Module: Aws::Authentication

Includes:

AWS

Included in:

Sqs::Queue

Defined in:

lib/lamed/aws/authentication.rb

Constant Summary

AMAZON_ACCESS_KEY_ID =

ENV['AMAZON_ACCESS_KEY_ID']

AMAZON_SECRET_ACCESS_KEY =

ENV['AMAZON_SECRET_ACCESS_KEY']

SIGNATURE_VERSION =

'2'

Instance Method Summary

• #aws_access_key_id ⇒ Object
• #aws_escape(string) ⇒ Object

  Escape the nonreserved AWS characters.

• #aws_escape_params(params, opts = {}) ⇒ Object
• #aws_secret_access_key ⇒ Object
• #aws_signature(string_to_sign) ⇒ Object
• #generate_query(action, params = {}) ⇒ Object
• #generate_query_string(params, opts = {}) ⇒ Object
• #generate_request(action, params = {}) ⇒ Object
• #generate_string_to_sign(httpverb, host, uri, params = {}) ⇒ Object

  Create an AWS signature From: docs.amazonwebservices.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/ String to sign: HTTPVerb + “n” + ValueOfHostHeaderInLowercase + “n” + HTTPRequestURI + “n” + CanonicalizedQueryString Calculate an RFC 2104-compliant HMAC with the string you just created, your Secret Access Key as the key.

• #new_digest ⇒ Object
• #sign(string) ⇒ Object
• #uri_escape_params(params, opts = {}) ⇒ Object

Methods included from AWS

#http_get_xml, #time_xml

Instance Method Details

#aws_access_key_id ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 10

def aws_access_key_id
  AMAZON_ACCESS_KEY_ID
end

#aws_escape(string) ⇒ Object

Escape the nonreserved AWS characters. Use this instead of URI.escape or CGI.escape See String#unpack for hex nibbles: ruby-doc.org/core/classes/String.html#M000760

# File 'lib/lamed/aws/authentication.rb', line 28

def aws_escape(string)
  string.to_s.gsub(/([^a-zA-Z0-9._~-]+)/n) { '%' + $1.unpack('H2' * $1.size).join('%').upcase }
end

#aws_escape_params(params, opts = {}) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 32

def aws_escape_params(params, opts = {})
  request = params.merge(opts)
  request.inject({}) { |h,(k,v)| h[aws_escape(k)] = aws_escape(v);h }
end

#aws_secret_access_key ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 14

def aws_secret_access_key
  AMAZON_SECRET_ACCESS_KEY
end

#aws_signature(string_to_sign) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 75

def aws_signature(string_to_sign)
  sign(string_to_sign)
end

#generate_query(action, params = {}) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 66

def generate_query(action, params = {})
  request_hash = generate_request(action, params)
  uri = url_path || "/"
  uri = uri + "/" unless uri == "/"
  string_to_sign = generate_string_to_sign(:get, @host, uri, request_hash)
  signature = aws_signature(string_to_sign)
  generate_query_string(request_hash, 'Signature' => signature)
end

#generate_query_string(params, opts = {}) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 90

def generate_query_string(params, opts = {})
  query_hash = params.merge(opts)
  query_string = URI.escape(query_hash.collect { |k,v| k.to_s + '=' + v.to_s }.join('&'))
  query_string.gsub(/\+/, "%2B")   #encode pluses correctly 
end

#generate_request(action, params = {}) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 79

def generate_request(action, params = {})
  request = {
    'Action' => action,
    'SignatureMethod' => 'HmacSHA256',
    'AWSAccessKeyId'  => aws_access_key_id,
    'SignatureVersion' => SIGNATURE_VERSION
  }
  request.merge(default_params).merge(params)
end

#generate_string_to_sign(httpverb, host, uri, params = {}) ⇒ Object

Create an AWS signature From: docs.amazonwebservices.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/ String to sign:

HTTPVerb + "\n" +
ValueOfHostHeaderInLowercase + "\n" +
HTTPRequestURI + "\n" +         
CanonicalizedQueryString

Calculate an RFC 2104-compliant HMAC with the string you just created, your Secret Access Key as the key. We use SHA256 as the hash algorithm. Do not encode the signature here. The string will be encoded when it’s included in the query string. def aws_signature(httpverb, host, requesturi, params = {})

sorted_params = params.sort.inject({}) { |h,(k,v)| h[k] = v;h }
query_string = aws_escape_params(sorted_params).collect { |k,v| k + '=' + v }.join('&')
string_to_sign = "#{httpverb.to_s.upcase}\n#{host}\n#{requesturi}\n#{query_string}"
puts "STRING TO SIGN is " + string_to_sign.inspect
sign(string_to_sign)

end

# File 'lib/lamed/aws/authentication.rb', line 59

def generate_string_to_sign(httpverb, host, uri, params = {})
  verb = httpverb.to_s.upcase
  sorted_params = params.sort.inject({}) { |h,(k,v)| h[k] = v;h }
  query_string = aws_escape_params(sorted_params).collect { |k,v| k + '=' + v }.join('&')
  "#{verb}\n#{host}\n#{uri}\n#{query_string}"
end

#new_digest ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 18

def new_digest
  OpenSSL::Digest::Digest.new('sha256')
end

#sign(string) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 22

def sign(string)
  Base64.encode64(OpenSSL::HMAC.digest(new_digest, aws_secret_access_key, string)).strip
end

#uri_escape_params(params, opts = {}) ⇒ Object

# File 'lib/lamed/aws/authentication.rb', line 37

def uri_escape_params(params, opts = {})
  request = params.merge(opts)
  request.inject({}) { |h,(k,v)| h[URI.escape(k.to_s)] = URI.escape(v.to_s);h }
end