aws-sigv4 1.6.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed95d4ec56e15f5b06d202643cebf73e89d69efbe461d03035dc309f0aa32b11
-  data.tar.gz: f235824f3bf7ea35aa4fb7e666250f72be1d8592709f522c8fae42fb36e40a9a
+  metadata.gz: 482b4ffa8bd9e9e2d7dab0d61ab15553f0e8d05e1be2923b388157664a47a9fa
+  data.tar.gz: c5caa84527ca213826f8c802195430caacb25750530609f1b8d7267810808574
 SHA512:
-  metadata.gz: 62ddb59e6cf4fd5ca5a704db3a7f8f8707329cd8b66fec124de5bc56bc5cc2fac20622987e5a6cbeaec1ce55941ee66ab36ed25178ee82e287515622a33bc314
-  data.tar.gz: e05f2a2ada39d28681df35b7365e7c71e6eda34b250cd2259312d9b6cc0e810fceb0dffeddd785a4b5e08cea1989eb5e2e4e27303d1cf4ce51ad251952d7047d
+  metadata.gz: c16c5df7f8c6ca10cf073c25984506ce938f26823f99d82813b5bde3fb283d23a3c480adec2945b98975946a7b32efe57a0058cd65bb383606c5ee5228711381
+  data.tar.gz: b72ea1894eb1c419179325f8e715fb454ab02ae2d1ac243b90ed2f4032c0fd966ba157287a12009587908d0a6a2f62261c78e319a230196792b6ec4206a20718

data/CHANGELOG.md

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
 
+1.8.0 (2023-11-28)
+------------------
+
+* Feature - Support `sigv4-s3express` signing algorithm.
+
+1.7.0 (2023-11-22)
+------------------
+
+* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 2.3 and 2.4.
+
+1.6.1 (2023-10-25)
+------------------
+
+* Issue - (Static Stability) use provided `expires_in` in presigned url when credentials are expired.
+
 1.6.0 (2023-06-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.6.0
+1.8.0

data/lib/aws-sigv4/signer.rb

@@ -157,6 +157,13 @@ module Aws
 ' request with sigv4a which requires the `aws-crt` gem.'\
 ' Please install the gem or add it to your gemfile.'
         end
+
+        if @signing_algorithm == 'sigv4-s3express'.to_sym &&
+           Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
+          raise ArgumentError,
+                'This version of aws-crt does not support S3 Express. Please
+                 update this gem to at least version 0.2.0.'
+        end
       end
 
       # @return [String]
@@ -251,7 +258,14 @@ module Aws
         sigv4_headers = {}
         sigv4_headers['host'] = headers['host'] || host(url)
         sigv4_headers['x-amz-date'] = datetime
-        sigv4_headers['x-amz-security-token'] = creds.session_token if creds.session_token
+        if creds.session_token
+          if @signing_algorithm == 'sigv4-s3express'.to_sym
+            sigv4_headers['x-amz-s3session-token'] = creds.session_token
+          else
+            sigv4_headers['x-amz-security-token'] = creds.session_token
+          end
+        end
+
         sigv4_headers['x-amz-content-sha256'] ||= content_sha256 if @apply_checksum_header
 
         headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
@@ -423,8 +437,14 @@ module Aws
         params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
         params['X-Amz-Credential'] = credential(creds, date)
         params['X-Amz-Date'] = datetime
-        params['X-Amz-Expires'] = presigned_url_expiration(options, expiration).to_s
-        params['X-Amz-Security-Token'] = creds.session_token if creds.session_token
+        params['X-Amz-Expires'] = presigned_url_expiration(options, expiration, Time.strptime(datetime, "%Y%m%dT%H%M%S%Z")).to_s
+        if creds.session_token
+          if @signing_algorithm == 'sigv4-s3express'.to_sym
+            params['X-Amz-S3session-Token'] = creds.session_token
+          else
+            params['X-Amz-Security-Token'] = creds.session_token
+          end
+        end
         params['X-Amz-SignedHeaders'] = signed_headers(headers)
 
         params = params.map do |key, value|
@@ -722,12 +742,19 @@ module Aws
           !credentials.secret_access_key.empty?
       end
 
-      def presigned_url_expiration(options, expiration)
+      def presigned_url_expiration(options, expiration, datetime)
         expires_in = extract_expires_in(options)
         return expires_in unless expiration
 
-        expiration_seconds = (expiration - Time.now).to_i
-        [expires_in, expiration_seconds].min
+        expiration_seconds = (expiration - datetime).to_i
+        # In the static stability case, credentials may expire in the past
+        # but still be valid.  For those cases, use the user configured
+        # expires_in and ingore expiration.
+        if expiration_seconds <= 0
+          expires_in
+        else
+          [expires_in, expiration_seconds].min
+        end
       end
 
       ### CRT Code
@@ -811,7 +838,7 @@ module Aws
         headers = downcase_headers(options[:headers])
         headers['host'] ||= host(url)
 
-        datetime = headers.delete('x-amz-date')
+        datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
         datetime ||= (options[:time] || Time.now)
 
         content_sha256 = headers.delete('x-amz-content-sha256')
@@ -832,7 +859,7 @@ module Aws
           use_double_uri_encode: @uri_escape_path,
           should_normalize_uri_path: @normalize_path,
           omit_session_token: @omit_session_token,
-          expiration_in_seconds: presigned_url_expiration(options, expiration)
+          expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
         )
         http_request = Aws::Crt::Http::Message.new(
           http_method, url.to_s, headers

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sigv4
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-28 00:00:00.000000000 Z
+date: 2023-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-eventstream
@@ -60,7 +60,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="