aws-sigv4 1.5.2 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sigv4/signer.rb +25 -14
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed95d4ec56e15f5b06d202643cebf73e89d69efbe461d03035dc309f0aa32b11
|
|
4
|
+
data.tar.gz: f235824f3bf7ea35aa4fb7e666250f72be1d8592709f522c8fae42fb36e40a9a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 62ddb59e6cf4fd5ca5a704db3a7f8f8707329cd8b66fec124de5bc56bc5cc2fac20622987e5a6cbeaec1ce55941ee66ab36ed25178ee82e287515622a33bc314
|
|
7
|
+
data.tar.gz: e05f2a2ada39d28681df35b7365e7c71e6eda34b250cd2259312d9b6cc0e810fceb0dffeddd785a4b5e08cea1989eb5e2e4e27303d1cf4ce51ad251952d7047d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.6.0 (2023-06-28)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Select the minimum expiration time for presigned urls between the expiration time option and the credential expiration time.
|
|
8
|
+
|
|
4
9
|
1.5.2 (2022-09-30)
|
|
5
10
|
------------------
|
|
6
11
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.6.0
|
data/lib/aws-sigv4/signer.rb
CHANGED
|
@@ -235,7 +235,7 @@ module Aws
|
|
|
235
235
|
|
|
236
236
|
return crt_sign_request(request) if Signer.use_crt?
|
|
237
237
|
|
|
238
|
-
creds = fetch_credentials
|
|
238
|
+
creds, _ = fetch_credentials
|
|
239
239
|
|
|
240
240
|
http_method = extract_http_method(request)
|
|
241
241
|
url = extract_url(request)
|
|
@@ -314,7 +314,7 @@ module Aws
|
|
|
314
314
|
# hex-encoded string using #unpack
|
|
315
315
|
def sign_event(prior_signature, payload, encoder)
|
|
316
316
|
# Note: CRT does not currently provide event stream signing, so we always use the ruby implementation.
|
|
317
|
-
creds = fetch_credentials
|
|
317
|
+
creds, _ = fetch_credentials
|
|
318
318
|
time = Time.now
|
|
319
319
|
headers = {}
|
|
320
320
|
|
|
@@ -403,7 +403,7 @@ module Aws
|
|
|
403
403
|
|
|
404
404
|
return crt_presign_url(options) if Signer.use_crt?
|
|
405
405
|
|
|
406
|
-
creds = fetch_credentials
|
|
406
|
+
creds, expiration = fetch_credentials
|
|
407
407
|
|
|
408
408
|
http_method = extract_http_method(options)
|
|
409
409
|
url = extract_url(options)
|
|
@@ -423,7 +423,7 @@ module Aws
|
|
|
423
423
|
params['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
|
|
424
424
|
params['X-Amz-Credential'] = credential(creds, date)
|
|
425
425
|
params['X-Amz-Date'] = datetime
|
|
426
|
-
params['X-Amz-Expires'] =
|
|
426
|
+
params['X-Amz-Expires'] = presigned_url_expiration(options, expiration).to_s
|
|
427
427
|
params['X-Amz-Security-Token'] = creds.session_token if creds.session_token
|
|
428
428
|
params['X-Amz-SignedHeaders'] = signed_headers(headers)
|
|
429
429
|
|
|
@@ -526,7 +526,6 @@ module Aws
|
|
|
526
526
|
hmac(k_credentials, string_to_sign)
|
|
527
527
|
end
|
|
528
528
|
|
|
529
|
-
|
|
530
529
|
def path(url)
|
|
531
530
|
path = url.path
|
|
532
531
|
path = '/' if path == ''
|
|
@@ -682,8 +681,8 @@ module Aws
|
|
|
682
681
|
|
|
683
682
|
def extract_expires_in(options)
|
|
684
683
|
case options[:expires_in]
|
|
685
|
-
when nil then 900
|
|
686
|
-
when Integer then options[:expires_in]
|
|
684
|
+
when nil then 900
|
|
685
|
+
when Integer then options[:expires_in]
|
|
687
686
|
else
|
|
688
687
|
msg = "expected :expires_in to be a number of seconds"
|
|
689
688
|
raise ArgumentError, msg
|
|
@@ -698,11 +697,14 @@ module Aws
|
|
|
698
697
|
self.class.uri_escape_path(string)
|
|
699
698
|
end
|
|
700
699
|
|
|
701
|
-
|
|
702
700
|
def fetch_credentials
|
|
703
701
|
credentials = @credentials_provider.credentials
|
|
704
702
|
if credentials_set?(credentials)
|
|
705
|
-
|
|
703
|
+
expiration = nil
|
|
704
|
+
if @credentials_provider.respond_to?(:expiration)
|
|
705
|
+
expiration = @credentials_provider.expiration
|
|
706
|
+
end
|
|
707
|
+
[credentials, expiration]
|
|
706
708
|
else
|
|
707
709
|
raise Errors::MissingCredentialsError,
|
|
708
710
|
'unable to sign request without credentials set'
|
|
@@ -720,21 +722,30 @@ module Aws
|
|
|
720
722
|
!credentials.secret_access_key.empty?
|
|
721
723
|
end
|
|
722
724
|
|
|
725
|
+
def presigned_url_expiration(options, expiration)
|
|
726
|
+
expires_in = extract_expires_in(options)
|
|
727
|
+
return expires_in unless expiration
|
|
728
|
+
|
|
729
|
+
expiration_seconds = (expiration - Time.now).to_i
|
|
730
|
+
[expires_in, expiration_seconds].min
|
|
731
|
+
end
|
|
732
|
+
|
|
723
733
|
### CRT Code
|
|
724
734
|
|
|
725
735
|
# the credentials used by CRT must be a
|
|
726
736
|
# CRT StaticCredentialsProvider object
|
|
727
737
|
def crt_fetch_credentials
|
|
728
|
-
creds = fetch_credentials
|
|
729
|
-
Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
738
|
+
creds, expiration = fetch_credentials
|
|
739
|
+
crt_creds = Aws::Crt::Auth::StaticCredentialsProvider.new(
|
|
730
740
|
creds.access_key_id,
|
|
731
741
|
creds.secret_access_key,
|
|
732
742
|
creds.session_token
|
|
733
743
|
)
|
|
744
|
+
[crt_creds, expiration]
|
|
734
745
|
end
|
|
735
746
|
|
|
736
747
|
def crt_sign_request(request)
|
|
737
|
-
creds = crt_fetch_credentials
|
|
748
|
+
creds, _ = crt_fetch_credentials
|
|
738
749
|
http_method = extract_http_method(request)
|
|
739
750
|
url = extract_url(request)
|
|
740
751
|
headers = downcase_headers(request[:headers])
|
|
@@ -793,7 +804,7 @@ module Aws
|
|
|
793
804
|
end
|
|
794
805
|
|
|
795
806
|
def crt_presign_url(options)
|
|
796
|
-
creds = crt_fetch_credentials
|
|
807
|
+
creds, expiration = crt_fetch_credentials
|
|
797
808
|
|
|
798
809
|
http_method = extract_http_method(options)
|
|
799
810
|
url = extract_url(options)
|
|
@@ -821,7 +832,7 @@ module Aws
|
|
|
821
832
|
use_double_uri_encode: @uri_escape_path,
|
|
822
833
|
should_normalize_uri_path: @normalize_path,
|
|
823
834
|
omit_session_token: @omit_session_token,
|
|
824
|
-
expiration_in_seconds: options
|
|
835
|
+
expiration_in_seconds: presigned_url_expiration(options, expiration)
|
|
825
836
|
)
|
|
826
837
|
http_request = Aws::Crt::Http::Message.new(
|
|
827
838
|
http_method, url.to_s, headers
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sigv4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-06-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-eventstream
|