentials.access_key_id}/#{credential_scope(datetime)}"
+        parts << "AWS4-HMAC-SHA256 Credential=#{credential(datetime)}"
         parts << "SignedHeaders=#{signed_headers(request)}"
-        parts << "Signature=#{signature(request, datetime)}"
+        parts << "Signature=#{signature(request, datetime, body_digest)}"
         parts.join(', ')
       end
 
-      def signature(request, datetime)
+      def credential(datetime)
+        "#{credentials.access_key_id}/#{credential_scope(datetime)}"
+      end
+
+      def signature(request, datetime, body_digest)
         k_secret = credentials.secret_access_key
         k_date = hmac("AWS4" + k_secret, datetime[0,8])
         k_region = hmac(k_date, region)
         k_service = hmac(k_region, service_name)
         k_credentials = hmac(k_service, 'aws4_request')
-        hexhmac(k_credentials, string_to_sign(request, datetime))
+        hexhmac(k_credentials, string_to_sign(request, datetime, body_digest))
       end
 
-      def string_to_sign(request, datetime)
+      def string_to_sign(request, datetime, body_digest)
         parts = []
         parts << 'AWS4-HMAC-SHA256'
         parts << datetime
         parts << credential_scope(datetime)
-        parts << hexdigest(canonical_request(request))
+        parts << hexdigest(canonical_request(request, body_digest))
         parts.join("\n")
       end
 
@@ -74,17 +119,23 @@ module Aws
         parts.join("/")
       end
 
-      def canonical_request(request)
+      def canonical_request(request, body_digest)
         [
           request.http_method,
           request.endpoint.path,
-          request.endpoint.querystring,
+          normalized_querystring(request.endpoint.querystring),
           canonical_headers(request) + "\n",
           signed_headers(request),
-          request.headers['X-Amz-Content-Sha256']
+          body_digest
         ].join("\n")
       end
 
+      def normalized_querystring(querystring)
+        if querystring
+          querystring.split('&').sort.join('&')
+        end
+      end
+
       def signed_headers(request)
         headers = request.headers.keys
         headers.delete('authorization')
@@ -106,7 +157,7 @@ module Aws
       end
 
       def hexdigest(value)
-        digest = Digest::SHA256.new
+        digest = OpenSSL::Digest::SHA256.new
         if value.respond_to?(:read)
           chunk = nil
           chunk_size = 1024 * 1024 # 1 megabyte

data/lib/aws/version.rb

@@ -1,3 +1,3 @@
 module Aws
-  VERSION = '2.0.0.rc8'
+  VERSION = '2.0.0.rc9'
 end

data/spec/aws/operations_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'stringio'
 
 module Aws
   describe 'Aws' do
@@ -116,27 +117,30 @@ module Aws
           fixture_name = path.split('/')[-1][0..-5]
 
           it(fixture_name) do
-            # load the fixture from disk
-            f = OperationFixture.load(svc_name, fixture_name)
+            begin
+              # load the fixture from disk
+              f = OperationFixture.load(svc_name, fixture_name)
 
-            # remove the plugin that raises errors
-            Aws.service_classes[svc_name.to_sym].remove_plugin(
-              Seahorse::Client::Plugins::RaiseResponseErrors)
+              # remove the plugin that raises errors
+              Aws.service_classes[svc_name.to_sym].remove_plugin(
+                Seahorse::Client::Plugins::RaiseResponseErrors)
 
-            # build the service interface
-            svc = Aws.send(svc_name, f.config)
+              # build the service interface
+              svc = Aws.send(svc_name, f.config)
 
-            # build the request
-            req = svc.build_request(f.operation, f.params)
-            req.handler(f.handler, step: :send)
+              # build the request
+              req = svc.build_request(f.operation, f.params)
+              req.handler(f.handler, step: :send)
 
 
-            # send the request
-            resp = req.send_request
-
-            request_assertions(f, resp.context.http_request)
-            response_assertions(f, resp)
+              # send the request
+              resp = req.send_request
 
+              request_assertions(f, resp.context.http_request)
+              response_assertions(f, resp)
+            ensure
+              Aws.service_classes[svc_name.to_sym].add_plugin(Seahorse::Client::Plugins::RaiseResponseErrors)
+            end
           end
         end
       end