Class: Miasma::Contrib::AwsApiCore::SignatureV4

Inherits:

Signature

• Object
• Signature
• Miasma::Contrib::AwsApiCore::SignatureV4

Defined in:

lib/miasma/contrib/aws.rb

Overview

AWS signature version 4

Instance Attribute Summary

• #access_key ⇒ String readonly

  Access key.

• #hmac ⇒ Hmac readonly
• #region ⇒ String readonly

  Region.

• #service ⇒ String readonly

  Service.

Instance Method Summary

• #algorithm ⇒ String

  Signature algorithm.

• #build_canonical_request(http_method, path, opts) ⇒ String

  Build the canonical request string used for signing.

• #canonical_headers(headers) ⇒ String

  Build the canonical header string used for signing.

• #canonical_payload(options) ⇒ String

  Build the canonical payload string used for signing.

• #canonical_query(params) ⇒ String

  Build the canonical query string used for signing.

• #credential_scope ⇒ String

  Credential scope for request.

• #generate(http_method, path, opts) ⇒ String

  Generate the signature string for AUTH.

• #generate_signature(http_method, path, opts) ⇒ String

  Generate the signature.

• #generate_url(http_method, path, opts) ⇒ String

  Generate URL with signed params.

• #hashed_canonical_request(request) ⇒ String

  Generate the hash of the canonical request.

• #initialize(access_key, secret_key, region, service) ⇒ self constructor

  Create new signature generator.

• #sign_request(request) ⇒ String

  Sign the request.

• #signed_headers(headers) ⇒ String

  List of headers included in signature.

Methods inherited from Signature

#safe_escape

Constructor Details

#initialize(access_key, secret_key, region, service) ⇒ self

Create new signature generator

Parameters:

• access_key (String)
• secret_key (String)
• region (String)
• service (String)

# File 'lib/miasma/contrib/aws.rb', line 152

def initialize(access_key, secret_key, region, service)
  @hmac = Hmac.new('sha256', secret_key)
  @access_key = access_key
  @region = region
  @service = service
end

Instance Attribute Details

#access_key ⇒ String (readonly)

Returns access key.

Returns:

• (String) —

  access key

# File 'lib/miasma/contrib/aws.rb', line 139

def access_key
  @access_key
end

#hmac ⇒ Hmac (readonly)

Returns:

• (Hmac)

# File 'lib/miasma/contrib/aws.rb', line 137

def hmac
  @hmac
end

#region ⇒ String (readonly)

Returns region.

Returns:

• (String) —

  region

# File 'lib/miasma/contrib/aws.rb', line 141

def region
  @region
end

#service ⇒ String (readonly)

Returns service.

Returns:

• (String) —

  service

# File 'lib/miasma/contrib/aws.rb', line 143

def service
  @service
end

Instance Method Details

#algorithm ⇒ String

Returns signature algorithm.

Returns:

• (String) —

  signature algorithm

# File 'lib/miasma/contrib/aws.rb', line 229

def algorithm
  'AWS4-HMAC-SHA256'
end

#build_canonical_request(http_method, path, opts) ⇒ String

Build the canonical request string used for signing

Parameters:

• http_method (Symbol) —

  HTTP request method

• path (String) —

  request path

• opts (Hash) —

  request options

Returns:

• (String) —

  canonical request string

# File 'lib/miasma/contrib/aws.rb', line 257

def build_canonical_request(http_method, path, opts)
  unless(path.start_with?('/'))
    path = "/#{path}"
  end
  [
    http_method.to_s.upcase,
    path,
    canonical_query(opts[:params]),
    canonical_headers(opts[:headers]),
    signed_headers(opts[:headers]),
    canonical_payload(opts)
  ].join("\n")
end

#canonical_headers(headers) ⇒ String

Build the canonical header string used for signing

Parameters:

• headers (Hash) —

  request headers

Returns:

• (String) —

  canonical headers string

# File 'lib/miasma/contrib/aws.rb', line 287

def canonical_headers(headers)
  headers ||= {}
  headers = Hash[headers.sort_by(&:first)]
  headers.map do |key, value|
    [key.downcase, value.chomp].join(':')
  end.join("\n") << "\n"
end

#canonical_payload(options) ⇒ String

Build the canonical payload string used for signing

Parameters:

• options (Hash) —

  request options

Returns:

• (String) —

  body checksum

# File 'lib/miasma/contrib/aws.rb', line 309

def canonical_payload(options)
  body = options.fetch(:body, '')
  if(options[:json])
    body = MultiJson.dump(options[:json])
  elsif(options[:form])
    body = URI.encode_www_form(options[:form])
  end
  if(body == 'UNSIGNED-PAYLOAD')
    body
  else
    hmac.hexdigest_of(body)
  end
end

#canonical_query(params) ⇒ String

Build the canonical query string used for signing

Parameters:

• params (Hash) —

  query params

Returns:

• (String) —

  canonical query string

# File 'lib/miasma/contrib/aws.rb', line 275

def canonical_query(params)
  params ||= {}
  params = Hash[params.sort_by(&:first)]
  query = params.map do |key, value|
    "#{safe_escape(key)}=#{safe_escape(value)}"
  end.join('&')
end

#credential_scope ⇒ String

Returns credential scope for request.

Returns:

• (String) —

  credential scope for request

# File 'lib/miasma/contrib/aws.rb', line 234

def credential_scope
  [
    Time.now.utc.strftime('%Y%m%d'),
    region,
    service,
    'aws4_request'
  ].join('/')
end

#generate(http_method, path, opts) ⇒ String

Generate the signature string for AUTH

Parameters:

• http_method (Symbol) —

  HTTP request method

• path (String) —

  request path

• opts (Hash) —

  request options

Returns:

• (String) —

  signature

# File 'lib/miasma/contrib/aws.rb', line 165

def generate(http_method, path, opts)
  signature = generate_signature(http_method, path, opts)
  "#{algorithm} Credential=#{access_key}/#{credential_scope}, SignedHeaders=#{signed_headers(opts[:headers])}, Signature=#{signature}"
end

#generate_signature(http_method, path, opts) ⇒ String

Generate the signature

Parameters:

• http_method (Symbol) —

  HTTP request method

• path (String) —

  request path

• opts (Hash) —

  request options

Returns:

• (String) —

  signature

# File 'lib/miasma/contrib/aws.rb', line 195

def generate_signature(http_method, path, opts)
  to_sign = [
    algorithm,
    AwsApiCore.time_iso8601,
    credential_scope,
    hashed_canonical_request(
      can_req = build_canonical_request(http_method, path, opts)
    )
  ].join("\n")
  signature = sign_request(to_sign)
end

#generate_url(http_method, path, opts) ⇒ String

Generate URL with signed params

Parameters:

• http_method (Symbol) —

  HTTP request method

• path (String) —

  request path

• opts (Hash) —

  request options

Returns:

• (String) —

  signature

# File 'lib/miasma/contrib/aws.rb', line 176

def generate_url(http_method, path, opts)
  opts[:params].merge!(
    Smash.new(
      'X-Amz-SignedHeaders' => signed_headers(opts[:headers]),
      'X-Amz-Algorithm' => algorithm,
      'X-Amz-Credential' => "#{access_key}/#{credential_scope}"
    )
  )
  signature = generate_signature(http_method, path, opts.merge(:body => 'UNSIGNED-PAYLOAD'))
  params = opts[:params].merge('X-Amz-Signature' => signature)
  "https://#{opts[:headers]['Host']}/#{path}?#{canonical_query(params)}"
end

#hashed_canonical_request(request) ⇒ String

Generate the hash of the canonical request

Parameters:

• request (String) —

  canonical request string

Returns:

• (String) —

  hashed canonical request

# File 'lib/miasma/contrib/aws.rb', line 247

def hashed_canonical_request(request)
  hmac.hexdigest_of(request)
end

#sign_request(request) ⇒ String

Sign the request

Parameters:

• request (String) —

  request to sign

Returns:

• (String) —

  signature

# File 'lib/miasma/contrib/aws.rb', line 211

def sign_request(request)
  key = hmac.sign(
    'aws4_request',
    hmac.sign(
      service,
      hmac.sign(
        region,
        hmac.sign(
          Time.now.utc.strftime('%Y%m%d'),
          "AWS4#{hmac.key}"
        )
      )
    )
  )
  hmac.hex_sign(request, key)
end

#signed_headers(headers) ⇒ String

List of headers included in signature

Parameters:

• headers (Hash) —

  request headers

Returns:

• (String) —

  header list

# File 'lib/miasma/contrib/aws.rb', line 299

def signed_headers(headers)
  headers ||= {}
  headers.sort_by(&:first).map(&:first).
    map(&:downcase).join(';')
end