aws-sigv4 1.9.1 → 1.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sigv4/signer.rb +3 -143
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d6c968ea3d1cff2c3e6ff056a38658ce9af6f2f9b3d5fce948003a063c1f785e
4
- data.tar.gz: '008ac56a37950824779768b8e3e942a711a0cae225231e9f9897e0426a18d121'
3
+ metadata.gz: '0618892feafb12a38e21c6c50b932072a0760be0338f45672c29b8b541564774'
4
+ data.tar.gz: 780fb4cb4956691909e2c830b1938902774d085f9335f7101347b3974917f61b
5
5
  SHA512:
6
- metadata.gz: 49dfbb860585de3ca7f1f84e3ff2fa059025098fe3a0baf4ab4c4fd1ff6bdb4dab85b17b040ebc7fa5db743d1f5da9a4b0975187d2bf60aabfc29e9674b22ee3
7
- data.tar.gz: 315d89e1c67bfc3938f267dcf50e47842f7cac514b07df07cc642be2bc99fbc55dd7256f564868c6f3e61ee125aa71d26a98af01c734a924aaa0ae5ac8e084e4
6
+ metadata.gz: 7c24541da4eea76873ffca584ee6b7fbbe8e57ff018f2e512e780bf4bc2ba5113bfce0312eec85ed61e246419a76000b6b54de629fc96ef252fe944b98175319
7
+ data.tar.gz: bc84f7601827ffd7015a6f52bec0a141bc16445c47de5dec271eb35e183ff377ee0527e5692ae21c8573c18e81505cf30f00f1cec736bc2fbf89a288c59cc42a
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.10.0 (2024-09-17)
5
+ ------------------
6
+
7
+ * Feature - Remove CRT `sigv4a` signing capability.
8
+
4
9
  1.9.1 (2024-07-29)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.9.1
1
+ 1.10.0
data/lib/aws-sigv4/signer.rb CHANGED
@@ -74,15 +74,6 @@ module Aws
74
74
  # and `#session_token`.
75
75
  #
76
76
  class Signer
77
-
78
- @@use_crt =
79
- begin
80
- require 'aws-crt'
81
- true
82
- rescue LoadError
83
- false
84
- end
85
-
86
77
  # @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
87
78
  # @param [String] :service The service signing name, e.g. 's3'.
88
79
  # @param [String] :region The region name, e.g. 'us-east-1'. When signing
@@ -154,13 +145,6 @@ module Aws
154
145
  @signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
155
146
  @normalize_path = options.fetch(:normalize_path, true)
156
147
  @omit_session_token = options.fetch(:omit_session_token, false)
157
-
158
- if @signing_algorithm == 'sigv4-s3express'.to_sym &&
159
- Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
160
- raise ArgumentError,
161
- 'This version of aws-crt does not support S3 Express. Please
162
- update this gem to at least version 0.2.0.'
163
- end
164
148
  end
165
149
 
166
150
  # @return [String]
@@ -236,9 +220,6 @@ module Aws
236
220
  # a `#headers` method. The headers must be applied to your request.
237
221
  #
238
222
  def sign_request(request)
239
-
240
- return crt_sign_request(request) if Signer.use_crt?
241
-
242
223
  creds, _ = fetch_credentials
243
224
 
244
225
  http_method = extract_http_method(request)
@@ -344,7 +325,6 @@ module Aws
344
325
  # signature value (a binary string) used at ':chunk-signature' needs to converted to
345
326
  # hex-encoded string using #unpack
346
327
  def sign_event(prior_signature, payload, encoder)
347
- # Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
348
328
  creds, _ = fetch_credentials
349
329
  time = Time.now
350
330
  headers = {}
@@ -431,9 +411,6 @@ module Aws
431
411
  # @return [HTTPS::URI, HTTP::URI]
432
412
  #
433
413
  def presign_url(options)
434
-
435
- return crt_presign_url(options) if Signer.use_crt?
436
-
437
414
  creds, expiration = fetch_credentials
438
415
 
439
416
  http_method = extract_http_method(options)
@@ -801,129 +778,12 @@ module Aws
801
778
  end
802
779
  end
803
780
 
804
- ### CRT Code
805
-
806
- # the credentials used by CRT must be a
807
- # CRT StaticCredentialsProvider object
808
- def crt_fetch_credentials
809
- creds, expiration = fetch_credentials
810
- crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
811
- creds.access_key_id,
812
- creds.secret_access_key,
813
- creds.session_token
814
- )
815
- [crt_creds, expiration]
816
- end
817
-
818
- def crt_sign_request(request)
819
- creds, _ = crt_fetch_credentials
820
- http_method = extract_http_method(request)
821
- url = extract_url(request)
822
- headers = downcase_headers(request[:headers])
823
-
824
- datetime =
825
- if headers.include? 'x-amz-date'
826
- Time.parse(headers.delete('x-amz-date'))
827
- end
828
-
829
- content_sha256 = headers.delete('x-amz-content-sha256')
830
- content_sha256 ||= sha256_hexdigest(request[:body] || '')
831
-
832
- sigv4_headers = {}
833
- sigv4_headers['host'] = headers['host'] || host(url)
834
-
835
- # Modify the user-agent to add usage of crt-signer
836
- # This should be temporary during developer preview only
837
- if headers.include? 'user-agent'
838
- headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
839
- sigv4_headers['user-agent'] = headers['user-agent']
840
- end
841
-
842
- headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
843
-
844
- config = Aws::Crt::Auth::SigningConfig.new(
845
- algorithm: @signing_algorithm,
846
- signature_type: :http_request_headers,
847
- region: @region,
848
- service: @service,
849
- date: datetime,
850
- signed_body_value: content_sha256,
851
- signed_body_header_type: @apply_checksum_header ?
852
- :sbht_content_sha256 : :sbht_none,
853
- credentials: creds,
854
- unsigned_headers: @unsigned_headers,
855
- use_double_uri_encode: @uri_escape_path,
856
- should_normalize_uri_path: @normalize_path,
857
- omit_session_token: @omit_session_token
858
- )
859
- http_request = Aws::Crt::Http::Message.new(
860
- http_method, url.to_s, headers
861
- )
862
- signable = Aws::Crt::Auth::Signable.new(http_request)
863
-
864
- signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
865
-
866
- Signature.new(
867
- headers: sigv4_headers.merge(
868
- downcase_headers(signing_result[:headers])
869
- ),
870
- string_to_sign: 'CRT_INTERNAL',
871
- canonical_request: 'CRT_INTERNAL',
872
- content_sha256: content_sha256,
873
- extra: {config: config, signable: signable}
874
- )
875
- end
876
-
877
- def crt_presign_url(options)
878
- creds, expiration = crt_fetch_credentials
879
-
880
- http_method = extract_http_method(options)
881
- url = extract_url(options)
882
- headers = downcase_headers(options[:headers])
883
- headers['host'] ||= host(url)
884
-
885
- datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
886
- datetime ||= (options[:time] || Time.now)
887
-
888
- content_sha256 = headers.delete('x-amz-content-sha256')
889
- content_sha256 ||= options[:body_digest]
890
- content_sha256 ||= sha256_hexdigest(options[:body] || '')
891
-
892
- config = Aws::Crt::Auth::SigningConfig.new(
893
- algorithm: @signing_algorithm,
894
- signature_type: :http_request_query_params,
895
- region: @region,
896
- service: @service,
897
- date: datetime,
898
- signed_body_value: content_sha256,
899
- signed_body_header_type: @apply_checksum_header ?
900
- :sbht_content_sha256 : :sbht_none,
901
- credentials: creds,
902
- unsigned_headers: @unsigned_headers,
903
- use_double_uri_encode: @uri_escape_path,
904
- should_normalize_uri_path: @normalize_path,
905
- omit_session_token: @omit_session_token,
906
- expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
907
- )
908
- http_request = Aws::Crt::Http::Message.new(
909
- http_method, url.to_s, headers
910
- )
911
- signable = Aws::Crt::Auth::Signable.new(http_request)
912
-
913
- signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
914
- url = URI.parse(signing_result[:path])
915
-
916
- if options[:extra] && options[:extra].is_a?(Hash)
917
- options[:extra][:config] = config
918
- options[:extra][:signable] = signable
919
- end
920
- url
921
- end
922
-
923
781
  class << self
924
782
 
783
+ # Kept for backwards compatability
784
+ # Always return false since we are not using crt signing functionality
925
785
  def use_crt?
926
- @@use_crt
786
+ false
927
787
  end
928
788
 
929
789
  # @api private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.1
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-29 00:00:00.000000000 Z
11
+ date: 2024-09-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-eventstream