Class: Aws::Plugins::SignatureV4 Private
- Inherits:
-
Seahorse::Client::Plugin
- Object
- Seahorse::Client::Plugin
- Aws::Plugins::SignatureV4
- Defined in:
- lib/aws-sdk-core/plugins/signature_v4.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Deprecated - does not look at new traits like ‘auth` and `unsignedPayload` Necessary to exist after endpoints 2.0 for old service clients + new core
Defined Under Namespace
Classes: Handler, MissingCredentialsSigner
Constant Summary collapse
- V4_AUTH =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
%w[v4 v4-unsigned-payload v4-unsigned-body]
Class Method Summary collapse
- .apply_authtype(context) ⇒ Object private
- .apply_signature(options = {}) ⇒ Object private
- .build_signer(cfg) ⇒ Object private
Instance Method Summary collapse
Methods inherited from Seahorse::Client::Plugin
#add_options, #after_initialize, after_initialize, after_initialize_hooks, #before_initialize, before_initialize, before_initialize_hooks, handlers, literal, option, options
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response, #handler_for, #new_handler
Class Method Details
.apply_authtype(context) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
142 143 144 145 146 147 148 |
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 142 def apply_authtype(context) if context.operation['authtype'].eql?('v4-unsigned-body') && context.http_request.endpoint.scheme.eql?('https') context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD' end context end |
.apply_signature(options = {}) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 99 def apply_signature( = {}) context = apply_authtype([:context]) signer = [:signer] || context.config.sigv4_signer req = context.http_request # in case this request is being re-signed req.headers.delete('Authorization') req.headers.delete('X-Amz-Security-Token') req.headers.delete('X-Amz-Date') req.headers.delete('x-Amz-Region-Set') if context.config.respond_to?(:clock_skew) && context.config.clock_skew && context.config.correct_clock_skew endpoint = context.http_request.endpoint skew = context.config.clock_skew.clock_correction(endpoint) if skew.abs > 0 req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ") end end # compute the signature begin signature = signer.sign_request( http_method: req.http_method, url: req.endpoint, headers: req.headers, body: req.body ) rescue Aws::Sigv4::Errors::MissingCredentialsError raise Aws::Errors::MissingCredentialsError end # apply signature headers req.headers.update(signature.headers) # add request metadata with signature components for debugging context[:canonical_request] = signature.canonical_request context[:string_to_sign] = signature.string_to_sign end |
.build_signer(cfg) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 78 def build_signer(cfg) if cfg.credentials && cfg.sigv4_region Aws::Sigv4::Signer.new( service: cfg.sigv4_name, region: cfg.sigv4_region, credentials_provider: cfg.credentials, unsigned_headers: ['content-length', 'user-agent', 'x-amzn-trace-id'] ) elsif cfg.credentials raise Errors::MissingRegionError elsif cfg.sigv4_region # Instead of raising now, we return a signer that raises only # if you attempt to sign a request. Some services have unsigned # operations and it okay to initialize clients for these services # without credentials. Unsigned operations have an "authtype" # trait of "none". MissingCredentialsSigner.new end end |
Instance Method Details
#add_handlers(handlers, cfg) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
53 54 55 56 57 58 59 60 |
# File 'lib/aws-sdk-core/plugins/signature_v4.rb', line 53 def add_handlers(handlers, cfg) if cfg.unsigned_operations.empty? handlers.add(Handler, step: :sign) else operations = cfg.api.operation_names - cfg.unsigned_operations handlers.add(Handler, step: :sign, operations: operations) end end |