aws-sigv4 1.9.1 → 1.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d6c968ea3d1cff2c3e6ff056a38658ce9af6f2f9b3d5fce948003a063c1f785e
4
- data.tar.gz: '008ac56a37950824779768b8e3e942a711a0cae225231e9f9897e0426a18d121'
3
+ metadata.gz: 58318b8045877e5842f7c0793c856e30b6bba8425988a4929bca3aaaf64fcc06
4
+ data.tar.gz: c9de352d0dee1c35637e86d1d4a3a8817d3ee6a4c3595f8e86436cf216d0a35d
5
5
  SHA512:
6
- metadata.gz: 49dfbb860585de3ca7f1f84e3ff2fa059025098fe3a0baf4ab4c4fd1ff6bdb4dab85b17b040ebc7fa5db743d1f5da9a4b0975187d2bf60aabfc29e9674b22ee3
7
- data.tar.gz: 315d89e1c67bfc3938f267dcf50e47842f7cac514b07df07cc642be2bc99fbc55dd7256f564868c6f3e61ee125aa71d26a98af01c734a924aaa0ae5ac8e084e4
6
+ metadata.gz: b22918d3e6a784f4198b9b3583b6ce34e492819ec401862333d29f7c456402fe10718f7e9f30479d5097b89b19d8030400647572ee7204b8729093b16290f3f2
7
+ data.tar.gz: c15f22f66888fa2bbe1822bd833c2bc87c216b3c082ba1961682e0dcd2f5c0f427c2126ffb04354a3ba2b47c5a3fb375ad2381be543021b089687f589a4565fd
data/CHANGELOG.md CHANGED
@@ -1,6 +1,31 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.12.1 (2025-06-10)
5
+ ------------------
6
+
7
+ * Issue - Only load required `cgi` modules for Ruby 3.5.
8
+
9
+ 1.12.0 (2025-06-02)
10
+ ------------------
11
+
12
+ * Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 2.5 and 2.6.
13
+
14
+ 1.11.0 (2025-01-10)
15
+ ------------------
16
+
17
+ * Feature - Add RBS signature files to support static type checking
18
+
19
+ 1.10.1 (2024-10-21)
20
+ ------------------
21
+
22
+ * Issue - Fix sigv4a signing issue with derive_asymmetric_key for certain credentials.
23
+
24
+ 1.10.0 (2024-09-17)
25
+ ------------------
26
+
27
+ * Feature - Remove CRT `sigv4a` signing capability.
28
+
4
29
  1.9.1 (2024-07-29)
5
30
  ------------------
6
31
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.9.1
1
+ 1.12.1
@@ -11,8 +11,6 @@ module Aws
11
11
 
12
12
  N_MINUS_2 = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 - 2
13
13
 
14
- # @param [String] :access_key_id
15
- # @param [String] :secret_access_key
16
14
  # @return [OpenSSL::PKey::EC, Hash]
17
15
  def self.derive_asymmetric_key(access_key_id, secret_access_key)
18
16
  check_openssl_support!
@@ -60,6 +58,16 @@ module Aws
60
58
  x
61
59
  end
62
60
 
61
+ # @return [Array] value of the BigNumber as a big-endian unsigned byte array.
62
+ def self.bn_to_be_bytes(bn)
63
+ bytes = []
64
+ while bn > 0
65
+ bytes << (bn & 0xff)
66
+ bn = bn >> 8
67
+ end
68
+ bytes.reverse
69
+ end
70
+
63
71
  # Prior to openssl3 we could directly set public and private key on EC
64
72
  # However, openssl3 deprecated those methods and we must now construct
65
73
  # a der with the keys and load the EC from it.
@@ -67,7 +75,7 @@ module Aws
67
75
  # format reversed from: OpenSSL::ASN1.decode_all(OpenSSL::PKey::EC.new.to_der)
68
76
  asn1 = OpenSSL::ASN1::Sequence([
69
77
  OpenSSL::ASN1::Integer(OpenSSL::BN.new(1)),
70
- OpenSSL::ASN1::OctetString([d.to_s(16)].pack('H*')),
78
+ OpenSSL::ASN1::OctetString(bn_to_be_bytes(d).pack('C*')),
71
79
  OpenSSL::ASN1::ASN1Data.new([OpenSSL::ASN1::ObjectId("prime256v1")], 0, :CONTEXT_SPECIFIC),
72
80
  OpenSSL::ASN1::ASN1Data.new(
73
81
  [OpenSSL::ASN1::BitString(public_key.to_octet_string(:uncompressed))],
@@ -7,7 +7,7 @@ module Aws
7
7
  class Request
8
8
 
9
9
  # @option options [required, String] :http_method
10
- # @option options [required, HTTP::URI, HTTPS::URI, String] :endpoint
10
+ # @option options [required, String, URI::HTTP, URI::HTTPS] :endpoint
11
11
  # @option options [Hash<String,String>] :headers ({})
12
12
  # @option options [String, IO] :body ('')
13
13
  def initialize(options = {})
@@ -30,12 +30,12 @@ module Aws
30
30
  @http_method
31
31
  end
32
32
 
33
- # @param [String, HTTP::URI, HTTPS::URI] endpoint
33
+ # @param [String, URI::HTTP, URI::HTTPS] endpoint
34
34
  def endpoint=(endpoint)
35
35
  @endpoint = URI.parse(endpoint.to_s)
36
36
  end
37
37
 
38
- # @return [HTTP::URI, HTTPS::URI]
38
+ # @return [URI::HTTP, URI::HTTPS]
39
39
  def endpoint
40
40
  @endpoint
41
41
  end
@@ -5,7 +5,8 @@ require 'tempfile'
5
5
  require 'time'
6
6
  require 'uri'
7
7
  require 'set'
8
- require 'cgi'
8
+ require "cgi/escape"
9
+ require "cgi/util" if RUBY_VERSION < "3.5"
9
10
  require 'pathname'
10
11
  require 'aws-eventstream'
11
12
 
@@ -74,15 +75,6 @@ module Aws
74
75
  # and `#session_token`.
75
76
  #
76
77
  class Signer
77
-
78
- @@use_crt =
79
- begin
80
- require 'aws-crt'
81
- true
82
- rescue LoadError
83
- false
84
- end
85
-
86
78
  # @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
87
79
  # @param [String] :service The service signing name, e.g. 's3'.
88
80
  # @param [String] :region The region name, e.g. 'us-east-1'. When signing
@@ -154,13 +146,6 @@ module Aws
154
146
  @signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
155
147
  @normalize_path = options.fetch(:normalize_path, true)
156
148
  @omit_session_token = options.fetch(:omit_session_token, false)
157
-
158
- if @signing_algorithm == 'sigv4-s3express'.to_sym &&
159
- Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
160
- raise ArgumentError,
161
- 'This version of aws-crt does not support S3 Express. Please
162
- update this gem to at least version 0.2.0.'
163
- end
164
149
  end
165
150
 
166
151
  # @return [String]
@@ -221,7 +206,7 @@ module Aws
221
206
  # @option request [required, String] :http_method One of
222
207
  # 'GET', 'HEAD', 'PUT', 'POST', 'PATCH', or 'DELETE'
223
208
  #
224
- # @option request [required, String, URI::HTTPS, URI::HTTP] :url
209
+ # @option request [required, String, URI::HTTP, URI::HTTPS] :url
225
210
  # The request URI. Must be a valid HTTP or HTTPS URI.
226
211
  #
227
212
  # @option request [optional, Hash] :headers ({}) A hash of headers
@@ -236,9 +221,6 @@ module Aws
236
221
  # a `#headers` method. The headers must be applied to your request.
237
222
  #
238
223
  def sign_request(request)
239
-
240
- return crt_sign_request(request) if Signer.use_crt?
241
-
242
224
  creds, _ = fetch_credentials
243
225
 
244
226
  http_method = extract_http_method(request)
@@ -344,7 +326,6 @@ module Aws
344
326
  # signature value (a binary string) used at ':chunk-signature' needs to converted to
345
327
  # hex-encoded string using #unpack
346
328
  def sign_event(prior_signature, payload, encoder)
347
- # Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
348
329
  creds, _ = fetch_credentials
349
330
  time = Time.now
350
331
  headers = {}
@@ -403,7 +384,7 @@ module Aws
403
384
  # @option options [required, String] :http_method The HTTP request method,
404
385
  # e.g. 'GET', 'HEAD', 'PUT', 'POST', 'PATCH', or 'DELETE'.
405
386
  #
406
- # @option options [required, String, HTTPS::URI, HTTP::URI] :url
387
+ # @option options [required, String, URI::HTTP, URI::HTTPS] :url
407
388
  # The URI to sign.
408
389
  #
409
390
  # @option options [Hash] :headers ({}) Headers that should
@@ -431,9 +412,6 @@ module Aws
431
412
  # @return [HTTPS::URI, HTTP::URI]
432
413
  #
433
414
  def presign_url(options)
434
-
435
- return crt_presign_url(options) if Signer.use_crt?
436
-
437
415
  creds, expiration = fetch_credentials
438
416
 
439
417
  http_method = extract_http_method(options)
@@ -801,129 +779,12 @@ module Aws
801
779
  end
802
780
  end
803
781
 
804
- ### CRT Code
805
-
806
- # the credentials used by CRT must be a
807
- # CRT StaticCredentialsProvider object
808
- def crt_fetch_credentials
809
- creds, expiration = fetch_credentials
810
- crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
811
- creds.access_key_id,
812
- creds.secret_access_key,
813
- creds.session_token
814
- )
815
- [crt_creds, expiration]
816
- end
817
-
818
- def crt_sign_request(request)
819
- creds, _ = crt_fetch_credentials
820
- http_method = extract_http_method(request)
821
- url = extract_url(request)
822
- headers = downcase_headers(request[:headers])
823
-
824
- datetime =
825
- if headers.include? 'x-amz-date'
826
- Time.parse(headers.delete('x-amz-date'))
827
- end
828
-
829
- content_sha256 = headers.delete('x-amz-content-sha256')
830
- content_sha256 ||= sha256_hexdigest(request[:body] || '')
831
-
832
- sigv4_headers = {}
833
- sigv4_headers['host'] = headers['host'] || host(url)
834
-
835
- # Modify the user-agent to add usage of crt-signer
836
- # This should be temporary during developer preview only
837
- if headers.include? 'user-agent'
838
- headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
839
- sigv4_headers['user-agent'] = headers['user-agent']
840
- end
841
-
842
- headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
843
-
844
- config = Aws::Crt::Auth::SigningConfig.new(
845
- algorithm: @signing_algorithm,
846
- signature_type: :http_request_headers,
847
- region: @region,
848
- service: @service,
849
- date: datetime,
850
- signed_body_value: content_sha256,
851
- signed_body_header_type: @apply_checksum_header ?
852
- :sbht_content_sha256 : :sbht_none,
853
- credentials: creds,
854
- unsigned_headers: @unsigned_headers,
855
- use_double_uri_encode: @uri_escape_path,
856
- should_normalize_uri_path: @normalize_path,
857
- omit_session_token: @omit_session_token
858
- )
859
- http_request = Aws::Crt::Http::Message.new(
860
- http_method, url.to_s, headers
861
- )
862
- signable = Aws::Crt::Auth::Signable.new(http_request)
863
-
864
- signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
865
-
866
- Signature.new(
867
- headers: sigv4_headers.merge(
868
- downcase_headers(signing_result[:headers])
869
- ),
870
- string_to_sign: 'CRT_INTERNAL',
871
- canonical_request: 'CRT_INTERNAL',
872
- content_sha256: content_sha256,
873
- extra: {config: config, signable: signable}
874
- )
875
- end
876
-
877
- def crt_presign_url(options)
878
- creds, expiration = crt_fetch_credentials
879
-
880
- http_method = extract_http_method(options)
881
- url = extract_url(options)
882
- headers = downcase_headers(options[:headers])
883
- headers['host'] ||= host(url)
884
-
885
- datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
886
- datetime ||= (options[:time] || Time.now)
887
-
888
- content_sha256 = headers.delete('x-amz-content-sha256')
889
- content_sha256 ||= options[:body_digest]
890
- content_sha256 ||= sha256_hexdigest(options[:body] || '')
891
-
892
- config = Aws::Crt::Auth::SigningConfig.new(
893
- algorithm: @signing_algorithm,
894
- signature_type: :http_request_query_params,
895
- region: @region,
896
- service: @service,
897
- date: datetime,
898
- signed_body_value: content_sha256,
899
- signed_body_header_type: @apply_checksum_header ?
900
- :sbht_content_sha256 : :sbht_none,
901
- credentials: creds,
902
- unsigned_headers: @unsigned_headers,
903
- use_double_uri_encode: @uri_escape_path,
904
- should_normalize_uri_path: @normalize_path,
905
- omit_session_token: @omit_session_token,
906
- expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
907
- )
908
- http_request = Aws::Crt::Http::Message.new(
909
- http_method, url.to_s, headers
910
- )
911
- signable = Aws::Crt::Auth::Signable.new(http_request)
912
-
913
- signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
914
- url = URI.parse(signing_result[:path])
915
-
916
- if options[:extra] && options[:extra].is_a?(Hash)
917
- options[:extra][:config] = config
918
- options[:extra][:signable] = signable
919
- end
920
- url
921
- end
922
-
923
782
  class << self
924
783
 
784
+ # Kept for backwards compatability
785
+ # Always return false since we are not using crt signing functionality
925
786
  def use_crt?
926
- @@use_crt
787
+ false
927
788
  end
928
789
 
929
790
  # @api private
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.1
4
+ version: 1.12.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain: []
11
- date: 2024-07-29 00:00:00.000000000 Z
10
+ date: 1980-01-02 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: aws-eventstream
@@ -32,7 +31,6 @@ dependencies:
32
31
  version: 1.0.2
33
32
  description: Amazon Web Services Signature Version 4 signing library. Generates sigv4
34
33
  signature for HTTP requests.
35
- email:
36
34
  executables: []
37
35
  extensions: []
38
36
  extra_rdoc_files: []
@@ -53,7 +51,6 @@ licenses:
53
51
  metadata:
54
52
  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sigv4
55
53
  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sigv4/CHANGELOG.md
56
- post_install_message:
57
54
  rdoc_options: []
58
55
  require_paths:
59
56
  - lib
@@ -61,15 +58,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
61
58
  requirements:
62
59
  - - ">="
63
60
  - !ruby/object:Gem::Version
64
- version: '2.5'
61
+ version: '2.7'
65
62
  required_rubygems_version: !ruby/object:Gem::Requirement
66
63
  requirements:
67
64
  - - ">="
68
65
  - !ruby/object:Gem::Version
69
66
  version: '0'
70
67
  requirements: []
71
- rubygems_version: 3.4.10
72
- signing_key:
68
+ rubygems_version: 3.6.7
73
69
  specification_version: 4
74
70
  summary: AWS Signature Version 4 library.
75
71
  test_files: []