Class: Aws::S3::LegacySigner Private

Inherits:

Object

• Object
• Aws::S3::LegacySigner

Defined in:

lib/aws-sdk-s3/legacy_signer.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Constant Summary

SIGNED_QUERYSTRING_PARAMS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Set.new(%w(

  acl delete cors lifecycle location logging notification partNumber
  policy requestPayment restore tagging torrent uploadId uploads
  versionId versioning versions website replication requestPayment
  accelerate

  response-content-type response-content-language
  response-expires response-cache-control
  response-content-disposition response-content-encoding

))

Instance Attribute Summary

• #credentials ⇒ Object readonly private
• #params ⇒ Object readonly private

Class Method Summary

• .sign(context) ⇒ Object private

Instance Method Summary

• #authorization(request) ⇒ Object private
• #canonicalized_headers(request) ⇒ Object private

  CanonicalizedAmzHeaders.

• #canonicalized_resource(endpoint) ⇒ Object private

  From the S3 developer guide.

• #digest(secret, string_to_sign) ⇒ Object private
• #hmac(key, value) ⇒ Object private
• #initialize(credentials, params, force_path_style) ⇒ LegacySigner constructor private

  A new instance of LegacySigner.

• #sign(request) ⇒ Object private
• #signature(request) ⇒ Object private
• #signed_querystring_params(endpoint) ⇒ Object private
• #signing_string_date(request) ⇒ Object private
• #string_to_sign(request) ⇒ Object private

  From the S3 developer guide:.

• #uri_escape(s) ⇒ Object private

Constructor Details

#initialize(credentials, params, force_path_style) ⇒ LegacySigner

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of LegacySigner.

Parameters:

• credentials (CredentialProvider)

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 35

def initialize(credentials, params, force_path_style)
  @credentials = credentials.credentials
  @params = Query::ParamList.new
  params.each_pair do |param_name, param_value|
    @params.set(param_name, param_value)
  end
  @force_path_style = force_path_style
end

Instance Attribute Details

#credentials ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 44

def credentials
  @credentials
end

#params ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 44

def params
  @params
end

Class Method Details

.sign(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 26

def self.sign(context)
  new(
    context.config.credentials,
    context.params,
    context.config.force_path_style
  ).sign(context.http_request)
end

Instance Method Details

#authorization(request) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 53

def authorization(request)
  "AWS #{credentials.access_key_id}:#{signature(request)}"
end

#canonicalized_headers(request) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

CanonicalizedAmzHeaders

See the developer guide for more information on how this element is generated.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 105

def canonicalized_headers(request)
  x_amz = request.headers.select{|k, v| k =~ /^x-amz-/i }
  x_amz = x_amz.collect{|k, v| [k.downcase, v] }
  x_amz = x_amz.sort_by{|k, v| k }
  x_amz = x_amz.collect{|k, v| "#{k}:#{v.to_s.strip}" }.join("\n")
  x_amz == '' ? nil : x_amz
end

#canonicalized_resource(endpoint) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

From the S3 developer guide

CanonicalizedResource =
  [ "/" ` Bucket ] `
  <HTTP-Request-URI, protocol name up to the querystring> +
  [ sub-resource, if present. e.g. "?acl", "?location",
  "?logging", or "?torrent"];

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 122

def canonicalized_resource(endpoint)

  parts = []

  # virtual hosted-style requests require the hostname to appear
  # in the canonicalized resource prefixed by a forward slash.
  if bucket = params[:bucket]
    bucket = bucket.value
    ssl = endpoint.scheme == 'https'
    if Plugins::BucketDns.dns_compatible?(bucket, ssl) && !@force_path_style
      parts << "/#{bucket}"
    end
  end

  # append the path name (no querystring)
  parts << endpoint.path

  # lastly any sub resource querystring params need to be appened
  # in lexigraphical ordered joined by '&' and prefixed by '?'
  params = signed_querystring_params(endpoint)

  unless params.empty?
    parts << '?'
    parts << params.sort.collect{|p| p.to_s }.join('&')
  end

  parts.join
end

#digest(secret, string_to_sign) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 63

def digest(secret, string_to_sign)
  Base64.encode64(hmac(secret, string_to_sign)).strip
end

#hmac(key, value) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 67

def hmac(key, value)
  OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), key, value)
end

#sign(request) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 46

def sign(request)
  if token = credentials.session_token
    request.headers["X-Amz-Security-Token"] = token
  end
  request.headers['Authorization'] = authorization(request)
end

#signature(request) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 57

def signature(request)
  string_to_sign = string_to_sign(request)
  signature = digest(credentials.secret_access_key, string_to_sign)
  uri_escape(signature)
end

#signed_querystring_params(endpoint) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 151

def signed_querystring_params(endpoint)
  endpoint.query.to_s.split('&').select do |p|
    SIGNED_QUERYSTRING_PARAMS.include?(p.split('=')[0])
  end.map { |p| CGI.unescape(p) }
end

#signing_string_date(request) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 90

def signing_string_date(request)
  # if a date is provided via x-amz-date then we should omit the
  # Date header from the signing string (should appear as a blank line)
  if request.headers.detect{|k,v| k.to_s =~ /^x-amz-date$/i }
    ''
  else
    request.headers['Date'] = Time.now.httpdate
  end
end

#string_to_sign(request) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

From the S3 developer guide:

StringToSign =
  HTTP-Verb ` "\n" `
  content-md5 ` "\n" `
  content-type ` "\n" `
  date ` "\n" `
  CanonicalizedAmzHeaders + CanonicalizedResource;

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 80

def string_to_sign(request)
  [
    request.http_method,
    request.headers.values_at('Content-Md5', 'Content-Type').join("\n"),
    signing_string_date(request),
    canonicalized_headers(request),
    canonicalized_resource(request.endpoint),
  ].flatten.compact.join("\n")
end

#uri_escape(s) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-s3/legacy_signer.rb', line 157

def uri_escape(s)

  #URI.escape(s)

  # URI.escape is deprecated, replacing it with escape from webrick
  # to squelch the massive number of warnings generated from Ruby.
  # The following script was used to determine the differences
  # between the various escape methods available. The webrick
  # escape only had two differences and it is available in the
  # standard lib.
  #
  #     (0..255).each {|c|
  #       s = [c].pack("C")
  #       e = [
  #         CGI.escape(s),
  #         ERB::Util.url_encode(s),
  #         URI.encode_www_form_component(s),
  #         WEBrick::HTTPUtils.escape_form(s),
  #         WEBrick::HTTPUtils.escape(s),
  #         URI.escape(s),
  #       ]
  #       next if e.uniq.length == 1
  #       puts("%5s %5s %5s %5s %5s %5s %5s" % ([s.inspect] + e))
  #     }
  #
  WEBrick::HTTPUtils.escape(s).gsub('%5B', '[').gsub('%5D', ']')
end