npm - @vizamodo/aws-sts-core - Versions diffs - 0.1.28 → 0.1.32 - Mend

@vizamodo/aws-sts-core 0.1.28 → 0.1.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/sigv4/headers.js CHANGED Viewed

@@ -11,26 +11,29 @@
  * This function is PURE and side‑effect free.
  */
 export function canonicalizeHeaders(headers) {
-    const normalized = {};
-    for (const [key, value] of Object.entries(headers)) {
-        if (value === undefined)
+    const map = new Map();
+    for (const [rawName, rawValue] of Object.entries(headers)) {
+        if (rawValue === undefined)
             continue;
-        const name = key.toLowerCase().trim();
+        const name = rawName.toLowerCase().trim();
         if (!name)
             continue;
-        // AWS requires:
-        // - trim
-        // - collapse multiple spaces into one
-        const cleanedValue = value
+        const value = rawValue
             .trim()
-            .replace(/\s+/g, " ");
-        normalized[name] = cleanedValue;
+            .replace(/[ \t]+/g, " ");
+        if (!map.has(name)) {
+            map.set(name, []);
+        }
+        map.get(name).push(value);
     }
-    const sortedHeaderNames = Object.keys(normalized).sort();
-    const canonicalHeaders = sortedHeaderNames
-        .map((name) => `${name}:${normalized[name]}\n`)
+    const sortedNames = Array.from(map.keys()).sort();
+    const canonicalHeaders = sortedNames
+        .map((name) => {
+        const combined = map.get(name).join(",");
+        return `${name}:${combined}\n`;
+    })
         .join("");
-    const signedHeaders = sortedHeaderNames.join(";");
+    const signedHeaders = sortedNames.join(";");
     return {
         canonicalHeaders,
         signedHeaders,

package/dist/sts/issue.js CHANGED Viewed

@@ -53,16 +53,17 @@ export async function issueAwsCredentials(input) {
     const amzDate = now.toISOString().replace(/\.\d{3}Z$/, "Z").replace(/[:-]/g, "");
     const dateStamp = amzDate.slice(0, 8);
     const service = "rolesanywhere";
-    // 3. Chuẩn bị Body & PEM Cert (Flat - Không xuống dòng)
+    // 3. Chuẩn bị Body & Cert (base64-encoded DER, không marker, không xuống dòng)
     const body = JSON.stringify({ trustAnchorArn, profileArn, roleArn, durationSeconds: sessionTtl });
     const payloadHash = await sha256Hex(body);
-    const pemCert = `-----BEGIN CERTIFICATE-----${certBase64.replace(/\s+/g, "")}-----END CERTIFICATE-----`;
+    // AWS Roles Anywhere requires base64-encoded DER (NO PEM markers, NO newlines)
+    const normalizedCert = certBase64.replace(/\s+/g, "");
     // 4. Tính toán Signature (CẦN Host trong Canonical Request)
     const baseHeaders = {
         "content-type": "application/json",
         "host": host,
         "x-amz-date": amzDate,
-        "x-amz-x509-chain": pemCert,
+        "x-amz-x509-chain": normalizedCert,
     };
     const { canonicalHeaders, signedHeaders } = canonicalizeHeaders(baseHeaders);
     const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
@@ -85,7 +86,7 @@ export async function issueAwsCredentials(input) {
     const finalHeaders = new Headers({
         "Content-Type": "application/json",
         "X-Amz-Date": amzDate,
-        "X-Amz-X509-Chain": pemCert,
+        "X-Amz-X509-Chain": normalizedCert,
         "Authorization": `AWS4-X509-ECDSA-SHA256 Credential=${roleArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`
     });
     // 6. Execution (fetch)
@@ -121,12 +122,6 @@ export async function issueAwsCredentials(input) {
     }
 }
 // ---- helpers ----
-function toPemCertificate(base64) {
-    // Loại bỏ mọi khoảng trắng/xuống dòng trong base64
-    const normalized = base64.replace(/\s+/g, "");
-    // AWS Roles Anywhere Header: Không được dùng xuống dòng \n
-    return `-----BEGIN CERTIFICATE-----${normalized}-----END CERTIFICATE-----`;
-}
 async function sha256Hex(input) {
     const data = new TextEncoder().encode(input);
     const hash = await crypto.subtle.digest("SHA-256", data);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vizamodo/aws-sts-core",
-  "version": "0.1.28",
+  "version": "0.1.32",
   "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
   "type": "module",
   "main": "dist/index.js",