aws-sigv4 1.1.2 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 03c9715c1cf282c8fee51a8fe55a3fa6e275c2b705ba750bcfd00be9d5bf1748
4
- data.tar.gz: 7df75c859ecc8133c60ec326f5ddc9fe6ae8a3d2dda508a67f2f9c84f42df261
3
+ metadata.gz: 3f598a45b85be9ca9687eef1ee700397b1a6f273f8633d3c6f5dcc0d5bf6c649
4
+ data.tar.gz: 15d37434086264b0d6f87b0b77d32cff6a70e13eb5746b1aafa89d2c85d91335
5
5
  SHA512:
6
- metadata.gz: a06c0f5359695381e9e7735c8f9b2e4de552bcc1eac0ff721a1fc2d85f44396daae90b6ca8d2bb86174d9ffc8e3e3178d1f3783788c17649b7ef85deacd100c2
7
- data.tar.gz: b1de160e55e4a18283392c22716c7192e5351ef3bddf8db5ab359f352ab73bcb43ed9021d9d6a4fa048de46de5bbb08aac6cde8f2366400c7655901aa6a35b01
6
+ metadata.gz: e9bbfd21088c2ee7821fff70b4d25d21173cecfdeab77e37ea36ce7664ae21aeb2122615ccee12de783116f53d2fc360d82d136d74c98589d595e0522c7d170d
7
+ data.tar.gz: 94d8676dde1b46f5fb760a29cbac9e16f63ac30e6a08310a91230054e69dfb10f92b1d4470964c427f59c5843b8a6a5abf331df3e86428c757dc386ae9b3b347
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require_relative 'aws-sigv4/credentials'
2
4
  require_relative 'aws-sigv4/errors'
3
5
  require_relative 'aws-sigv4/signature'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module Sigv4
3
5
  # Users that wish to configure static credentials can use the
@@ -28,11 +30,14 @@ module Aws
28
30
  # @return [String, nil]
29
31
  attr_reader :session_token
30
32
 
31
- # @return [Boolean]
33
+ # @return [Boolean] Returns `true` if the access key id and secret
34
+ # access key are both set.
32
35
  def set?
33
- !!(access_key_id && secret_access_key)
36
+ !access_key_id.nil? &&
37
+ !access_key_id.empty? &&
38
+ !secret_access_key.nil? &&
39
+ !secret_access_key.empty?
34
40
  end
35
-
36
41
  end
37
42
 
38
43
  # Users that wish to configure static credentials can use the
@@ -53,6 +58,10 @@ module Aws
53
58
  # @return [Credentials]
54
59
  attr_reader :credentials
55
60
 
61
+ # @return [Boolean]
62
+ def set?
63
+ !!credentials && credentials.set?
64
+ end
56
65
  end
57
66
 
58
67
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module Sigv4
3
5
  module Errors
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'uri'
2
4
 
3
5
  module Aws
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module Sigv4
3
5
  class Signature
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
  require 'tempfile'
3
5
  require 'time'
@@ -123,6 +125,7 @@ module Aws
123
125
  @unsigned_headers = Set.new((options.fetch(:unsigned_headers, [])).map(&:downcase))
124
126
  @unsigned_headers << 'authorization'
125
127
  @unsigned_headers << 'x-amzn-trace-id'
128
+ @unsigned_headers << 'expect'
126
129
  [:uri_escape_path, :apply_checksum_header].each do |opt|
127
130
  instance_variable_set("@#{opt}", options.key?(opt) ? !!options[:opt] : true)
128
131
  end
@@ -216,7 +219,7 @@ module Aws
216
219
  content_sha256 ||= sha256_hexdigest(request[:body] || '')
217
220
 
218
221
  sigv4_headers = {}
219
- sigv4_headers['host'] = host(url)
222
+ sigv4_headers['host'] = headers['host'] || host(url)
220
223
  sigv4_headers['x-amz-date'] = datetime
221
224
  sigv4_headers['x-amz-security-token'] = creds.session_token if creds.session_token
222
225
  sigv4_headers['x-amz-content-sha256'] ||= content_sha256 if @apply_checksum_header
@@ -373,7 +376,7 @@ module Aws
373
376
  url = extract_url(options)
374
377
 
375
378
  headers = downcase_headers(options[:headers])
376
- headers['host'] = host(url)
379
+ headers['host'] ||= host(url)
377
380
 
378
381
  datetime = headers['x-amz-date']
379
382
  datetime ||= (options[:time] || Time.now).utc.strftime("%Y%m%dT%H%M%SZ")
@@ -504,18 +507,26 @@ module Aws
504
507
  def normalized_querystring(querystring)
505
508
  params = querystring.split('&')
506
509
  params = params.map { |p| p.match(/=/) ? p : p + '=' }
507
- # We have to sort by param name and preserve order of params that
508
- # have the same name. Default sort <=> in JRuby will swap members
510
+ # From: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
511
+ # Sort the parameter names by character code point in ascending order.
512
+ # Parameters with duplicate names should be sorted by value.
513
+ #
514
+ # Default sort <=> in JRuby will swap members
509
515
  # occasionally when <=> is 0 (considered still sorted), but this
510
516
  # causes our normalized query string to not match the sent querystring.
511
- # When names match, we then sort by their original order
512
- params = params.each.with_index.sort do |a, b|
517
+ # When names match, we then sort by their values. When values also
518
+ # match then we sort by their original order
519
+ params.each.with_index.sort do |a, b|
513
520
  a, a_offset = a
514
- a_name = a.split('=')[0]
515
521
  b, b_offset = b
516
- b_name = b.split('=')[0]
522
+ a_name, a_value = a.split('=')
523
+ b_name, b_value = b.split('=')
517
524
  if a_name == b_name
518
- a_offset <=> b_offset
525
+ if a_value == b_value
526
+ a_offset <=> b_offset
527
+ else
528
+ a_value <=> b_value
529
+ end
519
530
  else
520
531
  a_name <=> b_name
521
532
  end
@@ -564,7 +575,9 @@ module Aws
564
575
  OpenSSL::Digest::SHA256.file(value).hexdigest
565
576
  elsif value.respond_to?(:read)
566
577
  sha256 = OpenSSL::Digest::SHA256.new
567
- while chunk = value.read(1024 * 1024, buffer ||= "") # 1MB
578
+ loop do
579
+ chunk = value.read(1024 * 1024) # 1MB
580
+ break unless chunk
568
581
  sha256.update(chunk)
569
582
  end
570
583
  value.rewind
@@ -652,16 +665,28 @@ module Aws
652
665
  self.class.uri_escape_path(string)
653
666
  end
654
667
 
668
+
655
669
  def fetch_credentials
656
670
  credentials = @credentials_provider.credentials
657
- if credentials.set?
671
+ if credentials_set?(credentials)
658
672
  credentials
659
673
  else
660
674
  raise Errors::MissingCredentialsError,
661
- 'unable to sign request without credentials set'
675
+ 'unable to sign request without credentials set'
662
676
  end
663
677
  end
664
678
 
679
+ # Returns true if credentials are set (not nil or empty)
680
+ # Credentials may not implement the Credentials interface
681
+ # and may just be credential like Client response objects
682
+ # (eg those returned by sts#assume_role)
683
+ def credentials_set?(credentials)
684
+ !credentials.access_key_id.nil? &&
685
+ !credentials.access_key_id.empty? &&
686
+ !credentials.secret_access_key.nil? &&
687
+ !credentials.secret_access_key.empty?
688
+ end
689
+
665
690
  class << self
666
691
 
667
692
  # @api private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-17 00:00:00.000000000 Z
11
+ date: 2020-08-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-eventstream
@@ -16,7 +16,7 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '1'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
22
  version: 1.0.2
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - "~>"
28
28
  - !ruby/object:Gem::Version
29
- version: '1.0'
29
+ version: '1'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
32
  version: 1.0.2