aws-sigv4 1.9.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sigv4/signer.rb +4 -143
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0618892feafb12a38e21c6c50b932072a0760be0338f45672c29b8b541564774'
|
|
4
|
+
data.tar.gz: 780fb4cb4956691909e2c830b1938902774d085f9335f7101347b3974917f61b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c24541da4eea76873ffca584ee6b7fbbe8e57ff018f2e512e780bf4bc2ba5113bfce0312eec85ed61e246419a76000b6b54de629fc96ef252fe944b98175319
|
|
7
|
+
data.tar.gz: bc84f7601827ffd7015a6f52bec0a141bc16445c47de5dec271eb35e183ff377ee0527e5692ae21c8573c18e81505cf30f00f1cec736bc2fbf89a288c59cc42a
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.10.0 (2024-09-17)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Remove CRT `sigv4a` signing capability.
|
|
8
|
+
|
|
9
|
+
1.9.1 (2024-07-29)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Issue - Add missing require of `pathname` to `Signer`.
|
|
13
|
+
|
|
4
14
|
1.9.0 (2024-07-23)
|
|
5
15
|
------------------
|
|
6
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.10.0
|
data/lib/aws-sigv4/signer.rb
CHANGED
|
@@ -6,6 +6,7 @@ require 'time'
|
|
|
6
6
|
require 'uri'
|
|
7
7
|
require 'set'
|
|
8
8
|
require 'cgi'
|
|
9
|
+
require 'pathname'
|
|
9
10
|
require 'aws-eventstream'
|
|
10
11
|
|
|
11
12
|
module Aws
|
|
@@ -73,15 +74,6 @@ module Aws
|
|
|
73
74
|
# and `#session_token`.
|
|
74
75
|
#
|
|
75
76
|
class Signer
|
|
76
|
-
|
|
77
|
-
@@use_crt =
|
|
78
|
-
begin
|
|
79
|
-
require 'aws-crt'
|
|
80
|
-
true
|
|
81
|
-
rescue LoadError
|
|
82
|
-
false
|
|
83
|
-
end
|
|
84
|
-
|
|
85
77
|
# @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
|
|
86
78
|
# @param [String] :service The service signing name, e.g. 's3'.
|
|
87
79
|
# @param [String] :region The region name, e.g. 'us-east-1'. When signing
|
|
@@ -153,13 +145,6 @@ module Aws
|
|
|
153
145
|
@signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
|
|
154
146
|
@normalize_path = options.fetch(:normalize_path, true)
|
|
155
147
|
@omit_session_token = options.fetch(:omit_session_token, false)
|
|
156
|
-
|
|
157
|
-
if @signing_algorithm == 'sigv4-s3express'.to_sym &&
|
|
158
|
-
Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
|
|
159
|
-
raise ArgumentError,
|
|
160
|
-
'This version of aws-crt does not support S3 Express. Please
|
|
161
|
-
update this gem to at least version 0.2.0.'
|
|
162
|
-
end
|
|
163
148
|
end
|
|
164
149
|
|
|
165
150
|
# @return [String]
|
|
@@ -235,9 +220,6 @@ module Aws
|
|
|
235
220
|
# a `#headers` method. The headers must be applied to your request.
|
|
236
221
|
#
|
|
237
222
|
def sign_request(request)
|
|
238
|
-
|
|
239
|
-
return crt_sign_request(request) if Signer.use_crt?
|
|
240
|
-
|
|
241
223
|
creds, _ = fetch_credentials
|
|
242
224
|
|
|
243
225
|
http_method = extract_http_method(request)
|
|
@@ -343,7 +325,6 @@ module Aws
|
|
|
343
325
|
# signature value (a binary string) used at ':chunk-signature' needs to converted to
|
|
344
326
|
# hex-encoded string using #unpack
|
|
345
327
|
def sign_event(prior_signature, payload, encoder)
|
|
346
|
-
# Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
|
|
347
328
|
creds, _ = fetch_credentials
|
|
348
329
|
time = Time.now
|
|
349
330
|
headers = {}
|
|
@@ -430,9 +411,6 @@ module Aws
|
|
|
430
411
|
# @return [HTTPS::URI, HTTP::URI]
|
|
431
412
|
#
|
|
432
413
|
def presign_url(options)
|
|
433
|
-
|
|
434
|
-
return crt_presign_url(options) if Signer.use_crt?
|
|
435
|
-
|
|
436
414
|
creds, expiration = fetch_credentials
|
|
437
415
|
|
|
438
416
|
http_method = extract_http_method(options)
|
|
@@ -800,129 +778,12 @@ module Aws
|
|
|
800
778
|
end
|
|
801
779
|
end
|
|
802
780
|
|
|
803
|
-
### CRT Code
|
|
804
|
-
|
|
805
|
-
# the credentials used by CRT must be a
|
|
806
|
-
# CRT StaticCredentialsProvider object
|
|
807
|
-
def crt_fetch_credentials
|
|
808
|
-
creds, expiration = fetch_credentials
|
|
809
|
-
crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
810
|
-
creds.access_key_id,
|
|
811
|
-
creds.secret_access_key,
|
|
812
|
-
creds.session_token
|
|
813
|
-
)
|
|
814
|
-
[crt_creds, expiration]
|
|
815
|
-
end
|
|
816
|
-
|
|
817
|
-
def crt_sign_request(request)
|
|
818
|
-
creds, _ = crt_fetch_credentials
|
|
819
|
-
http_method = extract_http_method(request)
|
|
820
|
-
url = extract_url(request)
|
|
821
|
-
headers = downcase_headers(request[:headers])
|
|
822
|
-
|
|
823
|
-
datetime =
|
|
824
|
-
if headers.include? 'x-amz-date'
|
|
825
|
-
Time.parse(headers.delete('x-amz-date'))
|
|
826
|
-
end
|
|
827
|
-
|
|
828
|
-
content_sha256 = headers.delete('x-amz-content-sha256')
|
|
829
|
-
content_sha256 ||= sha256_hexdigest(request[:body] || '')
|
|
830
|
-
|
|
831
|
-
sigv4_headers = {}
|
|
832
|
-
sigv4_headers['host'] = headers['host'] || host(url)
|
|
833
|
-
|
|
834
|
-
# Modify the user-agent to add usage of crt-signer
|
|
835
|
-
# This should be temporary during developer preview only
|
|
836
|
-
if headers.include? 'user-agent'
|
|
837
|
-
headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
|
|
838
|
-
sigv4_headers['user-agent'] = headers['user-agent']
|
|
839
|
-
end
|
|
840
|
-
|
|
841
|
-
headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
|
|
842
|
-
|
|
843
|
-
config = Aws::Crt::Auth::SigningConfig.new(
|
|
844
|
-
algorithm: @signing_algorithm,
|
|
845
|
-
signature_type: :http_request_headers,
|
|
846
|
-
region: @region,
|
|
847
|
-
service: @service,
|
|
848
|
-
date: datetime,
|
|
849
|
-
signed_body_value: content_sha256,
|
|
850
|
-
signed_body_header_type: @apply_checksum_header ?
|
|
851
|
-
:sbht_content_sha256 : :sbht_none,
|
|
852
|
-
credentials: creds,
|
|
853
|
-
unsigned_headers: @unsigned_headers,
|
|
854
|
-
use_double_uri_encode: @uri_escape_path,
|
|
855
|
-
should_normalize_uri_path: @normalize_path,
|
|
856
|
-
omit_session_token: @omit_session_token
|
|
857
|
-
)
|
|
858
|
-
http_request = Aws::Crt::Http::Message.new(
|
|
859
|
-
http_method, url.to_s, headers
|
|
860
|
-
)
|
|
861
|
-
signable = Aws::Crt::Auth::Signable.new(http_request)
|
|
862
|
-
|
|
863
|
-
signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
|
|
864
|
-
|
|
865
|
-
Signature.new(
|
|
866
|
-
headers: sigv4_headers.merge(
|
|
867
|
-
downcase_headers(signing_result[:headers])
|
|
868
|
-
),
|
|
869
|
-
string_to_sign: 'CRT_INTERNAL',
|
|
870
|
-
canonical_request: 'CRT_INTERNAL',
|
|
871
|
-
content_sha256: content_sha256,
|
|
872
|
-
extra: {config: config, signable: signable}
|
|
873
|
-
)
|
|
874
|
-
end
|
|
875
|
-
|
|
876
|
-
def crt_presign_url(options)
|
|
877
|
-
creds, expiration = crt_fetch_credentials
|
|
878
|
-
|
|
879
|
-
http_method = extract_http_method(options)
|
|
880
|
-
url = extract_url(options)
|
|
881
|
-
headers = downcase_headers(options[:headers])
|
|
882
|
-
headers['host'] ||= host(url)
|
|
883
|
-
|
|
884
|
-
datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
|
|
885
|
-
datetime ||= (options[:time] || Time.now)
|
|
886
|
-
|
|
887
|
-
content_sha256 = headers.delete('x-amz-content-sha256')
|
|
888
|
-
content_sha256 ||= options[:body_digest]
|
|
889
|
-
content_sha256 ||= sha256_hexdigest(options[:body] || '')
|
|
890
|
-
|
|
891
|
-
config = Aws::Crt::Auth::SigningConfig.new(
|
|
892
|
-
algorithm: @signing_algorithm,
|
|
893
|
-
signature_type: :http_request_query_params,
|
|
894
|
-
region: @region,
|
|
895
|
-
service: @service,
|
|
896
|
-
date: datetime,
|
|
897
|
-
signed_body_value: content_sha256,
|
|
898
|
-
signed_body_header_type: @apply_checksum_header ?
|
|
899
|
-
:sbht_content_sha256 : :sbht_none,
|
|
900
|
-
credentials: creds,
|
|
901
|
-
unsigned_headers: @unsigned_headers,
|
|
902
|
-
use_double_uri_encode: @uri_escape_path,
|
|
903
|
-
should_normalize_uri_path: @normalize_path,
|
|
904
|
-
omit_session_token: @omit_session_token,
|
|
905
|
-
expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
|
|
906
|
-
)
|
|
907
|
-
http_request = Aws::Crt::Http::Message.new(
|
|
908
|
-
http_method, url.to_s, headers
|
|
909
|
-
)
|
|
910
|
-
signable = Aws::Crt::Auth::Signable.new(http_request)
|
|
911
|
-
|
|
912
|
-
signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
|
|
913
|
-
url = URI.parse(signing_result[:path])
|
|
914
|
-
|
|
915
|
-
if options[:extra] && options[:extra].is_a?(Hash)
|
|
916
|
-
options[:extra][:config] = config
|
|
917
|
-
options[:extra][:signable] = signable
|
|
918
|
-
end
|
|
919
|
-
url
|
|
920
|
-
end
|
|
921
|
-
|
|
922
781
|
class << self
|
|
923
782
|
|
|
783
|
+
# Kept for backwards compatability
|
|
784
|
+
# Always return false since we are not using crt signing functionality
|
|
924
785
|
def use_crt?
|
|
925
|
-
|
|
786
|
+
false
|
|
926
787
|
end
|
|
927
788
|
|
|
928
789
|
# @api private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sigv4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-eventstream
|