@vizamodo/aws-sts-core 0.1.30 → 0.1.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/sigv4/headers.js +17 -14
- package/dist/sts/issue.js +29 -3
- package/package.json +1 -1
package/dist/sigv4/headers.js
CHANGED
|
@@ -11,26 +11,29 @@
|
|
|
11
11
|
* This function is PURE and side‑effect free.
|
|
12
12
|
*/
|
|
13
13
|
export function canonicalizeHeaders(headers) {
|
|
14
|
-
const
|
|
15
|
-
for (const [
|
|
16
|
-
if (
|
|
14
|
+
const map = new Map();
|
|
15
|
+
for (const [rawName, rawValue] of Object.entries(headers)) {
|
|
16
|
+
if (rawValue === undefined)
|
|
17
17
|
continue;
|
|
18
|
-
const name =
|
|
18
|
+
const name = rawName.toLowerCase().trim();
|
|
19
19
|
if (!name)
|
|
20
20
|
continue;
|
|
21
|
-
|
|
22
|
-
// - trim
|
|
23
|
-
// - collapse multiple spaces into one
|
|
24
|
-
const cleanedValue = value
|
|
21
|
+
const value = rawValue
|
|
25
22
|
.trim()
|
|
26
|
-
.replace(
|
|
27
|
-
|
|
23
|
+
.replace(/[ \t]+/g, " ");
|
|
24
|
+
if (!map.has(name)) {
|
|
25
|
+
map.set(name, []);
|
|
26
|
+
}
|
|
27
|
+
map.get(name).push(value);
|
|
28
28
|
}
|
|
29
|
-
const
|
|
30
|
-
const canonicalHeaders =
|
|
31
|
-
.map((name) =>
|
|
29
|
+
const sortedNames = Array.from(map.keys()).sort();
|
|
30
|
+
const canonicalHeaders = sortedNames
|
|
31
|
+
.map((name) => {
|
|
32
|
+
const combined = map.get(name).join(",");
|
|
33
|
+
return `${name}:${combined}\n`;
|
|
34
|
+
})
|
|
32
35
|
.join("");
|
|
33
|
-
const signedHeaders =
|
|
36
|
+
const signedHeaders = sortedNames.join(";");
|
|
34
37
|
return {
|
|
35
38
|
canonicalHeaders,
|
|
36
39
|
signedHeaders,
|
package/dist/sts/issue.js
CHANGED
|
@@ -98,11 +98,37 @@ export async function issueAwsCredentials(input) {
|
|
|
98
98
|
});
|
|
99
99
|
if (!res.ok) {
|
|
100
100
|
const errorBody = await res.text();
|
|
101
|
-
|
|
102
|
-
console.error("[aws-rejected]", {
|
|
101
|
+
console.error("[aws-rejected][FULL-REQUEST-DUMP]", {
|
|
103
102
|
status: res.status,
|
|
103
|
+
statusText: res.statusText,
|
|
104
104
|
awsResponse: errorBody,
|
|
105
|
-
|
|
105
|
+
// ---- Input parameters ----
|
|
106
|
+
roleArn,
|
|
107
|
+
profileArn,
|
|
108
|
+
trustAnchorArn,
|
|
109
|
+
region,
|
|
110
|
+
profile,
|
|
111
|
+
// ---- Derived signing values ----
|
|
112
|
+
host,
|
|
113
|
+
path,
|
|
114
|
+
amzDate,
|
|
115
|
+
dateStamp,
|
|
116
|
+
credentialScope,
|
|
117
|
+
signedHeaders,
|
|
118
|
+
signatureHex,
|
|
119
|
+
// ---- Body & payload ----
|
|
120
|
+
requestBody: body,
|
|
121
|
+
payloadHash,
|
|
122
|
+
// ---- Canonical ----
|
|
123
|
+
canonicalRequest,
|
|
124
|
+
stringToSign,
|
|
125
|
+
// ---- Headers actually sent ----
|
|
126
|
+
sentHeaders: {
|
|
127
|
+
"Content-Type": "application/json",
|
|
128
|
+
"X-Amz-Date": amzDate,
|
|
129
|
+
"X-Amz-X509-Chain": normalizedCert,
|
|
130
|
+
"Authorization": `AWS4-X509-ECDSA-SHA256 Credential=${roleArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`
|
|
131
|
+
}
|
|
106
132
|
});
|
|
107
133
|
throw new InternalError("aws_rejected");
|
|
108
134
|
}
|