Class: Aws::Plugins::Sign::SignatureV4 Private

Inherits:

Object

• Object
• Aws::Plugins::Sign::SignatureV4

Defined in:

lib/aws-sdk-core/plugins/sign.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Instance Method Summary

• #initialize(auth_scheme, config, sigv4_overrides = {}) ⇒ SignatureV4 constructor private

  A new instance of SignatureV4.

• #presign_url(*args) ⇒ Object private
• #sign(context) ⇒ Object private
• #sign_event(*args) ⇒ Object private

Constructor Details

#initialize(auth_scheme, config, sigv4_overrides = {}) ⇒ SignatureV4

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of SignatureV4.

# File 'lib/aws-sdk-core/plugins/sign.rb', line 95

def initialize(auth_scheme, config, sigv4_overrides = {})
  scheme_name = auth_scheme['name']

  unless %w[sigv4 sigv4a sigv4-s3express].include?(scheme_name)
    raise ArgumentError,
          "Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}"
  end

  region = if scheme_name == 'sigv4a'
             auth_scheme['signingRegionSet'].join(',')
           else
             auth_scheme['signingRegion']
           end
  begin
    @signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
      service: config.sigv4_name || auth_scheme['signingName'],
      region: sigv4_overrides[:region] || config.sigv4_region || region,
      credentials_provider: sigv4_overrides[:credentials] || config.credentials,
      signing_algorithm: scheme_name.to_sym,
      uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
      normalize_path: !!!auth_scheme['disableNormalizePath'],
      unsigned_headers: %w[content-length user-agent x-amzn-trace-id expect transfer-encoding connection]
    )
  rescue Aws::Sigv4::Errors::MissingCredentialsError
    raise Aws::Errors::MissingCredentialsError
  end
end

Instance Method Details

#presign_url(*args) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/plugins/sign.rb', line 150

def presign_url(*args)
  @signer.presign_url(*args)
end

#sign(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/plugins/sign.rb', line 123

def sign(context)
  req = context.http_request

  apply_authtype(context, req)
  reset_signature(req)
  apply_clock_skew(context, req)

  # compute the signature
  begin
    signature = @signer.sign_request(
      http_method: req.http_method,
      url: req.endpoint,
      headers: req.headers,
      body: req.body
    )
  rescue Aws::Sigv4::Errors::MissingCredentialsError
    # Necessary for when credentials is explicitly set to nil
    raise Aws::Errors::MissingCredentialsError
  end
  # apply signature headers
  req.headers.update(signature.headers)

  # add request metadata with signature components for debugging
  context[:canonical_request] = signature.canonical_request
  context[:string_to_sign] = signature.string_to_sign
end

#sign_event(*args) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-core/plugins/sign.rb', line 154

def sign_event(*args)
  @signer.sign_event(*args)
end