right_aws_api 0.2.0 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5329a8cc0261eacfd9bf681412e9064185934f7e
-  data.tar.gz: f6d75ece8c71660a0e6c465827083c1e655ca385
+  metadata.gz: 164b81b2c4e7845571d6616ce59b22a3baa7788a
+  data.tar.gz: e7cbd22f3857d650a026b29699e22cc9718d1821
 SHA512:
-  metadata.gz: 4b6aa4f90078247eae455daf5e90d71323ea0dcf74f224885b4fb89f4beac77da3c7448f9e849e5253ed6d8019c7d97afa58164916f3ed9038143acb74ab129c
-  data.tar.gz: fddd2af29aa08ce0f364b69a45fb177f08799c6f28dc20ef03c47329ee8273e881bad92dad36bc42b8f6cc7c05246fbc80fecb65adb12b8573e313acc78c67cc
+  metadata.gz: 4b970d6a9794c29953c16e63018f7a97522476f66a7357ea5be7e0bd6d3d110b880615d86531a45a70b7ebe41d96d3bf18697074d2a7fc5844b1fc16caf51089
+  data.tar.gz: d0846816165f048ebfa43d026d144c03c35158f4006c750a7d0c14117a1f50d4031a3d46422b34321935d182e074f121bc426e84be043b3ba76371ed03b59ffa

data/HISTORY

@@ -1,2 +1,11 @@
+== 2015-01-16
+  - v0.2.2
+    Added an ability to not use DNS like buckets in AWS S3
+    Some minor bugs were fixed in singature V4
+
+== 2014-10-30
+  - v0.2.1
+    Added support for AWS v4 signature and make it the default
+
 == 2013-06-28
   - pre-release candidate created

data/lib/cloud/aws/base/helpers/utils.rb

@@ -171,7 +171,7 @@ module RightScale
         #
         # @example
         #  sign_s3_signature('secret', :get, 'xxx/yyy/zzz/object', {'header'=>'value'}) #=>
-        #    "i85igH0sftHD/cGZcLiBKcYEuks=" 
+        #    "i85igH0sftHD/cGZcLiBKcYEuks="
         #
         # @see http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
         #
@@ -196,7 +196,210 @@ module RightScale
           sign(aws_secret_access_key, string_to_sign)
         end
 
-                    
+
+        def self.sign_v4_get_service_and_region(host)
+          result =
+            case
+            when host[                  /^iam\.amazonaws\.com$/i ] then ['iam', 'us-east-1']
+            when host[            /^(.*\.)?s3\.amazonaws\.com$/i ] then ['s3',  'us-east-1']
+            when host[ /^(.*\.)?s3-external-1\.amazonaws\.com$/i ] then ['s3',  'us-east-1']
+            when host[    /s3-website-([^.]+)\.amazonaws\.com$/i ] then ['s3',           $1]
+            when host[     /^(.*\.)?s3-([^.]+).amazonaws\.com$/i ] then ['s3',           $2]
+            when host[   /^(.*\.)?s3\.([^.]+)\.amazonaws\.com$/i ] then ['s3',           $2]
+            else host[     /^([^.]+)\.([^.]+)\.amazonaws\.com$/i ]   && [$1,             $2]
+            end
+          fail(ArgumentError, "Cannot extract service name from %s host" % host.inspect) if !result || result[0].to_s.empty?
+          fail(ArgumentError, "Cannot extract region name from %s host"  % host.inspect) if result[1].to_s.empty?
+          result
+        end
+
+
+        # Signs and Authenticates REST Requests
+        #
+        # @param [String]        aws_secret_access_key
+        # @param [String]        aws_access_key
+        # @param [String]        host
+        # @param [Hash]          request
+        #
+        # @return [String]
+        #
+        # @see http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
+        #
+        def self.sign_v4_signature(aws_access_key, aws_secret_access_key, host, request, method=:headers)
+          now             = Time.now.utc
+          current_date    = now.strftime("%Y%m%d")
+          current_time    = now.strftime("%Y%m%dT%H%M%SZ")
+          host            = host.downcase
+          service, region = sign_v4_get_service_and_region(host)
+          creds_scope     = "%s/%s/%s/aws4_request" % [current_date, region, service]
+          algorithm       = "AWS4-HMAC-SHA256"
+
+          # Verb
+          canonical_verb = sign_v4_get_canonical_verb(request[:verb])
+
+          # Path
+          request[:path] ||= '/'
+          canonical_path   = sign_v4_get_canonical_path(request[:path])
+
+          # Headers (Auth)
+          request[:headers].delete('Authorization')
+          if method == :headers
+            canonical_payload = sign_v4_headers(request, host, current_time)
+          end
+          # Headers (Standard)
+          request[:headers]['Host'] = host
+          _headers = {}
+          request[:headers].each do |key, value|
+            _headers[key.to_s.downcase] = value.is_a?(Array) ? value.join(',') : value
+          end
+          canonical_headers = sign_v4_get_canonical_headers(_headers)
+          signed_headers    = sign_v4_get_signed_headers(_headers)
+
+          # Params (Auth)
+          if method != :headers
+            canonical_payload = sign_v4_query_params(
+              request,
+              algorithm,
+              current_time,
+              signed_headers,
+              aws_access_key,
+              creds_scope
+            )
+          end
+          # Params (Standard)
+          canonical_query_string = Utils::params_to_urn(request[:params]){ |value| amz_escape(value) }
+
+          # Canonical String
+          canonical_string = sign_v4_get_canonical_string(
+            canonical_verb,
+            canonical_path,
+            canonical_query_string,
+            canonical_headers,
+            signed_headers,
+            canonical_payload
+          )
+
+          # StringToSign
+          string_to_sign = sign_v4_get_string_to_sign(algorithm, current_time, creds_scope, canonical_string)
+
+          # Signature
+          signature = sign_v4_get_signature_key(aws_secret_access_key, string_to_sign, current_date, region, service)
+
+          request[:path] += "?%s" % canonical_query_string unless canonical_query_string.empty?
+
+          if method == :headers
+            # Authorization Header
+            authorization_header = "%s Credential=%s/%s, SignedHeaders=%s, Signature=%s" %
+                                   [algorithm, aws_access_key, creds_scope, signed_headers, signature]
+            request[:headers]['Authorization'] = authorization_header
+          else
+            request[:path] += "&X-Amz-Signature=%s" % signature
+          end
+        end
+
+
+        def self.sign_v4_get_canonical_verb(verb)
+          verb.to_s.upcase
+        end
+
+
+        def self.sign_v4_get_canonical_path(path)
+          path
+        end
+
+
+        def self.sign_v4_query_params(request, algorithm, current_time, signed_headers, aws_access_key, creds_scope)
+          expires_at = request[:params]['X-Amz-Expires'] || 3600
+          expires_at = expires_at.to_i if expires_at.is_a?(Time)
+
+          request[:params]['X-Amz-Date']          = current_time
+          request[:params]['X-Amz-Expires']       = expires_at
+          request[:params]['X-Amz-Algorithm']     = algorithm
+          request[:params]['X-Amz-SignedHeaders'] = signed_headers
+          request[:params]['X-Amz-Credential']    = "%s/%s" % [aws_access_key, creds_scope]
+
+          'UNSIGNED-PAYLOAD'
+        end
+
+
+        def self.sign_v4_get_canonical_headers(headers)
+          headers.sort.map{ |key, value| "#{key}:#{value}" }.join("\n")
+        end
+
+
+        def self.sign_v4_get_signed_headers(headers)
+          headers.keys.sort.join(';')
+        end
+
+
+        def self.sign_v4_headers(request, host, current_time)
+          expires_at = request[:headers]['X-Amz-Expires'].first || 3600
+          expires_at = expires_at.to_i if expires_at.is_a?(Time)
+
+          if request[:body].is_a?(IO)
+            canonical_payload = ''
+            request[:headers].set_if_blank('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD')
+          else
+            request[:body]    = request[:body].to_s
+            canonical_payload = hex_encode(Digest::SHA256.digest(request[:body]))
+            content_type      = 'application/x-www-form-urlencoded; charset=utf-8'
+            content_md5       = Base64::encode64(Digest::MD5::digest(request[:body])).strip
+            request[:headers].set_if_blank('Content-Length',       request[:body].bytesize)
+            request[:headers].set_if_blank('Content-Type',         content_type)
+            request[:headers].set_if_blank('Content-Md5',          content_md5)
+            request[:headers].set_if_blank('X-Amz-Content-Sha256', canonical_payload)
+          end
+          request[:headers]['X-Amz-Date']    = current_time
+          request[:headers]['X-Amz-Expires'] = expires_at
+
+          canonical_payload
+        end
+
+
+        # Signature V4: Returns Canonical String
+        #
+        # @return [String]
+        #
+        def self.sign_v4_get_canonical_string(verb, path, query_string, headers, signed_headers, payload)
+          verb           + "\n"   +
+          path           + "\n"   +
+          query_string   + "\n"   +
+          headers        + "\n\n" +
+          signed_headers + "\n"   +
+          payload
+        end
+
+
+        # Signature V4: A string to sign value
+        #
+        # @return [String]
+        #
+        def self.sign_v4_get_string_to_sign(algorithm, current_time, creds_scope, canonical_string)
+          algorithm    + "\n" +
+          current_time + "\n" +
+          creds_scope  + "\n" +
+          hex_encode(Digest::SHA256.digest(canonical_string)).downcase
+        end
+
+
+        #Helpers from AWS documentation http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html
+        def self.sign_v4_get_signature_key(key, string_to_sign, date, region, service, digest = @@digest256)
+          k_date    = OpenSSL::HMAC.digest(digest, "AWS4" + key, date)
+          k_region  = OpenSSL::HMAC.digest(digest, k_date,       region)
+          k_service = OpenSSL::HMAC.digest(digest, k_region,     service)
+          k_signing = OpenSSL::HMAC.digest(digest, k_service,    "aws4_request")
+          hex_encode  OpenSSL::HMAC.digest(digest, k_signing,    string_to_sign)
+        end
+
+
+        def self.hex_encode(bindata)
+          result=""
+          data=bindata.unpack("C*")
+          data.each {|b| result+= "%02x" % b}
+          result
+        end
+
+
         # Parametrizes data to the format that Amazon EC2 (and compatible APIs) loves
         #
         # @param [Hash] data
@@ -207,7 +410,7 @@ module RightScale
         #   # Where hash is:
         #   { Name.?.Mask  => Value | [ Values ],
         #     NamePrefix.? => [{ SubNameA.1 => ValueA.1,  SubNameB.1 => ValueB.1 },   # any simple parameter
-        #                     ..., 
+        #                     ...,
         #                      { SubNameN.X => ValueN.X,  SubNameM.X => ValueN.X }]   # see BlockDeviceMapping case
         #
         # @example
@@ -237,15 +440,15 @@ module RightScale
         #               'MaxCount' => 2,
         #               'KeyName'  => 'my-key',
         #               'SecurityGroupId' => ['sg-01234567', 'sg-12345670', 'sg-23456701'],
-        #               'BlockDeviceMapping' => [ 
-        #                  { 'DeviceName'     => '/dev/sda1', 
-        #                    'Ebs.SnapshotId' => 'snap-01234567', 
+        #               'BlockDeviceMapping' => [
+        #                  { 'DeviceName'     => '/dev/sda1',
+        #                    'Ebs.SnapshotId' => 'snap-01234567',
         #                    'Ebs.VolumeSize' => 20,
         #                    'Ebs.DeleteOnTermination' => true },
-        #                  { 'DeviceName'     => '/dev/sdb1', 
-        #                    'Ebs.SnapshotId' => 'snap-12345670', 
+        #                  { 'DeviceName'     => '/dev/sdb1',
+        #                    'Ebs.SnapshotId' => 'snap-12345670',
         #                    'Ebs.VolumeSize' => 10,
-        #                    'Ebs.DeleteOnTermination' => false } ] ) #=> 
+        #                    'Ebs.DeleteOnTermination' => false } ] ) #=>
         #    {
         #      "BlockDeviceMapping.1.DeviceName"              => "/dev/sda1",
         #      "BlockDeviceMapping.1.Ebs.DeleteOnTermination" => true,
@@ -262,7 +465,7 @@ module RightScale
         #      "SecurityGroupId.1"                            => "sg-01234567",
         #      "SecurityGroupId.2"                            => "sg-12345670",
         #      "SecurityGroupId.3"                            => "sg-23456701"
-        #    }          
+        #    }
         #
         # @example
         #  parametrize( 'DomainName' => 'kdclient',
@@ -276,7 +479,7 @@ module RightScale
         #                           { 'ItemName'  => 'diana',
         #                             'Attribute' => [ { 'Name' => 'sex',    'Value' => 'female' },
         #                                              { 'Name' => 'weight', 'Value' => '120'},
-        #                                              { 'Name' => 'age',    'Value' => '25'} ] } ] ) #=> 
+        #                                              { 'Name' => 'age',    'Value' => '25'} ] } ] ) #=>
         #    { "DomainName"               => "kdclient",
         #      "Item.1.ItemName"          => "konstantin",
         #      "Item.1.Attribute.1.Name"  => "sex",
@@ -321,8 +524,8 @@ module RightScale
           end
           result
         end
-        
+
       end
     end
   end
-end
+end

data/lib/cloud/aws/base/manager.rb

@@ -116,7 +116,7 @@ module RightScale
           opts[:headers] = params.delete(:headers) || {}
           opts[:options] = params.delete(:options) || {}
           opts[:params]  = parametrize(params)
-          process_api_request(:get, '', opts, &block)
+          process_api_request(:post, '', opts, &block)
         end
 
 

data/lib/cloud/aws/base/routines/request_signer.rb

@@ -43,38 +43,22 @@ module RightScale
         #  no example
         #
         def process
-          # Make sure all the required params are set
-          @data[:request][:params]['AWSAccessKeyId'] = @data[:credentials][:aws_access_key_id]
-          @data[:request][:params]['Version']      ||= @data[:options][:api_version]
           # Compile a final request path
           @data[:request][:path] = Utils::join_urn(@data[:connection][:uri].path, @data[:request][:relative_path])
-          # Sign the request
-          sign_proc = Proc::new do |data|
-            Utils::AWS::sign_v2_signature( data[:credentials][:aws_secret_access_key],
-                                           data[:request][:params] || {},
-                                           data[:request][:verb],
-                                           data[:connection][:uri].host,
-                                           data[:request][:path] )
-          end
-          signed_path = sign_proc.call(@data)
-          # Rebuild the request as POST if its path is too long
-          if signed_path.size > MAX_GET_REQUEST_PATH_LENGTH && @data[:request][:verb] == :get
-            @data[:request][:verb] = :post
-            signed_path = sign_proc.call(@data)
-          end
-          # Set new path or body and content-type
-          case @data[:request][:verb]
-          when :get
-            @data[:request][:path] << "?#{signed_path}"
-          when :post
-            @data[:request][:body] = signed_path
-            @data[:request][:headers]['content-type'] = 'application/x-www-form-urlencoded; charset=utf-8'
-          else
-            fail Error::new("Unsupported HTTP verb: #{@data[:request][:verb]}")
-          end
+
+          # Swap query params and body
+          @data[:request][:params]['Version'] ||= @data[:options][:api_version]
+          @data[:request][:body]   = Utils::params_to_urn(@data[:request][:params]){ |value| Utils::AWS::amz_escape(value) }
+          @data[:request][:params] = {}
+
+          Utils::AWS::sign_v4_signature(
+            @data[:credentials][:aws_access_key_id],
+            @data[:credentials][:aws_secret_access_key],
+            @data[:connection][:uri].host,
+            @data[:request]
+          )
         end
       end
-        
     end
   end
-end
+end

data/lib/cloud/aws/s3/link/routines/request_signer.rb

@@ -43,25 +43,24 @@ module RightScale
               fail Error::new("Body must be blank")           unless @data[:request][:body]._blank?
               fail Error::new("Headers must be blank")        unless @data[:request][:headers]._blank?
 
-              uri        = @data[:connection][:uri]
-              access_key = @data[:credentials][:aws_access_key_id]
-              secret_key = @data[:credentials][:aws_secret_access_key]
-              bucket     = @data[:request][:bucket]
-              object     = @data[:request][:relative_path]
-              params     = @data[:request][:params]
-              verb       = @data[:request][:verb]
-
+              uri            = @data[:connection][:uri]
+              bucket         = @data[:request][:bucket]
+              object         = @data[:request][:relative_path]
               bucket, object = compute_bucket_name_and_object_path(bucket, object)
               uri            = compute_host(bucket, uri)
 
-              compute_params!(params, access_key)
+              @data[:request][:path] = compute_path(bucket, object)
 
-              # Set Auth param
-              signature = compute_signature(secret_key, verb, bucket, object, params)
-              params['Signature'] = signature
+              Utils::AWS::sign_v4_signature(
+                @data[:credentials][:aws_access_key_id],
+                @data[:credentials][:aws_secret_access_key],
+                @data[:connection][:uri].host,
+                @data[:request],
+                :query_params
+              )
 
               # Compute href
-              path                = compute_path(bucket, object, params)
+              path                = @data[:request][:path]
               uri.path, uri.query = path.split('?')
               @data[:result]      = uri.to_s
 
@@ -69,37 +68,6 @@ module RightScale
               @data[:vars][:system][:done] = true
             end
 
-
-            # Sets response params
-            #
-            # @param [Hash] params
-            #
-            # @return [Hash]
-            #
-            def compute_params!(params, access_key)
-              # Expires
-              expires   = params['Expires']
-              expires ||= Time.now.utc.to_i + ONE_YEAR_OF_SECONDS
-              expires   = expires.to_i unless expires.is_a?(Fixnum)
-              params['Expires']        = expires
-              params['AWSAccessKeyId'] = access_key
-              params
-            end
-
-
-            # Computes signature
-            #
-            # @param [String] secret_key
-            # @param [String] verb
-            # @param [String] bucket
-            # @param [Hash]   params
-            #
-            # @return [String]
-            #
-            def compute_signature(secret_key, verb, bucket, object, params)
-              can_path = compute_canonicalized_path(bucket, object, params)
-              Utils::AWS::sign_s3_signature(secret_key, verb, can_path, { 'expires' => params['Expires'] })
-            end
           end
 
         end

data/lib/cloud/aws/s3/manager.rb

@@ -293,6 +293,19 @@ module RightScale
         #     'https://s3.amazonaws.com/?AWSAccessKeyId=AK...TA&Expires=1436651780&
         #      Signature=XK...53s%3D'
         #
+        # @example
+        #   link = RightScale::CloudApi::AWS::S3::Link::Manager::new(key, secret, endpoint)
+        #   link.GetObject('Bucket' => 'foo', 'Object' => 'bar') #=>
+        #     'https://foo.s3.amazonaws.com/bar?AWSAccessKeyId=AK...TA&Expires=1436557118&
+        #      Signature=hg...%3D&response-content-type=image%2Fpeg'
+        #
+        # @example
+        #   # Do not use DNS-like bucket hosts but put buckets into path
+        #   link = RightScale::CloudApi::AWS::S3::Link::Manager::new(key, secret, endpoint, :no_dns_buckets => true)
+        #   link.GetObject('Bucket' => 'foo', 'Object' => 'bar') #=>
+        #     'https://s3.amazonaws.com/foo/bar?AWSAccessKeyId=AK...TA&Expires=1436557118&
+        #      Signature=hg...%3D&response-content-type=image%2Fpeg'
+        #
         # @see ApiManager
         # @see Wrapper::DEFAULT.extended Wrapper::DEFAULT.extended (click [View source])
         # @see http://docs.aws.amazon.com/AmazonS3/latest/API/APIRest.html

data/lib/cloud/aws/s3/routines/request_signer.rb

@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 #--
 # Copyright (c) 2013 RightScale, Inc.
 #
@@ -75,91 +76,28 @@ module RightScale
           #  # no example
           #
           def process
-            uri        = @data[:connection][:uri]
-            access_key = @data[:credentials][:aws_access_key_id]
-            secret_key = @data[:credentials][:aws_secret_access_key]
-            body       = @data[:request][:body]
-            bucket     = @data[:request][:bucket]
-            headers    = @data[:request][:headers]
-            object     = @data[:request][:relative_path]
-            params     = @data[:request][:params]
-            verb       = @data[:request][:verb]
-
+            uri            = @data[:connection][:uri]
+            body           = @data[:request][:body]
+            bucket         = @data[:request][:bucket]
+            object         = @data[:request][:relative_path]
             bucket, object = compute_bucket_name_and_object_path(bucket, object)
-            body           = compute_body(body, headers['content-type'])
+            body           = compute_body(body, @data[:request][:headers]['content-type'])
             uri            = compute_host(bucket, uri)
 
-            compute_headers!(headers, body, uri.host)
-
-            # Set Authorization header
-            signature = compute_signature(access_key, secret_key, verb, bucket, object, params, headers)
-            headers['authorization'] = "AWS #{access_key}:#{signature}"
-
-            @data[:request][:body]           = body
-            @data[:request][:bucket]         = bucket
-            @data[:request][:headers]        = headers
-            @data[:request][:params]         = params
-            @data[:request][:path]           = compute_path(bucket, object, params)
-            @data[:request][:relative_path]  = object
-            @data[:connection][:uri] = uri
-          end
-
-
-          # Returns a list of  sub-resource(s)
-          #
-          # Sub-resources are acl, torrent, versioning, location, etc. See SUB_RESOURCES
-          #
-          # @return [Hash]
-          #
-          def get_subresources(params)
-            result = {}
-            params.each do |key, value|
-              next unless SUB_RESOURCES.include?(key) || key[OVERRIDE_RESPONSE_HEADERS]
-              result[key] = (value._blank? ? nil : value)
-            end
-            result
-          end
+            compute_headers!(@data[:request][:headers], body, uri.host)
 
+            @data[:connection][:uri]        = uri
+            @data[:request][:bucket]        = bucket
+            @data[:request][:relative_path] = object
+            @data[:request][:body]          = body
+            @data[:request][:path]          = compute_path(bucket, object)
 
-          # Returns canonicalized bucket
-          #
-          # @param [String] bucket
-          #
-          # @return [String]
-          #
-          # @example
-          #   # DNS bucket
-          #   compute_canonicalized_bucket('foo-bar') #=> 'foo-bar/'
-          #
-          # @example
-          #   # non DNS bucket
-          #   compute_canonicalized_bucket('foo_bar') #=> 'foo_bar'
-          #
-          def compute_canonicalized_bucket(bucket)
-            bucket += '/' if Utils::AWS::is_dns_bucket?(bucket)
-            bucket
-          end
-
-
-          # Returns canonicalized path
-          #
-          # @param [String] bucket
-          # @param [String] relative_path
-          # @param [Hash]   params
-          #
-          # @return [String]
-          #
-          # @example
-          #   params = { 'Foo' => 1, 'acl' => '2', 'response-content-type' => 'jpg' }
-          #   compute_canonicalized_path('foo-bar_bucket', 'a/b/c/d.jpg', params)
-          #     #=> '/foo-bar_bucket/a/b/c/d.jpg?acl=3&response-content-type=jpg'
-          #
-          def compute_canonicalized_path(bucket, relative_path, params)
-            can_bucket = compute_canonicalized_bucket(bucket)
-            sub_params = get_subresources(params)
-            # We use the block below to avoid escaping: Amazon does not like escaped bucket and '/'
-            # in canonicalized path (relative path has been escaped above already)
-            Utils::join_urn(can_bucket, relative_path, sub_params) { |value| value }
+            Utils::AWS::sign_v4_signature(
+              @data[:credentials][:aws_access_key_id],
+              @data[:credentials][:aws_secret_access_key],
+              @data[:connection][:uri].host,
+              @data[:request]
+            )
           end
 
 
@@ -180,7 +118,10 @@ module RightScale
             relative_path.to_s[/^([^\/]*)\/?(.*)$/]
             # Escape part of the path that may have UTF-8 chars (in S3 Object name for instance).
             # Amazon wants them to be escaped before we sign the request.
-            [ $1, Utils::AWS::amz_escape($2) ]
+            # P.S. but do not escape "/" (signature v4 does not like this)
+            #
+            object = $2.to_s.split('/').map{|i| Utils::AWS::amz_escape(i)}.join('/')
+            [ $1, object ]
           end
 
 
@@ -206,7 +147,7 @@ module RightScale
           # @return [URI]
           #
           def compute_host(bucket, uri)
-            return uri unless Utils::AWS::is_dns_bucket?(bucket)
+            return uri unless is_dns_bucket?(bucket)
             return uri if uri.host[/^#{bucket}\..+\.[^.]+\.[^.]+$/]
             uri.host = "#{bucket}.#{uri.host}"
             uri
@@ -221,7 +162,7 @@ module RightScale
           # @return [Object]
           #
           def compute_body(body, content_type)
-            return body if body._blank?
+            return body if body.nil?
             # Make sure it is a String instance
             return body unless body.is_a?(Hash)
             Utils::contentify_body(body, content_type)
@@ -243,30 +184,10 @@ module RightScale
             #      'The request signature we calculated does not match the signature you provided.
             #       Check your key and signing method.'
             headers.set_if_blank('content-type', 'application/octet-stream')
-            headers.set_if_blank('date', Time::now.utc.httpdate)
-            headers['content-md5'] = Base64::encode64(Digest::MD5::digest(body)).strip if !body._blank?
-            headers['host']        = host
             headers
           end
 
 
-          # Computes signature
-          #
-          # @param [String] access_key
-          # @param [String] secret_key
-          # @param [String] verb
-          # @param [String] bucket
-          # @param [Hash]   params
-          # @param [Hash]   headers
-          #
-          # @return [String]
-          #
-          def compute_signature(access_key, secret_key, verb, bucket, object, params, headers)
-            can_path  = compute_canonicalized_path(bucket, object, params)
-            Utils::AWS::sign_s3_signature(secret_key, verb, can_path, headers)
-          end
-
-
           # Builds request path
           #
           # @param [String] bucket
@@ -275,16 +196,26 @@ module RightScale
           #
           # @return [String]
           #
-          def compute_path(bucket, object, params)
+          def compute_path(bucket, object)
             data = []
-            data << bucket unless Utils::AWS::is_dns_bucket?(bucket)
+            data << bucket unless is_dns_bucket?(bucket)
             data << object
-            data << params
             Utils::join_urn(*data)
           end
 
+          # Returns +true+ if DNS compatible buckets are enabled (default) and the
+          # given bucket is DNS compatible
+          #
+          # @param [String] bucket
+          # @return [Boolean]
+          #
+          def is_dns_bucket?(bucket)
+            return false if @data[:options][:cloud][:no_dns_buckets]
+            Utils::AWS::is_dns_bucket?(bucket)
+          end
+
         end
       end
     end
   end
-end
+end