Class: S3::Signature

Inherits:
Object
  • Object
show all
Defined in:
lib/s3/signature.rb

Overview

Class responsible for generating signatures to requests.

Implements algorithm defined by Amazon Web Services to sign request with secret private credentials

See

docs.amazonwebservices.com/AmazonS3/latest/index.html?RESTAuthentication.html

Class Method Summary collapse

Class Method Details

.generate(options) ⇒ Object

Generates signature for given parameters

Options

  • :host - Hostname

  • :request - Net::HTTPRequest object with correct headers

  • :access_key_id - Access key id

  • :secret_access_key - Secret access key

Returns

Generated signature string for given hostname and request



24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/s3/signature.rb', line 24

def self.generate(options)
  request = options[:request]
  access_key_id = options[:access_key_id]

  options.merge!(:headers => request,
                 :method => request.method,
                 :resource => request.path)

  signature = canonicalized_signature(options)

  "AWS #{access_key_id}:#{signature}"
end

.generate_temporary_url(options) ⇒ Object

Generates temporary URL for given resource

Options

  • :bucket - Bucket in which the resource resides

  • :resource - Path to the resouce you want to create a temporary link to

  • :access_key - Access key

  • :secret_access_key - Secret access key

  • :expires_at - Unix time stamp of when the resouce link will expire

  • :method - HTTP request method you want to use on the resource, defaults to GET

  • :headers - Any additional HTTP headers you intend to use when requesting the resource

  • :add_bucket_to_host - Use in case of virtual-host style, defaults to false



88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/s3/signature.rb', line 88

def self.generate_temporary_url(options)
  bucket = options[:bucket]
  resource = options[:resource]
  access_key = options[:access_key]
  expires = options[:expires_at].to_i
  host = S3::HOST

  if options[:add_bucket_to_host]
    host = bucket + '.' + host
    url  = "http://#{host}/#{resource}"
  else
    url = "http://#{host}/#{bucket}/#{resource}"
  end

  options[:host] = host
  signature = generate_temporary_url_signature(options)

  url << "?AWSAccessKeyId=#{access_key}"
  url << "&Expires=#{expires}"
  url << "&Signature=#{signature}"
end

.generate_temporary_url_signature(options) ⇒ Object

Generates temporary URL signature for given resource

Options

  • :bucket - Bucket in which the resource resides

  • :resource - Path to the resouce you want to create a temporary link to

  • :secret_access_key - Secret access key

  • :expires_at - Unix time stamp of when the resouce link will expire

  • :method - HTTP request method you want to use on the resource, defaults to GET

  • :headers - Any additional HTTP headers you intend to use when requesting the resource

  • :add_bucket_to_host - Use in case of virtual-host style, defaults to false



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'lib/s3/signature.rb', line 52

def self.generate_temporary_url_signature(options)
  bucket = options[:bucket]
  resource = options[:resource]
  secret_access_key = options[:secret_access_key]
  expires = options[:expires_at]

  headers = options[:headers] || {}
  headers.merge!("date" => expires.to_i.to_s)

  resource = "/#{URI.escape(resource, /[^#{URI::REGEXP::PATTERN::UNRESERVED}\/]/)}"
  resource = "/#{bucket}" + resource unless options[:add_bucket_to_host]

  options.merge!(:resource => resource,
                 :method => options[:method] || :get,
                 :headers => headers)
  signature = canonicalized_signature(options)

  CGI.escape(signature)
end