aws-sigv4 1.1.2 → 1.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 03c9715c1cf282c8fee51a8fe55a3fa6e275c2b705ba750bcfd00be9d5bf1748
-  data.tar.gz: 7df75c859ecc8133c60ec326f5ddc9fe6ae8a3d2dda508a67f2f9c84f42df261
+  metadata.gz: 3f598a45b85be9ca9687eef1ee700397b1a6f273f8633d3c6f5dcc0d5bf6c649
+  data.tar.gz: 15d37434086264b0d6f87b0b77d32cff6a70e13eb5746b1aafa89d2c85d91335
 SHA512:
-  metadata.gz: a06c0f5359695381e9e7735c8f9b2e4de552bcc1eac0ff721a1fc2d85f44396daae90b6ca8d2bb86174d9ffc8e3e3178d1f3783788c17649b7ef85deacd100c2
-  data.tar.gz: b1de160e55e4a18283392c22716c7192e5351ef3bddf8db5ab359f352ab73bcb43ed9021d9d6a4fa048de46de5bbb08aac6cde8f2366400c7655901aa6a35b01
+  metadata.gz: e9bbfd21088c2ee7821fff70b4d25d21173cecfdeab77e37ea36ce7664ae21aeb2122615ccee12de783116f53d2fc360d82d136d74c98589d595e0522c7d170d
+  data.tar.gz: 94d8676dde1b46f5fb760a29cbac9e16f63ac30e6a08310a91230054e69dfb10f92b1d4470964c427f59c5843b8a6a5abf331df3e86428c757dc386ae9b3b347

data/lib/aws-sigv4.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'aws-sigv4/credentials'
 require_relative 'aws-sigv4/errors'
 require_relative 'aws-sigv4/signature'

data/lib/aws-sigv4/credentials.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Sigv4
     # Users that wish to configure static credentials can use the
@@ -28,11 +30,14 @@ module Aws
       # @return [String, nil]
       attr_reader :session_token
 
-      # @return [Boolean]
+      # @return [Boolean] Returns `true` if the access key id and secret
+      #   access key are both set.
       def set?
-        !!(access_key_id && secret_access_key)
+        !access_key_id.nil? &&
+          !access_key_id.empty? &&
+          !secret_access_key.nil? &&
+          !secret_access_key.empty?
       end
-
     end
 
     # Users that wish to configure static credentials can use the
@@ -53,6 +58,10 @@ module Aws
       # @return [Credentials]
       attr_reader :credentials
 
+      # @return [Boolean]
+      def set?
+        !!credentials && credentials.set?
+      end
     end
 
   end

data/lib/aws-sigv4/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Sigv4
     module Errors

data/lib/aws-sigv4/request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'uri'
 
 module Aws

data/lib/aws-sigv4/signature.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module Sigv4
     class Signature

data/lib/aws-sigv4/signer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'openssl'
 require 'tempfile'
 require 'time'
@@ -123,6 +125,7 @@ module Aws
         @unsigned_headers = Set.new((options.fetch(:unsigned_headers, [])).map(&:downcase))
         @unsigned_headers << 'authorization'
         @unsigned_headers << 'x-amzn-trace-id'
+        @unsigned_headers << 'expect'
         [:uri_escape_path, :apply_checksum_header].each do |opt|
           instance_variable_set("@#{opt}", options.key?(opt) ? !!options[:opt] : true)
         end
@@ -216,7 +219,7 @@ module Aws
         content_sha256 ||= sha256_hexdigest(request[:body] || '')
 
         sigv4_headers = {}
-        sigv4_headers['host'] = host(url)
+        sigv4_headers['host'] = headers['host'] || host(url)
         sigv4_headers['x-amz-date'] = datetime
         sigv4_headers['x-amz-security-token'] = creds.session_token if creds.session_token
         sigv4_headers['x-amz-content-sha256'] ||= content_sha256 if @apply_checksum_header
@@ -373,7 +376,7 @@ module Aws
         url = extract_url(options)
 
         headers = downcase_headers(options[:headers])
-        headers['host'] = host(url)
+        headers['host'] ||= host(url)
 
         datetime = headers['x-amz-date']
         datetime ||= (options[:time] || Time.now).utc.strftime("%Y%m%dT%H%M%SZ")
@@ -504,18 +507,26 @@ module Aws
       def normalized_querystring(querystring)
         params = querystring.split('&')
         params = params.map { |p| p.match(/=/) ? p : p + '=' }
-        # We have to sort by param name and preserve order of params that
-        # have the same name. Default sort <=> in JRuby will swap members
+        # From: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
+        # Sort the parameter names by character code point in ascending order.
+        # Parameters with duplicate names should be sorted by value.
+        #
+        # Default sort <=> in JRuby will swap members
         # occasionally when <=> is 0 (considered still sorted), but this
         # causes our normalized query string to not match the sent querystring.
-        # When names match, we then sort by their original order
-        params = params.each.with_index.sort do |a, b|
+        # When names match, we then sort by their values.  When values also
+        # match then we sort by their original order
+        params.each.with_index.sort do |a, b|
           a, a_offset = a
-          a_name = a.split('=')[0]
           b, b_offset = b
-          b_name = b.split('=')[0]
+          a_name, a_value = a.split('=')
+          b_name, b_value = b.split('=')
           if a_name == b_name
-            a_offset <=> b_offset
+            if a_value == b_value
+              a_offset <=> b_offset
+            else
+              a_value <=> b_value
+            end
           else
             a_name <=> b_name
           end
@@ -564,7 +575,9 @@ module Aws
           OpenSSL::Digest::SHA256.file(value).hexdigest
         elsif value.respond_to?(:read)
           sha256 = OpenSSL::Digest::SHA256.new
-          while chunk = value.read(1024 * 1024, buffer ||= "") # 1MB
+          loop do
+            chunk = value.read(1024 * 1024) # 1MB
+            break unless chunk
             sha256.update(chunk)
           end
           value.rewind
@@ -652,16 +665,28 @@ module Aws
         self.class.uri_escape_path(string)
       end
 
+
       def fetch_credentials
         credentials = @credentials_provider.credentials
-        if credentials.set?
+        if credentials_set?(credentials)
           credentials
         else
           raise Errors::MissingCredentialsError,
-                'unable to sign request without credentials set'
+          'unable to sign request without credentials set'
         end
       end
 
+      # Returns true if credentials are set (not nil or empty)
+      # Credentials may not implement the Credentials interface
+      # and may just be credential like Client response objects
+      # (eg those returned by sts#assume_role)
+      def credentials_set?(credentials)
+        !credentials.access_key_id.nil? &&
+          !credentials.access_key_id.empty? &&
+          !credentials.secret_access_key.nil? &&
+          !credentials.secret_access_key.empty?
+      end
+
       class << self
 
         # @api private

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sigv4
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.2.2
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-17 00:00:00.000000000 Z
+date: 2020-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-eventstream
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.2
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.2