Class: Aws::Plugins::SignatureV4 Private

Inherits:
Seahorse::Client::Plugin show all
Defined in:
lib/aws-sdk-core/plugins/signature_v4.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Defined Under Namespace

Classes: Handler, MissingCredentialsSigner

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Seahorse::Client::Plugin

#add_options, #after_initialize, after_initialize, after_initialize_hooks, before_initialize, #before_initialize, before_initialize_hooks, handlers, literal, option, options

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response, #handler_for, #new_handler

Class Method Details

.apply_authtype(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


134
135
136
137
138
139
140
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 134

def apply_authtype(context)
  if context.operation['authtype'].eql?('v4-unsigned-body') &&
     context.http_request.endpoint.scheme.eql?('https')
    context.http_request.headers['X-Amz-Content-Sha256'] = 'UNSIGNED-PAYLOAD'
  end
  context
end

.apply_signature(options = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 92

def apply_signature(options = {})
  context = apply_authtype(options[:context])
  signer = options[:signer] || context.config.sigv4_signer
  req = context.http_request

  # in case this request is being re-signed
  req.headers.delete('Authorization')
  req.headers.delete('X-Amz-Security-Token')
  req.headers.delete('X-Amz-Date')

  if context.config.respond_to?(:clock_skew) &&
     context.config.clock_skew &&
     context.config.correct_clock_skew

    endpoint = context.http_request.endpoint
    skew = context.config.clock_skew.clock_correction(endpoint)
    if skew.abs > 0
      req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ")
    end
  end

  # compute the signature
  begin
    signature = signer.sign_request(
      http_method: req.http_method,
      url: req.endpoint,
      headers: req.headers,
      body: req.body
    )
  rescue Aws::Sigv4::Errors::MissingCredentialsError
    raise Aws::Errors::MissingCredentialsError
  end

  # apply signature headers
  req.headers.update(signature.headers)

  # add request metadata with signature components for debugging
  context[:canonical_request] = signature.canonical_request
  context[:string_to_sign] = signature.string_to_sign
end

.build_signer(cfg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 71

def build_signer(cfg)
  if cfg.credentials && cfg.sigv4_region
    Aws::Sigv4::Signer.new(
      service: cfg.sigv4_name,
      region: cfg.sigv4_region,
      credentials_provider: cfg.credentials,
      unsigned_headers: ['content-length', 'user-agent', 'x-amzn-trace-id']
    )
  elsif cfg.credentials
    raise Errors::MissingRegionError
  elsif cfg.sigv4_region
    # Instead of raising now, we return a signer that raises only
    # if you attempt to sign a request. Some services have unsigned
    # operations and it okay to initialize clients for these services
    # without credentials. Unsigned operations have an "authtype"
    # trait of "none".
    MissingCredentialsSigner.new
  end
end

Instance Method Details

#add_handlers(handlers, cfg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


46
47
48
49
50
51
52
53
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 46

def add_handlers(handlers, cfg)
  if cfg.unsigned_operations.empty?
    handlers.add(Handler, step: :sign)
  else
    operations = cfg.api.operation_names - cfg.unsigned_operations
    handlers.add(Handler, step: :sign, operations: operations)
  end
end