aws-sigv2 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fdaba0dd004182fd2e09f59cabefa29b19fc9775
+  data.tar.gz: 38827852313c9f8715ea0fc1a7221c56762f76a1
+SHA512:
+  metadata.gz: af8226eb8f02f5eb999a563c1eff3945b5a0efda7ee50ccfe5a093b443c9d04990a3323e659c19bfe62df5ba79314f460907cd28672946b00efb171dbc7190a4
+  data.tar.gz: 078a27ddef917c32c34625b8dfb707319bd5dbf7b75b8a557837826259ee190d1bdb108c8a2e069216a427f38f0f24d52fda4c9709b8f087a2df1d404e2a71a4

data/lib/aws-sigv2.rb

@@ -0,0 +1,30 @@
+require_relative 'aws-sigv2/credentials'
+require_relative 'aws-sigv2/signer'
+
+module Aws
+  # This is a legacy signer. You should AWS signature version
+  # 4 instead, as provided by the `aws-sigv4` gem.
+  #
+  # This exists primarily to support SimpleDB which does not
+  # accept version 4 signatures.
+  #
+  # ## Known Limitations
+  #
+  # * This signer is only compatible with AWS services that
+  #   use the Query protocol. Only around 18 of the 80+
+  #   AWS services use this protocol.
+  #
+  # * **This signer is not capable of producing a valid
+  #   signature for Amazon S3.** It is not aware of
+  #   S3 sub-resources and how to properly insert them
+  #   into the URI path. Amazon S3 supports signature
+  #   version 4 in every region, and so `aws-sigv4` should
+  #   be used instead.
+  #
+  # * This signer does not provide a method to compute
+  #   pre-signed URLs. This is available in the
+  #   `aws-sigv4` gem.
+  #
+  module Sigv2
+  end
+end

data/lib/aws-sigv2/credentials.rb

@@ -0,0 +1,55 @@
+module Aws
+  module Sigv2
+    class Credentials
+
+      # @option options [required, String] :access_key_id
+      # @option options [required, String] :secret_access_key
+      # @option options [String, nil] :session_token (nil)
+      def initialize(options = {})
+        if options[:access_key_id] && options[:secret_access_key]
+          @access_key_id = options[:access_key_id]
+          @secret_access_key = options[:secret_access_key]
+          @session_token = options[:session_token]
+        else
+          msg = "expected both :access_key_id and :secret_access_key options"
+          raise ArgumentError, msg
+        end
+      end
+
+      # @return [String]
+      attr_reader :access_key_id
+
+      # @return [String]
+      attr_reader :secret_access_key
+
+      # @return [String, nil]
+      attr_reader :session_token
+
+    end
+
+    # The default credential provider class.
+    #
+    #     StaticCredentialsProvider.new({
+    #       access_key_id: 'akid',
+    #       secret_access_key: 'secret',
+    #     })
+    #
+    class StaticCredentialsProvider
+
+      # @option options [Credentials] :credentials
+      # @option options [String] :access_key_id
+      # @option options [String] :secret_access_key
+      # @option options [String] :session_token (nil)
+      def initialize(options = {})
+        @credentials = options[:credentials] ?
+          options[:credentials] :
+          Credentials.new(options)
+      end
+
+      # @return [Credentials]
+      attr_reader :credentials
+
+    end
+
+  end
+end

data/lib/aws-sigv2/signer.rb

@@ -0,0 +1,212 @@
+require 'openssl'
+require 'base64'
+require 'uri'
+require 'cgi'
+
+module Aws
+  module Sigv2
+    # @deprecated This signer is deprecated. You should use
+    #   the `aws-sigv4` gem instead.
+    class Signer
+
+      # @overload initialize(access_key_id:, secret_access_key:, session_token:nil)
+      #   @param [String] :access_key_id
+      #   @param [String] :secret_access_key
+      #   @param [String] :session_token (nil)
+      #
+      # @overload initialize(credentials:)
+      #   @param [Credentials] :credentials
+      #
+      # @overload initialize(credentials_provider:)
+      #   @param [#credentials] :credentials_provider An object that responds
+      #     to `#credentials`, returning an object that responds to:
+      #
+      #     * `#access_key_id`
+      #     * `#secret_access_key`
+      #     * `#session_token`
+      #
+      def initialize(options = {})
+        @credentials_provider = extract_credentials_provider(options)
+      end
+
+      # @return [#credentials] Returns an object that responds
+      #   to `#credentials` returning a {Credentials} object.
+      attr_reader :credentials_provider
+
+      # Computes a version 2 signature. The signature is returned as a hash
+      # of request parameters that should be applied to the HTTP request.
+      # The given request will not be modified.
+      #
+      #     signature = signer.sign_request(
+      #       http_method: 'POST',
+      #       url: 'https://domain.com',
+      #       params: {
+      #         'Param.Name' => 'Param.Value',
+      #       }
+      #     )
+      #
+      #     # Returns a hash with the following keys:
+      #     signature['AWSAccessKeyId']
+      #     signature['SecurityToken'] # when using session credentials
+      #     signature['Timestamp']
+      #     signature['SignatureVersion']
+      #     signature['SignatureMethod']
+      #     signature['Signature']
+      #
+      # @param [Hash] request
+      #
+      # @option request [required, String] :http_method One of
+      #   'GET', 'HEAD', 'PUT', 'POST', 'PATCH', or 'DELETE'
+      #
+      # @option request [required, String, URI::HTTPS, URI::HTTP] :url
+      #   The request URI. Must be a valid HTTP or HTTPS URI.
+      #
+      # @option request [optional, Hash] :params ({}) Request
+      #   parameters to sign. This should be a hash with
+      #   un-escaped parameter names and values. For "GET" style
+      #   requests, this should be the querystring parameters.
+      #   For "POST" style requests, this should be the form-url-encoded
+      #   query parameters.
+      #
+      # @return [Hash] Returns a hash of un-escaped signature
+      #   parameters. These must be applied to the HTTP request.
+      #   If the request is a "GET" request, they should be applied
+      #   to the querystring. If the request is "POST" then they
+      #   should be added to the form-url-encoded HTTP request body.
+      #
+      def sign_request(request)
+
+        creds = @credentials_provider.credentials
+
+        http_method = extract_http_method(request)
+        url = extract_url(request)
+        params = request[:params] || {}
+
+        timestamp = params['Timestamp']
+        timestamp ||= Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
+
+        auth_params = {}
+        auth_params['AWSAccessKeyId'] = creds.access_key_id
+        auth_params['SecurityToken'] = creds.session_token if creds.session_token
+        auth_params['Timestamp'] = timestamp
+        auth_params['SignatureVersion'] = '2'
+        auth_params['SignatureMethod'] = 'HmacSHA256'
+
+        sts = string_to_sign(http_method, url, params.merge(auth_params))
+
+        auth_params['Signature'] = signature(sts, creds.secret_access_key)
+        auth_params
+      end
+
+      private
+
+      # @param [String] string_to_sign
+      # @param [String] secret_access_key
+      # @return [String<Base64>]
+      def signature(string_to_sign, secret_access_key)
+        Base64.encode64(
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'),
+            secret_access_key, string_to_sign)
+        ).strip
+      end
+
+      # @param [String] http_method
+      # @param [URI::HTTP, URI::HTTPS] url
+      # @param [Hash] params
+      # @return [String]
+      def string_to_sign(http_method, url, params)
+        [
+          http_method,
+          host(url),
+          path(url),
+          param_list(params).join('&'),
+        ].join("\n")
+      end
+
+      # @param [URI::HTTP, URI::HTTPS] url
+      # @return [String]
+      def host(url)
+        if
+          (url.scheme == 'http' && url.port != 80) ||
+          (url.scheme == 'https' && url.port != 443)
+        then
+          "#{url.host}:#{url.port}"
+        else
+          url.host
+        end
+      end
+
+      # @param [URI::HTTP, URI::HTTPS] url
+      # @return [String]
+      def path(url)
+        if url.path == ''
+          '/'
+        else
+          uri_escape_path(url.path)
+        end
+      end
+
+      # @param [String] path
+      # @return [String]
+      def uri_escape_path(path)
+        path.gsub(/[^\/]+/) { |part| uri_escape(part) }
+      end
+
+      # @param [String] value
+      # @return [String]
+      def uri_escape(value)
+        if value.nil?
+          nil
+        else
+          CGI.escape(value.encode('UTF-8')).gsub('+', '%20').gsub('%7E', '~')
+        end
+      end
+
+      # @param [Hash] params
+      # @return [Array<String>]
+      def param_list(params)
+        params.keys.sort.inject([]) do |list, param_name|
+          if param_name == 'Signature'
+            list # do not sign the previous signature
+          else
+            list << "#{uri_escape(param_name)}=#{uri_escape(params[param_name])}"
+          end
+        end
+      end
+
+      def extract_credentials_provider(options)
+        if options[:credentials_provider]
+          options[:credentials_provider]
+        elsif options.key?(:credentials) || options.key?(:access_key_id)
+          StaticCredentialsProvider.new(options)
+        else
+          raise ArgumentError, <<-MSG
+missing credentials, provide credentials with one of the following options:
+  - :access_key_id and :secret_access_key
+  - :credentials
+  - :credentials_provider
+          MSG
+        end
+      end
+
+      def extract_http_method(request)
+        if request[:http_method]
+          request[:http_method].upcase
+        else
+          msg = "missing required option :http_method"
+          raise ArgumentError, msg
+        end
+      end
+
+      def extract_url(request)
+        if request[:url]
+          URI.parse(request[:url].to_s)
+        else
+          msg = "missing required option :url"
+          raise ArgumentError, msg
+        end
+      end
+
+    end
+  end
+end

metadata

@@ -0,0 +1,47 @@
+--- !ruby/object:Gem::Specification
+name: aws-sigv2
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Amazon Web Services
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-12-05 00:00:00.000000000 Z
+dependencies: []
+description: Amazon Web Services Signature Version 2 signing ligrary. Generates sigv2
+  signature for HTTP requests.
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/aws-sigv2.rb
+- lib/aws-sigv2/credentials.rb
+- lib/aws-sigv2/signer.rb
+homepage: http://github.com/aws/aws-sdk-ruby
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: AWS Signature Version 2 library.
+test_files: []