Class: Amazon::FPS::SignatureUtilsForOutbound
- Inherits:
-
Object
- Object
- Amazon::FPS::SignatureUtilsForOutbound
- Defined in:
- lib/amazon/fps/signatureutilsforoutbound.rb
Constant Summary collapse
- SIGNATURE_KEYNAME =
"signature"
- SIGNATURE_METHOD_KEYNAME =
"signatureMethod"
- SIGNATURE_VERSION_KEYNAME =
"signatureVersion"
- CERTIFICATE_URL_KEYNAME =
"certificateUrl"
- CERTIFICATE_URL_ROOT =
"https://fps.amazonaws.com/"
- CERTIFICATE_URL_ROOT_SANDBOX =
"https://fps.sandbox.amazonaws.com/"
- FPS_PROD_ENDPOINT =
CERTIFICATE_URL_ROOT
- FPS_SANDBOX_ENDPOINT =
CERTIFICATE_URL_ROOT_SANDBOX
- ACTION_PARAM =
"?Action=VerifySignature"
- END_POINT_PARAM =
"&UrlEndPoint="
- HTTP_PARAMS_PARAM =
"&HttpParameters="
- VERSION_PARAM_VALUE =
"&Version=2008-09-17"
- USER_AGENT_STRING =
"SigV2_MigrationSampleCode_Ruby-2010-09-13"
- SIGNATURE_VERSION_1 =
"1"
- SIGNATURE_VERSION_2 =
"2"
- RSA_SHA1_ALGORITHM =
"RSA-SHA1"
Class Method Summary collapse
- .calculate_string_to_sign_v1(args) ⇒ Object
- .get_algorithm(signature_method) ⇒ Object
- .get_http_data(url) ⇒ Object
- .get_http_params(params) ⇒ Object
- .starts_with(string, prefix) ⇒ Object
-
.urlencode(plaintext) ⇒ Object
Convert a string into URL encoded form.
Instance Method Summary collapse
-
#initialize(aws_access_key, aws_secret_key) ⇒ SignatureUtilsForOutbound
constructor
A new instance of SignatureUtilsForOutbound.
- #validate_request(args) ⇒ Object
- #validate_signature_v1(args) ⇒ Object
- #validate_signature_v2(args) ⇒ Object
Constructor Details
#initialize(aws_access_key, aws_secret_key) ⇒ SignatureUtilsForOutbound
Returns a new instance of SignatureUtilsForOutbound.
45 46 47 48 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 45 def initialize(aws_access_key, aws_secret_key) @aws_secret_key = aws_secret_key @aws_access_key = aws_access_key end |
Class Method Details
.calculate_string_to_sign_v1(args) ⇒ Object
123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 123 def self.calculate_string_to_sign_v1(args) parameters = args[:parameters] # exclude any existing Signature parameter from the canonical string sorted = (parameters.reject { |k, v| ((k == SIGNATURE_KEYNAME)) }).sort { |a,b| a[0].downcase <=> b[0].downcase } canonical = '' sorted.each do |v| canonical << v[0] canonical << v[1] unless(v[1].nil?) end return canonical end |
.get_algorithm(signature_method) ⇒ Object
138 139 140 141 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 138 def self.get_algorithm(signature_method) return OpenSSL::Digest::SHA1.new if (signature_method == RSA_SHA1_ALGORITHM) return nil end |
.get_http_data(url) ⇒ Object
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 148 def self.get_http_data(url) #2. fetch certificate if not found in cache uri = URI.parse(url) http_session = Net::HTTP.new(uri.host, uri.port) http_session.use_ssl = true http_session.ca_file = File.dirname(__FILE__) + '/ca-bundle.crt' http_session.verify_mode = OpenSSL::SSL::VERIFY_PEER http_session.verify_depth = 5 res = http_session.start {|http_session| req = Net::HTTP::Get.new(url, {"User-Agent" => USER_AGENT_STRING}) http_session.request(req) } return res.body end |
.get_http_params(params) ⇒ Object
170 171 172 173 174 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 170 def self.get_http_params(params) params.map do |(k, v)| urlencode(k) + "=" + urlencode(v) end.join("&") end |
.starts_with(string, prefix) ⇒ Object
165 166 167 168 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 165 def self.starts_with(string, prefix) prefix = prefix.to_s string[0, prefix.length] == prefix end |
.urlencode(plaintext) ⇒ Object
Convert a string into URL encoded form.
144 145 146 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 144 def self.urlencode(plaintext) CGI.escape(plaintext.to_s).gsub("+", "%20").gsub("%7E", "~") end |
Instance Method Details
#validate_request(args) ⇒ Object
50 51 52 53 54 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 50 def validate_request(args) parameters = args[:parameters] return validate_signature_v2(args) if (parameters[SIGNATURE_VERSION_KEYNAME] == SIGNATURE_VERSION_2) return validate_signature_v1(args) end |
#validate_signature_v1(args) ⇒ Object
56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 56 def validate_signature_v1(args) parameters = args[:parameters] signature = ""; if(parameters[SIGNATURE_KEYNAME] != nil) then signature = parameters[SIGNATURE_KEYNAME]; else raise "Signature is missing from parameters" end canonical = SignatureUtilsForOutbound::calculate_string_to_sign_v1(args) digest = OpenSSL::Digest::Digest.new('sha1') return signature == Base64.encode64(OpenSSL::HMAC.digest(digest, @aws_secret_key, canonical)).chomp end |
#validate_signature_v2(args) ⇒ Object
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/amazon/fps/signatureutilsforoutbound.rb', line 70 def validate_signature_v2(args) [:parameters, :http_method, :url_end_point].each do |arg| raise "#{arg.inspect} is missing from the arguments." unless args[arg] end url_end_point = args[:url_end_point] parameters = args[:parameters] raise ":parameters must be enumerable" unless args[:parameters].kind_of? Enumerable signature = parameters[SIGNATURE_KEYNAME]; raise "'signature' is missing from the parameters." if (signature.nil? or signature.empty?) signature_version = parameters[SIGNATURE_VERSION_KEYNAME]; raise "'signatureVersion' is missing from the parameters." if (signature_version.nil? or signature_version.empty?) raise "'signatureVersion' present in parameters is invalid. Valid values are: 2" if (signature_version != SIGNATURE_VERSION_2) signature_method = parameters[SIGNATURE_METHOD_KEYNAME] raise "'signatureMethod' is missing from the parameters." if (signature_method.nil? or signature_method.empty?) signature_algorithm = SignatureUtilsForOutbound::get_algorithm(signature_method) raise "'signatureMethod' present in parameters is invalid. Valid values are: RSA-SHA1" if (signature_algorithm.nil?) certificate_url = parameters[CERTIFICATE_URL_KEYNAME] raise "'certificate_url' is missing from the parameters." if (certificate_url.nil? or certificate_url.empty?) # Construct VerifySignatureAPI request if(SignatureUtilsForOutbound::starts_with(certificate_url, FPS_SANDBOX_ENDPOINT) == true) then verify_signature_request = FPS_SANDBOX_ENDPOINT elsif(SignatureUtilsForOutbound::starts_with(certificate_url, FPS_PROD_ENDPOINT) == true) then verify_signature_request = FPS_PROD_ENDPOINT else raise "'certificateUrl' received is not valid. Valid certificate urls start with " << CERTIFICATE_URL_ROOT << " or " << CERTIFICATE_URL_ROOT_SANDBOX << "." end verify_signature_request = verify_signature_request + ACTION_PARAM + END_POINT_PARAM + SignatureUtilsForOutbound::urlencode(url_end_point) + VERSION_PARAM_VALUE + HTTP_PARAMS_PARAM + SignatureUtilsForOutbound::urlencode(SignatureUtilsForOutbound::get_http_params(parameters)) verify_signature_response = SignatureUtilsForOutbound::get_http_data(verify_signature_request) # parse the response document = REXML::Document.new(verify_signature_response) status_el = document.elements['VerifySignatureResponse/VerifySignatureResult/VerificationStatus'] return (!status_el.nil? && status_el.text == "Success") end |