Class: Aws::Signers::V4 Private
- Inherits:
-
Object
- Object
- Aws::Signers::V4
- Defined in:
- lib/aws-sdk-core/signers/v4.rb
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Class Method Summary collapse
- .sign(context) ⇒ Object private
Instance Method Summary collapse
- #authorization(request, datetime, body_digest) ⇒ Object private
- #canonical_header_value(value) ⇒ Object private
- #canonical_headers(request) ⇒ Object private
- #canonical_request(request, body_digest) ⇒ Object private
- #credential(datetime) ⇒ Object private
- #credential_scope(datetime) ⇒ Object private
- #hexdigest(value) ⇒ Object private
- #hexhmac(key, value) ⇒ Object private
- #hmac(key, value) ⇒ Object private
-
#initialize(credentials, service_name, region) ⇒ V4
constructor
private
A new instance of V4.
- #normalized_querystring(querystring) ⇒ Object private
- #path(uri) ⇒ Object private
-
#presigned_url(request, options = {}) ⇒ Seahorse::Client::Http::Request
private
Generates an returns a presigned URL.
-
#sign(req) ⇒ Seahorse::Client::Http::Request
private
The signed request.
- #signature(request, datetime, body_digest) ⇒ Object private
- #signed_headers(request) ⇒ Object private
- #string_to_sign(request, datetime, body_digest) ⇒ Object private
Constructor Details
#initialize(credentials, service_name, region) ⇒ V4
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns a new instance of V4.
22 23 24 25 26 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 22 def initialize(credentials, service_name, region) @service_name = service_name @credentials = credentials @region = region end |
Class Method Details
.sign(context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
8 9 10 11 12 13 14 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 8 def self.sign(context) new( context.config.credentials, context.config.sigv4_name, context.config.sigv4_region ).sign(context.http_request) end |
Instance Method Details
#authorization(request, datetime, body_digest) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
75 76 77 78 79 80 81 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 75 def (request, datetime, body_digest) parts = [] parts << "AWS4-HMAC-SHA256 Credential=#{credential(datetime)}" parts << "SignedHeaders=#{signed_headers(request)}" parts << "Signature=#{signature(request, datetime, body_digest)}" parts.join(', ') end |
#canonical_header_value(value) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
171 172 173 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 171 def canonical_header_value(value) value.match(/^".*"$/) ? value : value.gsub(/\s+/, ' ').strip end |
#canonical_headers(request) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
161 162 163 164 165 166 167 168 169 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 161 def canonical_headers(request) headers = [] request.headers.each_pair do |k,v| k = k.downcase headers << [k,v] unless k == 'authorization' end headers = headers.sort_by(&:first) headers.map{|k,v| "#{k}:#{canonical_header_value(v.to_s)}" }.join("\n") end |
#canonical_request(request, body_digest) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
114 115 116 117 118 119 120 121 122 123 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 114 def canonical_request(request, body_digest) [ request.http_method, path(request.endpoint), normalized_querystring(request.endpoint.query || ''), canonical_headers(request) + "\n", signed_headers(request), body_digest ].join("\n") end |
#credential(datetime) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
83 84 85 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 83 def credential(datetime) "#{credentials.access_key_id}/#{credential_scope(datetime)}" end |
#credential_scope(datetime) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
105 106 107 108 109 110 111 112 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 105 def credential_scope(datetime) parts = [] parts << datetime[0,8] parts << region parts << service_name parts << 'aws4_request' parts.join("/") end |
#hexdigest(value) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 175 def hexdigest(value) digest = OpenSSL::Digest::SHA256.new if value.respond_to?(:read) chunk = nil chunk_size = 1024 * 1024 # 1 megabyte digest.update(chunk) while chunk = value.read(chunk_size) value.rewind else digest.update(value) end digest.hexdigest end |
#hexhmac(key, value) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
192 193 194 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 192 def hexhmac(key, value) OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, value) end |
#hmac(key, value) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
188 189 190 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 188 def hmac(key, value) OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, value) end |
#normalized_querystring(querystring) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 134 def normalized_querystring(querystring) params = querystring.split('&') params = params.map { |p| p.match(/=/) ? p : p + '=' } # We have to sort by param name and preserve order of params that # have the same name. Default sort <=> in JRuby will swap members # occasionally when <=> is 0 (considered still sorted), but this # causes our normalized query string to not match the sent querystring. # When names match, we then sort by their original order params = params.each.with_index.sort do |a, b| a, a_offset = a a_name = a.split('=')[0] b, b_offset = b b_name = b.split('=')[0] if a_name == b_name a_offset <=> b_offset else a_name <=> b_name end end.map(&:first).join('&') end |
#path(uri) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
125 126 127 128 129 130 131 132 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 125 def path(uri) path = uri.path == '' ? '/' : uri.path if @service_name == 's3' path else path.gsub(/[^\/]+/) { |segment| Seahorse::Util.uri_escape(segment) } end end |
#presigned_url(request, options = {}) ⇒ Seahorse::Client::Http::Request
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Generates an returns a presigned URL.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 50 def presigned_url(request, = {}) now = Time.now.utc.strftime("%Y%m%dT%H%M%SZ") body_digest = [:body_digest] || hexdigest(request.body) request.headers['Host'] = request.endpoint.host request.headers.delete('User-Agent') params = Aws::Query::ParamList.new params.set("X-Amz-Algorithm", "AWS4-HMAC-SHA256") params.set("X-Amz-Credential", credential(now)) params.set("X-Amz-Date", now) params.set("X-Amz-Expires", [:expires_in].to_s) params.set("X-Amz-SignedHeaders", signed_headers(request)) params.set('X-Amz-Security-Token', credentials.session_token) if credentials.session_token endpoint = request.endpoint if endpoint.query endpoint.query += '&' + params.to_s else endpoint.query = params.to_s end endpoint.to_s + '&X-Amz-Signature=' + signature(request, now, body_digest) end |
#sign(req) ⇒ Seahorse::Client::Http::Request
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns the signed request.
30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 30 def sign(req) datetime = Time.now.utc.strftime("%Y%m%dT%H%M%SZ") body_digest = req.headers['X-Amz-Content-Sha256'] || hexdigest(req.body) req.headers['X-Amz-Date'] = datetime req.headers['Host'] = req.endpoint.host req.headers['X-Amz-Security-Token'] = credentials.session_token if credentials.session_token req.headers['X-Amz-Content-Sha256'] ||= body_digest req.headers['Authorization'] = (req, datetime, body_digest) req end |
#signature(request, datetime, body_digest) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
87 88 89 90 91 92 93 94 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 87 def signature(request, datetime, body_digest) k_secret = credentials.secret_access_key k_date = hmac("AWS4" + k_secret, datetime[0,8]) k_region = hmac(k_date, region) k_service = hmac(k_region, service_name) k_credentials = hmac(k_service, 'aws4_request') hexhmac(k_credentials, string_to_sign(request, datetime, body_digest)) end |
#signed_headers(request) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
155 156 157 158 159 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 155 def signed_headers(request) headers = request.headers.keys headers.delete('authorization') headers.sort.join(';') end |
#string_to_sign(request, datetime, body_digest) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
96 97 98 99 100 101 102 103 |
# File 'lib/aws-sdk-core/signers/v4.rb', line 96 def string_to_sign(request, datetime, body_digest) parts = [] parts << 'AWS4-HMAC-SHA256' parts << datetime parts << credential_scope(datetime) parts << hexdigest(canonical_request(request, body_digest)) parts.join("\n") end |