aws-sdk 1.4.1 → 1.5.0

data/lib/aws/core/signature/version_2.rb

@@ -0,0 +1,42 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  module Core
+    module Signature
+      module Version2
+
+        def add_authorization! signer
+          self.access_key_id = signer.access_key_id
+          add_param('AWSAccessKeyId', access_key_id)
+          if signer.respond_to?(:session_token) and token = signer.session_token
+            add_param("SecurityToken", token)
+          end
+          add_param('SignatureVersion', '2')
+          add_param('SignatureMethod', 'HmacSHA256')
+          add_param('Signature', signer.sign(string_to_sign))
+        end
+
+        def string_to_sign
+          [
+            http_method,
+            host,
+            path,
+            params.sort.collect { |p| p.encoded }.join('&'),
+          ].join("\n")
+        end
+
+      end
+    end
+  end
+end

data/lib/aws/core/signature/version_3.rb

@@ -0,0 +1,73 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'openssl'
+require 'time'
+
+module AWS
+  module Core
+    module Signature
+      module Version3
+
+        def add_authorization!(signer)
+
+          self.access_key_id = signer.access_key_id
+
+          headers["x-amz-date"] ||= (headers["date"] ||= Time.now.rfc822)
+          headers["host"] ||= host
+
+          headers["x-amz-security-token"] = signer.session_token if 
+            signer.respond_to?(:session_token) and signer.session_token
+
+          # compute the authorization
+          request_hash = OpenSSL::Digest::SHA256.digest(string_to_sign)
+          signature = signer.sign(request_hash)
+          headers["x-amzn-authorization"] =
+            "AWS3 "+
+            "AWSAccessKeyId=#{signer.access_key_id},"+
+            "Algorithm=HmacSHA256,"+
+            "SignedHeaders=#{headers_to_sign.join(';')},"+
+            "Signature=#{signature}"
+        end
+
+        protected
+
+        def string_to_sign
+          [
+            http_method,
+            "/",
+            "",
+            canonical_headers,
+            body
+          ].join("\n")
+        end
+
+        def canonical_headers
+          headers_to_sign.map do |name|
+            value = headers[name]
+            "#{name.downcase.strip}:#{value.strip}\n"
+          end.sort.join
+        end
+
+        def headers_to_sign
+          headers.keys.select do |header|
+              header == "host" ||
+              header == "content-encoding" ||
+              header =~ /^x-amz/
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/aws/core/signature/version_3_http.rb

@@ -0,0 +1,72 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'openssl'
+require 'time'
+
+module AWS
+  module Core
+    module Signature
+      module Version3
+
+        def add_authorization!(signer)
+
+          self.access_key_id = signer.access_key_id
+
+          headers["x-amz-date"] ||= (headers["date"] ||= Time.now.rfc822)
+          headers["host"] ||= host
+
+          headers["x-amz-security-token"] = signer.session_token if 
+            signer.respond_to?(:session_token) and signer.session_token
+
+          # compute the authorization
+          request_hash = OpenSSL::Digest::SHA256.digest(string_to_sign)
+          signature = signer.sign(request_hash)
+          headers["x-amzn-authorization"] =
+            "AWS3 "+
+            "AWSAccessKeyId=#{signer.access_key_id},"+
+            "Algorithm=HmacSHA256,"+
+            "SignedHeaders=#{headers_to_sign.join(';')},"+
+            "Signature=#{signature}"
+        end
+
+        protected
+
+        def string_to_sign
+          [
+            http_method,
+            "/",
+            "",
+            canonical_headers,
+            body
+          ].join("\n")
+        end
+
+        def canonical_headers
+          headers_to_sign.map do |name|
+            value = headers[name]
+            "#{name.downcase.strip}:#{value.strip}\n"
+          end.sort.join
+        end
+
+        def headers_to_sign
+          headers.keys.select do |header|
+              header == "host" ||
+              header =~ /^x-amz/
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/aws/core/signature/version_4.rb

@@ -0,0 +1,138 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'time'
+require 'openssl'
+require 'digest'
+
+module AWS
+  module Core
+    module Signature
+      module Version4
+  
+        def add_authorization! signer
+          self.access_key_id = signer.access_key_id
+          datetime = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
+          headers['content-type'] ||= 'application/x-www-form-urlencoded'
+          headers['host'] = host
+          headers['x-amz-date'] = datetime
+          headers['x-amz-security-token'] = signer.session_token if signer.session_token
+          headers['authorization'] = authorization(signer, datetime)
+        end
+        
+        protected
+  
+        def authorization signer, datetime
+          parts = []
+          parts << "AWS4-HMAC-SHA256 Credential=#{access_key_id}/#{credential_string(datetime)}"
+          parts << "SignedHeaders=#{signed_headers}"
+          parts << "Signature=#{hex16(signature(signer, datetime))}"
+          parts.join(', ')
+        end
+  
+        def signature signer, datetime
+          k_secret = signer.secret_access_key
+          k_date = hmac("AWS4" + k_secret, datetime[0,8])
+          k_region = hmac(k_date, region)
+          k_service = hmac(k_region, service)
+          k_credentials = hmac(k_service, 'aws4_request')
+          hmac(k_credentials, string_to_sign(datetime))
+        end
+  
+        def string_to_sign datetime
+          parts = []
+          parts << 'AWS4-HMAC-SHA256'
+          parts << datetime
+          parts << credential_string(datetime)
+          parts << hex16(hash(canonical_request))
+          parts.join("\n")
+        end
+  
+        def credential_string datetime 
+          parts = []
+          parts << datetime[0,8]
+          parts << region
+          parts << service
+          parts << 'aws4_request'
+          parts.join("/")
+        end
+  
+        def canonical_request
+          parts = []
+          parts << action_name
+          parts << canonical_uri
+          parts << canonical_querystring
+          parts << canonical_headers + "\n"
+          parts << signed_headers
+          parts << hex16(hash(payload))
+          parts.join("\n")
+        end
+  
+        def service
+          # this method is implemented in the request class for each service
+          raise NotImplementedError
+        end
+  
+        def action_name
+          http_method.to_s.upcase
+        end
+  
+        def canonical_uri
+          path
+        end
+  
+        def payload
+          body || ''
+        end
+  
+        def canonical_querystring
+          http_method.to_s.upcase == 'GET' ? url_encoded_params : ''
+        end
+  
+        def signed_headers
+          to_sign = headers.keys.map{|k| k.to_s.downcase }
+          to_sign.delete('authorization')
+          to_sign.sort.join(";")
+        end
+  
+        def canonical_headers
+          headers = []
+          self.headers.each_pair do |k,v|
+            header = [k.to_s.downcase, v]
+            headers << header unless header.first == 'authorization'
+          end
+          headers = headers.sort_by(&:first)
+          headers.map{|k,v| "#{k}:#{canonical_header_values(v)}" }.join("\n")
+        end
+  
+        def canonical_header_values values
+          values = [values] unless values.is_a?(Array)
+          values.map(&:to_s).map(&:strip).join(',')
+        end
+  
+        def hex16 string
+          string.unpack('H*').first
+        end
+  
+        def hmac key, string
+          OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, string)
+        end
+  
+        def hash string
+          Digest::SHA256.digest(string)
+        end
+  
+      end
+    end
+  end
+end

data/lib/aws/core/uri_escape.rb

@@ -16,22 +16,19 @@ require 'cgi'
 module AWS
   module Core
 
-    # @private
+    # Provides helper methods for URI escaping values and paths.
     module UriEscape
 
-      # Does URI escaping the way AWS expects it to be done.
-      #
-      # @private
-      protected
+      # @param [String] value
+      # @return [String] Returns a URI escaped string.
       def escape value
         value = value.encode("UTF-8") if value.respond_to?(:encode)
         CGI::escape(value.to_s).gsub('+', '%20').gsub('%7E', '~')
       end
 
-      # URI-escapes a path without escaping the separators
-      #
-      # @private
-      protected
+      # @param [String] value
+      # @return [String] Returns a URI-escaped path without escaping the 
+      #   separators.
       def escape_path value
         escaped = ""
         value.scan(%r{(/*)([^/]*)(/*)}) do |(leading, part, trailing)|

data/lib/aws/core/xml/frame.rb

@@ -0,0 +1,242 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'base64'
+
+module AWS
+  module Core
+    module XML
+      class Frame
+
+        TRANSLATE_DIGITS = ['0123456789'.freeze, ('X'*10).freeze]
+
+        EASY_FORMAT = "XXXX-XX-XXTXX:XX:XX.XXXZ".freeze
+
+        DATE_PUNCTUATION = ['-:.TZ'.freeze, (' '*5).freeze]
+
+        def initialize root_frame, parent_frame, element_name, rules
+
+          @root_frame = root_frame
+          @parent_frame = parent_frame
+          @element_name = element_name
+          @rules = rules
+          @rules[:children] ||= {}
+
+          @data = {}.merge(rules[:defaults] || {})
+          @text = nil
+
+          # initialize values for child frames of special types (e.g.
+          # lists, maps, and forced elements)
+          known_child_frames.each do |child_frame|
+            context = data_context_for(child_frame)
+            if child_frame.list?
+              context[child_frame.ruby_name] = []
+            elsif child_frame.map?
+              context[child_frame.ruby_name] = {}
+            elsif child_frame.forced?
+              context[child_frame.ruby_name] = child_frame.value
+            end
+          end
+
+        end
+
+        attr_reader :root_frame
+        attr_reader :parent_frame
+        attr_reader :element_name
+        attr_reader :rules
+
+        def data
+          ignored? ? parent_frame.data : @data
+        end
+
+        def ruby_name
+          rules[:rename] || root_frame.inflect(element_name)
+        end
+
+        def rules_for child_element_name
+          rules[:children][child_element_name] || {}
+        end
+
+        # The list of child frames that have customizations (rules), all
+        # other children will be parsed using standard rules
+        def known_child_frames
+          rules[:children].keys.map {|name| build_child_frame(name) }
+        end
+
+        def build_child_frame element_name
+          # if element_name should be wrapped
+          #   build a frame for the wrapper
+          #   build a child frame from the wrapper
+          # else
+          Frame.new(root_frame, self, element_name, rules_for(element_name))
+        end
+
+        def consume_child_frame child_frame
+
+          child_frame.close
+
+          return if child_frame.ignored?
+
+          ruby_name = child_frame.ruby_name
+          value = child_frame.value
+          context = data_context_for(child_frame)
+
+          if child_frame.list?
+            context[ruby_name] << value
+          elsif map = child_frame.map?
+            context[ruby_name][child_frame.map_key] = child_frame.map_value
+          else
+            context[ruby_name] = value
+          end
+        end
+
+        def close
+          # some xml elements should be indexed at the root level
+          # The :index rule determines the name of this index
+          # and what keys the data should be indexed as (one element
+          # can be indexed under multiple keys).  The index value
+          # is always the element itself.
+          if index = @rules[:index]
+            index_keys_for(index) do |key|
+              root_frame.add_to_index(index[:name], key, data)
+            end
+          end
+        end
+
+        def index_keys_for index_opts, &block
+
+          # simple (single) key
+          if key = index_opts[:key]
+            yield(data[key])
+            return
+          end
+
+          # composite key, joined by ":"
+          if parts = index_opts[:keys]
+            composite_key = parts.map{|part| data[part] }.join(":")
+            yield(composite_key)
+            return
+          end
+
+          # multiple keys, collected from the given path
+          if path = index_opts[:key_path]
+            keys_from_path(data, path.dup, &block)
+            return
+          end
+
+          raise "missing require index rule option, :key, :keys or :key_path"
+
+        end
+
+        def keys_from_path data, path, &block
+
+          step = path.shift
+          value = data[step]
+
+          if path.empty?
+            yield(value)
+            return
+          end
+
+          if value.is_a?(Array)
+            value.each do |v|
+              keys_from_path(v, path.dup, &block)
+            end
+          else
+            keys_from_path(value, path.dup, &block)
+          end
+
+        end
+
+        def add_text chars
+          @text ||= ''
+          @text << chars
+        end
+
+        def value
+          if !data.empty?
+            data[:encoding] == 'base64' ?  Base64.decode64(@text.strip) : data
+          elsif @text.nil?
+            rules[:type] == :boolean ? false : nil
+          else
+            case rules[:type]
+            when nil       then @text
+            when :datetime then datetime_like_value(DateTime, :civil)
+            when :time     then datetime_like_value(Time, :utc)
+            when :integer  then @text.to_i
+            when :float    then @text.to_f
+            when :boolean  then @text == 'true'
+            when :blob     then Base64.decode64(@text)
+            when :symbol   then Core::Inflection.ruby_name(@text).to_sym
+            else raise "unhandled type"
+            end
+          end
+        end
+
+        def ignored?
+          @rules[:ignore]
+        end
+
+        def forced?
+          @rules[:force]
+        end
+
+        def list?
+          @rules[:list]
+        end
+
+        def map?
+          @rules[:map]
+        end
+
+        def wrapped?
+          @rules[:wrap]  
+        end
+        alias_method :wrapper, :wrapped?
+
+        protected
+
+        def map_key
+          data[root_frame.inflect(@rules[:map].first)]
+        end
+
+        def map_value
+          data[root_frame.inflect(@rules[:map].last)]
+        end
+
+        def data_context_for child_frame
+          if child_frame.wrapped?
+            data[child_frame.wrapper] ||= {}
+            data[child_frame.wrapper]
+          else
+            data
+          end
+        end
+
+        def datetime_like_value klass, parts_constructor
+          # it's way faster to parse this specific format manually
+          # vs. DateTime#parse, and this happens to be the format
+          # that AWS uses almost (??) everywhere.
+          if @text.tr(*TRANSLATE_DIGITS) == EASY_FORMAT
+            parts = @text.tr(*DATE_PUNCTUATION).chop.split.map {|p| p.to_i }
+            klass.send(parts_constructor, *parts)
+          else
+            # fallback in case we have to handle another date format
+            klass.parse(@text)
+          end
+        end
+        
+      end
+    end
+  end
+end