aws-sigv4 1.5.1 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sigv4/signer.rb +26 -15
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed95d4ec56e15f5b06d202643cebf73e89d69efbe461d03035dc309f0aa32b11
|
|
4
|
+
data.tar.gz: f235824f3bf7ea35aa4fb7e666250f72be1d8592709f522c8fae42fb36e40a9a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 62ddb59e6cf4fd5ca5a704db3a7f8f8707329cd8b66fec124de5bc56bc5cc2fac20622987e5a6cbeaec1ce55941ee66ab36ed25178ee82e287515622a33bc314
|
|
7
|
+
data.tar.gz: e05f2a2ada39d28681df35b7365e7c71e6eda34b250cd2259312d9b6cc0e810fceb0dffeddd785a4b5e08cea1989eb5e2e4e27303d1cf4ce51ad251952d7047d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.6.0 (2023-06-28)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Select the minimum expiration time for presigned urls between the expiration time option and the credential expiration time.
|
|
8
|
+
|
|
9
|
+
1.5.2 (2022-09-30)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Issue - Fix an issue where quoted strings with multiple spaces are not trimmed. (#2758)
|
|
13
|
+
|
|
4
14
|
1.5.1 (2022-07-19)
|
|
5
15
|
------------------
|
|
6
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.6.0
|
data/lib/aws-sigv4/signer.rb
CHANGED
|
@@ -235,7 +235,7 @@ module Aws
|
|
|
235
235
|
|
|
236
236
|
return crt_sign_request(request) if Signer.use_crt?
|
|
237
237
|
|
|
238
|
-
creds = fetch_credentials
|
|
238
|
+
creds, _ = fetch_credentials
|
|
239
239
|
|
|
240
240
|
http_method = extract_http_method(request)
|
|
241
241
|
url = extract_url(request)
|
|
@@ -314,7 +314,7 @@ module Aws
|
|
|
314
314
|
# hex-encoded string using #unpack
|
|
315
315
|
def sign_event(prior_signature, payload, encoder)
|
|
316
316
|
# Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
|
|
317
|
-
creds = fetch_credentials
|
|
317
|
+
creds, _ = fetch_credentials
|
|
318
318
|
time = Time.now
|
|
319
319
|
headers = {}
|
|
320
320
|
|
|
@@ -403,7 +403,7 @@ module Aws
|
|
|
403
403
|
|
|
404
404
|
return crt_presign_url(options) if Signer.use_crt?
|
|
405
405
|
|
|
406
|
-
creds = fetch_credentials
|
|
406
|
+
creds, expiration = fetch_credentials
|
|
407
407
|
|
|
408
408
|
http_method = extract_http_method(options)
|
|
409
409
|
url = extract_url(options)
|
|
@@ -423,7 +423,7 @@ module Aws
|
|
|
423
423
|
params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
|
|
424
424
|
params['X-Amz-Credential'] = credential(creds, date)
|
|
425
425
|
params['X-Amz-Date'] = datetime
|
|
426
|
-
params['X-Amz-Expires'] =
|
|
426
|
+
params['X-Amz-Expires'] = presigned_url_expiration(options, expiration).to_s
|
|
427
427
|
params['X-Amz-Security-Token'] = creds.session_token if creds.session_token
|
|
428
428
|
params['X-Amz-SignedHeaders'] = signed_headers(headers)
|
|
429
429
|
|
|
@@ -526,7 +526,6 @@ module Aws
|
|
|
526
526
|
hmac(k_credentials, string_to_sign)
|
|
527
527
|
end
|
|
528
528
|
|
|
529
|
-
|
|
530
529
|
def path(url)
|
|
531
530
|
path = url.path
|
|
532
531
|
path = '/' if path == ''
|
|
@@ -589,7 +588,7 @@ module Aws
|
|
|
589
588
|
end
|
|
590
589
|
|
|
591
590
|
def canonical_header_value(value)
|
|
592
|
-
value.
|
|
591
|
+
value.gsub(/\s+/, ' ').strip
|
|
593
592
|
end
|
|
594
593
|
|
|
595
594
|
def host(uri)
|
|
@@ -682,8 +681,8 @@ module Aws
|
|
|
682
681
|
|
|
683
682
|
def extract_expires_in(options)
|
|
684
683
|
case options[:expires_in]
|
|
685
|
-
when nil then 900
|
|
686
|
-
when Integer then options[:expires_in]
|
|
684
|
+
when nil then 900
|
|
685
|
+
when Integer then options[:expires_in]
|
|
687
686
|
else
|
|
688
687
|
msg = "expected :expires_in to be a number of seconds"
|
|
689
688
|
raise ArgumentError, msg
|
|
@@ -698,11 +697,14 @@ module Aws
|
|
|
698
697
|
self.class.uri_escape_path(string)
|
|
699
698
|
end
|
|
700
699
|
|
|
701
|
-
|
|
702
700
|
def fetch_credentials
|
|
703
701
|
credentials = @credentials_provider.credentials
|
|
704
702
|
if credentials_set?(credentials)
|
|
705
|
-
|
|
703
|
+
expiration = nil
|
|
704
|
+
if @credentials_provider.respond_to?(:expiration)
|
|
705
|
+
expiration = @credentials_provider.expiration
|
|
706
|
+
end
|
|
707
|
+
[credentials, expiration]
|
|
706
708
|
else
|
|
707
709
|
raise Errors::MissingCredentialsError,
|
|
708
710
|
'unable to sign request without credentials set'
|
|
@@ -720,21 +722,30 @@ module Aws
|
|
|
720
722
|
!credentials.secret_access_key.empty?
|
|
721
723
|
end
|
|
722
724
|
|
|
725
|
+
def presigned_url_expiration(options, expiration)
|
|
726
|
+
expires_in = extract_expires_in(options)
|
|
727
|
+
return expires_in unless expiration
|
|
728
|
+
|
|
729
|
+
expiration_seconds = (expiration - Time.now).to_i
|
|
730
|
+
[expires_in, expiration_seconds].min
|
|
731
|
+
end
|
|
732
|
+
|
|
723
733
|
### CRT Code
|
|
724
734
|
|
|
725
735
|
# the credentials used by CRT must be a
|
|
726
736
|
# CRT StaticCredentialsProvider object
|
|
727
737
|
def crt_fetch_credentials
|
|
728
|
-
creds = fetch_credentials
|
|
729
|
-
Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
738
|
+
creds, expiration = fetch_credentials
|
|
739
|
+
crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
730
740
|
creds.access_key_id,
|
|
731
741
|
creds.secret_access_key,
|
|
732
742
|
creds.session_token
|
|
733
743
|
)
|
|
744
|
+
[crt_creds, expiration]
|
|
734
745
|
end
|
|
735
746
|
|
|
736
747
|
def crt_sign_request(request)
|
|
737
|
-
creds = crt_fetch_credentials
|
|
748
|
+
creds, _ = crt_fetch_credentials
|
|
738
749
|
http_method = extract_http_method(request)
|
|
739
750
|
url = extract_url(request)
|
|
740
751
|
headers = downcase_headers(request[:headers])
|
|
@@ -793,7 +804,7 @@ module Aws
|
|
|
793
804
|
end
|
|
794
805
|
|
|
795
806
|
def crt_presign_url(options)
|
|
796
|
-
creds = crt_fetch_credentials
|
|
807
|
+
creds, expiration = crt_fetch_credentials
|
|
797
808
|
|
|
798
809
|
http_method = extract_http_method(options)
|
|
799
810
|
url = extract_url(options)
|
|
@@ -821,7 +832,7 @@ module Aws
|
|
|
821
832
|
use_double_uri_encode: @uri_escape_path,
|
|
822
833
|
should_normalize_uri_path: @normalize_path,
|
|
823
834
|
omit_session_token: @omit_session_token,
|
|
824
|
-
expiration_in_seconds: options
|
|
835
|
+
expiration_in_seconds: presigned_url_expiration(options, expiration)
|
|
825
836
|
)
|
|
826
837
|
http_request = Aws::Crt::Http::Message.new(
|
|
827
838
|
http_method, url.to_s, headers
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sigv4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-06-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-eventstream
|