@vizamodo/aws-sts-core 0.1.38 → 0.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/sts/issue.js +4 -45
- package/package.json +1 -1
package/dist/sts/issue.js
CHANGED
|
@@ -63,7 +63,7 @@ export async function issueAwsCredentials(input) {
|
|
|
63
63
|
"content-type": "application/json",
|
|
64
64
|
"host": host,
|
|
65
65
|
"x-amz-date": amzDate,
|
|
66
|
-
"x-amz-x509
|
|
66
|
+
"x-amz-x509": normalizedCert,
|
|
67
67
|
};
|
|
68
68
|
const { canonicalHeaders, signedHeaders } = canonicalizeHeaders(baseHeaders);
|
|
69
69
|
const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
|
|
@@ -86,7 +86,7 @@ export async function issueAwsCredentials(input) {
|
|
|
86
86
|
const finalHeaders = new Headers({
|
|
87
87
|
"Content-Type": "application/json",
|
|
88
88
|
"X-Amz-Date": amzDate,
|
|
89
|
-
"X-Amz-X509
|
|
89
|
+
"X-Amz-X509": normalizedCert,
|
|
90
90
|
"Authorization": `AWS4-X509-ECDSA-SHA256 Credential=${profileArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`
|
|
91
91
|
});
|
|
92
92
|
// 6. Execution (fetch)
|
|
@@ -98,51 +98,10 @@ export async function issueAwsCredentials(input) {
|
|
|
98
98
|
});
|
|
99
99
|
if (!res.ok) {
|
|
100
100
|
const errorBody = await res.text();
|
|
101
|
-
|
|
102
|
-
const localCurlCommand = [
|
|
103
|
-
`curl -X POST "https://${host}${path}" \\`,
|
|
104
|
-
` -H "Content-Type: application/json" \\`,
|
|
105
|
-
` -H "X-Amz-Date: ${amzDate}" \\`,
|
|
106
|
-
` -H "X-Amz-X509-Chain: ${normalizedCert}" \\`,
|
|
107
|
-
` -H "Authorization: AWS4-X509-ECDSA-SHA256 Credential=${profileArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}" \\`,
|
|
108
|
-
` -d '${body}'`
|
|
109
|
-
].join("\n");
|
|
110
|
-
console.error("[aws-rejected][LOCAL-CURL-COMMAND]", localCurlCommand);
|
|
111
|
-
console.error("[aws-rejected][RAW-SIGNING-MATERIAL]", {
|
|
112
|
-
certBase64,
|
|
113
|
-
privateKeyPkcs8Base64
|
|
114
|
-
});
|
|
115
|
-
console.error("[aws-rejected][FULL-REQUEST-DUMP]", {
|
|
101
|
+
console.error("[aws-rejected]", {
|
|
116
102
|
status: res.status,
|
|
117
103
|
statusText: res.statusText,
|
|
118
|
-
|
|
119
|
-
// ---- Input parameters ----
|
|
120
|
-
roleArn,
|
|
121
|
-
profileArn,
|
|
122
|
-
trustAnchorArn,
|
|
123
|
-
region,
|
|
124
|
-
profile,
|
|
125
|
-
// ---- Derived signing values ----
|
|
126
|
-
host,
|
|
127
|
-
path,
|
|
128
|
-
amzDate,
|
|
129
|
-
dateStamp,
|
|
130
|
-
credentialScope,
|
|
131
|
-
signedHeaders,
|
|
132
|
-
signatureHex,
|
|
133
|
-
// ---- Body & payload ----
|
|
134
|
-
requestBody: body,
|
|
135
|
-
payloadHash,
|
|
136
|
-
// ---- Canonical ----
|
|
137
|
-
canonicalRequest,
|
|
138
|
-
stringToSign,
|
|
139
|
-
// ---- Headers actually sent ----
|
|
140
|
-
sentHeaders: {
|
|
141
|
-
"Content-Type": "application/json",
|
|
142
|
-
"X-Amz-Date": amzDate,
|
|
143
|
-
"X-Amz-X509-Chain": normalizedCert,
|
|
144
|
-
"Authorization": `AWS4-X509-ECDSA-SHA256 Credential=${profileArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`
|
|
145
|
-
}
|
|
104
|
+
profile
|
|
146
105
|
});
|
|
147
106
|
throw new InternalError("aws_rejected");
|
|
148
107
|
}
|