aws-sigv4 1.9.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sigv4/signer.rb +4 -143
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0618892feafb12a38e21c6c50b932072a0760be0338f45672c29b8b541564774'
|
|
4
|
+
data.tar.gz: 780fb4cb4956691909e2c830b1938902774d085f9335f7101347b3974917f61b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c24541da4eea76873ffca584ee6b7fbbe8e57ff018f2e512e780bf4bc2ba5113bfce0312eec85ed61e246419a76000b6b54de629fc96ef252fe944b98175319
|
|
7
|
+
data.tar.gz: bc84f7601827ffd7015a6f52bec0a141bc16445c47de5dec271eb35e183ff377ee0527e5692ae21c8573c18e81505cf30f00f1cec736bc2fbf89a288c59cc42a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.10.0 (2024-09-17)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Remove CRT `sigv4a` signing capability.
|
|
8
|
+
|
|
9
|
+
1.9.1 (2024-07-29)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Issue - Add missing require of `pathname` to `Signer`.
|
|
13
|
+
|
|
4
14
|
1.9.0 (2024-07-23)
|
|
5
15
|
------------------
|
|
6
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.10.0
|
data/lib/aws-sigv4/signer.rb
CHANGED
|
@@ -6,6 +6,7 @@ require 'time'
|
|
|
6
6
|
require 'uri'
|
|
7
7
|
require 'set'
|
|
8
8
|
require 'cgi'
|
|
9
|
+
require 'pathname'
|
|
9
10
|
require 'aws-eventstream'
|
|
10
11
|
|
|
11
12
|
module Aws
|
|
@@ -73,15 +74,6 @@ module Aws
|
|
|
73
74
|
# and `#session_token`.
|
|
74
75
|
#
|
|
75
76
|
class Signer
|
|
76
|
-
|
|
77
|
-
@@use_crt =
|
|
78
|
-
begin
|
|
79
|
-
require 'aws-crt'
|
|
80
|
-
true
|
|
81
|
-
rescue LoadError
|
|
82
|
-
false
|
|
83
|
-
end
|
|
84
|
-
|
|
85
77
|
# @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
|
|
86
78
|
# @param [String] :service The service signing name, e.g. 's3'.
|
|
87
79
|
# @param [String] :region The region name, e.g. 'us-east-1'. When signing
|
|
@@ -153,13 +145,6 @@ module Aws
|
|
|
153
145
|
@signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
|
|
154
146
|
@normalize_path = options.fetch(:normalize_path, true)
|
|
155
147
|
@omit_session_token = options.fetch(:omit_session_token, false)
|
|
156
|
-
|
|
157
|
-
if @signing_algorithm == 'sigv4-s3express'.to_sym &&
|
|
158
|
-
Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
|
|
159
|
-
raise ArgumentError,
|
|
160
|
-
'This version of aws-crt does not support S3 Express. Please
|
|
161
|
-
update this gem to at least version 0.2.0.'
|
|
162
|
-
end
|
|
163
148
|
end
|
|
164
149
|
|
|
165
150
|
# @return [String]
|
|
@@ -235,9 +220,6 @@ module Aws
|
|
|
235
220
|
# a `#headers` method. The headers must be applied to your request.
|
|
236
221
|
#
|
|
237
222
|
def sign_request(request)
|
|
238
|
-
|
|
239
|
-
return crt_sign_request(request) if Signer.use_crt?
|
|
240
|
-
|
|
241
223
|
creds, _ = fetch_credentials
|
|
242
224
|
|
|
243
225
|
http_method = extract_http_method(request)
|
|
@@ -343,7 +325,6 @@ module Aws
|
|
|
343
325
|
# signature value (a binary string) used at ':chunk-signature' needs to converted to
|
|
344
326
|
# hex-encoded string using #unpack
|
|
345
327
|
def sign_event(prior_signature, payload, encoder)
|
|
346
|
-
# Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
|
|
347
328
|
creds, _ = fetch_credentials
|
|
348
329
|
time = Time.now
|
|
349
330
|
headers = {}
|
|
@@ -430,9 +411,6 @@ module Aws
|
|
|
430
411
|
# @return [HTTPS::URI, HTTP::URI]
|
|
431
412
|
#
|
|
432
413
|
def presign_url(options)
|
|
433
|
-
|
|
434
|
-
return crt_presign_url(options) if Signer.use_crt?
|
|
435
|
-
|
|
436
414
|
creds, expiration = fetch_credentials
|
|
437
415
|
|
|
438
416
|
http_method = extract_http_method(options)
|
|
@@ -800,129 +778,12 @@ module Aws
|
|
|
800
778
|
end
|
|
801
779
|
end
|
|
802
780
|
|
|
803
|
-
### CRT Code
|
|
804
|
-
|
|
805
|
-
# the credentials used by CRT must be a
|
|
806
|
-
# CRT StaticCredentialsProvider object
|
|
807
|
-
def crt_fetch_credentials
|
|
808
|
-
creds, expiration = fetch_credentials
|
|
809
|
-
crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
810
|
-
creds.access_key_id,
|
|
811
|
-
creds.secret_access_key,
|
|
812
|
-
creds.session_token
|
|
813
|
-
)
|
|
814
|
-
[crt_creds, expiration]
|
|
815
|
-
end
|
|
816
|
-
|
|
817
|
-
def crt_sign_request(request)
|
|
818
|
-
creds, _ = crt_fetch_credentials
|
|
819
|
-
http_method = extract_http_method(request)
|
|
820
|
-
url = extract_url(request)
|
|
821
|
-
headers = downcase_headers(request[:headers])
|
|
822
|
-
|
|
823
|
-
datetime =
|
|
824
|
-
if headers.include? 'x-amz-date'
|
|
825
|
-
Time.parse(headers.delete('x-amz-date'))
|
|
826
|
-
end
|
|
827
|
-
|
|
828
|
-
content_sha256 = headers.delete('x-amz-content-sha256')
|
|
829
|
-
content_sha256 ||= sha256_hexdigest(request[:body] || '')
|
|
830
|
-
|
|
831
|
-
sigv4_headers = {}
|
|
832
|
-
sigv4_headers['host'] = headers['host'] || host(url)
|
|
833
|
-
|
|
834
|
-
# Modify the user-agent to add usage of crt-signer
|
|
835
|
-
# This should be temporary during developer preview only
|
|
836
|
-
if headers.include? 'user-agent'
|
|
837
|
-
headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
|
|
838
|
-
sigv4_headers['user-agent'] = headers['user-agent']
|
|
839
|
-
end
|
|
840
|
-
|
|
841
|
-
headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
|
|
842
|
-
|
|
843
|
-
config = Aws::Crt::Auth::SigningConfig.new(
|
|
844
|
-
algorithm: @signing_algorithm,
|
|
845
|
-
signature_type: :http_request_headers,
|
|
846
|
-
region: @region,
|
|
847
|
-
service: @service,
|
|
848
|
-
date: datetime,
|
|
849
|
-
signed_body_value: content_sha256,
|
|
850
|
-
signed_body_header_type: @apply_checksum_header ?
|
|
851
|
-
:sbht_content_sha256 : :sbht_none,
|
|
852
|
-
credentials: creds,
|
|
853
|
-
unsigned_headers: @unsigned_headers,
|
|
854
|
-
use_double_uri_encode: @uri_escape_path,
|
|
855
|
-
should_normalize_uri_path: @normalize_path,
|
|
856
|
-
omit_session_token: @omit_session_token
|
|
857
|
-
)
|
|
858
|
-
http_request = Aws::Crt::Http::Message.new(
|
|
859
|
-
http_method, url.to_s, headers
|
|
860
|
-
)
|
|
861
|
-
signable = Aws::Crt::Auth::Signable.new(http_request)
|
|
862
|
-
|
|
863
|
-
signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
|
|
864
|
-
|
|
865
|
-
Signature.new(
|
|
866
|
-
headers: sigv4_headers.merge(
|
|
867
|
-
downcase_headers(signing_result[:headers])
|
|
868
|
-
),
|
|
869
|
-
string_to_sign: 'CRT_INTERNAL',
|
|
870
|
-
canonical_request: 'CRT_INTERNAL',
|
|
871
|
-
content_sha256: content_sha256,
|
|
872
|
-
extra: {config: config, signable: signable}
|
|
873
|
-
)
|
|
874
|
-
end
|
|
875
|
-
|
|
876
|
-
def crt_presign_url(options)
|
|
877
|
-
creds, expiration = crt_fetch_credentials
|
|
878
|
-
|
|
879
|
-
http_method = extract_http_method(options)
|
|
880
|
-
url = extract_url(options)
|
|
881
|
-
headers = downcase_headers(options[:headers])
|
|
882
|
-
headers['host'] ||= host(url)
|
|
883
|
-
|
|
884
|
-
datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
|
|
885
|
-
datetime ||= (options[:time] || Time.now)
|
|
886
|
-
|
|
887
|
-
content_sha256 = headers.delete('x-amz-content-sha256')
|
|
888
|
-
content_sha256 ||= options[:body_digest]
|
|
889
|
-
content_sha256 ||= sha256_hexdigest(options[:body] || '')
|
|
890
|
-
|
|
891
|
-
config = Aws::Crt::Auth::SigningConfig.new(
|
|
892
|
-
algorithm: @signing_algorithm,
|
|
893
|
-
signature_type: :http_request_query_params,
|
|
894
|
-
region: @region,
|
|
895
|
-
service: @service,
|
|
896
|
-
date: datetime,
|
|
897
|
-
signed_body_value: content_sha256,
|
|
898
|
-
signed_body_header_type: @apply_checksum_header ?
|
|
899
|
-
:sbht_content_sha256 : :sbht_none,
|
|
900
|
-
credentials: creds,
|
|
901
|
-
unsigned_headers: @unsigned_headers,
|
|
902
|
-
use_double_uri_encode: @uri_escape_path,
|
|
903
|
-
should_normalize_uri_path: @normalize_path,
|
|
904
|
-
omit_session_token: @omit_session_token,
|
|
905
|
-
expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
|
|
906
|
-
)
|
|
907
|
-
http_request = Aws::Crt::Http::Message.new(
|
|
908
|
-
http_method, url.to_s, headers
|
|
909
|
-
)
|
|
910
|
-
signable = Aws::Crt::Auth::Signable.new(http_request)
|
|
911
|
-
|
|
912
|
-
signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
|
|
913
|
-
url = URI.parse(signing_result[:path])
|
|
914
|
-
|
|
915
|
-
if options[:extra] && options[:extra].is_a?(Hash)
|
|
916
|
-
options[:extra][:config] = config
|
|
917
|
-
options[:extra][:signable] = signable
|
|
918
|
-
end
|
|
919
|
-
url
|
|
920
|
-
end
|
|
921
|
-
|
|
922
781
|
class << self
|
|
923
782
|
|
|
783
|
+
# Kept for backwards compatability
|
|
784
|
+
# Always return false since we are not using crt signing functionality
|
|
924
785
|
def use_crt?
|
|
925
|
-
|
|
786
|
+
false
|
|
926
787
|
end
|
|
927
788
|
|
|
928
789
|
# @api private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sigv4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-eventstream
|