aws-sigv4 1.5.2 → 1.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sigv4/signer.rb +25 -14
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33cb09610570a5aefa4e83ab34277756201d8f1e50197bfe343fc49cce668672
4
- data.tar.gz: 4d070f7cf41c0a77b69e7ca6cc80c2fb7a8111eb3640819fb01ee6602027b5d9
3
+ metadata.gz: ed95d4ec56e15f5b06d202643cebf73e89d69efbe461d03035dc309f0aa32b11
4
+ data.tar.gz: f235824f3bf7ea35aa4fb7e666250f72be1d8592709f522c8fae42fb36e40a9a
5
5
  SHA512:
6
- metadata.gz: ddb8c5fc04288a396501afb0cd74907232ac78a2ca5e3bbb4c0879c27c15d72c19e30b9ddcaf5b8fe536e8b04d4ccc3c98eee74f27f92b594058a54b29edf704
7
- data.tar.gz: 283afcb61ae4b06a68b5a644a529b560864b82f0e69c107a8c059c04b9b6448421ac93015c483aae1bdf77bed41cb3088942c1e18dc26fc4b569aa7fde65f563
6
+ metadata.gz: 62ddb59e6cf4fd5ca5a704db3a7f8f8707329cd8b66fec124de5bc56bc5cc2fac20622987e5a6cbeaec1ce55941ee66ab36ed25178ee82e287515622a33bc314
7
+ data.tar.gz: e05f2a2ada39d28681df35b7365e7c71e6eda34b250cd2259312d9b6cc0e810fceb0dffeddd785a4b5e08cea1989eb5e2e4e27303d1cf4ce51ad251952d7047d
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.6.0 (2023-06-28)
5
+ ------------------
6
+
7
+ * Feature - Select the minimum expiration time for presigned urls between the expiration time option and the credential expiration time.
8
+
4
9
  1.5.2 (2022-09-30)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.5.2
1
+ 1.6.0
@@ -235,7 +235,7 @@ module Aws
235
235
 
236
236
  return crt_sign_request(request) if Signer.use_crt?
237
237
 
238
- creds = fetch_credentials
238
+ creds, _ = fetch_credentials
239
239
 
240
240
  http_method = extract_http_method(request)
241
241
  url = extract_url(request)
@@ -314,7 +314,7 @@ module Aws
314
314
  # hex-encoded string using #unpack
315
315
  def sign_event(prior_signature, payload, encoder)
316
316
  # Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
317
- creds = fetch_credentials
317
+ creds, _ = fetch_credentials
318
318
  time = Time.now
319
319
  headers = {}
320
320
 
@@ -403,7 +403,7 @@ module Aws
403
403
 
404
404
  return crt_presign_url(options) if Signer.use_crt?
405
405
 
406
- creds = fetch_credentials
406
+ creds, expiration = fetch_credentials
407
407
 
408
408
  http_method = extract_http_method(options)
409
409
  url = extract_url(options)
@@ -423,7 +423,7 @@ module Aws
423
423
  params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
424
424
  params['X-Amz-Credential'] = credential(creds, date)
425
425
  params['X-Amz-Date'] = datetime
426
- params['X-Amz-Expires'] = extract_expires_in(options)
426
+ params['X-Amz-Expires'] = presigned_url_expiration(options, expiration).to_s
427
427
  params['X-Amz-Security-Token'] = creds.session_token if creds.session_token
428
428
  params['X-Amz-SignedHeaders'] = signed_headers(headers)
429
429
 
@@ -526,7 +526,6 @@ module Aws
526
526
  hmac(k_credentials, string_to_sign)
527
527
  end
528
528
 
529
-
530
529
  def path(url)
531
530
  path = url.path
532
531
  path = '/' if path == ''
@@ -682,8 +681,8 @@ module Aws
682
681
 
683
682
  def extract_expires_in(options)
684
683
  case options[:expires_in]
685
- when nil then 900.to_s
686
- when Integer then options[:expires_in].to_s
684
+ when nil then 900
685
+ when Integer then options[:expires_in]
687
686
  else
688
687
  msg = "expected :expires_in to be a number of seconds"
689
688
  raise ArgumentError, msg
@@ -698,11 +697,14 @@ module Aws
698
697
  self.class.uri_escape_path(string)
699
698
  end
700
699
 
701
-
702
700
  def fetch_credentials
703
701
  credentials = @credentials_provider.credentials
704
702
  if credentials_set?(credentials)
705
- credentials
703
+ expiration = nil
704
+ if @credentials_provider.respond_to?(:expiration)
705
+ expiration = @credentials_provider.expiration
706
+ end
707
+ [credentials, expiration]
706
708
  else
707
709
  raise Errors::MissingCredentialsError,
708
710
  'unable to sign request without credentials set'
@@ -720,21 +722,30 @@ module Aws
720
722
  !credentials.secret_access_key.empty?
721
723
  end
722
724
 
725
+ def presigned_url_expiration(options, expiration)
726
+ expires_in = extract_expires_in(options)
727
+ return expires_in unless expiration
728
+
729
+ expiration_seconds = (expiration - Time.now).to_i
730
+ [expires_in, expiration_seconds].min
731
+ end
732
+
723
733
  ### CRT Code
724
734
 
725
735
  # the credentials used by CRT must be a
726
736
  # CRT StaticCredentialsProvider object
727
737
  def crt_fetch_credentials
728
- creds = fetch_credentials
729
- Aws::Crt::Auth::StaticCredentialsProvider.new(
738
+ creds, expiration = fetch_credentials
739
+ crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
730
740
  creds.access_key_id,
731
741
  creds.secret_access_key,
732
742
  creds.session_token
733
743
  )
744
+ [crt_creds, expiration]
734
745
  end
735
746
 
736
747
  def crt_sign_request(request)
737
- creds = crt_fetch_credentials
748
+ creds, _ = crt_fetch_credentials
738
749
  http_method = extract_http_method(request)
739
750
  url = extract_url(request)
740
751
  headers = downcase_headers(request[:headers])
@@ -793,7 +804,7 @@ module Aws
793
804
  end
794
805
 
795
806
  def crt_presign_url(options)
796
- creds = crt_fetch_credentials
807
+ creds, expiration = crt_fetch_credentials
797
808
 
798
809
  http_method = extract_http_method(options)
799
810
  url = extract_url(options)
@@ -821,7 +832,7 @@ module Aws
821
832
  use_double_uri_encode: @uri_escape_path,
822
833
  should_normalize_uri_path: @normalize_path,
823
834
  omit_session_token: @omit_session_token,
824
- expiration_in_seconds: options.fetch(:expires_in, 900)
835
+ expiration_in_seconds: presigned_url_expiration(options, expiration)
825
836
  )
826
837
  http_request = Aws::Crt::Http::Message.new(
827
838
  http_method, url.to_s, headers
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.2
4
+ version: 1.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-30 00:00:00.000000000 Z
11
+ date: 2023-06-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-eventstream