aws-sigv4 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +5 -5
  2. data/lib/aws-sigv4/credentials.rb +10 -3
  3. data/lib/aws-sigv4/signer.rb +23 -16
  4. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: cb4db422d46522a4ad3274b0dc5b28689ed5def4
4
- data.tar.gz: 061ca3ebfd24ffea8a1717ac9e12f9fc0650d4f8
2
+ SHA256:
3
+ metadata.gz: bb5dcbbff098d3a214203f2ae9e9232a45a21b172975e54d53760458a3bae292
4
+ data.tar.gz: '021178fadb12d304636d9f62f437c1d4771ec73dbd331e035f0d44150cc09bf1'
5
5
  SHA512:
6
- metadata.gz: fef836871abeaf35b99b00a28deab1506f45d6792a6c732d74db4a37250d77e62ee64da491ad91a21a0f8098ba91dae19953d27c48aec0a36d7e2ad403f4edf6
7
- data.tar.gz: 6bee73d7bbcd3f7fe8cb92275eabb13d5981869dc566bfc818960449143fdc28f91270465efd9d38adbfb4f91d12c23a2c70e7cfebf4c45d8954df3c0a082b36
6
+ metadata.gz: db494770a0cf87af1eabd7ff006b6f0ffa7fda832c9fb584fe5937fda36c7764ad78bd07e3837b5e2b7e32dcb7733278189b0ceb4112d4081f7f9c3df510485f
7
+ data.tar.gz: 7e8bccac2be5edba105722f8d2e2fa61c4d8167289e768b28162cb7b66dc5a9a22e3e850fdf5b65af69dc20604bc2a2433732bb4429ffffa2fb0df7271ec3e73
data/lib/aws-sigv4/credentials.rb CHANGED
@@ -28,11 +28,14 @@ module Aws
28
28
  # @return [String, nil]
29
29
  attr_reader :session_token
30
30
 
31
- # @return [Boolean]
31
+ # @return [Boolean] Returns `true` if the access key id and secret
32
+ # access key are both set.
32
33
  def set?
33
- !!(access_key_id && secret_access_key)
34
+ !access_key_id.nil? &&
35
+ !access_key_id.empty? &&
36
+ !secret_access_key.nil? &&
37
+ !secret_access_key.empty?
34
38
  end
35
-
36
39
  end
37
40
 
38
41
  # Users that wish to configure static credentials can use the
@@ -53,6 +56,10 @@ module Aws
53
56
  # @return [Credentials]
54
57
  attr_reader :credentials
55
58
 
59
+ # @return [Boolean]
60
+ def set?
61
+ !!credentials && credentials.set?
62
+ end
56
63
  end
57
64
 
58
65
  end
data/lib/aws-sigv4/signer.rb CHANGED
@@ -123,6 +123,7 @@ module Aws
123
123
  @unsigned_headers = Set.new((options.fetch(:unsigned_headers, [])).map(&:downcase))
124
124
  @unsigned_headers << 'authorization'
125
125
  @unsigned_headers << 'x-amzn-trace-id'
126
+ @unsigned_headers << 'expect'
126
127
  [:uri_escape_path, :apply_checksum_header].each do |opt|
127
128
  instance_variable_set("@#{opt}", options.key?(opt) ? !!options[:opt] : true)
128
129
  end
@@ -202,7 +203,7 @@ module Aws
202
203
  #
203
204
  def sign_request(request)
204
205
 
205
- creds = get_credentials
206
+ creds = fetch_credentials
206
207
 
207
208
  http_method = extract_http_method(request)
208
209
  url = extract_url(request)
@@ -280,13 +281,13 @@ module Aws
280
281
  # signature value (a binary string) used at ':chunk-signature' needs to converted to
281
282
  # hex-encoded string using #unpack
282
283
  def sign_event(prior_signature, payload, encoder)
283
- creds = get_credentials
284
+ creds = fetch_credentials
284
285
  time = Time.now
285
286
  headers = {}
286
287
 
287
288
  datetime = time.utc.strftime("%Y%m%dT%H%M%SZ")
288
289
  date = datetime[0,8]
289
- headers[':date'] = Aws::EventStream::HeaderValue.new(value: time.to_i*1000, type: 'timestamp')
290
+ headers[':date'] = Aws::EventStream::HeaderValue.new(value: time.to_i * 1000, type: 'timestamp')
290
291
 
291
292
  sts = event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
292
293
  sig = event_signature(creds.secret_access_key, date, sts)
@@ -367,7 +368,7 @@ module Aws
367
368
  #
368
369
  def presign_url(options)
369
370
 
370
- creds = get_credentials
371
+ creds = fetch_credentials
371
372
 
372
373
  http_method = extract_http_method(options)
373
374
  url = extract_url(options)
@@ -441,7 +442,7 @@ module Aws
441
442
  def event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
442
443
  encoded_headers = encoder.encode_headers(
443
444
  Aws::EventStream::Message.new(headers: headers, payload: payload)
444
- ).read
445
+ )
445
446
  [
446
447
  "AWS4-HMAC-SHA256-PAYLOAD",
447
448
  datetime,
@@ -549,18 +550,14 @@ module Aws
549
550
  end
550
551
 
551
552
  def host(uri)
552
- if standard_port?(uri)
553
+ # Handles known and unknown URI schemes; default_port nil when unknown.
554
+ if uri.default_port == uri.port
553
555
  uri.host
554
556
  else
555
557
  "#{uri.host}:#{uri.port}"
556
558
  end
557
559
  end
558
560
 
559
- def standard_port?(uri)
560
- (uri.scheme == 'http' && uri.port == 80) ||
561
- (uri.scheme == 'https' && uri.port == 443)
562
- end
563
-
564
561
  # @param [File, Tempfile, IO#read, String] value
565
562
  # @return [String<SHA256 Hexdigest>]
566
563
  def sha256_hexdigest(value)
@@ -568,7 +565,9 @@ module Aws
568
565
  OpenSSL::Digest::SHA256.file(value).hexdigest
569
566
  elsif value.respond_to?(:read)
570
567
  sha256 = OpenSSL::Digest::SHA256.new
571
- while chunk = value.read(1024 * 1024, buffer ||= "") # 1MB
568
+ loop do
569
+ chunk = value.read(1024 * 1024) # 1MB
570
+ break unless chunk
572
571
  sha256.update(chunk)
573
572
  end
574
573
  value.rewind
@@ -656,18 +655,26 @@ module Aws
656
655
  self.class.uri_escape_path(string)
657
656
  end
658
657
 
659
- def get_credentials
658
+
659
+ def fetch_credentials
660
660
  credentials = @credentials_provider.credentials
661
661
  if credentials_set?(credentials)
662
662
  credentials
663
663
  else
664
- msg = 'unable to sign request without credentials set'
665
- raise Errors::MissingCredentialsError.new(msg)
664
+ raise Errors::MissingCredentialsError,
665
+ 'unable to sign request without credentials set'
666
666
  end
667
667
  end
668
668
 
669
+ # Returns true if credentials are set (not nil or empty)
670
+ # Credentials may not implement the Credentials interface
671
+ # and may just be credential like Client response objects
672
+ # (eg those returned by sts#assume_role)
669
673
  def credentials_set?(credentials)
670
- credentials.access_key_id && credentials.secret_access_key
674
+ !credentials.access_key_id.nil? &&
675
+ !credentials.access_key_id.empty? &&
676
+ !credentials.secret_access_key.nil? &&
677
+ !credentials.secret_access_key.empty?
671
678
  end
672
679
 
673
680
  class << self
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-13 00:00:00.000000000 Z
11
+ date: 2020-06-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-eventstream
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '1'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
22
  version: 1.0.2
@@ -26,11 +26,11 @@ dependencies:
26
26
  requirements:
27
27
  - - "~>"
28
28
  - !ruby/object:Gem::Version
29
- version: '1.0'
29
+ version: '1'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
32
  version: 1.0.2
33
- description: Amazon Web Services Signature Version 4 signing ligrary. Generates sigv4
33
+ description: Amazon Web Services Signature Version 4 signing library. Generates sigv4
34
34
  signature for HTTP requests.
35
35
  email:
36
36
  executables: []
@@ -43,7 +43,7 @@ files:
43
43
  - lib/aws-sigv4/request.rb
44
44
  - lib/aws-sigv4/signature.rb
45
45
  - lib/aws-sigv4/signer.rb
46
- homepage: http://github.com/aws/aws-sdk-ruby
46
+ homepage: https://github.com/aws/aws-sdk-ruby
47
47
  licenses:
48
48
  - Apache-2.0
49
49
  metadata:
@@ -65,7 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
65
65
  version: '0'
66
66
  requirements: []
67
67
  rubyforge_project:
68
- rubygems_version: 2.5.2.3
68
+ rubygems_version: 2.7.6.2
69
69
  signing_key:
70
70
  specification_version: 4
71
71
  summary: AWS Signature Version 4 library.