aws-sigv4 1.9.1 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sigv4/signer.rb +3 -143
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d6c968ea3d1cff2c3e6ff056a38658ce9af6f2f9b3d5fce948003a063c1f785e
4
- data.tar.gz: '008ac56a37950824779768b8e3e942a711a0cae225231e9f9897e0426a18d121'
3
+ metadata.gz: '0618892feafb12a38e21c6c50b932072a0760be0338f45672c29b8b541564774'
4
+ data.tar.gz: 780fb4cb4956691909e2c830b1938902774d085f9335f7101347b3974917f61b
5
5
  SHA512:
6
- metadata.gz: 49dfbb860585de3ca7f1f84e3ff2fa059025098fe3a0baf4ab4c4fd1ff6bdb4dab85b17b040ebc7fa5db743d1f5da9a4b0975187d2bf60aabfc29e9674b22ee3
7
- data.tar.gz: 315d89e1c67bfc3938f267dcf50e47842f7cac514b07df07cc642be2bc99fbc55dd7256f564868c6f3e61ee125aa71d26a98af01c734a924aaa0ae5ac8e084e4
6
+ metadata.gz: 7c24541da4eea76873ffca584ee6b7fbbe8e57ff018f2e512e780bf4bc2ba5113bfce0312eec85ed61e246419a76000b6b54de629fc96ef252fe944b98175319
7
+ data.tar.gz: bc84f7601827ffd7015a6f52bec0a141bc16445c47de5dec271eb35e183ff377ee0527e5692ae21c8573c18e81505cf30f00f1cec736bc2fbf89a288c59cc42a
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.10.0 (2024-09-17)
5
+ ------------------
6
+
7
+ * Feature - Remove CRT `sigv4a` signing capability.
8
+
4
9
  1.9.1 (2024-07-29)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.9.1
1
+ 1.10.0
@@ -74,15 +74,6 @@ module Aws
74
74
  # and `#session_token`.
75
75
  #
76
76
  class Signer
77
-
78
- @@use_crt =
79
- begin
80
- require 'aws-crt'
81
- true
82
- rescue LoadError
83
- false
84
- end
85
-
86
77
  # @overload initialize(service:, region:, access_key_id:, secret_access_key:, session_token:nil, **options)
87
78
  # @param [String] :service The service signing name, e.g. 's3'.
88
79
  # @param [String] :region The region name, e.g. 'us-east-1'. When signing
@@ -154,13 +145,6 @@ module Aws
154
145
  @signing_algorithm = options.fetch(:signing_algorithm, :sigv4)
155
146
  @normalize_path = options.fetch(:normalize_path, true)
156
147
  @omit_session_token = options.fetch(:omit_session_token, false)
157
-
158
- if @signing_algorithm == 'sigv4-s3express'.to_sym &&
159
- Signer.use_crt? && Aws::Crt::GEM_VERSION <= '0.1.9'
160
- raise ArgumentError,
161
- 'This version of aws-crt does not support S3 Express. Please
162
- update this gem to at least version 0.2.0.'
163
- end
164
148
  end
165
149
 
166
150
  # @return [String]
@@ -236,9 +220,6 @@ module Aws
236
220
  # a `#headers` method. The headers must be applied to your request.
237
221
  #
238
222
  def sign_request(request)
239
-
240
- return crt_sign_request(request) if Signer.use_crt?
241
-
242
223
  creds, _ = fetch_credentials
243
224
 
244
225
  http_method = extract_http_method(request)
@@ -344,7 +325,6 @@ module Aws
344
325
  # signature value (a binary string) used at ':chunk-signature' needs to converted to
345
326
  # hex-encoded string using #unpack
346
327
  def sign_event(prior_signature, payload, encoder)
347
- # Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
348
328
  creds, _ = fetch_credentials
349
329
  time = Time.now
350
330
  headers = {}
@@ -431,9 +411,6 @@ module Aws
431
411
  # @return [HTTPS::URI, HTTP::URI]
432
412
  #
433
413
  def presign_url(options)
434
-
435
- return crt_presign_url(options) if Signer.use_crt?
436
-
437
414
  creds, expiration = fetch_credentials
438
415
 
439
416
  http_method = extract_http_method(options)
@@ -801,129 +778,12 @@ module Aws
801
778
  end
802
779
  end
803
780
 
804
- ### CRT Code
805
-
806
- # the credentials used by CRT must be a
807
- # CRT StaticCredentialsProvider object
808
- def crt_fetch_credentials
809
- creds, expiration = fetch_credentials
810
- crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
811
- creds.access_key_id,
812
- creds.secret_access_key,
813
- creds.session_token
814
- )
815
- [crt_creds, expiration]
816
- end
817
-
818
- def crt_sign_request(request)
819
- creds, _ = crt_fetch_credentials
820
- http_method = extract_http_method(request)
821
- url = extract_url(request)
822
- headers = downcase_headers(request[:headers])
823
-
824
- datetime =
825
- if headers.include? 'x-amz-date'
826
- Time.parse(headers.delete('x-amz-date'))
827
- end
828
-
829
- content_sha256 = headers.delete('x-amz-content-sha256')
830
- content_sha256 ||= sha256_hexdigest(request[:body] || '')
831
-
832
- sigv4_headers = {}
833
- sigv4_headers['host'] = headers['host'] || host(url)
834
-
835
- # Modify the user-agent to add usage of crt-signer
836
- # This should be temporary during developer preview only
837
- if headers.include? 'user-agent'
838
- headers['user-agent'] = "#{headers['user-agent']} crt-signer/#{@signing_algorithm}/#{Aws::Sigv4::VERSION}"
839
- sigv4_headers['user-agent'] = headers['user-agent']
840
- end
841
-
842
- headers = headers.merge(sigv4_headers) # merge so we do not modify given headers hash
843
-
844
- config = Aws::Crt::Auth::SigningConfig.new(
845
- algorithm: @signing_algorithm,
846
- signature_type: :http_request_headers,
847
- region: @region,
848
- service: @service,
849
- date: datetime,
850
- signed_body_value: content_sha256,
851
- signed_body_header_type: @apply_checksum_header ?
852
- :sbht_content_sha256 : :sbht_none,
853
- credentials: creds,
854
- unsigned_headers: @unsigned_headers,
855
- use_double_uri_encode: @uri_escape_path,
856
- should_normalize_uri_path: @normalize_path,
857
- omit_session_token: @omit_session_token
858
- )
859
- http_request = Aws::Crt::Http::Message.new(
860
- http_method, url.to_s, headers
861
- )
862
- signable = Aws::Crt::Auth::Signable.new(http_request)
863
-
864
- signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable)
865
-
866
- Signature.new(
867
- headers: sigv4_headers.merge(
868
- downcase_headers(signing_result[:headers])
869
- ),
870
- string_to_sign: 'CRT_INTERNAL',
871
- canonical_request: 'CRT_INTERNAL',
872
- content_sha256: content_sha256,
873
- extra: {config: config, signable: signable}
874
- )
875
- end
876
-
877
- def crt_presign_url(options)
878
- creds, expiration = crt_fetch_credentials
879
-
880
- http_method = extract_http_method(options)
881
- url = extract_url(options)
882
- headers = downcase_headers(options[:headers])
883
- headers['host'] ||= host(url)
884
-
885
- datetime = Time.strptime(headers.delete('x-amz-date'), "%Y%m%dT%H%M%S%Z") if headers['x-amz-date']
886
- datetime ||= (options[:time] || Time.now)
887
-
888
- content_sha256 = headers.delete('x-amz-content-sha256')
889
- content_sha256 ||= options[:body_digest]
890
- content_sha256 ||= sha256_hexdigest(options[:body] || '')
891
-
892
- config = Aws::Crt::Auth::SigningConfig.new(
893
- algorithm: @signing_algorithm,
894
- signature_type: :http_request_query_params,
895
- region: @region,
896
- service: @service,
897
- date: datetime,
898
- signed_body_value: content_sha256,
899
- signed_body_header_type: @apply_checksum_header ?
900
- :sbht_content_sha256 : :sbht_none,
901
- credentials: creds,
902
- unsigned_headers: @unsigned_headers,
903
- use_double_uri_encode: @uri_escape_path,
904
- should_normalize_uri_path: @normalize_path,
905
- omit_session_token: @omit_session_token,
906
- expiration_in_seconds: presigned_url_expiration(options, expiration, datetime)
907
- )
908
- http_request = Aws::Crt::Http::Message.new(
909
- http_method, url.to_s, headers
910
- )
911
- signable = Aws::Crt::Auth::Signable.new(http_request)
912
-
913
- signing_result = Aws::Crt::Auth::Signer.sign_request(config, signable, http_method, url.to_s)
914
- url = URI.parse(signing_result[:path])
915
-
916
- if options[:extra] && options[:extra].is_a?(Hash)
917
- options[:extra][:config] = config
918
- options[:extra][:signable] = signable
919
- end
920
- url
921
- end
922
-
923
781
  class << self
924
782
 
783
+ # Kept for backwards compatability
784
+ # Always return false since we are not using crt signing functionality
925
785
  def use_crt?
926
- @@use_crt
786
+ false
927
787
  end
928
788
 
929
789
  # @api private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.1
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-29 00:00:00.000000000 Z
11
+ date: 2024-09-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-eventstream