@vizamodo/aws-sts-core 0.1.40 → 0.1.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/sts/issue.js +43 -2
- package/package.json +1 -1
package/dist/sts/issue.js
CHANGED
|
@@ -98,10 +98,51 @@ export async function issueAwsCredentials(input) {
|
|
|
98
98
|
});
|
|
99
99
|
if (!res.ok) {
|
|
100
100
|
const errorBody = await res.text();
|
|
101
|
-
|
|
101
|
+
// ---- Local curl debug command (FULL MATERIAL - ROTATE AFTER DEBUG) ----
|
|
102
|
+
const localCurlCommand = [
|
|
103
|
+
`curl -X POST "https://${host}${path}" \\`,
|
|
104
|
+
` -H "Content-Type: application/json" \\`,
|
|
105
|
+
` -H "X-Amz-Date: ${amzDate}" \\`,
|
|
106
|
+
` -H "X-Amz-X509: ${normalizedCert}" \\`,
|
|
107
|
+
` -H "Authorization: AWS4-X509-ECDSA-SHA256 Credential=${profileArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}" \\`,
|
|
108
|
+
` -d '${body}'`
|
|
109
|
+
].join("\n");
|
|
110
|
+
console.error("[aws-rejected][LOCAL-CURL-COMMAND]", localCurlCommand);
|
|
111
|
+
console.error("[aws-rejected][RAW-SIGNING-MATERIAL]", {
|
|
112
|
+
certBase64,
|
|
113
|
+
privateKeyPkcs8Base64
|
|
114
|
+
});
|
|
115
|
+
console.error("[aws-rejected][FULL-REQUEST-DUMP]", {
|
|
102
116
|
status: res.status,
|
|
103
117
|
statusText: res.statusText,
|
|
104
|
-
|
|
118
|
+
awsResponse: errorBody,
|
|
119
|
+
// ---- Input parameters ----
|
|
120
|
+
roleArn,
|
|
121
|
+
profileArn,
|
|
122
|
+
trustAnchorArn,
|
|
123
|
+
region,
|
|
124
|
+
profile,
|
|
125
|
+
// ---- Derived signing values ----
|
|
126
|
+
host,
|
|
127
|
+
path,
|
|
128
|
+
amzDate,
|
|
129
|
+
dateStamp,
|
|
130
|
+
credentialScope,
|
|
131
|
+
signedHeaders,
|
|
132
|
+
signatureHex,
|
|
133
|
+
// ---- Body & payload ----
|
|
134
|
+
requestBody: body,
|
|
135
|
+
payloadHash,
|
|
136
|
+
// ---- Canonical ----
|
|
137
|
+
canonicalRequest,
|
|
138
|
+
stringToSign,
|
|
139
|
+
// ---- Headers actually sent ----
|
|
140
|
+
sentHeaders: {
|
|
141
|
+
"Content-Type": "application/json",
|
|
142
|
+
"X-Amz-Date": amzDate,
|
|
143
|
+
"X-Amz-X509": normalizedCert,
|
|
144
|
+
"Authorization": `AWS4-X509-ECDSA-SHA256 Credential=${profileArn}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`
|
|
145
|
+
}
|
|
105
146
|
});
|
|
106
147
|
throw new InternalError("aws_rejected");
|
|
107
148
|
}
|