Class: S3::Signature

Inherits:

Object

• Object
• S3::Signature

Defined in:

lib/s3/signature.rb

Overview

Class responsible for generating signatures to requests.

Implements algorithm defined by Amazon Web Services to sign request with secret private credentials

See

docs.amazonwebservices.com/AmazonS3/latest/index.html?RESTAuthentication.html

Class Method Summary

• .generate(options) ⇒ Object

  Generates signature for given parameters.

• .generate_temporary_url(options) ⇒ Object

  Generates temporary URL for given resource.

• .generate_temporary_url_signature(options) ⇒ Object

  Generates temporary URL signature for given resource.

Class Method Details

.generate(options) ⇒ Object

Generates signature for given parameters

Options

• :host - Hostname

• :request - Net::HTTPRequest object with correct headers

• :access_key_id - Access key id

• :secret_access_key - Secret access key

Returns

Generated signature string for given hostname and request

# File 'lib/s3/signature.rb', line 24

def self.generate(options)
  request = options[:request]
  access_key_id = options[:access_key_id]

  options.merge!(:headers => request,
                 :method => request.method,
                 :resource => request.path)

  signature = canonicalized_signature(options)

  "AWS #{access_key_id}:#{signature}"
end

.generate_temporary_url(options) ⇒ Object

Generates temporary URL for given resource

Options

• :bucket - Bucket in which the resource resides

• :resource - Path to the resouce you want to create a temporary link to

• :access_key - Access key

• :secret_access_key - Secret access key

• :expires_at - Unix time stamp of when the resouce link will expire

• :method - HTTP request method you want to use on the resource, defaults to GET

• :headers - Any additional HTTP headers you intend to use when requesting the resource

• :add_bucket_to_host - Use in case of virtual-host style, defaults to false

# File 'lib/s3/signature.rb', line 87

def self.generate_temporary_url(options)
  bucket = options[:bucket]
  resource = options[:resource]
  access_key = options[:access_key]
  expires = options[:expires_at].to_i
  host = S3.host

  if options[:add_bucket_to_host]
    host = bucket + '.' + host
    url  = "http://#{host}/#{resource}"
  else
    url = "http://#{host}/#{bucket}/#{resource}"
  end

  options[:host] = host
  signature = generate_temporary_url_signature(options)

  url << "?AWSAccessKeyId=#{access_key}"
  url << "&Expires=#{expires}"
  url << "&Signature=#{signature}"
end

.generate_temporary_url_signature(options) ⇒ Object

Generates temporary URL signature for given resource

Options

• :bucket - Bucket in which the resource resides

• :resource - Path to the resouce you want to create a temporary link to

• :secret_access_key - Secret access key

• :expires_at - Unix time stamp of when the resouce link will expire

• :method - HTTP request method you want to use on the resource, defaults to GET

• :headers - Any additional HTTP headers you intend to use when requesting the resource

• :add_bucket_to_host - Use in case of virtual-host style, defaults to false

# File 'lib/s3/signature.rb', line 52

def self.generate_temporary_url_signature(options)
  bucket = options[:bucket]
  resource = options[:resource]
  expires = options[:expires_at]

  headers = options[:headers] || {}
  headers.merge!("date" => expires.to_i.to_s)

  resource = "/#{Addressable::URI.escape(resource)}"
  resource = "/#{bucket}" + resource unless options[:add_bucket_to_host]

  options.merge!(:resource => resource,
                 :method => options[:method] || :get,
                 :headers => headers)
  signature = canonicalized_signature(options)

  CGI.escape(signature)
end