@aws-sdk/signature-v4-crt 3.34.0 → 3.38.0

package/CHANGELOG.md

@@ -3,6 +3,41 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.38.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.37.0...v3.38.0) (2021-10-22)
+
+**Note:** Version bump only for package @aws-sdk/signature-v4-crt
+
+
+
+
+
+# [3.37.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.36.1...v3.37.0) (2021-10-15)
+
+**Note:** Version bump only for package @aws-sdk/signature-v4-crt
+
+
+
+
+
+# [3.36.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.35.0...v3.36.0) (2021-10-08)
+
+
+### Features
+
+* publish files in dist-* only ([#2873](https://github.com/aws/aws-sdk-js-v3/issues/2873)) ([53b4243](https://github.com/aws/aws-sdk-js-v3/commit/53b4243b066f25ff2412d5f0dea1036054b2df32))
+
+
+
+
+
+# [3.35.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.34.0...v3.35.0) (2021-10-04)
+
+**Note:** Version bump only for package @aws-sdk/signature-v4-crt
+
+
+
+
+
 # [3.34.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.33.0...v3.34.0) (2021-09-24)
 
 

package/dist-cjs/CrtSignerV4.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CrtSignerV4 = void 0;
+const querystring_parser_1 = require("@aws-sdk/querystring-parser");
+const signature_v4_1 = require("@aws-sdk/signature-v4");
+const aws_crt_1 = require("aws-crt");
+const constants_1 = require("./constants");
+const headerUtil_1 = require("./headerUtil");
+function sdkHttpRequest2crtHttpRequest(sdkRequest) {
+    headerUtil_1.deleteHeader(constants_1.SHA256_HEADER, sdkRequest.headers);
+    const headersArray = Object.entries(sdkRequest.headers);
+    const crtHttpHeaders = new aws_crt_1.http.HttpHeaders(headersArray);
+    const queryString = signature_v4_1.getCanonicalQuery(sdkRequest);
+    return new aws_crt_1.http.HttpRequest(sdkRequest.method, sdkRequest.path + "?" + queryString, crtHttpHeaders);
+}
+class CrtSignerV4 {
+    constructor({ credentials, region, service, sha256, applyChecksum = true, uriEscapePath = true, signingAlgorithm = aws_crt_1.auth.AwsSigningAlgorithm.SigV4, }) {
+        this.service = service;
+        this.sha256 = sha256;
+        this.uriEscapePath = uriEscapePath;
+        this.signingAlgorithm = signingAlgorithm;
+        this.applyChecksum = applyChecksum;
+        this.regionProvider = signature_v4_1.normalizeRegionProvider(region);
+        this.credentialProvider = signature_v4_1.normalizeCredentialsProvider(credentials);
+        aws_crt_1.io.enable_logging(aws_crt_1.io.LogLevel.ERROR);
+    }
+    async options2crtConfigure({ signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}, viaHeader, payloadHash, expiresIn) {
+        const credentials = await this.credentialProvider();
+        const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider());
+        const service = signingService !== null && signingService !== void 0 ? signingService : this.service;
+        if ((signableHeaders === null || signableHeaders === void 0 ? void 0 : signableHeaders.has("x-amzn-trace-id")) || (signableHeaders === null || signableHeaders === void 0 ? void 0 : signableHeaders.has("user-agent"))) {
+            throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
+        }
+        const headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
+        return {
+            algorithm: this.signingAlgorithm,
+            signature_type: viaHeader
+                ? aws_crt_1.auth.AwsSignatureType.HttpRequestViaHeaders
+                : aws_crt_1.auth.AwsSignatureType.HttpRequestViaQueryParams,
+            provider: sdk2crtCredentialsProvider(credentials),
+            region: region,
+            service: service,
+            date: new Date(signingDate),
+            header_blacklist: headersUnsignable,
+            use_double_uri_encode: this.uriEscapePath,
+            signed_body_value: payloadHash,
+            signed_body_header: this.applyChecksum && viaHeader
+                ? aws_crt_1.auth.AwsSignedBodyHeaderType.XAmzContentSha256
+                : aws_crt_1.auth.AwsSignedBodyHeaderType.None,
+            expiration_in_seconds: expiresIn,
+        };
+    }
+    async presign(originalRequest, options = {}) {
+        if (options.expiresIn && options.expiresIn > constants_1.MAX_PRESIGNED_TTL) {
+            return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
+        }
+        const request = signature_v4_1.moveHeadersToQuery(signature_v4_1.prepareRequest(originalRequest));
+        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, false, await signature_v4_1.getPayloadHash(originalRequest, this.sha256), options.expiresIn ? options.expiresIn : 3600));
+        request.query = this.getQueryParam(crtSignedRequest.path);
+        return request;
+    }
+    async sign(toSign, options) {
+        const request = signature_v4_1.prepareRequest(toSign);
+        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, true, await signature_v4_1.getPayloadHash(toSign, this.sha256)));
+        request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
+        return request;
+    }
+    getQueryParam(crtPath) {
+        const start = crtPath.search(/\?/);
+        const startHash = crtPath.search(/\#/);
+        const end = startHash == -1 ? undefined : startHash;
+        const queryParam = {};
+        if (start == -1) {
+            return queryParam;
+        }
+        const queryString = crtPath.slice(start + 1, end);
+        return querystring_parser_1.parseQueryString(queryString);
+    }
+    async signRequest(requestToSign, crtConfig) {
+        const request = sdkHttpRequest2crtHttpRequest(requestToSign);
+        try {
+            return await aws_crt_1.auth.aws_sign_request(request, crtConfig);
+        }
+        catch (error) {
+            throw new Error(error);
+        }
+    }
+    async verifySigv4aSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
+        const sdkRequest = signature_v4_1.prepareRequest(request);
+        const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
+        const payloadHash = await signature_v4_1.getPayloadHash(request, this.sha256);
+        const crtConfig = await this.options2crtConfigure(options, true, payloadHash);
+        return aws_crt_1.auth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
+    }
+    async verifySigv4aPreSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
+        if (typeof signature != "string") {
+            return false;
+        }
+        const sdkRequest = signature_v4_1.prepareRequest(request);
+        const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
+        const crtConfig = await this.options2crtConfigure(options, false, await signature_v4_1.getPayloadHash(request, this.sha256), options.expiresIn ? options.expiresIn : 3600);
+        return aws_crt_1.auth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
+    }
+}
+exports.CrtSignerV4 = CrtSignerV4;
+function sdk2crtCredentialsProvider(credentials) {
+    return aws_crt_1.auth.AwsCredentialsProvider.newStatic(credentials.accessKeyId, credentials.secretAccessKey, credentials.sessionToken);
+}
+function getHeadersUnsignable(unsignableHeaders, signableHeaders) {
+    if (!unsignableHeaders) {
+        return [];
+    }
+    if (!signableHeaders) {
+        return [...unsignableHeaders];
+    }
+    const result = new Set([...unsignableHeaders]);
+    for (let it = signableHeaders.values(), val = null; (val = it.next().value);) {
+        if (result.has(val)) {
+            result.delete(val);
+        }
+    }
+    return [...result];
+}

package/dist-cjs/constants.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_PRESIGNED_TTL = exports.KEY_TYPE_IDENTIFIER = exports.MAX_CACHE_SIZE = exports.UNSIGNED_PAYLOAD = exports.EVENT_ALGORITHM_IDENTIFIER = exports.ALGORITHM_IDENTIFIER_V4A = exports.ALGORITHM_IDENTIFIER = exports.UNSIGNABLE_PATTERNS = exports.SEC_HEADER_PATTERN = exports.PROXY_HEADER_PATTERN = exports.ALWAYS_UNSIGNABLE_HEADERS = exports.HOST_HEADER = exports.TOKEN_HEADER = exports.SHA256_HEADER = exports.SIGNATURE_HEADER = exports.GENERATED_HEADERS = exports.DATE_HEADER = exports.AMZ_DATE_HEADER = exports.AUTH_HEADER = exports.REGION_SET_PARAM = exports.TOKEN_QUERY_PARAM = exports.SIGNATURE_QUERY_PARAM = exports.EXPIRES_QUERY_PARAM = exports.SIGNED_HEADERS_QUERY_PARAM = exports.AMZ_DATE_QUERY_PARAM = exports.CREDENTIAL_QUERY_PARAM = exports.ALGORITHM_QUERY_PARAM = void 0;
+exports.ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
+exports.CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
+exports.AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
+exports.SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
+exports.EXPIRES_QUERY_PARAM = "X-Amz-Expires";
+exports.SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
+exports.TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
+exports.REGION_SET_PARAM = "X-Amz-Region-Set";
+exports.AUTH_HEADER = "authorization";
+exports.AMZ_DATE_HEADER = exports.AMZ_DATE_QUERY_PARAM.toLowerCase();
+exports.DATE_HEADER = "date";
+exports.GENERATED_HEADERS = [exports.AUTH_HEADER, exports.AMZ_DATE_HEADER, exports.DATE_HEADER];
+exports.SIGNATURE_HEADER = exports.SIGNATURE_QUERY_PARAM.toLowerCase();
+exports.SHA256_HEADER = "x-amz-content-sha256";
+exports.TOKEN_HEADER = exports.TOKEN_QUERY_PARAM.toLowerCase();
+exports.HOST_HEADER = "host";
+exports.ALWAYS_UNSIGNABLE_HEADERS = {
+    authorization: true,
+    "cache-control": true,
+    connection: true,
+    expect: true,
+    from: true,
+    "keep-alive": true,
+    "max-forwards": true,
+    pragma: true,
+    referer: true,
+    te: true,
+    trailer: true,
+    "transfer-encoding": true,
+    upgrade: true,
+    "user-agent": true,
+    "x-amzn-trace-id": true,
+};
+exports.PROXY_HEADER_PATTERN = /^proxy-/;
+exports.SEC_HEADER_PATTERN = /^sec-/;
+exports.UNSIGNABLE_PATTERNS = [/^proxy-/i, /^sec-/i];
+exports.ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";
+exports.ALGORITHM_IDENTIFIER_V4A = "AWS4-ECDSA-P256-SHA256";
+exports.EVENT_ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256-PAYLOAD";
+exports.UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
+exports.MAX_CACHE_SIZE = 50;
+exports.KEY_TYPE_IDENTIFIER = "aws4_request";
+exports.MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;

package/dist-cjs/headerUtil.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteHeader = exports.getHeaderValue = exports.hasHeader = void 0;
+function hasHeader(soughtHeader, headers) {
+    soughtHeader = soughtHeader.toLowerCase();
+    for (const headerName of Object.keys(headers)) {
+        if (soughtHeader === headerName.toLowerCase()) {
+            return true;
+        }
+    }
+    return false;
+}
+exports.hasHeader = hasHeader;
+function getHeaderValue(soughtHeader, headers) {
+    soughtHeader = soughtHeader.toLowerCase();
+    for (const headerName of Object.keys(headers)) {
+        if (soughtHeader === headerName.toLowerCase()) {
+            return headers[headerName];
+        }
+    }
+    return undefined;
+}
+exports.getHeaderValue = getHeaderValue;
+function deleteHeader(soughtHeader, headers) {
+    soughtHeader = soughtHeader.toLowerCase();
+    for (const headerName of Object.keys(headers)) {
+        if (soughtHeader === headerName.toLowerCase()) {
+            delete headers[headerName];
+        }
+    }
+}
+exports.deleteHeader = deleteHeader;

package/dist-cjs/index.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./CrtSignerV4"), exports);

package/dist-cjs/suite.fixture.js

@@ -0,0 +1,386 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requests = exports.signingDate = exports.credentials = exports.service = exports.region = void 0;
+exports.region = "us-east-1";
+exports.service = "service";
+exports.credentials = {
+    accessKeyId: "AKIDEXAMPLE",
+    secretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+};
+exports.signingDate = new Date("2015-08-30T12:36:00Z");
+exports.requests = [
+    {
+        name: "get-header-key-duplicate",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "my-header1": "value2,value2,value1",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=c9d5ea9f3f72853aea855b47ea873832890dbdd183b4468f858259531a5138ea",
+    },
+    {
+        name: "get-header-value-multiline",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "my-header1": "value1,value2,value3",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=ba17b383a53190154eb5fa66a1b836cc297cc0a3d70a5d00705980573d8ff790",
+    },
+    {
+        name: "get-header-value-order",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "my-header1": "value4,value1,value3,value2",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=08c7e5a9acfcfeb3ab6b2185e75ce8b1deb5e634ec47601a50643f830c755c01",
+    },
+    {
+        name: "get-header-value-trim",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "my-header1": "value1",
+                "my-header2": '"a   b   c"',
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;my-header2;x-amz-date, Signature=acc3ed3afb60bb290fc8d2dd0098b9911fcaa05412b367055dee359757a9c736",
+    },
+    {
+        name: "get-unreserved",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=07ef7494c76fa4850883e2b006601f940f8a34d404d0cfa977f52a65bbf5f24f",
+    },
+    {
+        name: "get-utf8",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/ሴ",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=8318018e0b0f223aa2bbf98705b62bb787dc9c0e678f255a891fd03141be5d85",
+    },
+    {
+        name: "get-vanilla",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5fa00fa31553b73ebf1942676e86291e8372ff2a2260956d9b8aae1d763fbf31",
+    },
+    {
+        name: "get-vanilla-empty-query-key",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {
+                Param1: "value1",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=a67d582fa61cc504c4bae71f336f98b97f1ea3c7a6bfe1b6e45aec72011b9aeb",
+    },
+    {
+        name: "get-vanilla-query",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5fa00fa31553b73ebf1942676e86291e8372ff2a2260956d9b8aae1d763fbf31",
+    },
+    {
+        name: "get-vanilla-query-order-key-case",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {
+                Param2: "value2",
+                Param1: "value1",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=b97d918cfa904a5beff61c982a1b6f458b799221646efd99d3219ec94cdf2500",
+    },
+    {
+        name: "get-vanilla-query-unreserved",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {
+                "-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz": "-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=9c3e54bfcdf0b19771a7f523ee5669cdf59bc7cc0884027167c21bb143a40197",
+    },
+    {
+        name: "get-vanilla-utf8-query",
+        request: {
+            protocol: "https:",
+            method: "GET",
+            hostname: "example.amazonaws.com",
+            query: {
+                ሴ: "bar",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=2cdec8eed098649ff3a119c94853b13c643bcf08f8b0a1d91e12c9027818dd04",
+    },
+    {
+        name: "post-header-key-case",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5da7c1a2acd57cee7505fc6676e4e544621c30862966e37dddb68e92efbe5d6b",
+    },
+    {
+        name: "post-header-key-sort",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "my-header1": "value1",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=c5410059b04c1ee005303aed430f6e6645f61f4dc9e1461ec8f8916fdf18852c",
+    },
+    {
+        name: "post-header-value-case",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "my-header1": "VALUE1",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=cdbc9802e29d2942e5e10b5bccfdd67c5f22c7c4e8ae67b53629efa58b974b7d",
+    },
+    {
+        name: "post-sts-header-after",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5da7c1a2acd57cee7505fc6676e4e544621c30862966e37dddb68e92efbe5d6b",
+    },
+    {
+        name: "post-vanilla",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5da7c1a2acd57cee7505fc6676e4e544621c30862966e37dddb68e92efbe5d6b",
+    },
+    {
+        name: "post-vanilla-empty-query-value",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {
+                Param1: "value1",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=28038455d6de14eafc1f9222cf5aa6f1a96197d7deb8263271d420d138af7f11",
+    },
+    {
+        name: "post-vanilla-query",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {
+                Param1: "value1",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=28038455d6de14eafc1f9222cf5aa6f1a96197d7deb8263271d420d138af7f11",
+    },
+    {
+        name: "post-vanilla-query-nonunreserved",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {
+                "@#$%^": "",
+                "+": '/,?><`";:\\|][{}',
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=66c82657c86e26fb25238d0e69f011edc4c6df5ae71119d7cb98ed9b87393c1e",
+    },
+    {
+        name: "post-vanilla-query-space",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {
+                p: "",
+            },
+            headers: {
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=e71688addb58a26418614085fb730ba3faa623b461c17f48f2fbdb9361b94a9b",
+    },
+    {
+        name: "post-x-www-form-urlencoded",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                "content-type": "application/x-www-form-urlencoded",
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            body: "Param1=value1",
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=ff11897932ad3f4e8b18135d722051e5ac45fc38421b1da7b9d196a0fe09473a",
+    },
+    {
+        name: "post-x-www-form-urlencoded-parameters",
+        request: {
+            protocol: "https:",
+            method: "POST",
+            hostname: "example.amazonaws.com",
+            query: {},
+            headers: {
+                "content-type": "application/x-www-form-urlencoded; charset=utf8",
+                host: "example.amazonaws.com",
+                "x-amz-date": "20150830T123600Z",
+            },
+            body: "Param1=value1",
+            path: "/",
+        },
+        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=1a72ec8f64bd914b0e42e42607c7fbce7fb2c7465f63e3092b3b0d39fa77a6fe",
+    },
+];