Class: Aws::Plugins::SignatureV4 Private

Inherits:
Seahorse::Client::Plugin show all
Defined in:
lib/aws-sdk-core/plugins/signature_v4.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Defined Under Namespace

Classes: Handler, MissingCredentialsSigner

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Seahorse::Client::Plugin

#add_options, #after_initialize, after_initialize, after_initialize_hooks, #before_initialize, before_initialize, before_initialize_hooks, handlers, literal, option, options

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response, #handler_for, #new_handler

Class Method Details

.apply_authtype(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



131
132
133
134
135
136
137
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 131

def apply_authtype(context)
  if context.operation['authtype'].eql?('v4-unsigned-body') &&
    context.http_request.endpoint.scheme.eql?('https')
    context.http_request.headers['X-Amz-Content-Sha256'] = 'UNSIGNED-PAYLOAD'
  end
  context
end

.apply_signature(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 100

def apply_signature(options = {})
  context = apply_authtype(options[:context])
  signer = options[:signer] || context.config.sigv4_signer
  req = context.http_request

  # in case this request is being re-signed
  req.headers.delete('Authorization')
  req.headers.delete('X-Amz-Security-Token')
  req.headers.delete('X-Amz-Date')

  # compute the signature
  begin
    signature = signer.sign_request(
      http_method: req.http_method,
      url: req.endpoint,
      headers: req.headers,
      body: req.body
    )
  rescue Aws::Sigv4::Errors::MissingCredentialsError
    raise Aws::Errors::MissingCredentialsError
  end

  # apply signature headers
  req.headers.update(signature.headers)

  # add request metadata with signature components for debugging
  context[:canonical_request] = signature.canonical_request
  context[:string_to_sign] = signature.string_to_sign
end

.build_signer(cfg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 79

def build_signer(cfg)
  if cfg.credentials && cfg.sigv4_region
    Aws::Sigv4::Signer.new(
      service: cfg.sigv4_name,
      region: cfg.sigv4_region,
      credentials_provider: cfg.credentials,
      unsigned_headers: ['content-length', 'user-agent', 'x-amzn-trace-id']
    )
  elsif cfg.credentials
    raise Errors::MissingRegionError
  elsif cfg.sigv4_region
    # Instead of raising now, we return a signer that raises only
    # if you attempt to sign a request. Some services have unsigned
    # operations and it okay to initialize clients for these services
    # without credentials. Unsigned operations have an "authtype"
    # trait of "none".
    MissingCredentialsSigner.new
  end
end

Instance Method Details

#add_handlers(handlers, cfg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



54
55
56
57
58
59
60
61
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 54

def add_handlers(handlers, cfg)
  if cfg.unsigned_operations.empty?
    handlers.add(Handler, step: :sign)
  else
    operations = cfg.api.operation_names - cfg.unsigned_operations
    handlers.add(Handler, step: :sign, operations: operations)
  end
end