aws-sigv4 1.2.2 → 1.4.0.crt

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f598a45b85be9ca9687eef1ee700397b1a6f273f8633d3c6f5dcc0d5bf6c649
4
- data.tar.gz: 15d37434086264b0d6f87b0b77d32cff6a70e13eb5746b1aafa89d2c85d91335
3
+ metadata.gz: a8f4bb2026a22b4dc16eb1e53bc233135225971f13d2e16e6df7874749095c9c
4
+ data.tar.gz: 7a13586ac15fa24cb1c005ba27909c8687fc7416bd0bb81e8e8b9c4a89e0a161
5
5
  SHA512:
6
- metadata.gz: e9bbfd21088c2ee7821fff70b4d25d21173cecfdeab77e37ea36ce7664ae21aeb2122615ccee12de783116f53d2fc360d82d136d74c98589d595e0522c7d170d
7
- data.tar.gz: 94d8676dde1b46f5fb760a29cbac9e16f63ac30e6a08310a91230054e69dfb10f92b1d4470964c427f59c5843b8a6a5abf331df3e86428c757dc386ae9b3b347
6
+ metadata.gz: f4720ab9cd966559519b0c803fc183f3ddbfa5c60bbdd0490fdef32b5d7ba0790438089d8b25130c4d40f32e81e42808e6a30cade92d3f0252d0131d53fcedc4
7
+ data.tar.gz: e257d60db8a752a75a539aad1571595a8367bd3e7b4a1f1e25a81c8cc00393e787e55d8f28554e294fc6babf9048ed10e2536d40d37ba241bb931be22dd42e1e
data/CHANGELOG.md ADDED
@@ -0,0 +1,84 @@
1
+ Unreleased Changes
2
+ ------------------
3
+
4
+
5
+ 1.3.0.crt (2021-08-04)
6
+ ------------------
7
+
8
+ * Feature - Preview release of `aws-sigv4` version 1.3.0.crt gem - uses the Common Runtime (CRT) for signing and support for sigv4a.
9
+
10
+ 1.2.4 (2021-07-08)
11
+ ------------------
12
+
13
+ * Issue - Fix usage of `:uri_escape_path` and `:apply_checksum_header` in `Signer`.
14
+
15
+ 1.2.3 (2021-03-04)
16
+ ------------------
17
+
18
+ * Issue - Include LICENSE, CHANGELOG, and VERSION files with this gem.
19
+
20
+ 1.2.2 (2020-08-13)
21
+ ------------------
22
+
23
+ * Issue - Sort query params with same names by value when signing. (#2376)
24
+
25
+ 1.2.1 (2020-06-24)
26
+ ------------------
27
+
28
+ * Issue - Don't overwrite `host` header in sigv4 signer if given.
29
+
30
+ 1.2.0 (2020-06-17)
31
+ ------------------
32
+
33
+ * Feature - Bump `aws-eventstream` dependency to `~> 1`.
34
+
35
+ 1.1.4 (2020-05-28)
36
+ ------------------
37
+
38
+ * Issue - Don't use `expect` header to compute Signature.
39
+
40
+ 1.1.3 (2020-04-27)
41
+ ------------------
42
+
43
+ * Issue - Don't rely on the set? method of credentials.
44
+
45
+ 1.1.2 (2020-04-17)
46
+ ------------------
47
+
48
+ * Issue - Raise errors when credentials are not set (nil or empty)
49
+
50
+ 1.1.1 (2020-02-26)
51
+ ------------------
52
+
53
+ * Issue - Handle signing for unknown protocols and default ports.
54
+
55
+ 1.1.0 (2019-03-13)
56
+ ------------------
57
+
58
+ * Feature - Support signature V4 signing per event.
59
+
60
+ 1.0.3 (2018-06-28)
61
+ ------------------
62
+
63
+ * Issue - Reduce memory allocation when generating signatures.
64
+
65
+ 1.0.2 (2018-02-21)
66
+ ------------------
67
+
68
+ * Issue - Fix Ruby warning: shadowed local variable "headers".
69
+
70
+ 1.0.2 (2017-08-31)
71
+ ------------------
72
+
73
+ * Issue - Update `aws-sigv4` gemspec metadata.
74
+
75
+ 1.0.1 (2017-07-12)
76
+ ------------------
77
+
78
+ * Issue - Make UTF-8 encoding explicit in spec test.
79
+
80
+
81
+ 1.0.0 (2016-11-08)
82
+ ------------------
83
+
84
+ * Feature - Initial release of the `aws-sigv4` gem.
data/LICENSE.txt ADDED
@@ -0,0 +1,202 @@
1
+
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
5
+
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
+
8
+ 1. Definitions.
9
+
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright [yyyy] [name of copyright owner]
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 1.4.0.crt
@@ -11,7 +11,10 @@ module Aws
11
11
  # @option options [required, String] :secret_access_key
12
12
  # @option options [String, nil] :session_token (nil)
13
13
  def initialize(options = {})
14
- if options[:access_key_id] && options[:secret_access_key]
14
+ if options[:access_key_id] && options[:secret_access_key] &&
15
+ !options[:access_key_id].empty? &&
16
+ !options[:secret_access_key].empty?
17
+
15
18
  @access_key_id = options[:access_key_id]
16
19
  @secret_access_key = options[:secret_access_key]
17
20
  @session_token = options[:session_token]
@@ -51,8 +54,8 @@ module Aws
51
54
  # @option options [String] :session_token (nil)
52
55
  def initialize(options = {})
53
56
  @credentials = options[:credentials] ?
54
- options[:credentials] :
55
- Credentials.new(options)
57
+ options[:credentials] :
58
+ Credentials.new(options)
56
59
  end
57
60
 
58
61
  # @return [Credentials]
@@ -63,6 +66,5 @@ module Aws
63
66
  !!credentials && credentials.set?
64
67
  end
65
68
  end
66
-
67
69
  end
68
70
  end
@@ -32,6 +32,8 @@ module Aws
32
32
  # @return [String] For debugging purposes.
33
33
  attr_accessor :content_sha256
34
34
 
35
+ attr_accessor :extra
36
+
35
37
  end
36
38
  end
37
39
  end
@@ -1,79 +1,16 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'openssl'
4
- require 'tempfile'
5
4
  require 'time'
5
+ require 'tempfile'
6
6
  require 'uri'
7
7
  require 'set'
8
- require 'cgi'
9
8
  require 'aws-eventstream'
10
9
 
11
10
  module Aws
12
11
  module Sigv4
13
-
14
- # Utility class for creating AWS signature version 4 signature. This class
15
- # provides two methods for generating signatures:
16
- #
17
- # * {#sign_request} - Computes a signature of the given request, returning
18
- # the hash of headers that should be applied to the request.
19
- #
20
- # * {#presign_url} - Computes a presigned request with an expiration.
21
- # By default, the body of this request is not signed and the request
22
- # expires in 15 minutes.
23
- #
24
- # ## Configuration
25
- #
26
- # To use the signer, you need to specify the service, region, and credentials.
27
- # The service name is normally the endpoint prefix to an AWS service. For
28
- # example:
29
- #
30
- # ec2.us-west-1.amazonaws.com => ec2
31
- #
32
- # The region is normally the second portion of the endpoint, following
33
- # the service name.
34
- #
35
- # ec2.us-west-1.amazonaws.com => us-west-1
36
- #
37
- # It is important to have the correct service and region name, or the
38
- # signature will be invalid.
39
- #
40
- # ## Credentials
41
- #
42
- # The signer requires credentials. You can configure the signer
43
- # with static credentials:
44
- #
45
- # signer = Aws::Sigv4::Signer.new(
46
- # service: 's3',
47
- # region: 'us-east-1',
48
- # # static credentials
49
- # access_key_id: 'akid',
50
- # secret_access_key: 'secret'
51
- # )
52
- #
53
- # You can also provide refreshing credentials via the `:credentials_provider`.
54
- # If you are using the AWS SDK for Ruby, you can use any of the credential
55
- # classes:
56
- #
57
- # signer = Aws::Sigv4::Signer.new(
58
- # service: 's3',
59
- # region: 'us-east-1',
60
- # credentials_provider: Aws::InstanceProfileCredentials.new
61
- # )
62
- #
63
- # Other AWS SDK for Ruby classes that can be provided via `:credentials_provider`:
64
- #
65
- # * `Aws::Credentials`
66
- # * `Aws::SharedCredentials`
67
- # * `Aws::InstanceProfileCredentials`
68
- # * `Aws::AssumeRoleCredentials`
69
- # * `Aws::ECSCredentials`
70
- #
71
- # A credential provider is any object that responds to `#credentials`
72
- # returning another object that responds to `#access_key_id`, `#secret_access_key`,
73
- # and `#session_token`.
74
- #
12
+ # Utility class for creating AWS signature version 4 signature.
75
13
  class Signer
76
-
77
14
  # @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
78
15
  # @param [String] :service The service signing name, e.g. 's3'.
79
16
  # @param [String] :region The region name, e.g. 'us-east-1'.
@@ -118,17 +55,27 @@ module Aws
118
55
  # headers. This is required for AWS Glacier, and optional for
119
56
  # every other AWS service as of late 2016.
120
57
  #
58
+ # @option options [Boolean] :omit_session_token (false) If `true`,
59
+ # then security token is added to the final signing result,
60
+ # but is treated as "unsigned" and does not contribute
61
+ # to the authorization signature.
62
+ #
63
+ # @option options [Boolean] :normalize_path (true) When `true`,
64
+ # the uri paths will be normalized when building the canonical request
121
65
  def initialize(options = {})
122
66
  @service = extract_service(options)
123
67
  @region = extract_region(options)
124
68
  @credentials_provider = extract_credentials_provider(options)
125
- @unsigned_headers = Set.new((options.fetch(:unsigned_headers, [])).map(&:downcase))
69
+ @unsigned_headers = Set.new((options.fetch(:unsigned_headers, []))
70
+ .map(&:downcase))
126
71
  @unsigned_headers << 'authorization'
127
72
  @unsigned_headers << 'x-amzn-trace-id'
128
73
  @unsigned_headers << 'expect'
129
- [:uri_escape_path, :apply_checksum_header].each do |opt|
130
- instance_variable_set("@#{opt}", options.key?(opt) ? !!options[:opt] : true)
131
- end
74
+ @uri_escape_path = options.fetch(:uri_escape_path, true)
75
+ @apply_checksum_header = options.fetch(:apply_checksum_header, true)
76
+ @signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
77
+ @normalize_path = options.fetch(:normalize_path, true)
78
+ @omit_session_token = options.fetch(:omit_session_token, false)
132
79
  end
133
80
 
134
81
  # @return [String]
@@ -204,102 +151,65 @@ module Aws
204
151
  # a `#headers` method. The headers must be applied to your request.
205
152
  #
206
153
  def sign_request(request)
207
-
208
154
  creds = fetch_credentials
209
155
 
210
156
  http_method = extract_http_method(request)
211
157
  url = extract_url(request)
212
158
  headers = downcase_headers(request[:headers])
213
159
 
214
- datetime = headers['x-amz-date']
215
- datetime ||= Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
216
- date = datetime[0,8]
160
+ datetime =
161
+ if headers.include? 'x-amz-date'
162
+ Time.parse(headers.delete('x-amz-date'))
163
+ end
217
164
 
218
- content_sha256 = headers['x-amz-content-sha256']
165
+ content_sha256 = headers.delete('x-amz-content-sha256')
219
166
  content_sha256 ||= sha256_hexdigest(request[:body] || '')
220
167
 
221
168
  sigv4_headers = {}
222
169
  sigv4_headers['host'] = headers['host'] || host(url)
223
- sigv4_headers['x-amz-date'] = datetime
224
- sigv4_headers['x-amz-security-token'] = creds.session_token if creds.session_token
225
- sigv4_headers['x-amz-content-sha256'] ||= content_sha256 if @apply_checksum_header
170
+
171
+ # Modify the user-agent to add usage of crt-signer
172
+ # This should be temporary during developer preview only
173
+ if headers.include? 'user-agent'
174
+ headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
175
+ sigv4_headers['user-agent'] = headers['user-agent']
176
+ end
226
177
 
227
178
  headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
228
179
 
229
- # compute signature parts
230
- creq = canonical_request(http_method, url, headers, content_sha256)
231
- sts = string_to_sign(datetime, creq)
232
- sig = signature(creds.secret_access_key, date, sts)
180
+ config = Aws::Crt::Auth::SigningConfig.new(
181
+ algorithm: @signing_algorithm,
182
+ signature_type: :http_request_headers,
183
+ region: @region,
184
+ service: @service,
185
+ date: datetime,
186
+ signed_body_value: content_sha256,
187
+ signed_body_header_type: @apply_checksum_header ?
188
+ :sbht_content_sha256 : :sbht_none,
189
+ credentials: creds,
190
+ unsigned_headers: @unsigned_headers,
191
+ use_double_uri_encode: @uri_escape_path,
192
+ should_normalize_uri_path: @normalize_path,
193
+ omit_session_token: @omit_session_token
194
+ )
195
+ http_request = Aws::Crt::Http::Message.new(
196
+ http_method, url.to_s, headers
197
+ )
198
+ signable = Aws::Crt::Auth::Signable.new(http_request)
233
199
 
234
- # apply signature
235
- sigv4_headers['authorization'] = [
236
- "AWS4-HMAC-SHA256 Credential=#{credential(creds, date)}",
237
- "SignedHeaders=#{signed_headers(headers)}",
238
- "Signature=#{sig}",
239
- ].join(', ')
200
+ signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
240
201
 
241
- # Returning the signature components.
242
202
  Signature.new(
243
- headers: sigv4_headers,
244
- string_to_sign: sts,
245
- canonical_request: creq,
246
- content_sha256: content_sha256
203
+ headers: sigv4_headers.merge(
204
+ downcase_headers(signing_result[:headers])
205
+ ),
206
+ string_to_sign: 'CRT_INTERNAL',
207
+ canonical_request: 'CRT_INTERNAL',
208
+ content_sha256: content_sha256,
209
+ extra: {config: config, signable: signable}
247
210
  )
248
211
  end
249
212
 
250
- # Signs a event and returns signature headers and prior signature
251
- # used for next event signing.
252
- #
253
- # Headers of a sigv4 signed event message only contains 2 headers
254
- # * ':chunk-signature'
255
- # * computed signature of the event, binary string, 'bytes' type
256
- # * ':date'
257
- # * millisecond since epoch, 'timestamp' type
258
- #
259
- # Payload of the sigv4 signed event message contains eventstream encoded message
260
- # which is serialized based on input and protocol
261
- #
262
- # To sign events
263
- #
264
- # headers_0, signature_0 = signer.sign_event(
265
- # prior_signature, # hex-encoded string
266
- # payload_0, # binary string (eventstream encoded event 0)
267
- # encoder, # Aws::EventStreamEncoder
268
- # )
269
- #
270
- # headers_1, signature_1 = signer.sign_event(
271
- # signature_0,
272
- # payload_1, # binary string (eventstream encoded event 1)
273
- # encoder
274
- # )
275
- #
276
- # The initial prior_signature should be using the signature computed at initial request
277
- #
278
- # Note:
279
- #
280
- # Since ':chunk-signature' header value has bytes type, the signature value provided
281
- # needs to be a binary string instead of a hex-encoded string (like original signature
282
- # V4 algorithm). Thus, when returning signature value used for next event siging, the
283
- # signature value (a binary string) used at ':chunk-signature' needs to converted to
284
- # hex-encoded string using #unpack
285
- def sign_event(prior_signature, payload, encoder)
286
- creds = fetch_credentials
287
- time = Time.now
288
- headers = {}
289
-
290
- datetime = time.utc.strftime("%Y%m%dT%H%M%SZ")
291
- date = datetime[0,8]
292
- headers[':date'] = Aws::EventStream::HeaderValue.new(value: time.to_i * 1000, type: 'timestamp')
293
-
294
- sts = event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
295
- sig = event_signature(creds.secret_access_key, date, sts)
296
-
297
- headers[':chunk-signature'] = Aws::EventStream::HeaderValue.new(value: sig, type: 'bytes')
298
-
299
- # Returning signed headers and signature value in hex-encoded string
300
- [headers, sig.unpack('H*').first]
301
- end
302
-
303
213
  # Signs a URL with query authentication. Using query parameters
304
214
  # to authenticate requests is useful when you want to express a
305
215
  # request entirely in a URL. This method is also referred as
@@ -369,247 +279,120 @@ module Aws
369
279
  # @return [HTTPS::URI, HTTP::URI]
370
280
  #
371
281
  def presign_url(options)
372
-
373
282
  creds = fetch_credentials
374
283
 
375
284
  http_method = extract_http_method(options)
376
285
  url = extract_url(options)
377
-
378
286
  headers = downcase_headers(options[:headers])
379
287
  headers['host'] ||= host(url)
380
288
 
381
- datetime = headers['x-amz-date']
382
- datetime ||= (options[:time] || Time.now).utc.strftime("%Y%m%dT%H%M%SZ")
383
- date = datetime[0,8]
289
+ datetime = headers.delete('x-amz-date')
290
+ datetime ||= (options[:time] || Time.now)
384
291
 
385
- content_sha256 = headers['x-amz-content-sha256']
292
+ content_sha256 = headers.delete('x-amz-content-sha256')
386
293
  content_sha256 ||= options[:body_digest]
387
294
  content_sha256 ||= sha256_hexdigest(options[:body] || '')
388
295
 
389
- params = {}
390
- params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
391
- params['X-Amz-Credential'] = credential(creds, date)
392
- params['X-Amz-Date'] = datetime
393
- params['X-Amz-Expires'] = extract_expires_in(options)
394
- params['X-Amz-SignedHeaders'] = signed_headers(headers)
395
- params['X-Amz-Security-Token'] = creds.session_token if creds.session_token
296
+ config = Aws::Crt::Auth::SigningConfig.new(
297
+ algorithm: @signing_algorithm,
298
+ signature_type: :http_request_query_params,
299
+ region: @region,
300
+ service: @service,
301
+ date: datetime,
302
+ signed_body_value: content_sha256,
303
+ signed_body_header_type: @apply_checksum_header ?
304
+ :sbht_content_sha256 : :sbht_none,
305
+ credentials: creds,
306
+ unsigned_headers: @unsigned_headers,
307
+ use_double_uri_encode: @uri_escape_path,
308
+ should_normalize_uri_path: @normalize_path,
309
+ omit_session_token: @omit_session_token,
310
+ expiration_in_seconds: options.fetch(:expires_in, 900)
311
+ )
312
+ http_request = Aws::Crt::Http::Message.new(
313
+ http_method, url.to_s, headers
314
+ )
315
+ signable = Aws::Crt::Auth::Signable.new(http_request)
396
316
 
397
- params = params.map do |key, value|
398
- "#{uri_escape(key)}=#{uri_escape(value)}"
399
- end.join('&')
317
+ signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
318
+ url = URI.parse(signing_result[:path])
400
319
 
401
- if url.query
402
- url.query += '&' + params
403
- else
404
- url.query = params
320
+ if options[:extra] && options[:extra].is_a?(Hash)
321
+ options[:extra][:config] = config
322
+ options[:extra][:signable] = signable
405
323
  end
406
-
407
- creq = canonical_request(http_method, url, headers, content_sha256)
408
- sts = string_to_sign(datetime, creq)
409
- url.query += '&X-Amz-Signature=' + signature(creds.secret_access_key, date, sts)
410
324
  url
411
325
  end
412
326
 
413
- private
414
-
415
- def canonical_request(http_method, url, headers, content_sha256)
416
- [
417
- http_method,
418
- path(url),
419
- normalized_querystring(url.query || ''),
420
- canonical_headers(headers) + "\n",
421
- signed_headers(headers),
422
- content_sha256,
423
- ].join("\n")
424
- end
425
327
 
426
- def string_to_sign(datetime, canonical_request)
427
- [
428
- 'AWS4-HMAC-SHA256',
429
- datetime,
430
- credential_scope(datetime[0,8]),
431
- sha256_hexdigest(canonical_request),
432
- ].join("\n")
433
- end
434
-
435
- # Compared to original #string_to_sign at signature v4 algorithm
436
- # there is no canonical_request concept for an eventstream event,
437
- # instead, an event contains headers and payload two parts, and
438
- # they will be used for computing digest in #event_string_to_sign
328
+ # Signs a event and returns signature headers and prior signature
329
+ # used for next event signing.
439
330
  #
440
- # Note:
441
- # While headers need to be encoded under eventstream format,
442
- # payload used is already eventstream encoded (event without signature),
443
- # thus no extra encoding is needed.
444
- def event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
445
- encoded_headers = encoder.encode_headers(
446
- Aws::EventStream::Message.new(headers: headers, payload: payload)
447
- )
448
- [
449
- "AWS4-HMAC-SHA256-PAYLOAD",
450
- datetime,
451
- credential_scope(datetime[0,8]),
452
- prior_signature,
453
- sha256_hexdigest(encoded_headers),
454
- sha256_hexdigest(payload)
455
- ].join("\n")
456
- end
457
-
458
- def credential_scope(date)
459
- [
460
- date,
461
- @region,
462
- @service,
463
- 'aws4_request',
464
- ].join('/')
465
- end
466
-
467
- def credential(credentials, date)
468
- "#{credentials.access_key_id}/#{credential_scope(date)}"
469
- end
470
-
471
- def signature(secret_access_key, date, string_to_sign)
472
- k_date = hmac("AWS4" + secret_access_key, date)
473
- k_region = hmac(k_date, @region)
474
- k_service = hmac(k_region, @service)
475
- k_credentials = hmac(k_service, 'aws4_request')
476
- hexhmac(k_credentials, string_to_sign)
477
- end
478
-
479
- # Comparing to original signature v4 algorithm,
480
- # returned signature is a binary string instread of
481
- # hex-encoded string. (Since ':chunk-signature' requires
482
- # 'bytes' type)
331
+ # Headers of a sigv4 signed event message only contains 2 headers
332
+ # * ':chunk-signature'
333
+ # * computed signature of the event, binary string, 'bytes' type
334
+ # * ':date'
335
+ # * millisecond since epoch, 'timestamp' type
336
+ #
337
+ # Payload of the sigv4 signed event message contains eventstream encoded message
338
+ # which is serialized based on input and protocol
339
+ #
340
+ # To sign events
341
+ #
342
+ # headers_0, signature_0 = signer.sign_event(
343
+ # prior_signature, # hex-encoded string
344
+ # payload_0, # binary string (eventstream encoded event 0)
345
+ # encoder, # Aws::EventStreamEncoder
346
+ # )
347
+ #
348
+ # headers_1, signature_1 = signer.sign_event(
349
+ # signature_0,
350
+ # payload_1, # binary string (eventstream encoded event 1)
351
+ # encoder
352
+ # )
353
+ #
354
+ # The initial prior_signature should be using the signature computed at initial request
483
355
  #
484
356
  # Note:
485
- # converting signature from binary string to hex-encoded
486
- # string is handled at #sign_event instead. (Will be used
487
- # as next prior signature for event signing)
488
- def event_signature(secret_access_key, date, string_to_sign)
489
- k_date = hmac("AWS4" + secret_access_key, date)
490
- k_region = hmac(k_date, @region)
491
- k_service = hmac(k_region, @service)
492
- k_credentials = hmac(k_service, 'aws4_request')
493
- hmac(k_credentials, string_to_sign)
494
- end
495
-
496
-
497
- def path(url)
498
- path = url.path
499
- path = '/' if path == ''
500
- if @uri_escape_path
501
- uri_escape_path(path)
502
- else
503
- path
504
- end
505
- end
506
-
507
- def normalized_querystring(querystring)
508
- params = querystring.split('&')
509
- params = params.map { |p| p.match(/=/) ? p : p + '=' }
510
- # From: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
511
- # Sort the parameter names by character code point in ascending order.
512
- # Parameters with duplicate names should be sorted by value.
513
- #
514
- # Default sort <=> in JRuby will swap members
515
- # occasionally when <=> is 0 (considered still sorted), but this
516
- # causes our normalized query string to not match the sent querystring.
517
- # When names match, we then sort by their values. When values also
518
- # match then we sort by their original order
519
- params.each.with_index.sort do |a, b|
520
- a, a_offset = a
521
- b, b_offset = b
522
- a_name, a_value = a.split('=')
523
- b_name, b_value = b.split('=')
524
- if a_name == b_name
525
- if a_value == b_value
526
- a_offset <=> b_offset
527
- else
528
- a_value <=> b_value
529
- end
530
- else
531
- a_name <=> b_name
532
- end
533
- end.map(&:first).join('&')
534
- end
535
-
536
- def signed_headers(headers)
537
- headers.inject([]) do |signed_headers, (header, _)|
538
- if @unsigned_headers.include?(header)
539
- signed_headers
540
- else
541
- signed_headers << header
542
- end
543
- end.sort.join(';')
544
- end
545
-
546
- def canonical_headers(headers)
547
- headers = headers.inject([]) do |hdrs, (k,v)|
548
- if @unsigned_headers.include?(k)
549
- hdrs
550
- else
551
- hdrs << [k,v]
552
- end
553
- end
554
- headers = headers.sort_by(&:first)
555
- headers.map{|k,v| "#{k}:#{canonical_header_value(v.to_s)}" }.join("\n")
556
- end
357
+ #
358
+ # Since ':chunk-signature' header value has bytes type, the signature value provided
359
+ # needs to be a binary string instead of a hex-encoded string (like original signature
360
+ # V4 algorithm). Thus, when returning signature value used for next event siging, the
361
+ # signature value (a binary string) used at ':chunk-signature' needs to converted to
362
+ # hex-encoded string using #unpack
363
+ def sign_event(prior_signature, payload, encoder)
364
+ # CRT does not currently provide event stream signing
365
+ # use the Ruby implementation
366
+ creds = @credentials_provider.credentials
367
+ time = Time.now
368
+ headers = {}
557
369
 
558
- def canonical_header_value(value)
559
- value.match(/^".*"$/) ? value : value.gsub(/\s+/, ' ').strip
560
- end
370
+ datetime = time.utc.strftime("%Y%m%dT%H%M%SZ")
371
+ date = datetime[0,8]
372
+ headers[':date'] = Aws::EventStream::HeaderValue.new(value: time.to_i * 1000, type: 'timestamp')
561
373
 
562
- def host(uri)
563
- # Handles known and unknown URI schemes; default_port nil when unknown.
564
- if uri.default_port == uri.port
565
- uri.host
566
- else
567
- "#{uri.host}:#{uri.port}"
568
- end
569
- end
374
+ sts = event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
375
+ sig = event_signature(creds.secret_access_key, date, sts)
570
376
 
571
- # @param [File, Tempfile, IO#read, String] value
572
- # @return [String<SHA256 Hexdigest>]
573
- def sha256_hexdigest(value)
574
- if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
575
- OpenSSL::Digest::SHA256.file(value).hexdigest
576
- elsif value.respond_to?(:read)
577
- sha256 = OpenSSL::Digest::SHA256.new
578
- loop do
579
- chunk = value.read(1024 * 1024) # 1MB
580
- break unless chunk
581
- sha256.update(chunk)
582
- end
583
- value.rewind
584
- sha256.hexdigest
585
- else
586
- OpenSSL::Digest::SHA256.hexdigest(value)
587
- end
588
- end
377
+ headers[':chunk-signature'] = Aws::EventStream::HeaderValue.new(value: sig, type: 'bytes')
589
378
 
590
- def hmac(key, value)
591
- OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, value)
379
+ # Returning signed headers and signature value in hex-encoded string
380
+ [headers, sig.unpack('H*').first]
592
381
  end
593
382
 
594
- def hexhmac(key, value)
595
- OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, value)
596
- end
383
+ private
597
384
 
598
385
  def extract_service(options)
599
386
  if options[:service]
600
387
  options[:service]
601
388
  else
602
- msg = "missing required option :service"
389
+ msg = 'missing required option :service'
603
390
  raise ArgumentError, msg
604
391
  end
605
392
  end
606
393
 
607
394
  def extract_region(options)
608
- if options[:region]
609
- options[:region]
610
- else
611
- raise Errors::MissingRegionError
612
- end
395
+ options[:region] || raise(Errors::MissingRegionError)
613
396
  end
614
397
 
615
398
  def extract_credentials_provider(options)
@@ -622,11 +405,22 @@ module Aws
622
405
  end
623
406
  end
624
407
 
408
+ # the credentials used by CRT must be a
409
+ # CRT StaticCredentialsProvider object
410
+ def fetch_credentials
411
+ credentials = @credentials_provider.credentials
412
+ Aws::Crt::Auth::StaticCredentialsProvider.new(
413
+ credentials.access_key_id,
414
+ credentials.secret_access_key,
415
+ credentials.session_token
416
+ )
417
+ end
418
+
625
419
  def extract_http_method(request)
626
420
  if request[:http_method]
627
421
  request[:http_method].upcase
628
422
  else
629
- msg = "missing required option :http_method"
423
+ msg = 'missing required option :http_method'
630
424
  raise ArgumentError, msg
631
425
  end
632
426
  end
@@ -635,56 +429,97 @@ module Aws
635
429
  if request[:url]
636
430
  URI.parse(request[:url].to_s)
637
431
  else
638
- msg = "missing required option :url"
432
+ msg = 'missing required option :url'
639
433
  raise ArgumentError, msg
640
434
  end
641
435
  end
642
436
 
643
437
  def downcase_headers(headers)
644
- (headers || {}).to_hash.inject({}) do |hash, (key, value)|
645
- hash[key.downcase] = value
646
- hash
647
- end
438
+ (headers || {}).to_hash.transform_keys(&:downcase)
648
439
  end
649
440
 
650
- def extract_expires_in(options)
651
- case options[:expires_in]
652
- when nil then 900.to_s
653
- when Integer then options[:expires_in].to_s
441
+ # @param [File, Tempfile, IO#read, String] value
442
+ # @return [String<SHA256 Hexdigest>]
443
+ def sha256_hexdigest(value)
444
+ if (value.is_a?(File) || value.is_a?(Tempfile)) && !value.path.nil? && File.exist?(value.path)
445
+ OpenSSL::Digest::SHA256.file(value).hexdigest
446
+ elsif value.respond_to?(:read)
447
+ sha256 = OpenSSL::Digest.new('SHA256')
448
+ loop do
449
+ chunk = value.read(1024 * 1024) # 1MB
450
+ break unless chunk
451
+
452
+ sha256.update(chunk)
453
+ end
454
+ value.rewind
455
+ sha256.hexdigest
654
456
  else
655
- msg = "expected :expires_in to be a number of seconds"
656
- raise ArgumentError, msg
457
+ OpenSSL::Digest::SHA256.hexdigest(value)
657
458
  end
658
459
  end
659
460
 
660
- def uri_escape(string)
661
- self.class.uri_escape(string)
461
+ def host(uri)
462
+ # Handles known and unknown URI schemes; default_port nil when unknown.
463
+ if uri.default_port == uri.port
464
+ uri.host
465
+ else
466
+ "#{uri.host}:#{uri.port}"
467
+ end
662
468
  end
663
469
 
664
- def uri_escape_path(string)
665
- self.class.uri_escape_path(string)
470
+ # Used only for event signing
471
+ def credential_scope(date)
472
+ [
473
+ date,
474
+ @region,
475
+ @service,
476
+ 'aws4_request',
477
+ ].join('/')
666
478
  end
667
479
 
480
+ # Used only for event signing
481
+ def hmac(key, value)
482
+ OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, value)
483
+ end
668
484
 
669
- def fetch_credentials
670
- credentials = @credentials_provider.credentials
671
- if credentials_set?(credentials)
672
- credentials
673
- else
674
- raise Errors::MissingCredentialsError,
675
- 'unable to sign request without credentials set'
676
- end
485
+ # Compared to original #string_to_sign at signature v4 algorithm
486
+ # there is no canonical_request concept for an eventstream event,
487
+ # instead, an event contains headers and payload two parts, and
488
+ # they will be used for computing digest in #event_string_to_sign
489
+ #
490
+ # Note:
491
+ # While headers need to be encoded under eventstream format,
492
+ # payload used is already eventstream encoded (event without signature),
493
+ # thus no extra encoding is needed.
494
+ def event_string_to_sign(datetime, headers, payload, prior_signature, encoder)
495
+ encoded_headers = encoder.encode_headers(
496
+ Aws::EventStream::Message.new(headers: headers, payload: payload)
497
+ )
498
+ [
499
+ "AWS4-HMAC-SHA256-PAYLOAD",
500
+ datetime,
501
+ credential_scope(datetime[0,8]),
502
+ prior_signature,
503
+ sha256_hexdigest(encoded_headers),
504
+ sha256_hexdigest(payload)
505
+ ].join("\n")
677
506
  end
678
507
 
679
- # Returns true if credentials are set (not nil or empty)
680
- # Credentials may not implement the Credentials interface
681
- # and may just be credential like Client response objects
682
- # (eg those returned by sts#assume_role)
683
- def credentials_set?(credentials)
684
- !credentials.access_key_id.nil? &&
685
- !credentials.access_key_id.empty? &&
686
- !credentials.secret_access_key.nil? &&
687
- !credentials.secret_access_key.empty?
508
+ # Comparing to original signature v4 algorithm,
509
+ # returned signature is a binary string instread of
510
+ # hex-encoded string. (Since ':chunk-signature' requires
511
+ # 'bytes' type)
512
+ #
513
+ # Note:
514
+ # converting signature from binary string to hex-encoded
515
+ # string is handled at #sign_event instead. (Will be used
516
+ # as next prior signature for event signing)
517
+ def event_signature(secret_access_key, date, string_to_sign)
518
+ k_date = hmac("AWS4" + secret_access_key, date)
519
+ k_region = hmac(k_date, @region)
520
+ k_service = hmac(k_region, @service)
521
+ k_credentials = hmac(k_service, 'aws4_request')
522
+ hmac(k_credentials, string_to_sign)
688
523
  end
689
524
 
690
525
  class << self
@@ -702,8 +537,8 @@ module Aws
702
537
  CGI.escape(string.encode('UTF-8')).gsub('+', '%20').gsub('%7E', '~')
703
538
  end
704
539
  end
705
-
706
540
  end
707
541
  end
708
542
  end
709
543
  end
544
+
data/lib/aws-sigv4.rb CHANGED
@@ -1,6 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'aws-crt'
3
4
  require_relative 'aws-sigv4/credentials'
4
5
  require_relative 'aws-sigv4/errors'
5
6
  require_relative 'aws-sigv4/signature'
6
7
  require_relative 'aws-sigv4/signer'
8
+
9
+ module Aws
10
+ module Sigv4
11
+ VERSION = File.read(File.expand_path('../VERSION', __dir__)).strip
12
+ end
13
+ end
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.2
4
+ version: 1.4.0.crt
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-13 00:00:00.000000000 Z
11
+ date: 2021-09-02 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: aws-crt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: aws-eventstream
15
29
  requirement: !ruby/object:Gem::Requirement
@@ -30,26 +44,39 @@ dependencies:
30
44
  - - ">="
31
45
  - !ruby/object:Gem::Version
32
46
  version: 1.0.2
33
- description: Amazon Web Services Signature Version 4 signing library. Generates sigv4
34
- signature for HTTP requests.
35
- email:
47
+ - !ruby/object:Gem::Dependency
48
+ name: rspec
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ description: Amazon Web Services signing library. Generates signatures for HTTP requests
62
+ email:
36
63
  executables: []
37
64
  extensions: []
38
65
  extra_rdoc_files: []
39
66
  files:
67
+ - CHANGELOG.md
68
+ - LICENSE.txt
69
+ - VERSION
40
70
  - lib/aws-sigv4.rb
41
71
  - lib/aws-sigv4/credentials.rb
42
72
  - lib/aws-sigv4/errors.rb
43
- - lib/aws-sigv4/request.rb
44
73
  - lib/aws-sigv4/signature.rb
45
74
  - lib/aws-sigv4/signer.rb
46
- homepage: https://github.com/aws/aws-sdk-ruby
75
+ homepage: https://github.com/awslabs/aws-crt-ruby
47
76
  licenses:
48
77
  - Apache-2.0
49
- metadata:
50
- source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sigv4
51
- changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sigv4/CHANGELOG.md
52
- post_install_message:
78
+ metadata: {}
79
+ post_install_message:
53
80
  rdoc_options: []
54
81
  require_paths:
55
82
  - lib
@@ -57,16 +84,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
57
84
  requirements:
58
85
  - - ">="
59
86
  - !ruby/object:Gem::Version
60
- version: '0'
87
+ version: '2.5'
61
88
  required_rubygems_version: !ruby/object:Gem::Requirement
62
89
  requirements:
63
- - - ">="
90
+ - - ">"
64
91
  - !ruby/object:Gem::Version
65
- version: '0'
92
+ version: 1.3.1
66
93
  requirements: []
67
- rubyforge_project:
68
- rubygems_version: 2.7.6.2
69
- signing_key:
94
+ rubygems_version: 3.1.6
95
+ signing_key:
70
96
  specification_version: 4
71
- summary: AWS Signature Version 4 library.
97
+ summary: AWS SDK for Ruby - Common Runtime (CRT) based Signer
72
98
  test_files: []
@@ -1,65 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'uri'
4
-
5
- module Aws
6
- module Sigv4
7
- class Request
8
-
9
- # @option options [required, String] :http_method
10
- # @option options [required, HTTP::URI, HTTPS::URI, String] :endpoint
11
- # @option options [Hash<String,String>] :headers ({})
12
- # @option options [String, IO] :body ('')
13
- def initialize(options = {})
14
- @http_method = nil
15
- @endpoint = nil
16
- @headers = {}
17
- @body = ''
18
- options.each_pair do |attr_name, attr_value|
19
- send("#{attr_name}=", attr_value)
20
- end
21
- end
22
-
23
- # @param [String] http_method One of 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', or 'PATCH'
24
- def http_method=(http_method)
25
- @http_method = http_method
26
- end
27
-
28
- # @return [String] One of 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', or 'PATCH'
29
- def http_method
30
- @http_method
31
- end
32
-
33
- # @param [String, HTTP::URI, HTTPS::URI] endpoint
34
- def endpoint=(endpoint)
35
- @endpoint = URI.parse(endpoint.to_s)
36
- end
37
-
38
- # @return [HTTP::URI, HTTPS::URI]
39
- def endpoint
40
- @endpoint
41
- end
42
-
43
- # @param [Hash] headers
44
- def headers=(headers)
45
- @headers = headers
46
- end
47
-
48
- # @return [Hash<String,String>]
49
- def headers
50
- @headers
51
- end
52
-
53
- # @param [String, IO] body
54
- def body=(body)
55
- @body = body
56
- end
57
-
58
- # @return [String, IO]
59
- def body
60
- @body
61
- end
62
-
63
- end
64
- end
65
- end