aws4 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +1 -1
- data/lib/aws4/signer.rb +33 -37
- data/lib/aws4/version.rb +1 -1
- data/readme.md +24 -4
- metadata +1 -1
data/Gemfile.lock
CHANGED
data/lib/aws4/signer.rb
CHANGED
@@ -6,8 +6,9 @@ require "pathname"
|
|
6
6
|
|
7
7
|
module AWS4
|
8
8
|
class Signer
|
9
|
+
RFC8601BASIC = "%Y%m%dT%H%M%SZ"
|
9
10
|
attr_reader :access_key, :secret_key, :region
|
10
|
-
attr_reader :date, :method, :uri, :headers, :body
|
11
|
+
attr_reader :date, :method, :uri, :headers, :body, :service
|
11
12
|
|
12
13
|
def initialize(config)
|
13
14
|
@access_key = config[:access_key] || config["access_key"]
|
@@ -20,7 +21,9 @@ module AWS4
|
|
20
21
|
@uri = uri
|
21
22
|
@headers = headers
|
22
23
|
@body = body
|
23
|
-
@
|
24
|
+
@service = @uri.host.split(".", 2)[0]
|
25
|
+
date_header = headers["Date"] || headers["DATE"] || headers["date"]
|
26
|
+
@date = (date_header ? Time.parse(date_header) : Time.now).utc.strftime(RFC8601BASIC)
|
24
27
|
dump if debug
|
25
28
|
signed = headers.dup
|
26
29
|
signed['Authorization'] = authorization(headers)
|
@@ -29,60 +32,53 @@ module AWS4
|
|
29
32
|
|
30
33
|
private
|
31
34
|
|
32
|
-
def service
|
33
|
-
@uri.host.split(".", 2)[0]
|
34
|
-
end
|
35
|
-
|
36
35
|
def authorization(headers)
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
36
|
+
[
|
37
|
+
"AWS4-HMAC-SHA256 Credential=#{access_key}/#{credential_string}",
|
38
|
+
"SignedHeaders=#{headers.keys.map(&:downcase).sort.join(";")}",
|
39
|
+
"Signature=#{signature}"
|
40
|
+
].join(', ')
|
42
41
|
end
|
43
42
|
|
44
43
|
def signature
|
45
|
-
|
46
|
-
k_date = hmac("AWS4" + k_secret, date[0,8])
|
44
|
+
k_date = hmac("AWS4" + secret_key, date[0,8])
|
47
45
|
k_region = hmac(k_date, region)
|
48
46
|
k_service = hmac(k_region, service)
|
49
|
-
k_credentials = hmac(k_service,
|
47
|
+
k_credentials = hmac(k_service, "aws4_request")
|
50
48
|
hexhmac(k_credentials, string_to_sign)
|
51
49
|
end
|
52
50
|
|
53
51
|
def string_to_sign
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
52
|
+
[
|
53
|
+
'AWS4-HMAC-SHA256',
|
54
|
+
date,
|
55
|
+
credential_string,
|
56
|
+
hexdigest(canonical_request)
|
57
|
+
].join("\n")
|
60
58
|
end
|
61
59
|
|
62
60
|
def credential_string
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
61
|
+
[
|
62
|
+
date[0,8],
|
63
|
+
region,
|
64
|
+
service,
|
65
|
+
"aws4_request"
|
66
|
+
].join("/")
|
69
67
|
end
|
70
68
|
|
71
69
|
def canonical_request
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
70
|
+
[
|
71
|
+
method,
|
72
|
+
Pathname.new(uri.path).cleanpath.to_s,
|
73
|
+
uri.query,
|
74
|
+
headers.sort.map {|k, v| [k.downcase,v.strip].join(':')}.join("\n") + "\n",
|
75
|
+
headers.sort.map {|k, v| k.downcase}.join(";"),
|
76
|
+
hexdigest(body || '')
|
77
|
+
].join("\n")
|
80
78
|
end
|
81
79
|
|
82
80
|
def hexdigest(value)
|
83
|
-
|
84
|
-
digest.update(value)
|
85
|
-
digest.hexdigest
|
81
|
+
Digest::SHA256.new.update(value).hexdigest
|
86
82
|
end
|
87
83
|
|
88
84
|
def hmac(key, value)
|
data/lib/aws4/version.rb
CHANGED
data/readme.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
This gem signs HTTP headers with the AWS4 signature for use with Amazon’s AWS APIs.
|
2
2
|
|
3
|
-
|
3
|
+
It is designed to be library agnostic.
|
4
4
|
|
5
5
|
## Usage
|
6
6
|
|
@@ -8,8 +8,7 @@ You MUST supply a `Date` header.
|
|
8
8
|
signer = AWS4::Signer.new(
|
9
9
|
access_key: "key",
|
10
10
|
secret_key: "secret",
|
11
|
-
region: "us-east-1"
|
12
|
-
host: "dynamodb.us-east-1.amazonaws.com"
|
11
|
+
region: "us-east-1"
|
13
12
|
)
|
14
13
|
|
15
14
|
# build request
|
@@ -23,5 +22,26 @@ You MUST supply a `Date` header.
|
|
23
22
|
# sign headers
|
24
23
|
headers = signer.sign("POST", uri, headers, body)
|
25
24
|
|
26
|
-
|
25
|
+
## License
|
27
26
|
|
27
|
+
The MIT License (MIT)
|
28
|
+
|
29
|
+
Copyright (c) 2013 Brandon Keene
|
30
|
+
|
31
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
32
|
+
of this software and associated documentation files (the "Software"), to deal
|
33
|
+
in the Software without restriction, including without limitation the rights
|
34
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
35
|
+
copies of the Software, and to permit persons to whom the Software is
|
36
|
+
furnished to do so, subject to the following conditions:
|
37
|
+
|
38
|
+
The above copyright notice and this permission notice shall be included in
|
39
|
+
all copies or substantial portions of the Software.
|
40
|
+
|
41
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
42
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
43
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
44
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
45
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
46
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
47
|
+
THE SOFTWARE.
|