Class: RightAws::AwsUtils

Inherits:
Object show all
Defined in:
lib/awsbase/right_awsbase.rb

Overview

:nodoc:

Constant Summary collapse

@@digest1 =
OpenSSL::Digest::Digest.new("sha1")
@@digest256 =

Some installation may not support sha256

OpenSSL::Digest::Digest.new("sha256") rescue nil

Class Method Summary collapse

Class Method Details

.allow_only(allowed_keys, params) ⇒ Object

Raises:



125
126
127
128
129
# File 'lib/awsbase/right_awsbase.rb', line 125

def self.allow_only(allowed_keys, params)
    bogus_args = []
    params.keys.each {|p| bogus_args.push(p) unless allowed_keys.include?(p) }
    raise AwsError.new("The following arguments were given but are not legal for the function call #{caller_method}: #{bogus_args.inspect}") if bogus_args.length > 0
end

.amz_escape(param) ⇒ Object



92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/awsbase/right_awsbase.rb', line 92

def self.amz_escape(param)
    #return CGI.escape(param.to_s).gsub("%7E", "~").gsub("+", "%20") # from: http://umlaut.rubyforge.org/svn/trunk/lib/aws_product_sign.rb

    #param.to_s.gsub(/([^a-zA-Z0-9._~-]+)/n) do
    #  '%' + $1.unpack('H2' * $1.size).join('%').upcase
    #end
    e = CGI.escape(param.to_s)
    e = e.gsub("%7E", "~")
    e = e.gsub("+", "%20")
    e = e.gsub("*", "%2A")

end

.caller_methodObject



137
138
139
140
# File 'lib/awsbase/right_awsbase.rb', line 137

def self.caller_method
    caller[1]=~/`(.*?)'/
    $1
end

.escape_sig(raw) ⇒ Object



106
107
108
# File 'lib/awsbase/right_awsbase.rb', line 106

def self.escape_sig(raw)
    e = CGI.escape(raw)
end

.fix_service_params(service_hash, signature) ⇒ Object

Set a timestamp and a signature version



44
45
46
47
48
# File 'lib/awsbase/right_awsbase.rb', line 44

def self.fix_service_params(service_hash, signature)
    service_hash["Timestamp"] ||= Time.now.utc.strftime("%Y-%m-%dT%H:%M:%S.000Z") unless service_hash["Expires"]
    service_hash["SignatureVersion"] = signature
    service_hash
end

.mandatory_arguments(required_args, params) ⇒ Object

Raises:



131
132
133
134
135
# File 'lib/awsbase/right_awsbase.rb', line 131

def self.mandatory_arguments(required_args, params)
    rargs = required_args.dup
    params.keys.each {|p| rargs.delete(p)}
    raise AwsError.new("The following mandatory arguments were not provided to #{caller_method}: #{rargs.inspect}") if rargs.length > 0
end

.sign(aws_secret_access_key, auth_string) ⇒ Object



38
39
40
# File 'lib/awsbase/right_awsbase.rb', line 38

def self.sign(aws_secret_access_key, auth_string)
    Base64.encode64(OpenSSL::HMAC.digest(@@digest1, aws_secret_access_key, auth_string)).strip
end

.sign_request_v0(aws_secret_access_key, service_hash) ⇒ Object

Signature Version 0 A deprecated guy (should work till septemper 2009)



52
53
54
55
56
57
# File 'lib/awsbase/right_awsbase.rb', line 52

def self.sign_request_v0(aws_secret_access_key, service_hash)
    fix_service_params(service_hash, '0')
    string_to_sign = "#{service_hash['Action']}#{service_hash['Timestamp'] || service_hash['Expires']}"
    service_hash['Signature'] = AwsUtils::sign(aws_secret_access_key, string_to_sign)
    service_hash.to_a.collect{|key, val| "#{amz_escape(key)}=#{amz_escape(val.to_s)}" }.join("&")
end

.sign_request_v1(aws_secret_access_key, service_hash) ⇒ Object

Signature Version 1 Another deprecated guy (should work till septemper 2009)



61
62
63
64
65
66
# File 'lib/awsbase/right_awsbase.rb', line 61

def self.sign_request_v1(aws_secret_access_key, service_hash)
    fix_service_params(service_hash, '1')
    string_to_sign = service_hash.sort{|a, b| (a[0].to_s.downcase)<=>(b[0].to_s.downcase)}.to_s
    service_hash['Signature'] = AwsUtils::sign(aws_secret_access_key, string_to_sign)
    service_hash.to_a.collect{|key, val| "#{amz_escape(key)}=#{amz_escape(val.to_s)}" }.join("&")
end

.sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, uri) ⇒ Object

Signature Version 2 EC2, SQS and SDB requests must be signed by this guy. See: docs.amazonwebservices.com/AmazonSimpleDB/2007-11-07/DeveloperGuide/index.html?REST_RESTAuth.html

http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1928


72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/awsbase/right_awsbase.rb', line 72

def self.sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, uri)
    fix_service_params(service_hash, '2')
    # select a signing method (make an old openssl working with sha1)
    # make 'HmacSHA256' to be a default one
    service_hash['SignatureMethod'] = 'HmacSHA256' unless ['HmacSHA256', 'HmacSHA1'].include?(service_hash['SignatureMethod'])
    service_hash['SignatureMethod'] = 'HmacSHA1'   unless @@digest256
    # select a digest
    digest = (service_hash['SignatureMethod'] == 'HmacSHA256' ? @@digest256 : @@digest1)
    # form string to sign
    canonical_string = service_hash.keys.sort.map do |key|
        "#{amz_escape(key)}=#{amz_escape(service_hash[key])}"
    end.join('&')
    string_to_sign = "#{http_verb.to_s.upcase}\n#{host.downcase}\n#{uri}\n#{canonical_string}"
    # sign the string
    signature      = escape_sig(Base64.encode64(OpenSSL::HMAC.digest(digest, aws_secret_access_key, string_to_sign)).strip)
    "#{canonical_string}&Signature=#{signature}"
end

.URLencode(raw) ⇒ Object

From Amazon’s SQS Dev Guide, a brief description of how to escape: “URL encode the computed signature and other query parameters as specified in RFC1738, section 2.2. In addition, because the + character is interpreted as a blank space by Sun Java classes that perform URL decoding, make sure to encode the + character although it is not required by RFC1738.” Avoid using CGI::escape to escape URIs. CGI::escape will escape characters in the protocol, host, and port sections of the URI. Only target chars in the query string should be escaped.



119
120
121
122
# File 'lib/awsbase/right_awsbase.rb', line 119

def self.URLencode(raw)
    e = URI.escape(raw)
    e.gsub(/\+/, "%2b")
end