Class: Aws::AwsUtils

Inherits:

Object

• Object
• Aws::AwsUtils

Defined in:

lib/awsbase/awsbase.rb

Overview

:nodoc:

Constant Summary

@@digest1 =

OpenSSL::Digest::Digest.new("sha1")

@@digest256 =

Some installation may not support sha256

OpenSSL::Digest::Digest.new("sha256") rescue nil

Class Method Summary

• .allow_only(allowed_keys, params) ⇒ Object
• .amz_escape(param) ⇒ Object

  Escape a string accordingly Amazon rulles docs.amazonwebservices.com/AmazonSimpleDB/2007-11-07/DeveloperGuide/index.html?REST_RESTAuth.html.

• .caller_method ⇒ Object
• .fix_service_params(service_hash, signature) ⇒ Object

  Set a timestamp and a signature version.

• .mandatory_arguments(required_args, params) ⇒ Object
• .sign(aws_secret_access_key, auth_string) ⇒ Object
• .sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, uri) ⇒ Object

  Signature Version 2 EC2, SQS and SDB requests must be signed by this guy.

• .URLencode(raw) ⇒ Object

  From Amazon’s SQS Dev Guide, a brief description of how to escape: “URL encode the computed signature and other query parameters as specified in RFC1738, section 2.2.

Class Method Details

.allow_only(allowed_keys, params) ⇒ Object

Raises:

• (AwsError)

# File 'lib/awsbase/awsbase.rb', line 88

def self.allow_only(allowed_keys, params)
  bogus_args = []
  params.keys.each {|p| bogus_args.push(p) unless allowed_keys.include?(p) }
  raise AwsError.new("The following arguments were given but are not legal for the function call #{caller_method}: #{bogus_args.inspect}") if bogus_args.length > 0
end

.amz_escape(param) ⇒ Object

Escape a string accordingly Amazon rulles docs.amazonwebservices.com/AmazonSimpleDB/2007-11-07/DeveloperGuide/index.html?REST_RESTAuth.html

# File 'lib/awsbase/awsbase.rb', line 42

def self.amz_escape(param)
  URI.escape(param, /([^a-zA-Z0-9._~-]+)/)
end

.caller_method ⇒ Object

# File 'lib/awsbase/awsbase.rb', line 100

def self.caller_method
  caller[1]=~/`(.*?)'/
  $1
end

.fix_service_params(service_hash, signature) ⇒ Object

Set a timestamp and a signature version

# File 'lib/awsbase/awsbase.rb', line 47

def self.fix_service_params(service_hash, signature)
  service_hash["Timestamp"] ||= Time.now.utc.strftime("%Y-%m-%dT%H:%M:%S.000Z") unless service_hash["Expires"]
  service_hash["SignatureVersion"] = signature
  service_hash
end

.mandatory_arguments(required_args, params) ⇒ Object

Raises:

• (AwsError)

# File 'lib/awsbase/awsbase.rb', line 94

def self.mandatory_arguments(required_args, params)
  rargs = required_args.dup
  params.keys.each {|p| rargs.delete(p)}
  raise AwsError.new("The following mandatory arguments were not provided to #{caller_method}: #{rargs.inspect}") if rargs.length > 0
end

.sign(aws_secret_access_key, auth_string) ⇒ Object

# File 'lib/awsbase/awsbase.rb', line 36

def self.sign(aws_secret_access_key, auth_string)
  Base64.encode64(OpenSSL::HMAC.digest(@@digest1, aws_secret_access_key, auth_string)).strip
end

.sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, uri) ⇒ Object

Signature Version 2 EC2, SQS and SDB requests must be signed by this guy. See: docs.amazonwebservices.com/AmazonSimpleDB/2007-11-07/DeveloperGuide/index.html?REST_RESTAuth.html

http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1928

# File 'lib/awsbase/awsbase.rb', line 57

def self.sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, uri)
  fix_service_params(service_hash, '2')
  # select a signing method (make an old openssl working with sha1)
  # make 'HmacSHA256' to be a default one
  service_hash['SignatureMethod'] = 'HmacSHA256' unless ['HmacSHA256', 'HmacSHA1'].include?(service_hash['SignatureMethod'])
  service_hash['SignatureMethod'] = 'HmacSHA1'   unless @@digest256
  # select a digest
  digest = (service_hash['SignatureMethod'] == 'HmacSHA256' ? @@digest256 : @@digest1)
  # form string to sign
  canonical_string = service_hash.keys.sort.map do |key|
    "#{amz_escape(key)}=#{amz_escape(service_hash[key])}"
  end.join('&')
  string_to_sign = "#{http_verb.to_s.upcase}\n#{host.downcase}\n#{uri}\n#{canonical_string}"
  # sign the string
  signature      = amz_escape(Base64.encode64(OpenSSL::HMAC.digest(digest, aws_secret_access_key, string_to_sign)).strip)
  "#{canonical_string}&Signature=#{signature}"
end

.URLencode(raw) ⇒ Object

From Amazon’s SQS Dev Guide, a brief description of how to escape: “URL encode the computed signature and other query parameters as specified in RFC1738, section 2.2. In addition, because the + character is interpreted as a blank space by Sun Java classes that perform URL decoding, make sure to encode the + character although it is not required by RFC1738.” Avoid using CGI::escape to escape URIs. CGI::escape will escape characters in the protocol, host, and port sections of the URI. Only target chars in the query string should be escaped.

# File 'lib/awsbase/awsbase.rb', line 84

def self.URLencode(raw)
  URI.escape(raw, /[^-_.!~*'()a-zA-Z\d;\/?:@&=$,\[\]]/)
end