class AWS4Signer

Constants

RFC8601BASIC

Attributes

access_key[R]

body[R]

date[R]

headers[R]

method[R]

region[R]

secret_key[R]

service[R]

uri[R]

Public Class Methods

new(config) click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 24
def initialize(config)
  @access_key = config[:access_key] || config["access_key"]
  @secret_key = config[:secret_key] || config["secret_key"]
  @region = config[:region] || config["region"]
end

Public Instance Methods

sign(method, uri, headers, body = nil, debug = false, service_name=nil) click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 30
def sign(method, uri, headers, body = nil, debug = false, service_name=nil)
  @method = method.upcase
  @uri = uri
  @headers = headers
  @body = body
  @service = service_name || @uri.host.split(".", 2)[0]
  date_header = headers["Date"] || headers["DATE"] || headers["date"]
  @date = (date_header ? Time.parse(date_header) : Time.now).utc.strftime(RFC8601BASIC)
  dump if debug
  signed = headers.dup
  signed['Authorization'] = authorization(headers)
  signed
end

Private Instance Methods

authorization(headers) click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 46
def authorization(headers)
  [
    "AWS4-HMAC-SHA256 Credential=#{access_key}/#{credential_string}",
    "SignedHeaders=#{headers.keys.map(&:downcase).sort.join(";")}",
    "Signature=#{signature}"
  ].join(', ')
end

canonical_request() click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 80
def canonical_request
  [
    method,
    Pathname.new(uri.path).cleanpath.to_s,
    uri.query,
    headers.sort.map {|k, v| [k.downcase,v.strip].join(':')}.join("\n") + "\n",
    headers.sort.map {|k, v| k.downcase}.join(";"),
    hexdigest(body || '')
  ].join("\n")
end

credential_string() click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 71
def credential_string
  [
    date[0,8],
    region,
    service,
    "aws4_request"
  ].join("/")
end

dump() click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 103
def dump
  puts "string to sign"
  puts string_to_sign
  puts "canonical_request"
  puts canonical_request
  puts "authorization"
end

hexdigest(value) click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 91
def hexdigest(value)
  Digest::SHA256.new.update(value).hexdigest
end

hexhmac(key, value) click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 99
def hexhmac(key, value)
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, value)
end

hmac(key, value) click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 95
def hmac(key, value)
  OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, value)
end

signature() click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 54
def signature
  k_date = hmac("AWS4" + secret_key, date[0,8])
  k_region = hmac(k_date, region)
  k_service = hmac(k_region, service)
  k_credentials = hmac(k_service, "aws4_request")
  hexhmac(k_credentials, string_to_sign)
end

string_to_sign() click to toggle source

# File lib/activemessaging/adapters/aws4_signer.rb, line 62
def string_to_sign
  [
    'AWS4-HMAC-SHA256',
    date,
    credential_string,
    hexdigest(canonical_request)
  ].join("\n")
end