Class: Fog::AWS::SignatureV4

Inherits:

Object

• Object
• Fog::AWS::SignatureV4

Defined in:

lib/fog/aws/signaturev4.rb

Constant Summary

ALGORITHM =

'AWS4-HMAC-SHA256'

Instance Method Summary

• #components_to_header(components) ⇒ Object
• #credential_scope(date) ⇒ Object
• #derived_hmac(date) ⇒ Object
• #initialize(aws_access_key_id, secret_key, region, service) ⇒ SignatureV4 constructor

  A new instance of SignatureV4.

• #sign(params, date) ⇒ Object

  legacy method name.

• #signature_components(params, date, body_sha) ⇒ Object
• #signature_header(params, date, body_sha = nil) ⇒ Object
• #signature_parameters(params, date, body_sha = nil) ⇒ Object

Constructor Details

#initialize(aws_access_key_id, secret_key, region, service) ⇒ SignatureV4

Returns a new instance of SignatureV4.

# File 'lib/fog/aws/signaturev4.rb', line 8

def initialize(aws_access_key_id, secret_key, region, service)
  @region = region
  @service = service
  @aws_access_key_id  = aws_access_key_id
  @hmac = Fog::HMAC.new('sha256', 'AWS4' + secret_key)
end

Instance Method Details

#components_to_header(components) ⇒ Object

# File 'lib/fog/aws/signaturev4.rb', line 32

def components_to_header components
  "#{components['X-Amz-Algorithm']} Credential=#{components['X-Amz-Credential']}, SignedHeaders=#{components['X-Amz-SignedHeaders']}, Signature=#{components['X-Amz-Signature']}" 
end

#credential_scope(date) ⇒ Object

# File 'lib/fog/aws/signaturev4.rb', line 75

def credential_scope(date)
  "#{date.utc.strftime('%Y%m%d')}/#{@region}/#{@service}/aws4_request"
end

#derived_hmac(date) ⇒ Object

# File 'lib/fog/aws/signaturev4.rb', line 66

def derived_hmac(date)
  kDate = @hmac.sign(date.utc.strftime('%Y%m%d'))
  kRegion = Fog::HMAC.new('sha256', kDate).sign(@region)
  kService = Fog::HMAC.new('sha256', kRegion).sign(@service)
  kSigning = Fog::HMAC.new('sha256', kService).sign('aws4_request')
  Fog::HMAC.new('sha256', kSigning)
end

#sign(params, date) ⇒ Object

legacy method name

# File 'lib/fog/aws/signaturev4.rb', line 28

def sign(params, date) #legacy method name
  signature_header(params, date)
end

#signature_components(params, date, body_sha) ⇒ Object

# File 'lib/fog/aws/signaturev4.rb', line 36

def signature_components(params, date, body_sha)
  canonical_request = <<-DATA
#{params[:method].to_s.upcase}
#{canonical_path(params[:path])}
#{canonical_query_string(params[:query])}
#{canonical_headers(params[:headers])}
#{signed_headers(params[:headers])}
#{body_sha || OpenSSL::Digest::SHA256.hexdigest(params[:body] || '')}
DATA
  canonical_request.chop!

  string_to_sign = <<-DATA
#{ALGORITHM}
#{date.to_iso8601_basic}
#{credential_scope(date)}
#{OpenSSL::Digest::SHA256.hexdigest(canonical_request)}
DATA

  string_to_sign.chop!

  signature = derived_hmac(date).sign(string_to_sign)

  {
    'X-Amz-Algorithm' => ALGORITHM,
    'X-Amz-Credential' => "#{@aws_access_key_id}/#{credential_scope(date)}",
    'X-Amz-SignedHeaders' => signed_headers(params[:headers]),
    'X-Amz-Signature' => signature.unpack('H*').first
  }
end

#signature_header(params, date, body_sha = nil) ⇒ Object

# File 'lib/fog/aws/signaturev4.rb', line 24

def signature_header(params, date, body_sha = nil)
  components_to_header(signature_components(params, date, body_sha))
end

#signature_parameters(params, date, body_sha = nil) ⇒ Object

# File 'lib/fog/aws/signaturev4.rb', line 15

def signature_parameters(params, date, body_sha = nil)
  params = params.dup.merge(:query => params[:query].merge(
    'X-Amz-Algorithm' => ALGORITHM,
    'X-Amz-Credential' => "#{@aws_access_key_id}/#{credential_scope(date)}",
    'X-Amz-SignedHeaders' => signed_headers(params[:headers])
  ))
  signature_components(params, date, body_sha)
end