@aws-sdk/signature-v4-crt 3.899.0 → 3.906.0

package/dist-cjs/index.js

@@ -1,275 +1,151 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+'use strict';
 
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  CrtSignerV4: () => CrtSignerV4
-});
-module.exports = __toCommonJS(index_exports);
-var import_signature_v4_multi_region = require("@aws-sdk/signature-v4-multi-region");
+var signatureV4MultiRegion = require('@aws-sdk/signature-v4-multi-region');
+var crtLoader = require('@aws-sdk/crt-loader');
+var querystringParser = require('@smithy/querystring-parser');
+var signatureV4 = require('@smithy/signature-v4');
+var utilMiddleware = require('@smithy/util-middleware');
 
-// src/CrtSignerV4.ts
-var import_crt_loader = require("@aws-sdk/crt-loader");
-var import_querystring_parser = require("@smithy/querystring-parser");
-var import_signature_v4 = require("@smithy/signature-v4");
-var import_util_middleware = require("@smithy/util-middleware");
+const SHA256_HEADER = "x-amz-content-sha256";
+const MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;
 
-// src/constants.ts
-var AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
-var SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
-var TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
-var AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();
-var SIGNATURE_HEADER = SIGNATURE_QUERY_PARAM.toLowerCase();
-var SHA256_HEADER = "x-amz-content-sha256";
-var TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();
-var MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;
-
-// src/headerUtil.ts
 function deleteHeader(soughtHeader, headers) {
-  soughtHeader = soughtHeader.toLowerCase();
-  for (const headerName of Object.keys(headers)) {
-    if (soughtHeader === headerName.toLowerCase()) {
-      delete headers[headerName];
+    soughtHeader = soughtHeader.toLowerCase();
+    for (const headerName of Object.keys(headers)) {
+        if (soughtHeader === headerName.toLowerCase()) {
+            delete headers[headerName];
+        }
     }
-  }
 }
-__name(deleteHeader, "deleteHeader");
 
-// src/CrtSignerV4.ts
 function sdkHttpRequest2crtHttpRequest(sdkRequest) {
-  deleteHeader(SHA256_HEADER, sdkRequest.headers);
-  const headersArray = Object.entries(sdkRequest.headers);
-  const crtHttpHeaders = new import_crt_loader.http.HttpHeaders(headersArray);
-  const queryString = (0, import_signature_v4.getCanonicalQuery)(sdkRequest);
-  return new import_crt_loader.http.HttpRequest(sdkRequest.method, sdkRequest.path + "?" + queryString, crtHttpHeaders);
+    deleteHeader(SHA256_HEADER, sdkRequest.headers);
+    const headersArray = Object.entries(sdkRequest.headers);
+    const crtHttpHeaders = new crtLoader.http.HttpHeaders(headersArray);
+    const queryString = signatureV4.getCanonicalQuery(sdkRequest);
+    return new crtLoader.http.HttpRequest(sdkRequest.method, sdkRequest.path + "?" + queryString, crtHttpHeaders);
 }
-__name(sdkHttpRequest2crtHttpRequest, "sdkHttpRequest2crtHttpRequest");
-var CrtSignerV4 = class {
-  static {
-    __name(this, "CrtSignerV4");
-  }
-  service;
-  regionProvider;
-  credentialProvider;
-  sha256;
-  uriEscapePath;
-  applyChecksum;
-  signingAlgorithm;
-  constructor({
-    credentials,
-    region,
-    service,
-    sha256,
-    applyChecksum = true,
-    uriEscapePath = true,
-    signingAlgorithm = import_crt_loader.auth.AwsSigningAlgorithm.SigV4
-  }) {
-    this.service = service;
-    this.sha256 = sha256;
-    this.uriEscapePath = uriEscapePath;
-    this.signingAlgorithm = signingAlgorithm;
-    this.applyChecksum = applyChecksum;
-    this.regionProvider = (0, import_util_middleware.normalizeProvider)(region);
-    this.credentialProvider = (0, import_util_middleware.normalizeProvider)(credentials);
-    import_crt_loader.io.enable_logging(import_crt_loader.io.LogLevel.ERROR);
-  }
-  async options2crtConfigure({
-    signingDate = /* @__PURE__ */ new Date(),
-    signableHeaders,
-    unsignableHeaders,
-    signingRegion,
-    signingService
-  } = {}, viaHeader, payloadHash, expiresIn, _credentials) {
-    const credentials = _credentials ?? await this.credentialProvider();
-    const region = signingRegion ?? await this.regionProvider();
-    const service = signingService ?? this.service;
-    if (signableHeaders?.has("x-amzn-trace-id") || signableHeaders?.has("user-agent")) {
-      throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
+class CrtSignerV4 {
+    service;
+    regionProvider;
+    credentialProvider;
+    sha256;
+    uriEscapePath;
+    applyChecksum;
+    signingAlgorithm;
+    constructor({ credentials, region, service, sha256, applyChecksum = true, uriEscapePath = true, signingAlgorithm = crtLoader.auth.AwsSigningAlgorithm.SigV4, }) {
+        this.service = service;
+        this.sha256 = sha256;
+        this.uriEscapePath = uriEscapePath;
+        this.signingAlgorithm = signingAlgorithm;
+        this.applyChecksum = applyChecksum;
+        this.regionProvider = utilMiddleware.normalizeProvider(region);
+        this.credentialProvider = utilMiddleware.normalizeProvider(credentials);
+        crtLoader.io.enable_logging(crtLoader.io.LogLevel.ERROR);
+    }
+    async options2crtConfigure({ signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}, viaHeader, payloadHash, expiresIn, _credentials) {
+        const credentials = _credentials ?? (await this.credentialProvider());
+        const region = signingRegion ?? (await this.regionProvider());
+        const service = signingService ?? this.service;
+        if (signableHeaders?.has("x-amzn-trace-id") || signableHeaders?.has("user-agent")) {
+            throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
+        }
+        const headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
+        return {
+            algorithm: this.signingAlgorithm,
+            signature_type: viaHeader
+                ? crtLoader.auth.AwsSignatureType.HttpRequestViaHeaders
+                : crtLoader.auth.AwsSignatureType.HttpRequestViaQueryParams,
+            provider: sdk2crtCredentialsProvider(credentials),
+            region: region,
+            service: service,
+            date: new Date(signingDate),
+            header_blacklist: headersUnsignable,
+            use_double_uri_encode: this.uriEscapePath,
+            signed_body_value: payloadHash,
+            signed_body_header: this.applyChecksum && viaHeader
+                ? crtLoader.auth.AwsSignedBodyHeaderType.XAmzContentSha256
+                : crtLoader.auth.AwsSignedBodyHeaderType.None,
+            expiration_in_seconds: expiresIn,
+        };
+    }
+    async presign(originalRequest, options = {}) {
+        if (options.expiresIn && options.expiresIn > MAX_PRESIGNED_TTL) {
+            return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
+        }
+        const request = signatureV4.moveHeadersToQuery(signatureV4.prepareRequest(originalRequest));
+        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, false, await signatureV4.getPayloadHash(originalRequest, this.sha256), options.expiresIn ? options.expiresIn : 3600));
+        request.query = this.getQueryParam(crtSignedRequest.path);
+        return request;
+    }
+    async sign(toSign, options) {
+        const request = signatureV4.prepareRequest(toSign);
+        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, true, await signatureV4.getPayloadHash(toSign, this.sha256)));
+        request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
+        return request;
+    }
+    async signWithCredentials(toSign, credentials, options) {
+        const request = signatureV4.prepareRequest(toSign);
+        const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, true, await signatureV4.getPayloadHash(toSign, this.sha256), undefined, credentials));
+        request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
+        return request;
     }
-    const headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
-    return {
-      algorithm: this.signingAlgorithm,
-      signature_type: viaHeader ? import_crt_loader.auth.AwsSignatureType.HttpRequestViaHeaders : import_crt_loader.auth.AwsSignatureType.HttpRequestViaQueryParams,
-      provider: sdk2crtCredentialsProvider(credentials),
-      region,
-      service,
-      date: new Date(signingDate),
-      header_blacklist: headersUnsignable,
-      use_double_uri_encode: this.uriEscapePath,
-      /* Always set the body value by the result from SDK */
-      signed_body_value: payloadHash,
-      signed_body_header: this.applyChecksum && viaHeader ? import_crt_loader.auth.AwsSignedBodyHeaderType.XAmzContentSha256 : import_crt_loader.auth.AwsSignedBodyHeaderType.None,
-      expiration_in_seconds: expiresIn
-    };
-  }
-  async presign(originalRequest, options = {}) {
-    if (options.expiresIn && options.expiresIn > MAX_PRESIGNED_TTL) {
-      return Promise.reject(
-        "Signature version 4 presigned URLs must have an expiration date less than one week in the future"
-      );
+    getQueryParam(crtPath) {
+        const start = crtPath.search(/\?/);
+        const startHash = crtPath.search(/\#/);
+        const end = startHash == -1 ? undefined : startHash;
+        const queryParam = {};
+        if (start == -1) {
+            return queryParam;
+        }
+        const queryString = crtPath.slice(start + 1, end);
+        return querystringParser.parseQueryString(queryString);
     }
-    const request = (0, import_signature_v4.moveHeadersToQuery)((0, import_signature_v4.prepareRequest)(originalRequest));
-    const crtSignedRequest = await this.signRequest(
-      request,
-      await this.options2crtConfigure(
-        options,
-        false,
-        await (0, import_signature_v4.getPayloadHash)(originalRequest, this.sha256),
-        options.expiresIn ? options.expiresIn : 3600
-      )
-    );
-    request.query = this.getQueryParam(crtSignedRequest.path);
-    return request;
-  }
-  async sign(toSign, options) {
-    const request = (0, import_signature_v4.prepareRequest)(toSign);
-    const crtSignedRequest = await this.signRequest(
-      request,
-      await this.options2crtConfigure(options, true, await (0, import_signature_v4.getPayloadHash)(toSign, this.sha256))
-    );
-    request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
-    return request;
-  }
-  /**
-   * Sign with alternate credentials to the ones provided in the constructor.
-   */
-  async signWithCredentials(toSign, credentials, options) {
-    const request = (0, import_signature_v4.prepareRequest)(toSign);
-    const crtSignedRequest = await this.signRequest(
-      request,
-      await this.options2crtConfigure(
-        options,
-        true,
-        await (0, import_signature_v4.getPayloadHash)(toSign, this.sha256),
-        void 0,
-        credentials
-      )
-    );
-    request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
-    return request;
-  }
-  /* Get the query parameters from crtPath */
-  getQueryParam(crtPath) {
-    const start = crtPath.search(/\?/);
-    const startHash = crtPath.search(/\#/);
-    const end = startHash == -1 ? void 0 : startHash;
-    const queryParam = {};
-    if (start == -1) {
-      return queryParam;
+    async signRequest(requestToSign, crtConfig) {
+        const request = sdkHttpRequest2crtHttpRequest(requestToSign);
+        try {
+            return await crtLoader.auth.aws_sign_request(request, crtConfig);
+        }
+        catch (error) {
+            throw new Error(error);
+        }
     }
-    const queryString = crtPath.slice(start + 1, end);
-    return (0, import_querystring_parser.parseQueryString)(queryString);
-  }
-  async signRequest(requestToSign, crtConfig) {
-    const request = sdkHttpRequest2crtHttpRequest(requestToSign);
-    try {
-      return await import_crt_loader.auth.aws_sign_request(request, crtConfig);
-    } catch (error) {
-      throw new Error(error);
+    async verifySigv4aSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
+        const sdkRequest = signatureV4.prepareRequest(request);
+        const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
+        const payloadHash = await signatureV4.getPayloadHash(request, this.sha256);
+        const crtConfig = await this.options2crtConfigure(options, true, payloadHash);
+        return crtLoader.auth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
     }
-  }
-  /**
-   * Test-only API used for cross-library signing verification tests. Verify sign.
-   *
-   * Verifies:
-   *  (1) The canonical request generated during sigv4a signing of the request matches what is passed in
-   *  (2) The signature passed in is a valid ECDSA signature of the hashed string-to-sign derived from the
-   *  canonical request
-   *
-   * @param request The original request used for signing
-   * @param signature the actual signature computed from a previous signing of the signable
-   * @param expectedCanonicalRequest expected result when building the canonical request
-   * @param eccPubKeyX the x coordinate of the public part of the ecc key to verify the signature
-   * @param eccPubKeyY the y coordinate of the public part of the ecc key to verify the signature
-   * @param options the RequestSigningArguments used for signing
-   *
-   * @return True, if the verification succeed. Otherwise, false.
-   */
-  async verifySigv4aSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
-    const sdkRequest = (0, import_signature_v4.prepareRequest)(request);
-    const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
-    const payloadHash = await (0, import_signature_v4.getPayloadHash)(request, this.sha256);
-    const crtConfig = await this.options2crtConfigure(options, true, payloadHash);
-    return import_crt_loader.auth.aws_verify_sigv4a_signing(
-      crtRequest,
-      crtConfig,
-      expectedCanonicalRequest,
-      signature,
-      eccPubKeyX,
-      eccPubKeyY
-    );
-  }
-  /* Verify presign */
-  async verifySigv4aPreSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
-    if (typeof signature != "string") {
-      return false;
+    async verifySigv4aPreSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
+        if (typeof signature != "string") {
+            return false;
+        }
+        const sdkRequest = signatureV4.prepareRequest(request);
+        const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
+        const crtConfig = await this.options2crtConfigure(options, false, await signatureV4.getPayloadHash(request, this.sha256), options.expiresIn ? options.expiresIn : 3600);
+        return crtLoader.auth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
     }
-    const sdkRequest = (0, import_signature_v4.prepareRequest)(request);
-    const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
-    const crtConfig = await this.options2crtConfigure(
-      options,
-      false,
-      await (0, import_signature_v4.getPayloadHash)(request, this.sha256),
-      options.expiresIn ? options.expiresIn : 3600
-    );
-    return import_crt_loader.auth.aws_verify_sigv4a_signing(
-      crtRequest,
-      crtConfig,
-      expectedCanonicalRequest,
-      signature,
-      eccPubKeyX,
-      eccPubKeyY
-    );
-  }
-};
+}
 function sdk2crtCredentialsProvider(credentials) {
-  return import_crt_loader.auth.AwsCredentialsProvider.newStatic(
-    credentials.accessKeyId,
-    credentials.secretAccessKey,
-    credentials.sessionToken
-  );
+    return crtLoader.auth.AwsCredentialsProvider.newStatic(credentials.accessKeyId, credentials.secretAccessKey, credentials.sessionToken);
 }
-__name(sdk2crtCredentialsProvider, "sdk2crtCredentialsProvider");
 function getHeadersUnsignable(unsignableHeaders, signableHeaders) {
-  if (!unsignableHeaders) {
-    return [];
-  }
-  if (!signableHeaders) {
-    return [...unsignableHeaders];
-  }
-  const result = /* @__PURE__ */ new Set([...unsignableHeaders]);
-  for (let it = signableHeaders.values(), val = null; val = it.next().value; ) {
-    if (result.has(val)) {
-      result.delete(val);
+    if (!unsignableHeaders) {
+        return [];
+    }
+    if (!signableHeaders) {
+        return [...unsignableHeaders];
     }
-  }
-  return [...result];
+    const result = new Set([...unsignableHeaders]);
+    for (let it = signableHeaders.values(), val = null; (val = it.next().value);) {
+        if (result.has(val)) {
+            result.delete(val);
+        }
+    }
+    return [...result];
 }
-__name(getHeadersUnsignable, "getHeadersUnsignable");
-
-// src/index.ts
-import_signature_v4_multi_region.signatureV4CrtContainer.CrtSignerV4 = CrtSignerV4;
-// Annotate the CommonJS export names for ESM import in node:
 
-0 && (module.exports = {
-  CrtSignerV4
-});
+signatureV4MultiRegion.signatureV4CrtContainer.CrtSignerV4 = CrtSignerV4;
 
+exports.CrtSignerV4 = CrtSignerV4;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/signature-v4-crt",
-  "version": "3.899.0",
+  "version": "3.906.0",
   "description": "A revision of AWS Signature V4 request signer based on AWS Common Runtime https://github.com/awslabs/aws-crt-nodejs",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -23,18 +23,18 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/crt-loader": "3.899.0",
-    "@aws-sdk/signature-v4-multi-region": "3.899.0",
-    "@aws-sdk/types": "3.893.0",
-    "@smithy/querystring-parser": "^4.1.1",
-    "@smithy/signature-v4": "^5.2.1",
-    "@smithy/types": "^4.5.0",
-    "@smithy/util-middleware": "^4.1.1",
+    "@aws-sdk/crt-loader": "3.906.0",
+    "@aws-sdk/signature-v4-multi-region": "3.906.0",
+    "@aws-sdk/types": "3.901.0",
+    "@smithy/querystring-parser": "^4.2.0",
+    "@smithy/signature-v4": "^5.3.0",
+    "@smithy/types": "^4.6.0",
+    "@smithy/util-middleware": "^4.2.0",
     "tslib": "^2.6.2"
   },
   "devDependencies": {
     "@aws-crypto/sha256-js": "5.2.0",
-    "@smithy/protocol-http": "^5.2.1",
+    "@smithy/protocol-http": "^5.3.0",
     "@tsconfig/recommended": "1.0.1",
     "concurrently": "7.0.0",
     "downlevel-dts": "0.10.1",