@aws-sdk/signature-v4-crt 3.489.0 → 3.496.0

package/dist-cjs/CrtSignerV4.js

@@ -1,130 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CrtSignerV4 = void 0;
-const querystring_parser_1 = require("@smithy/querystring-parser");
-const signature_v4_1 = require("@smithy/signature-v4");
-const util_middleware_1 = require("@smithy/util-middleware");
-const aws_crt_1 = require("aws-crt");
-const constants_1 = require("./constants");
-const headerUtil_1 = require("./headerUtil");
-function sdkHttpRequest2crtHttpRequest(sdkRequest) {
-    (0, headerUtil_1.deleteHeader)(constants_1.SHA256_HEADER, sdkRequest.headers);
-    const headersArray = Object.entries(sdkRequest.headers);
-    const crtHttpHeaders = new aws_crt_1.http.HttpHeaders(headersArray);
-    const queryString = (0, signature_v4_1.getCanonicalQuery)(sdkRequest);
-    return new aws_crt_1.http.HttpRequest(sdkRequest.method, sdkRequest.path + "?" + queryString, crtHttpHeaders);
-}
-class CrtSignerV4 {
-    constructor({ credentials, region, service, sha256, applyChecksum = true, uriEscapePath = true, signingAlgorithm = aws_crt_1.auth.AwsSigningAlgorithm.SigV4, }) {
-        this.service = service;
-        this.sha256 = sha256;
-        this.uriEscapePath = uriEscapePath;
-        this.signingAlgorithm = signingAlgorithm;
-        this.applyChecksum = applyChecksum;
-        this.regionProvider = (0, util_middleware_1.normalizeProvider)(region);
-        this.credentialProvider = (0, util_middleware_1.normalizeProvider)(credentials);
-        aws_crt_1.io.enable_logging(aws_crt_1.io.LogLevel.ERROR);
-    }
-    async options2crtConfigure({ signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}, viaHeader, payloadHash, expiresIn, _credentials) {
-        const credentials = _credentials !== null && _credentials !== void 0 ? _credentials : (await this.credentialProvider());
-        const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider());
-        const service = signingService !== null && signingService !== void 0 ? signingService : this.service;
-        if ((signableHeaders === null || signableHeaders === void 0 ? void 0 : signableHeaders.has("x-amzn-trace-id")) || (signableHeaders === null || signableHeaders === void 0 ? void 0 : signableHeaders.has("user-agent"))) {
-            throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
-        }
-        const headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
-        return {
-            algorithm: this.signingAlgorithm,
-            signature_type: viaHeader
-                ? aws_crt_1.auth.AwsSignatureType.HttpRequestViaHeaders
-                : aws_crt_1.auth.AwsSignatureType.HttpRequestViaQueryParams,
-            provider: sdk2crtCredentialsProvider(credentials),
-            region: region,
-            service: service,
-            date: new Date(signingDate),
-            header_blacklist: headersUnsignable,
-            use_double_uri_encode: this.uriEscapePath,
-            signed_body_value: payloadHash,
-            signed_body_header: this.applyChecksum && viaHeader
-                ? aws_crt_1.auth.AwsSignedBodyHeaderType.XAmzContentSha256
-                : aws_crt_1.auth.AwsSignedBodyHeaderType.None,
-            expiration_in_seconds: expiresIn,
-        };
-    }
-    async presign(originalRequest, options = {}) {
-        if (options.expiresIn && options.expiresIn > constants_1.MAX_PRESIGNED_TTL) {
-            return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
-        }
-        const request = (0, signature_v4_1.moveHeadersToQuery)((0, signature_v4_1.prepareRequest)(originalRequest));
-        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, false, await (0, signature_v4_1.getPayloadHash)(originalRequest, this.sha256), options.expiresIn ? options.expiresIn : 3600));
-        request.query = this.getQueryParam(crtSignedRequest.path);
-        return request;
-    }
-    async sign(toSign, options) {
-        const request = (0, signature_v4_1.prepareRequest)(toSign);
-        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, true, await (0, signature_v4_1.getPayloadHash)(toSign, this.sha256)));
-        request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
-        return request;
-    }
-    async signWithCredentials(toSign, credentials, options) {
-        const request = (0, signature_v4_1.prepareRequest)(toSign);
-        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, true, await (0, signature_v4_1.getPayloadHash)(toSign, this.sha256), undefined, credentials));
-        request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
-        return request;
-    }
-    getQueryParam(crtPath) {
-        const start = crtPath.search(/\?/);
-        const startHash = crtPath.search(/\#/);
-        const end = startHash == -1 ? undefined : startHash;
-        const queryParam = {};
-        if (start == -1) {
-            return queryParam;
-        }
-        const queryString = crtPath.slice(start + 1, end);
-        return (0, querystring_parser_1.parseQueryString)(queryString);
-    }
-    async signRequest(requestToSign, crtConfig) {
-        const request = sdkHttpRequest2crtHttpRequest(requestToSign);
-        try {
-            return await aws_crt_1.auth.aws_sign_request(request, crtConfig);
-        }
-        catch (error) {
-            throw new Error(error);
-        }
-    }
-    async verifySigv4aSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
-        const sdkRequest = (0, signature_v4_1.prepareRequest)(request);
-        const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
-        const payloadHash = await (0, signature_v4_1.getPayloadHash)(request, this.sha256);
-        const crtConfig = await this.options2crtConfigure(options, true, payloadHash);
-        return aws_crt_1.auth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
-    }
-    async verifySigv4aPreSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
-        if (typeof signature != "string") {
-            return false;
-        }
-        const sdkRequest = (0, signature_v4_1.prepareRequest)(request);
-        const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
-        const crtConfig = await this.options2crtConfigure(options, false, await (0, signature_v4_1.getPayloadHash)(request, this.sha256), options.expiresIn ? options.expiresIn : 3600);
-        return aws_crt_1.auth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
-    }
-}
-exports.CrtSignerV4 = CrtSignerV4;
-function sdk2crtCredentialsProvider(credentials) {
-    return aws_crt_1.auth.AwsCredentialsProvider.newStatic(credentials.accessKeyId, credentials.secretAccessKey, credentials.sessionToken);
-}
-function getHeadersUnsignable(unsignableHeaders, signableHeaders) {
-    if (!unsignableHeaders) {
-        return [];
-    }
-    if (!signableHeaders) {
-        return [...unsignableHeaders];
-    }
-    const result = new Set([...unsignableHeaders]);
-    for (let it = signableHeaders.values(), val = null; (val = it.next().value);) {
-        if (result.has(val)) {
-            result.delete(val);
-        }
-    }
-    return [...result];
-}
+module.exports = require("./index.js");

package/dist-cjs/constants.js

@@ -1,46 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MAX_PRESIGNED_TTL = exports.KEY_TYPE_IDENTIFIER = exports.MAX_CACHE_SIZE = exports.UNSIGNED_PAYLOAD = exports.EVENT_ALGORITHM_IDENTIFIER = exports.ALGORITHM_IDENTIFIER_V4A = exports.ALGORITHM_IDENTIFIER = exports.UNSIGNABLE_PATTERNS = exports.SEC_HEADER_PATTERN = exports.PROXY_HEADER_PATTERN = exports.ALWAYS_UNSIGNABLE_HEADERS = exports.HOST_HEADER = exports.TOKEN_HEADER = exports.SHA256_HEADER = exports.SIGNATURE_HEADER = exports.GENERATED_HEADERS = exports.DATE_HEADER = exports.AMZ_DATE_HEADER = exports.AUTH_HEADER = exports.REGION_SET_PARAM = exports.TOKEN_QUERY_PARAM = exports.SIGNATURE_QUERY_PARAM = exports.EXPIRES_QUERY_PARAM = exports.SIGNED_HEADERS_QUERY_PARAM = exports.AMZ_DATE_QUERY_PARAM = exports.CREDENTIAL_QUERY_PARAM = exports.ALGORITHM_QUERY_PARAM = void 0;
-exports.ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
-exports.CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
-exports.AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
-exports.SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
-exports.EXPIRES_QUERY_PARAM = "X-Amz-Expires";
-exports.SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
-exports.TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
-exports.REGION_SET_PARAM = "X-Amz-Region-Set";
-exports.AUTH_HEADER = "authorization";
-exports.AMZ_DATE_HEADER = exports.AMZ_DATE_QUERY_PARAM.toLowerCase();
-exports.DATE_HEADER = "date";
-exports.GENERATED_HEADERS = [exports.AUTH_HEADER, exports.AMZ_DATE_HEADER, exports.DATE_HEADER];
-exports.SIGNATURE_HEADER = exports.SIGNATURE_QUERY_PARAM.toLowerCase();
-exports.SHA256_HEADER = "x-amz-content-sha256";
-exports.TOKEN_HEADER = exports.TOKEN_QUERY_PARAM.toLowerCase();
-exports.HOST_HEADER = "host";
-exports.ALWAYS_UNSIGNABLE_HEADERS = {
-    authorization: true,
-    "cache-control": true,
-    connection: true,
-    expect: true,
-    from: true,
-    "keep-alive": true,
-    "max-forwards": true,
-    pragma: true,
-    referer: true,
-    te: true,
-    trailer: true,
-    "transfer-encoding": true,
-    upgrade: true,
-    "user-agent": true,
-    "x-amzn-trace-id": true,
-};
-exports.PROXY_HEADER_PATTERN = /^proxy-/;
-exports.SEC_HEADER_PATTERN = /^sec-/;
-exports.UNSIGNABLE_PATTERNS = [/^proxy-/i, /^sec-/i];
-exports.ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";
-exports.ALGORITHM_IDENTIFIER_V4A = "AWS4-ECDSA-P256-SHA256";
-exports.EVENT_ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256-PAYLOAD";
-exports.UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
-exports.MAX_CACHE_SIZE = 50;
-exports.KEY_TYPE_IDENTIFIER = "aws4_request";
-exports.MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;
+module.exports = require("./index.js");

package/dist-cjs/headerUtil.js

@@ -1,32 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.deleteHeader = exports.getHeaderValue = exports.hasHeader = void 0;
-function hasHeader(soughtHeader, headers) {
-    soughtHeader = soughtHeader.toLowerCase();
-    for (const headerName of Object.keys(headers)) {
-        if (soughtHeader === headerName.toLowerCase()) {
-            return true;
-        }
-    }
-    return false;
-}
-exports.hasHeader = hasHeader;
-function getHeaderValue(soughtHeader, headers) {
-    soughtHeader = soughtHeader.toLowerCase();
-    for (const headerName of Object.keys(headers)) {
-        if (soughtHeader === headerName.toLowerCase()) {
-            return headers[headerName];
-        }
-    }
-    return undefined;
-}
-exports.getHeaderValue = getHeaderValue;
-function deleteHeader(soughtHeader, headers) {
-    soughtHeader = soughtHeader.toLowerCase();
-    for (const headerName of Object.keys(headers)) {
-        if (soughtHeader === headerName.toLowerCase()) {
-            delete headers[headerName];
-        }
-    }
-}
-exports.deleteHeader = deleteHeader;
+module.exports = require("./index.js");

package/dist-cjs/index.js

@@ -1,9 +1,268 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-const signature_v4_multi_region_1 = require("@aws-sdk/signature-v4-multi-region");
-const util_user_agent_node_1 = require("@aws-sdk/util-user-agent-node");
-const CrtSignerV4_1 = require("./CrtSignerV4");
-signature_v4_multi_region_1.signatureV4CrtContainer.CrtSignerV4 = CrtSignerV4_1.CrtSignerV4;
-util_user_agent_node_1.crtAvailability.isCrtAvailable = true;
-tslib_1.__exportStar(require("./CrtSignerV4"), exports);
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  CrtSignerV4: () => CrtSignerV4
+});
+module.exports = __toCommonJS(src_exports);
+var import_signature_v4_multi_region = require("@aws-sdk/signature-v4-multi-region");
+var import_util_user_agent_node = require("@aws-sdk/util-user-agent-node");
+
+// src/CrtSignerV4.ts
+var import_querystring_parser = require("@smithy/querystring-parser");
+var import_signature_v4 = require("@smithy/signature-v4");
+var import_util_middleware = require("@smithy/util-middleware");
+var import_aws_crt = require("aws-crt");
+
+// src/constants.ts
+var AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
+var SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
+var TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
+var AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();
+var SIGNATURE_HEADER = SIGNATURE_QUERY_PARAM.toLowerCase();
+var SHA256_HEADER = "x-amz-content-sha256";
+var TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();
+var MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;
+
+// src/headerUtil.ts
+function deleteHeader(soughtHeader, headers) {
+  soughtHeader = soughtHeader.toLowerCase();
+  for (const headerName of Object.keys(headers)) {
+    if (soughtHeader === headerName.toLowerCase()) {
+      delete headers[headerName];
+    }
+  }
+}
+__name(deleteHeader, "deleteHeader");
+
+// src/CrtSignerV4.ts
+function sdkHttpRequest2crtHttpRequest(sdkRequest) {
+  deleteHeader(SHA256_HEADER, sdkRequest.headers);
+  const headersArray = Object.entries(sdkRequest.headers);
+  const crtHttpHeaders = new import_aws_crt.http.HttpHeaders(headersArray);
+  const queryString = (0, import_signature_v4.getCanonicalQuery)(sdkRequest);
+  return new import_aws_crt.http.HttpRequest(sdkRequest.method, sdkRequest.path + "?" + queryString, crtHttpHeaders);
+}
+__name(sdkHttpRequest2crtHttpRequest, "sdkHttpRequest2crtHttpRequest");
+var _CrtSignerV4 = class _CrtSignerV4 {
+  constructor({
+    credentials,
+    region,
+    service,
+    sha256,
+    applyChecksum = true,
+    uriEscapePath = true,
+    signingAlgorithm = import_aws_crt.auth.AwsSigningAlgorithm.SigV4
+  }) {
+    this.service = service;
+    this.sha256 = sha256;
+    this.uriEscapePath = uriEscapePath;
+    this.signingAlgorithm = signingAlgorithm;
+    this.applyChecksum = applyChecksum;
+    this.regionProvider = (0, import_util_middleware.normalizeProvider)(region);
+    this.credentialProvider = (0, import_util_middleware.normalizeProvider)(credentials);
+    import_aws_crt.io.enable_logging(import_aws_crt.io.LogLevel.ERROR);
+  }
+  async options2crtConfigure({
+    signingDate = /* @__PURE__ */ new Date(),
+    signableHeaders,
+    unsignableHeaders,
+    signingRegion,
+    signingService
+  } = {}, viaHeader, payloadHash, expiresIn, _credentials) {
+    const credentials = _credentials ?? await this.credentialProvider();
+    const region = signingRegion ?? await this.regionProvider();
+    const service = signingService ?? this.service;
+    if ((signableHeaders == null ? void 0 : signableHeaders.has("x-amzn-trace-id")) || (signableHeaders == null ? void 0 : signableHeaders.has("user-agent"))) {
+      throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
+    }
+    const headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
+    return {
+      algorithm: this.signingAlgorithm,
+      signature_type: viaHeader ? import_aws_crt.auth.AwsSignatureType.HttpRequestViaHeaders : import_aws_crt.auth.AwsSignatureType.HttpRequestViaQueryParams,
+      provider: sdk2crtCredentialsProvider(credentials),
+      region,
+      service,
+      date: new Date(signingDate),
+      header_blacklist: headersUnsignable,
+      use_double_uri_encode: this.uriEscapePath,
+      /* Always set the body value by the result from SDK */
+      signed_body_value: payloadHash,
+      signed_body_header: this.applyChecksum && viaHeader ? import_aws_crt.auth.AwsSignedBodyHeaderType.XAmzContentSha256 : import_aws_crt.auth.AwsSignedBodyHeaderType.None,
+      expiration_in_seconds: expiresIn
+    };
+  }
+  async presign(originalRequest, options = {}) {
+    if (options.expiresIn && options.expiresIn > MAX_PRESIGNED_TTL) {
+      return Promise.reject(
+        "Signature version 4 presigned URLs must have an expiration date less than one week in the future"
+      );
+    }
+    const request = (0, import_signature_v4.moveHeadersToQuery)((0, import_signature_v4.prepareRequest)(originalRequest));
+    const crtSignedRequest = await this.signRequest(
+      request,
+      await this.options2crtConfigure(
+        options,
+        false,
+        await (0, import_signature_v4.getPayloadHash)(originalRequest, this.sha256),
+        options.expiresIn ? options.expiresIn : 3600
+      )
+    );
+    request.query = this.getQueryParam(crtSignedRequest.path);
+    return request;
+  }
+  async sign(toSign, options) {
+    const request = (0, import_signature_v4.prepareRequest)(toSign);
+    const crtSignedRequest = await this.signRequest(
+      request,
+      await this.options2crtConfigure(options, true, await (0, import_signature_v4.getPayloadHash)(toSign, this.sha256))
+    );
+    request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
+    return request;
+  }
+  /**
+   * Sign with alternate credentials to the ones provided in the constructor.
+   */
+  async signWithCredentials(toSign, credentials, options) {
+    const request = (0, import_signature_v4.prepareRequest)(toSign);
+    const crtSignedRequest = await this.signRequest(
+      request,
+      await this.options2crtConfigure(
+        options,
+        true,
+        await (0, import_signature_v4.getPayloadHash)(toSign, this.sha256),
+        void 0,
+        credentials
+      )
+    );
+    request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
+    return request;
+  }
+  /* Get the query parameters from crtPath */
+  getQueryParam(crtPath) {
+    const start = crtPath.search(/\?/);
+    const startHash = crtPath.search(/\#/);
+    const end = startHash == -1 ? void 0 : startHash;
+    const queryParam = {};
+    if (start == -1) {
+      return queryParam;
+    }
+    const queryString = crtPath.slice(start + 1, end);
+    return (0, import_querystring_parser.parseQueryString)(queryString);
+  }
+  async signRequest(requestToSign, crtConfig) {
+    const request = sdkHttpRequest2crtHttpRequest(requestToSign);
+    try {
+      return await import_aws_crt.auth.aws_sign_request(request, crtConfig);
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+  /**
+   * Test-only API used for cross-library signing verification tests. Verify sign.
+   *
+   * Verifies:
+   *  (1) The canonical request generated during sigv4a signing of the request matches what is passed in
+   *  (2) The signature passed in is a valid ECDSA signature of the hashed string-to-sign derived from the
+   *  canonical request
+   *
+   * @param request The original request used for signing
+   * @param signature the actual signature computed from a previous signing of the signable
+   * @param expectedCanonicalRequest expected result when building the canonical request
+   * @param eccPubKeyX the x coordinate of the public part of the ecc key to verify the signature
+   * @param eccPubKeyY the y coordinate of the public part of the ecc key to verify the signature
+   * @param options the RequestSigningArguments used for signing
+   *
+   * @return True, if the verification succeed. Otherwise, false.
+   */
+  async verifySigv4aSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
+    const sdkRequest = (0, import_signature_v4.prepareRequest)(request);
+    const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
+    const payloadHash = await (0, import_signature_v4.getPayloadHash)(request, this.sha256);
+    const crtConfig = await this.options2crtConfigure(options, true, payloadHash);
+    return import_aws_crt.auth.aws_verify_sigv4a_signing(
+      crtRequest,
+      crtConfig,
+      expectedCanonicalRequest,
+      signature,
+      eccPubKeyX,
+      eccPubKeyY
+    );
+  }
+  /* Verify presign */
+  async verifySigv4aPreSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
+    if (typeof signature != "string") {
+      return false;
+    }
+    const sdkRequest = (0, import_signature_v4.prepareRequest)(request);
+    const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
+    const crtConfig = await this.options2crtConfigure(
+      options,
+      false,
+      await (0, import_signature_v4.getPayloadHash)(request, this.sha256),
+      options.expiresIn ? options.expiresIn : 3600
+    );
+    return import_aws_crt.auth.aws_verify_sigv4a_signing(
+      crtRequest,
+      crtConfig,
+      expectedCanonicalRequest,
+      signature,
+      eccPubKeyX,
+      eccPubKeyY
+    );
+  }
+};
+__name(_CrtSignerV4, "CrtSignerV4");
+var CrtSignerV4 = _CrtSignerV4;
+function sdk2crtCredentialsProvider(credentials) {
+  return import_aws_crt.auth.AwsCredentialsProvider.newStatic(
+    credentials.accessKeyId,
+    credentials.secretAccessKey,
+    credentials.sessionToken
+  );
+}
+__name(sdk2crtCredentialsProvider, "sdk2crtCredentialsProvider");
+function getHeadersUnsignable(unsignableHeaders, signableHeaders) {
+  if (!unsignableHeaders) {
+    return [];
+  }
+  if (!signableHeaders) {
+    return [...unsignableHeaders];
+  }
+  const result = /* @__PURE__ */ new Set([...unsignableHeaders]);
+  for (let it = signableHeaders.values(), val = null; val = it.next().value; ) {
+    if (result.has(val)) {
+      result.delete(val);
+    }
+  }
+  return [...result];
+}
+__name(getHeadersUnsignable, "getHeadersUnsignable");
+
+// src/index.ts
+import_signature_v4_multi_region.signatureV4CrtContainer.CrtSignerV4 = CrtSignerV4;
+import_util_user_agent_node.crtAvailability.isCrtAvailable = true;
+// Annotate the CommonJS export names for ESM import in node:
+
+0 && (module.exports = {
+  CrtSignerV4
+});
+

package/dist-cjs/suite.fixture.js

@@ -1,386 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.requests = exports.signingDate = exports.credentials = exports.service = exports.region = void 0;
-exports.region = "us-east-1";
-exports.service = "service";
-exports.credentials = {
-    accessKeyId: "AKIDEXAMPLE",
-    secretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
-};
-exports.signingDate = new Date("2015-08-30T12:36:00Z");
-exports.requests = [
-    {
-        name: "get-header-key-duplicate",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "my-header1": "value2,value2,value1",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=c9d5ea9f3f72853aea855b47ea873832890dbdd183b4468f858259531a5138ea",
-    },
-    {
-        name: "get-header-value-multiline",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "my-header1": "value1,value2,value3",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=ba17b383a53190154eb5fa66a1b836cc297cc0a3d70a5d00705980573d8ff790",
-    },
-    {
-        name: "get-header-value-order",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "my-header1": "value4,value1,value3,value2",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=08c7e5a9acfcfeb3ab6b2185e75ce8b1deb5e634ec47601a50643f830c755c01",
-    },
-    {
-        name: "get-header-value-trim",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "my-header1": "value1",
-                "my-header2": '"a   b   c"',
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;my-header2;x-amz-date, Signature=acc3ed3afb60bb290fc8d2dd0098b9911fcaa05412b367055dee359757a9c736",
-    },
-    {
-        name: "get-unreserved",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=07ef7494c76fa4850883e2b006601f940f8a34d404d0cfa977f52a65bbf5f24f",
-    },
-    {
-        name: "get-utf8",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/ሴ",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=8318018e0b0f223aa2bbf98705b62bb787dc9c0e678f255a891fd03141be5d85",
-    },
-    {
-        name: "get-vanilla",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5fa00fa31553b73ebf1942676e86291e8372ff2a2260956d9b8aae1d763fbf31",
-    },
-    {
-        name: "get-vanilla-empty-query-key",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {
-                Param1: "value1",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=a67d582fa61cc504c4bae71f336f98b97f1ea3c7a6bfe1b6e45aec72011b9aeb",
-    },
-    {
-        name: "get-vanilla-query",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5fa00fa31553b73ebf1942676e86291e8372ff2a2260956d9b8aae1d763fbf31",
-    },
-    {
-        name: "get-vanilla-query-order-key-case",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {
-                Param2: "value2",
-                Param1: "value1",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=b97d918cfa904a5beff61c982a1b6f458b799221646efd99d3219ec94cdf2500",
-    },
-    {
-        name: "get-vanilla-query-unreserved",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {
-                "-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz": "-._~0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=9c3e54bfcdf0b19771a7f523ee5669cdf59bc7cc0884027167c21bb143a40197",
-    },
-    {
-        name: "get-vanilla-utf8-query",
-        request: {
-            protocol: "https:",
-            method: "GET",
-            hostname: "example.amazonaws.com",
-            query: {
-                ሴ: "bar",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=2cdec8eed098649ff3a119c94853b13c643bcf08f8b0a1d91e12c9027818dd04",
-    },
-    {
-        name: "post-header-key-case",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5da7c1a2acd57cee7505fc6676e4e544621c30862966e37dddb68e92efbe5d6b",
-    },
-    {
-        name: "post-header-key-sort",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "my-header1": "value1",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=c5410059b04c1ee005303aed430f6e6645f61f4dc9e1461ec8f8916fdf18852c",
-    },
-    {
-        name: "post-header-value-case",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "my-header1": "VALUE1",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=cdbc9802e29d2942e5e10b5bccfdd67c5f22c7c4e8ae67b53629efa58b974b7d",
-    },
-    {
-        name: "post-sts-header-after",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5da7c1a2acd57cee7505fc6676e4e544621c30862966e37dddb68e92efbe5d6b",
-    },
-    {
-        name: "post-vanilla",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5da7c1a2acd57cee7505fc6676e4e544621c30862966e37dddb68e92efbe5d6b",
-    },
-    {
-        name: "post-vanilla-empty-query-value",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {
-                Param1: "value1",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=28038455d6de14eafc1f9222cf5aa6f1a96197d7deb8263271d420d138af7f11",
-    },
-    {
-        name: "post-vanilla-query",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {
-                Param1: "value1",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=28038455d6de14eafc1f9222cf5aa6f1a96197d7deb8263271d420d138af7f11",
-    },
-    {
-        name: "post-vanilla-query-nonunreserved",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {
-                "@#$%^": "",
-                "+": '/,?><`";:\\|][{}',
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=66c82657c86e26fb25238d0e69f011edc4c6df5ae71119d7cb98ed9b87393c1e",
-    },
-    {
-        name: "post-vanilla-query-space",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {
-                p: "",
-            },
-            headers: {
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=e71688addb58a26418614085fb730ba3faa623b461c17f48f2fbdb9361b94a9b",
-    },
-    {
-        name: "post-x-www-form-urlencoded",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                "content-type": "application/x-www-form-urlencoded",
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            body: "Param1=value1",
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=ff11897932ad3f4e8b18135d722051e5ac45fc38421b1da7b9d196a0fe09473a",
-    },
-    {
-        name: "post-x-www-form-urlencoded-parameters",
-        request: {
-            protocol: "https:",
-            method: "POST",
-            hostname: "example.amazonaws.com",
-            query: {},
-            headers: {
-                "content-type": "application/x-www-form-urlencoded; charset=utf8",
-                host: "example.amazonaws.com",
-                "x-amz-date": "20150830T123600Z",
-            },
-            body: "Param1=value1",
-            path: "/",
-        },
-        authorization: "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=1a72ec8f64bd914b0e42e42607c7fbce7fb2c7465f63e3092b3b0d39fa77a6fe",
-    },
-];
+module.exports = require("./index.js");

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@aws-sdk/signature-v4-crt",
-  "version": "3.489.0",
+  "version": "3.496.0",
   "description": "A revision of AWS Signature V4 request signer based on AWS Common Runtime https://github.com/awslabs/aws-crt-nodejs",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
   "types": "./dist-types/index.d.ts",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
-    "build:cjs": "tsc -p tsconfig.cjs.json",
+    "build:cjs": "node ../../scripts/compilation/inline signature-v4-crt",
     "build:es": "tsc -p tsconfig.es.json",
     "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build",
     "build:types": "tsc -p tsconfig.types.json",
@@ -22,19 +22,19 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/signature-v4-multi-region": "3.489.0",
-    "@aws-sdk/types": "3.489.0",
-    "@aws-sdk/util-user-agent-node": "3.489.0",
-    "@smithy/querystring-parser": "^2.0.0",
-    "@smithy/signature-v4": "^2.0.0",
-    "@smithy/types": "^2.8.0",
-    "@smithy/util-middleware": "^2.0.9",
+    "@aws-sdk/signature-v4-multi-region": "3.496.0",
+    "@aws-sdk/types": "3.496.0",
+    "@aws-sdk/util-user-agent-node": "3.496.0",
+    "@smithy/querystring-parser": "^2.1.1",
+    "@smithy/signature-v4": "^2.1.1",
+    "@smithy/types": "^2.9.1",
+    "@smithy/util-middleware": "^2.1.1",
     "aws-crt": "^1.18.3",
     "tslib": "^2.5.0"
   },
   "devDependencies": {
     "@aws-crypto/sha256-js": "3.0.0",
-    "@smithy/protocol-http": "^3.0.12",
+    "@smithy/protocol-http": "^3.1.1",
     "@tsconfig/recommended": "1.0.1",
     "concurrently": "7.0.0",
     "downlevel-dts": "0.10.1",