aws-sigv4 1.9.1 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sigv4/signer.rb +3 -143
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0618892feafb12a38e21c6c50b932072a0760be0338f45672c29b8b541564774'
|
|
4
|
+
data.tar.gz: 780fb4cb4956691909e2c830b1938902774d085f9335f7101347b3974917f61b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c24541da4eea76873ffca584ee6b7fbbe8e57ff018f2e512e780bf4bc2ba5113bfce0312eec85ed61e246419a76000b6b54de629fc96ef252fe944b98175319
|
|
7
|
+
data.tar.gz: bc84f7601827ffd7015a6f52bec0a141bc16445c47de5dec271eb35e183ff377ee0527e5692ae21c8573c18e81505cf30f00f1cec736bc2fbf89a288c59cc42a
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.10.0
|
data/lib/aws-sigv4/signer.rb
CHANGED
|
@@ -74,15 +74,6 @@ module Aws
|
|
|
74
74
|
# and `#session_token`.
|
|
75
75
|
#
|
|
76
76
|
class Signer
|
|
77
|
-
|
|
78
|
-
@@use_crt =
|
|
79
|
-
begin
|
|
80
|
-
require 'aws-crt'
|
|
81
|
-
true
|
|
82
|
-
rescue LoadError
|
|
83
|
-
false
|
|
84
|
-
end
|
|
85
|
-
|
|
86
77
|
# @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
|
|
87
78
|
# @param [String] :service The service signing name, e.g. 's3'.
|
|
88
79
|
# @param [String] :region The region name, e.g. 'us-east-1'. When signing
|
|
@@ -154,13 +145,6 @@ module Aws
|
|
|
154
145
|
@signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
|
|
155
146
|
@normalize_path = options.fetch(:normalize_path, true)
|
|
156
147
|
@omit_session_token = options.fetch(:omit_session_token, false)
|
|
157
|
-
|
|
158
|
-
if @signing_algorithm == 'sigv4-s3express'.to_sym &&
|
|
159
|
-
Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
|
|
160
|
-
raise ArgumentError,
|
|
161
|
-
'This version of aws-crt does not support S3 Express. Please
|
|
162
|
-
update this gem to at least version 0.2.0.'
|
|
163
|
-
end
|
|
164
148
|
end
|
|
165
149
|
|
|
166
150
|
# @return [String]
|
|
@@ -236,9 +220,6 @@ module Aws
|
|
|
236
220
|
# a `#headers` method. The headers must be applied to your request.
|
|
237
221
|
#
|
|
238
222
|
def sign_request(request)
|
|
239
|
-
|
|
240
|
-
return crt_sign_request(request) if Signer.use_crt?
|
|
241
|
-
|
|
242
223
|
creds, _ = fetch_credentials
|
|
243
224
|
|
|
244
225
|
http_method = extract_http_method(request)
|
|
@@ -344,7 +325,6 @@ module Aws
|
|
|
344
325
|
# signature value (a binary string) used at ':chunk-signature' needs to converted to
|
|
345
326
|
# hex-encoded string using #unpack
|
|
346
327
|
def sign_event(prior_signature, payload, encoder)
|
|
347
|
-
# Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
|
|
348
328
|
creds, _ = fetch_credentials
|
|
349
329
|
time = Time.now
|
|
350
330
|
headers = {}
|
|
@@ -431,9 +411,6 @@ module Aws
|
|
|
431
411
|
# @return [HTTPS::URI, HTTP::URI]
|
|
432
412
|
#
|
|
433
413
|
def presign_url(options)
|
|
434
|
-
|
|
435
|
-
return crt_presign_url(options) if Signer.use_crt?
|
|
436
|
-
|
|
437
414
|
creds, expiration = fetch_credentials
|
|
438
415
|
|
|
439
416
|
http_method = extract_http_method(options)
|
|
@@ -801,129 +778,12 @@ module Aws
|
|
|
801
778
|
end
|
|
802
779
|
end
|
|
803
780
|
|
|
804
|
-
### CRT Code
|
|
805
|
-
|
|
806
|
-
# the credentials used by CRT must be a
|
|
807
|
-
# CRT StaticCredentialsProvider object
|
|
808
|
-
def crt_fetch_credentials
|
|
809
|
-
creds, expiration = fetch_credentials
|
|
810
|
-
crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
811
|
-
creds.access_key_id,
|
|
812
|
-
creds.secret_access_key,
|
|
813
|
-
creds.session_token
|
|
814
|
-
)
|
|
815
|
-
[crt_creds, expiration]
|
|
816
|
-
end
|
|
817
|
-
|
|
818
|
-
def crt_sign_request(request)
|
|
819
|
-
creds, _ = crt_fetch_credentials
|
|
820
|
-
http_method = extract_http_method(request)
|
|
821
|
-
url = extract_url(request)
|
|
822
|
-
headers = downcase_headers(request[:headers])
|
|
823
|
-
|
|
824
|
-
datetime =
|
|
825
|
-
if headers.include? 'x-amz-date'
|
|
826
|
-
Time.parse(headers.delete('x-amz-date'))
|
|
827
|
-
end
|
|
828
|
-
|
|
829
|
-
content_sha256 = headers.delete('x-amz-content-sha256')
|
|
830
|
-
content_sha256 ||= sha256_hexdigest(request[:body] || '')
|
|
831
|
-
|
|
832
|
-
sigv4_headers = {}
|
|
833
|
-
sigv4_headers['host'] = headers['host'] || host(url)
|
|
834
|
-
|
|
835
|
-
# Modify the user-agent to add usage of crt-signer
|
|
836
|
-
# This should be temporary during developer preview only
|
|
837
|
-
if headers.include? 'user-agent'
|
|
838
|
-
headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
|
|
839
|
-
sigv4_headers['user-agent'] = headers['user-agent']
|
|
840
|
-
end
|
|
841
|
-
|
|
842
|
-
headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
|
|
843
|
-
|
|
844
|
-
config = Aws::Crt::Auth::SigningConfig.new(
|
|
845
|
-
algorithm: @signing_algorithm,
|
|
846
|
-
signature_type: :http_request_headers,
|
|
847
|
-
region: @region,
|
|
848
|
-
service: @service,
|
|
849
|
-
date: datetime,
|
|
850
|
-
signed_body_value: content_sha256,
|
|
851
|
-
signed_body_header_type: @apply_checksum_header ?
|
|
852
|
-
:sbht_content_sha256 : :sbht_none,
|
|
853
|
-
credentials: creds,
|
|
854
|
-
unsigned_headers: @unsigned_headers,
|
|
855
|
-
use_double_uri_encode: @uri_escape_path,
|
|
856
|
-
should_normalize_uri_path: @normalize_path,
|
|
857
|
-
omit_session_token: @omit_session_token
|
|
858
|
-
)
|
|
859
|
-
http_request = Aws::Crt::Http::Message.new(
|
|
860
|
-
http_method, url.to_s, headers
|
|
861
|
-
)
|
|
862
|
-
signable = Aws::Crt::Auth::Signable.new(http_request)
|
|
863
|
-
|
|
864
|
-
signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
|
|
865
|
-
|
|
866
|
-
Signature.new(
|
|
867
|
-
headers: sigv4_headers.merge(
|
|
868
|
-
downcase_headers(signing_result[:headers])
|
|
869
|
-
),
|
|
870
|
-
string_to_sign: 'CRT_INTERNAL',
|
|
871
|
-
canonical_request: 'CRT_INTERNAL',
|
|
872
|
-
content_sha256: content_sha256,
|
|
873
|
-
extra: {config: config, signable: signable}
|
|
874
|
-
)
|
|
875
|
-
end
|
|
876
|
-
|
|
877
|
-
def crt_presign_url(options)
|
|
878
|
-
creds, expiration = crt_fetch_credentials
|
|
879
|
-
|
|
880
|
-
http_method = extract_http_method(options)
|
|
881
|
-
url = extract_url(options)
|
|
882
|
-
headers = downcase_headers(options[:headers])
|
|
883
|
-
headers['host'] ||= host(url)
|
|
884
|
-
|
|
885
|
-
datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
|
|
886
|
-
datetime ||= (options[:time] || Time.now)
|
|
887
|
-
|
|
888
|
-
content_sha256 = headers.delete('x-amz-content-sha256')
|
|
889
|
-
content_sha256 ||= options[:body_digest]
|
|
890
|
-
content_sha256 ||= sha256_hexdigest(options[:body] || '')
|
|
891
|
-
|
|
892
|
-
config = Aws::Crt::Auth::SigningConfig.new(
|
|
893
|
-
algorithm: @signing_algorithm,
|
|
894
|
-
signature_type: :http_request_query_params,
|
|
895
|
-
region: @region,
|
|
896
|
-
service: @service,
|
|
897
|
-
date: datetime,
|
|
898
|
-
signed_body_value: content_sha256,
|
|
899
|
-
signed_body_header_type: @apply_checksum_header ?
|
|
900
|
-
:sbht_content_sha256 : :sbht_none,
|
|
901
|
-
credentials: creds,
|
|
902
|
-
unsigned_headers: @unsigned_headers,
|
|
903
|
-
use_double_uri_encode: @uri_escape_path,
|
|
904
|
-
should_normalize_uri_path: @normalize_path,
|
|
905
|
-
omit_session_token: @omit_session_token,
|
|
906
|
-
expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
|
|
907
|
-
)
|
|
908
|
-
http_request = Aws::Crt::Http::Message.new(
|
|
909
|
-
http_method, url.to_s, headers
|
|
910
|
-
)
|
|
911
|
-
signable = Aws::Crt::Auth::Signable.new(http_request)
|
|
912
|
-
|
|
913
|
-
signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
|
|
914
|
-
url = URI.parse(signing_result[:path])
|
|
915
|
-
|
|
916
|
-
if options[:extra] && options[:extra].is_a?(Hash)
|
|
917
|
-
options[:extra][:config] = config
|
|
918
|
-
options[:extra][:signable] = signable
|
|
919
|
-
end
|
|
920
|
-
url
|
|
921
|
-
end
|
|
922
|
-
|
|
923
781
|
class << self
|
|
924
782
|
|
|
783
|
+
# Kept for backwards compatability
|
|
784
|
+
# Always return false since we are not using crt signing functionality
|
|
925
785
|
def use_crt?
|
|
926
|
-
|
|
786
|
+
false
|
|
927
787
|
end
|
|
928
788
|
|
|
929
789
|
# @api private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sigv4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-09-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-eventstream
|