aws4-nycda 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 24e12aa48af33e56a9676072857f43bde9d9aec7
+  data.tar.gz: 0e929a9867e68860b6dc02700b769d9b870a29c8
+SHA512:
+  metadata.gz: 2eadc3f496102b842bf4aacd76560ac300486962a94c2fb31f172ef4a6529a195c65333a17af9fd636c4cb59fd3a08ad369b68318c1483130889f88f9517e52c
+  data.tar.gz: e4232d2ad6f86e4e89618f49b63ef3e26ae419c87e0029375d31d736ac9627307e3a3e2a3ec21e97d74a4fa557cdbe509cad5f39c80156ed2c561a5b8eeee685

data/Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

data/Gemfile.lock

@@ -0,0 +1,16 @@
+PATH
+  remote: .
+  specs:
+    aws4 (0.0.2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    rake (10.0.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aws4!
+  rake

data/Rakefile

@@ -0,0 +1,9 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs.push "lib"
+  t.test_files = FileList['test/*_test.rb']
+  t.verbose = true
+end
+
+task :default => :test

data/aws4.gemspec

@@ -0,0 +1,18 @@
+require "./lib/aws4/version"
+
+Gem::Specification.new do |s|
+  s.name         = 'aws4-nycda'
+  s.version      = AWS4::VERSION
+  s.summary      = "A ruby gem for AWS Signature version 4"
+  s.description  = "The approach is HTTP library agnostic, so you must supply method, uri, headers, and body"
+  s.authors      = ["Brandon Keene"]
+  s.email        = ["bkeene@gmail.com"]
+  s.require_path = 'lib'
+  s.files        = `git ls-files`.split("\n")
+  s.test_files   = `git ls-files -- {test}/*`.split("\n")
+  s.executables  = []
+  s.homepage     = 'http://github.com/cmdrkeene/aws4'
+
+  s.add_development_dependency "rake"
+end
+

data/lib/aws4.rb

@@ -0,0 +1,3 @@
+# AWS4
+require "aws4/version"
+require "aws4/signer"

data/lib/aws4/signer.rb

@@ -0,0 +1,108 @@
+# encoding: UTF-8
+require "openssl"
+require "time"
+require "uri"
+require "pathname"
+
+module AWS4
+  class Signer
+    RFC8601BASIC = "%Y%m%dT%H%M%SZ"
+    attr_reader :access_key, :secret_key, :region
+    attr_reader :date, :method, :uri, :headers, :body, :service
+
+    def initialize(config)
+      @access_key = config[:access_key] || config["access_key"]
+      @secret_key = config[:secret_key] || config["secret_key"]
+      @region = config[:region] || config["region"]
+    end
+
+    def sign(method, uri, headers, body, debug = false, b64 = false)
+      @method = method.upcase
+      @uri = uri
+      @headers = headers
+      @body = body
+      @service = @uri.host.split(".", 2)[0]
+      date_header = headers["Date"] || headers["DATE"] || headers["date"]
+      @date = (date_header ? Time.parse(date_header) : Time.now).utc.strftime(RFC8601BASIC)
+      dump if debug
+      signed = headers.dup
+      signed['Authorization'] = authorization(headers)
+      signed
+    end
+
+    private
+
+    # def authorization_b64(headers)
+    #   [
+    #     "X-Amz-Content-SHA256 Credential=#{Base64.strict_encode64(access_key)}/#{Base64.strict_encode64(credential_string)}",
+    #     "SignedHeaders=#{headers.keys.map(&:downcase).sort.join(";")}",
+    #     "Signature=#{Base64.strict_encode64(signature)}"
+    #   ].join(', ')
+    # end
+
+    def authorization(headers)
+      [
+        "AWS4-HMAC-SHA256 Credential=#{Base64.strict_encode64(access_key.to_s + '/' + credential_string.to_s}",
+        "SignedHeaders=#{headers.keys.map(&:downcase).sort.join(";")}",
+        "Signature=#{Base64.strict_encode64(signature)}"
+      ].join(', ')
+    end
+
+    def signature
+      k_date = hmac("AWS4" + secret_key, date[0,8])
+      k_region = hmac(k_date, region)
+      k_service = hmac(k_region, service)
+      k_credentials = hmac(k_service, "aws4_request")
+      hexhmac(k_credentials, string_to_sign)
+    end
+
+    def string_to_sign
+      [
+        'AWS4-HMAC-SHA256',
+        date,
+        credential_string,
+        hexdigest(canonical_request)
+      ].join("\n")
+    end
+
+    def credential_string
+      [
+        date[0,8],
+        region,
+        service,
+        "aws4_request"
+      ].join("/")
+    end
+
+    def canonical_request
+      [
+        method,
+        Pathname.new(uri.path).cleanpath.to_s,
+        uri.query,
+        headers.sort.map {|k, v| [k.downcase,v.strip].join(':')}.join("\n") + "\n",
+        headers.sort.map {|k, v| k.downcase}.join(";"),
+        hexdigest(body || '')
+      ].join("\n")
+    end
+
+    def hexdigest(value)
+      Digest::SHA256.new.update(value).hexdigest
+    end
+
+    def hmac(key, value)
+      OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, value)
+    end
+
+    def hexhmac(key, value)
+      OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), key, value)
+    end
+
+    def dump
+      puts "string to sign"
+      puts string_to_sign
+      puts "canonical_request"
+      puts canonical_request
+      puts "authorization"
+    end
+  end
+end

data/lib/aws4/version.rb

@@ -0,0 +1,3 @@
+module AWS4
+  VERSION = "0.0.1"
+end

data/readme.md

@@ -0,0 +1,47 @@
+This gem signs HTTP headers with the AWS4 signature for use with Amazon’s AWS APIs.
+
+It is designed to be library agnostic.
+
+## Usage
+
+    # create a signer
+    signer = AWS4::Signer.new(
+      access_key: "key",
+      secret_key: "secret",
+      region: "us-east-1"
+    )
+
+    # build request
+    uri = URI("https://dynamodb.us-east-1.amazonaws.com/")
+    headers = {
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "Content-Type" => "application/json; charset=utf8"
+    }
+    body="{}"
+
+    # sign headers
+    headers = signer.sign("POST", uri, headers, body)
+
+## License
+
+The MIT License (MIT)
+
+Copyright (c) 2013 Brandon Keene
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/test/benchmark_test.rb

@@ -0,0 +1,31 @@
+# encoding: UTF-8
+require 'minitest/spec'
+require 'minitest/autorun'
+require 'aws4/signer'
+require "benchmark"
+
+describe "benchmark" do
+  it "runs quickly" do
+    trials = 10_000
+    signer = AWS4::Signer.new(
+      access_key: "AKIDEXAMPLE",
+      secret_key: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+      region: "us-east-1",
+      host: "host.foo.com"
+    )
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "Content-Type" => "application/x-www-form-urlencoded; charset=utf8"
+    }
+    body = "foo=bar"
+
+    t = Benchmark.realtime do
+      trials.times do
+        signed = signer.sign("POST", uri, headers, body)
+      end
+    end
+    puts "#{(trials/t).round(1)} signatures/second (#{((t/trials.to_f)*1000).round(3)}ms/signature)"
+  end
+end

data/test/signer_test.rb

@@ -0,0 +1,256 @@
+# encoding: UTF-8
+require 'minitest/spec'
+require 'minitest/autorun'
+require 'aws4/signer'
+
+describe AWS4::Signer do
+  def signer
+    @signer ||= AWS4::Signer.new(
+      access_key: "AKIDEXAMPLE",
+      secret_key: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+      region: "us-east-1",
+      host: "host.foo.com"
+    )
+  end
+
+  it "signs get-vanilla" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470")
+  end
+
+  it "signs get-relative" do
+    uri = URI("http://host.foo.com/foo/..")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470")
+  end
+
+  it "signs get-relative-relative" do
+    uri = URI("http://host.foo.com/foo/bar/../..")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470")
+  end
+
+  it "signs get-slash-pointless-dot" do
+    uri = URI("http://host.foo.com/./foo")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=910e4d6c9abafaf87898e1eb4c929135782ea25bb0279703146455745391e63a")
+  end
+
+  it "signs get-slash" do
+    uri = URI("http://host.foo.com//")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470")
+  end
+
+  it "signs get-vanilla-empty-query" do
+    uri = URI("http://host.foo.com/?foo=bar")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=56c054473fd260c13e4e7393eb203662195f5d4a1fada5314b8b52b23f985e9f")
+  end
+
+  it "signs get-unreserved" do
+    uri = URI("http://host.foo.com/-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=830cc36d03f0f84e6ee4953fbe701c1c8b71a0372c63af9255aa364dd183281e")
+  end
+
+  it "signs get-header-value-trim" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "p" => " phfft "
+    }
+    body = ""
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;p, Signature=debf546796015d6f6ded8626f5ce98597c33b47b9164cf6b17b4642036fcb592")
+  end
+
+  it "signs get-vanilla-query-order" do
+    uri = URI("http://host.foo.com/?foo=Zoo&foo=aha")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=be7148d34ebccdc6423b19085378aa0bee970bdc61d144bd1a8c48c33079ab09")
+  end
+
+  it "signs get-vanilla-query-order-key" do
+    uri = URI("http://host.foo.com/?a=foo&b=foo")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=0dc122f3b28b831ab48ba65cb47300de53fbe91b577fe113edac383730254a3b")
+  end
+
+  it "signs get-vanilla-utf8-query" do
+    uri = URI(URI::encode("http://host.foo.com/?ሴ=bar"))
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=6fb359e9a05394cc7074e0feb42573a2601abc0c869a953e8c5c12e4e01f1a8c")
+  end
+
+  it "signs post-vanilla" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=22902d79e148b64e7571c3565769328423fe276eae4b26f83afceda9e767f726")    
+  end
+
+  it "signs post-vanilla-empty-query-value" do
+    uri = URI("http://host.foo.com/?foo=bar")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b6e3b79003ce0743a491606ba1035a804593b0efb1e20a11cba83f8c25a57a92")    
+  end
+
+  it "signs post-header-key-sort" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "ZOO"  => "zoobar"
+    }
+    body = ""
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;zoo, Signature=b7a95a52518abbca0964a999a880429ab734f35ebbf1235bd79a5de87756dc4a")
+  end
+
+  it "signs post-header-key-case" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "DATE" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = signer.sign("POST", uri, headers, body)
+    signed["DATE"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=22902d79e148b64e7571c3565769328423fe276eae4b26f83afceda9e767f726")
+  end
+
+  it "signs post-header-value-case" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "zoo" => "ZOOBAR"
+    }
+    body = ""
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;zoo, Signature=273313af9d0c265c531e11db70bbd653f3ba074c1009239e8559d3987039cad7")
+  end
+
+  it "signs post-x-www-form-urlencoded" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "Content-Type" => "application/x-www-form-urlencoded"
+    }
+    body = "foo=bar"
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Content-Type"].must_equal("application/x-www-form-urlencoded")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=content-type;date;host, Signature=5a15b22cf462f047318703b92e6f4f38884e4a7ab7b1d6426ca46a8bd1c26cbc")
+  end
+
+  it "signs post-x-www-form-urlencoded-parameters" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT",
+      "Content-Type" => "application/x-www-form-urlencoded; charset=utf8"
+    }
+    body = "foo=bar"
+    signed = signer.sign("POST", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")    
+    signed["Content-Type"].must_equal("application/x-www-form-urlencoded; charset=utf8")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=content-type;date;host, Signature=b105eb10c6d318d2294de9d49dd8b031b55e3c3fe139f2e637da70511e9e7b71")
+  end
+end