Class: Aws::Plugins::SignatureV4 Private

Inherits:
Seahorse::Client::Plugin show all
Defined in:
lib/aws-sdk-core/plugins/signature_v4.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Necessary to exist after endpoints 2.0

Defined Under Namespace

Classes: Handler, MissingCredentialsSigner

Constant Summary collapse

V4_AUTH =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future. 

%w[v4 v4-unsigned-payload v4-unsigned-body]

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Seahorse::Client::Plugin

#add_options, #after_initialize, after_initialize, after_initialize_hooks, before_initialize, #before_initialize, before_initialize_hooks, handlers, literal, option, options

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response, #handler_for, #new_handler

Class Method Details

.apply_authtype(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



141
142
143
144
145
146
147
 
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 141

def apply_authtype(context)
  if context.operation['authtype'].eql?('v4-unsigned-body') &&
     context.http_request.endpoint.scheme.eql?('https')
    context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
  end
  context
end

.apply_signature(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
 
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 98

def apply_signature(options = {})
  context = apply_authtype(options[:context])
  signer = options[:signer] || context.config.sigv4_signer
  req = context.http_request

  # in case this request is being re-signed
  req.headers.delete('Authorization')
  req.headers.delete('X-Amz-Security-Token')
  req.headers.delete('X-Amz-Date')
  req.headers.delete('x-Amz-Region-Set')

  if context.config.respond_to?(:clock_skew) &&
     context.config.clock_skew &&
     context.config.correct_clock_skew

    endpoint = context.http_request.endpoint
    skew = context.config.clock_skew.clock_correction(endpoint)
    if skew.abs > 0
      req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ")
    end
  end

  # compute the signature
  begin
    signature = signer.sign_request(
      http_method: req.http_method,
      url: req.endpoint,
      headers: req.headers,
      body: req.body
    )
  rescue Aws::Sigv4::Errors::MissingCredentialsError
    raise Aws::Errors::MissingCredentialsError
  end

  # apply signature headers
  req.headers.update(signature.headers)

  # add request metadata with signature components for debugging
  context[:canonical_request] = signature.canonical_request
  context[:string_to_sign] = signature.string_to_sign
end

.build_signer(cfg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 77

def build_signer(cfg)
  if cfg.credentials && cfg.sigv4_region
    Aws::Sigv4::Signer.new(
      service: cfg.sigv4_name,
      region: cfg.sigv4_region,
      credentials_provider: cfg.credentials,
      unsigned_headers: ['content-length', 'user-agent', 'x-amzn-trace-id']
    )
  elsif cfg.credentials
    raise Errors::MissingRegionError
  elsif cfg.sigv4_region
    # Instead of raising now, we return a signer that raises only
    # if you attempt to sign a request. Some services have unsigned
    # operations and it okay to initialize clients for these services
    # without credentials. Unsigned operations have an "authtype"
    # trait of "none".
    MissingCredentialsSigner.new
  end
end

Instance Method Details

#add_handlers(handlers, cfg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



52
53
54
55
56
57
58
59
 
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 52

def add_handlers(handlers, cfg)
  if cfg.unsigned_operations.empty?
    handlers.add(Handler, step: :sign)
  else
    operations = cfg.api.operation_names - cfg.unsigned_operations
    handlers.add(Handler, step: :sign, operations: operations)
  end
end