class AWSRaw::S3::Signer

Generates the Authorization header for a REST request to S3.

See docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html

Constants

SUBRESOURCES

Public Class Methods

new(access_key_id, secret_access_key) click to toggle source
# File lib/awsraw/s3/signer.rb, line 15
def initialize(access_key_id, secret_access_key)
  @access_key_id     = access_key_id
  @secret_access_key = secret_access_key
end

Public Instance Methods

authorization_header_value(request) click to toggle source
# File lib/awsraw/s3/signer.rb, line 20
def authorization_header_value(request)
  string_to_sign = string_to_sign(request)
  signature = encoded_signature(string_to_sign)

  "AWS #{@access_key_id}:#{signature}"
end
Also aliased as: signature
encoded_signature(string_to_sign) click to toggle source
# File lib/awsraw/s3/signer.rb, line 30
def encoded_signature(string_to_sign)
  digest    = OpenSSL::Digest.new("sha1")
  sha       = OpenSSL::HMAC.digest(digest, @secret_access_key, string_to_sign)
  signature = Base64.encode64(sha).strip
end
signature(request)

Backwards compatibility

string_to_sign(request) click to toggle source
# File lib/awsraw/s3/signer.rb, line 36
def string_to_sign(request)
  [
    request.method,
    request.headers["Content-MD5"]  || "",
    request.headers["Content-Type"] || "",
    request.headers["Date"],
    canonicalized_amz_headers(request.headers),
    canonicalized_resource(request)
  ].flatten.join("\n")
end

Private Instance Methods

canonicalized_amz_headers(headers) click to toggle source
# File lib/awsraw/s3/signer.rb, line 49
def canonicalized_amz_headers(headers)
  header_names = headers.keys.
    select  {|name| name =~ /^x-amz-/i }.
    sort_by {|name| name.downcase }

  header_names.map do |name|
    "#{name.downcase}:#{headers[name]}"
  end
end
canonicalized_resource(request) click to toggle source
# File lib/awsraw/s3/signer.rb, line 59
def canonicalized_resource(request)
  if request.host =~ /^(.+)\.s3\.amazonaws\.com/
    bucket = request.host.split(/\./).first
    resource = '/' + bucket + request.path
  else
    resource = request.path
  end
  resource + canonicalized_subresource(request)
end
canonicalized_subresource(request) click to toggle source
# File lib/awsraw/s3/signer.rb, line 69
def canonicalized_subresource(request)
  return "" unless request.query
  subresources =
    request.query.split('&')
      .map { |s| s.split('=') }
      .select { |k,v| SUBRESOURCES.include? k }
      .map { |k,v| k + (v ? "=#{v}" : "") }
  if subresources.any?
    "?" + subresources.join("&")
  else
    ""
  end
end