aws-sigv4 1.0.3 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sigv4/signer.rb +95 -0
  3. metadata +23 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 230c5aa7c49bded384ea0cc96ecbc3cdc6d3bec7
4
- data.tar.gz: b1b194fa0740e2588a94dd9a0c66f7c5f4198f70
3
+ metadata.gz: cb4db422d46522a4ad3274b0dc5b28689ed5def4
4
+ data.tar.gz: 061ca3ebfd24ffea8a1717ac9e12f9fc0650d4f8
5
5
  SHA512:
6
- metadata.gz: 53016c5f240e3154815b4f172158a5a29c84ef7e912e756f8f5b53e619854bbc30a041358b5be4a8fc82708cbbb12c549f31c843421cbf5a0e6c3f2e0537ab23
7
- data.tar.gz: 4ff775b31b1603a3eaf5206cb0c59bdac3599a95973626d746d81ec21b8e51db46cdc9fd8cb6a7008afaeaec5bb6ac6af6a12b5317ba60e2c64303424235a63d
6
+ metadata.gz: fef836871abeaf35b99b00a28deab1506f45d6792a6c732d74db4a37250d77e62ee64da491ad91a21a0f8098ba91dae19953d27c48aec0a36d7e2ad403f4edf6
7
+ data.tar.gz: 6bee73d7bbcd3f7fe8cb92275eabb13d5981869dc566bfc818960449143fdc28f91270465efd9d38adbfb4f91d12c23a2c70e7cfebf4c45d8954df3c0a082b36
@@ -4,6 +4,7 @@ require 'time'
4
4
  require 'uri'
5
5
  require 'set'
6
6
  require 'cgi'
7
+ require 'aws-eventstream'
7
8
 
8
9
  module Aws
9
10
  module Sigv4
@@ -243,6 +244,59 @@ module Aws
243
244
  )
244
245
  end
245
246
 
247
+ # Signs a event and returns signature headers and prior signature
248
+ # used for next event signing.
249
+ #
250
+ # Headers of a sigv4 signed event message only contains 2 headers
251
+ # * ':chunk-signature'
252
+ # * computed signature of the event, binary string, 'bytes' type
253
+ # * ':date'
254
+ # * millisecond since epoch, 'timestamp' type
255
+ #
256
+ # Payload of the sigv4 signed event message contains eventstream encoded message
257
+ # which is serialized based on input and protocol
258
+ #
259
+ # To sign events
260
+ #
261
+ # headers_0, signature_0 = signer.sign_event(
262
+ # prior_signature, # hex-encoded string
263
+ # payload_0, # binary string (eventstream encoded event 0)
264
+ # encoder, # Aws::EventStreamEncoder
265
+ # )
266
+ #
267
+ # headers_1, signature_1 = signer.sign_event(
268
+ # signature_0,
269
+ # payload_1, # binary string (eventstream encoded event 1)
270
+ # encoder
271
+ # )
272
+ #
273
+ # The initial prior_signature should be using the signature computed at initial request
274
+ #
275
+ # Note:
276
+ #
277
+ # Since ':chunk-signature' header value has bytes type, the signature value provided
278
+ # needs to be a binary string instead of a hex-encoded string (like original signature
279
+ # V4 algorithm). Thus, when returning signature value used for next event siging, the
280
+ # signature value (a binary string) used at ':chunk-signature' needs to converted to
281
+ # hex-encoded string using #unpack
282
+ def sign_event(prior_signature, payload, encoder)
283
+ creds = get_credentials
284
+ time = Time.now
285
+ headers = {}
286
+
287
+ datetime = time.utc.strftime("%Y%m%dT%H%M%SZ")
288
+ date = datetime[0,8]
289
+ headers[':date'] = Aws::EventStream::HeaderValue.new(value: time.to_i*1000, type: 'timestamp')
290
+
291
+ sts = event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
292
+ sig = event_signature(creds.secret_access_key, date, sts)
293
+
294
+ headers[':chunk-signature'] = Aws::EventStream::HeaderValue.new(value: sig, type: 'bytes')
295
+
296
+ # Returning signed headers and signature value in hex-encoded string
297
+ [headers, sig.unpack('H*').first]
298
+ end
299
+
246
300
  # Signs a URL with query authentication. Using query parameters
247
301
  # to authenticate requests is useful when you want to express a
248
302
  # request entirely in a URL. This method is also referred as
@@ -375,6 +429,29 @@ module Aws
375
429
  ].join("\n")
376
430
  end
377
431
 
432
+ # Compared to original #string_to_sign at signature v4 algorithm
433
+ # there is no canonical_request concept for an eventstream event,
434
+ # instead, an event contains headers and payload two parts, and
435
+ # they will be used for computing digest in #event_string_to_sign
436
+ #
437
+ # Note:
438
+ # While headers need to be encoded under eventstream format,
439
+ # payload used is already eventstream encoded (event without signature),
440
+ # thus no extra encoding is needed.
441
+ def event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
442
+ encoded_headers = encoder.encode_headers(
443
+ Aws::EventStream::Message.new(headers: headers, payload: payload)
444
+ ).read
445
+ [
446
+ "AWS4-HMAC-SHA256-PAYLOAD",
447
+ datetime,
448
+ credential_scope(datetime[0,8]),
449
+ prior_signature,
450
+ sha256_hexdigest(encoded_headers),
451
+ sha256_hexdigest(payload)
452
+ ].join("\n")
453
+ end
454
+
378
455
  def credential_scope(date)
379
456
  [
380
457
  date,
@@ -396,6 +473,24 @@ module Aws
396
473
  hexhmac(k_credentials, string_to_sign)
397
474
  end
398
475
 
476
+ # Comparing to original signature v4 algorithm,
477
+ # returned signature is a binary string instread of
478
+ # hex-encoded string. (Since ':chunk-signature' requires
479
+ # 'bytes' type)
480
+ #
481
+ # Note:
482
+ # converting signature from binary string to hex-encoded
483
+ # string is handled at #sign_event instead. (Will be used
484
+ # as next prior signature for event signing)
485
+ def event_signature(secret_access_key, date, string_to_sign)
486
+ k_date = hmac("AWS4" + secret_access_key, date)
487
+ k_region = hmac(k_date, @region)
488
+ k_service = hmac(k_region, @service)
489
+ k_credentials = hmac(k_service, 'aws4_request')
490
+ hmac(k_credentials, string_to_sign)
491
+ end
492
+
493
+
399
494
  def path(url)
400
495
  path = url.path
401
496
  path = '/' if path == ''
metadata CHANGED
@@ -1,15 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-06-28 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2019-03-13 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-eventstream
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.0'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 1.0.2
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '1.0'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 1.0.2
13
33
  description: Amazon Web Services Signature Version 4 signing ligrary. Generates sigv4
14
34
  signature for HTTP requests.
15
35
  email: