aws-sigv4 1.6.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sigv4/signer.rb +35 -8
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 482b4ffa8bd9e9e2d7dab0d61ab15553f0e8d05e1be2923b388157664a47a9fa
|
4
|
+
data.tar.gz: c5caa84527ca213826f8c802195430caacb25750530609f1b8d7267810808574
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c16c5df7f8c6ca10cf073c25984506ce938f26823f99d82813b5bde3fb283d23a3c480adec2945b98975946a7b32efe57a0058cd65bb383606c5ee5228711381
|
7
|
+
data.tar.gz: b72ea1894eb1c419179325f8e715fb454ab02ae2d1ac243b90ed2f4032c0fd966ba157287a12009587908d0a6a2f62261c78e319a230196792b6ec4206a20718
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.8.0 (2023-11-28)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Support `sigv4-s3express` signing algorithm.
|
8
|
+
|
9
|
+
1.7.0 (2023-11-22)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 2.3 and 2.4.
|
13
|
+
|
14
|
+
1.6.1 (2023-10-25)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Issue - (Static Stability) use provided `expires_in` in presigned url when credentials are expired.
|
18
|
+
|
4
19
|
1.6.0 (2023-06-28)
|
5
20
|
------------------
|
6
21
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.8.0
|
data/lib/aws-sigv4/signer.rb
CHANGED
@@ -157,6 +157,13 @@ module Aws
|
|
157
157
|
' request with sigv4a which requires the `aws-crt` gem.'\
|
158
158
|
' Please install the gem or add it to your gemfile.'
|
159
159
|
end
|
160
|
+
|
161
|
+
if @signing_algorithm == 'sigv4-s3express'.to_sym &&
|
162
|
+
Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
|
163
|
+
raise ArgumentError,
|
164
|
+
'This version of aws-crt does not support S3 Express. Please
|
165
|
+
update this gem to at least version 0.2.0.'
|
166
|
+
end
|
160
167
|
end
|
161
168
|
|
162
169
|
# @return [String]
|
@@ -251,7 +258,14 @@ module Aws
|
|
251
258
|
sigv4_headers = {}
|
252
259
|
sigv4_headers['host'] = headers['host'] || host(url)
|
253
260
|
sigv4_headers['x-amz-date'] = datetime
|
254
|
-
|
261
|
+
if creds.session_token
|
262
|
+
if @signing_algorithm == 'sigv4-s3express'.to_sym
|
263
|
+
sigv4_headers['x-amz-s3session-token'] = creds.session_token
|
264
|
+
else
|
265
|
+
sigv4_headers['x-amz-security-token'] = creds.session_token
|
266
|
+
end
|
267
|
+
end
|
268
|
+
|
255
269
|
sigv4_headers['x-amz-content-sha256'] ||= content_sha256 if @apply_checksum_header
|
256
270
|
|
257
271
|
headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
|
@@ -423,8 +437,14 @@ module Aws
|
|
423
437
|
params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
|
424
438
|
params['X-Amz-Credential'] = credential(creds, date)
|
425
439
|
params['X-Amz-Date'] = datetime
|
426
|
-
params['X-Amz-Expires'] = presigned_url_expiration(options, expiration).to_s
|
427
|
-
|
440
|
+
params['X-Amz-Expires'] = presigned_url_expiration(options, expiration, Time.strptime(datetime, "%Y%m%dT%H%M%S%Z")).to_s
|
441
|
+
if creds.session_token
|
442
|
+
if @signing_algorithm == 'sigv4-s3express'.to_sym
|
443
|
+
params['X-Amz-S3session-Token'] = creds.session_token
|
444
|
+
else
|
445
|
+
params['X-Amz-Security-Token'] = creds.session_token
|
446
|
+
end
|
447
|
+
end
|
428
448
|
params['X-Amz-SignedHeaders'] = signed_headers(headers)
|
429
449
|
|
430
450
|
params = params.map do |key, value|
|
@@ -722,12 +742,19 @@ module Aws
|
|
722
742
|
!credentials.secret_access_key.empty?
|
723
743
|
end
|
724
744
|
|
725
|
-
def presigned_url_expiration(options, expiration)
|
745
|
+
def presigned_url_expiration(options, expiration, datetime)
|
726
746
|
expires_in = extract_expires_in(options)
|
727
747
|
return expires_in unless expiration
|
728
748
|
|
729
|
-
expiration_seconds = (expiration -
|
730
|
-
|
749
|
+
expiration_seconds = (expiration - datetime).to_i
|
750
|
+
# In the static stability case, credentials may expire in the past
|
751
|
+
# but still be valid. For those cases, use the user configured
|
752
|
+
# expires_in and ingore expiration.
|
753
|
+
if expiration_seconds <= 0
|
754
|
+
expires_in
|
755
|
+
else
|
756
|
+
[expires_in, expiration_seconds].min
|
757
|
+
end
|
731
758
|
end
|
732
759
|
|
733
760
|
### CRT Code
|
@@ -811,7 +838,7 @@ module Aws
|
|
811
838
|
headers = downcase_headers(options[:headers])
|
812
839
|
headers['host'] ||= host(url)
|
813
840
|
|
814
|
-
datetime = headers.delete('x-amz-date')
|
841
|
+
datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
|
815
842
|
datetime ||= (options[:time] || Time.now)
|
816
843
|
|
817
844
|
content_sha256 = headers.delete('x-amz-content-sha256')
|
@@ -832,7 +859,7 @@ module Aws
|
|
832
859
|
use_double_uri_encode: @uri_escape_path,
|
833
860
|
should_normalize_uri_path: @normalize_path,
|
834
861
|
omit_session_token: @omit_session_token,
|
835
|
-
expiration_in_seconds: presigned_url_expiration(options, expiration)
|
862
|
+
expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
|
836
863
|
)
|
837
864
|
http_request = Aws::Crt::Http::Message.new(
|
838
865
|
http_method, url.to_s, headers
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sigv4
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-11-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-eventstream
|
@@ -60,7 +60,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
60
60
|
requirements:
|
61
61
|
- - ">="
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version: '2.
|
63
|
+
version: '2.5'
|
64
64
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - ">="
|