@aws-sdk/signature-v4-crt - npm Package Compare versions

Comparing version 3.186.0 to 3.188.0

CHANGELOG.md

		@@ -6,2 +6,10 @@ # Change Log

		# [3.188.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.187.0...v3.188.0) (2022-10-13)

		Note: Version bump only for package @aws-sdk/signature-v4-crt





		# [3.186.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.185.0...v3.186.0) (2022-10-06)
		@@ -8,0 +16,0 @@

dist-es/constants.js

		@@ -1,18 +0,18 @@
		export var ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
		export var CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
		export var AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
		export var SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
		export var EXPIRES_QUERY_PARAM = "X-Amz-Expires";
		export var SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
		export var TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
		export var REGION_SET_PARAM = "X-Amz-Region-Set";
		export var AUTH_HEADER = "authorization";
		export var AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();
		export var DATE_HEADER = "date";
		export var GENERATED_HEADERS = [AUTH_HEADER, AMZ_DATE_HEADER, DATE_HEADER];
		export var SIGNATURE_HEADER = SIGNATURE_QUERY_PARAM.toLowerCase();
		export var SHA256_HEADER = "x-amz-content-sha256";
		export var TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();
		export var HOST_HEADER = "host";
		export var ALWAYS_UNSIGNABLE_HEADERS = {
		export const ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
		export const CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
		export const AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
		export const SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
		export const EXPIRES_QUERY_PARAM = "X-Amz-Expires";
		export const SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
		export const TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
		export const REGION_SET_PARAM = "X-Amz-Region-Set";
		export const AUTH_HEADER = "authorization";
		export const AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();
		export const DATE_HEADER = "date";
		export const GENERATED_HEADERS = [AUTH_HEADER, AMZ_DATE_HEADER, DATE_HEADER];
		export const SIGNATURE_HEADER = SIGNATURE_QUERY_PARAM.toLowerCase();
		export const SHA256_HEADER = "x-amz-content-sha256";
		export const TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();
		export const HOST_HEADER = "host";
		export const ALWAYS_UNSIGNABLE_HEADERS = {
		authorization: true,
		@@ -34,11 +34,11 @@ "cache-control": true,
		};
		export var PROXY_HEADER_PATTERN = /^proxy-/;
		export var SEC_HEADER_PATTERN = /^sec-/;
		export var UNSIGNABLE_PATTERNS = [/^proxy-/i, /^sec-/i];
		export var ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";
		export var ALGORITHM_IDENTIFIER_V4A = "AWS4-ECDSA-P256-SHA256";
		export var EVENT_ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256-PAYLOAD";
		export var UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
		export var MAX_CACHE_SIZE = 50;
		export var KEY_TYPE_IDENTIFIER = "aws4_request";
		export var MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;
		export const PROXY_HEADER_PATTERN = /^proxy-/;
		export const SEC_HEADER_PATTERN = /^sec-/;
		export const UNSIGNABLE_PATTERNS = [/^proxy-/i, /^sec-/i];
		export const ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";
		export const ALGORITHM_IDENTIFIER_V4A = "AWS4-ECDSA-P256-SHA256";
		export const EVENT_ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256-PAYLOAD";
		export const UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
		export const MAX_CACHE_SIZE = 50;
		export const KEY_TYPE_IDENTIFIER = "aws4_request";
		export const MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;

265

dist-es/CrtSignerV4.js

		@@ -1,2 +0,1 @@
		import { __assign, __awaiter, __generator, __read, __spreadArray } from "tslib";
		import { parseQueryString } from "@aws-sdk/querystring-parser";
		@@ -10,10 +9,9 @@ import { getCanonicalQuery, getPayloadHash, moveHeadersToQuery, prepareRequest, } from "@aws-sdk/signature-v4";
		deleteHeader(SHA256_HEADER, sdkRequest.headers);
		var headersArray = Object.entries(sdkRequest.headers);
		var crtHttpHeaders = new crtHttp.HttpHeaders(headersArray);
		var queryString = getCanonicalQuery(sdkRequest);
		const headersArray = Object.entries(sdkRequest.headers);
		const crtHttpHeaders = new crtHttp.HttpHeaders(headersArray);
		const queryString = getCanonicalQuery(sdkRequest);
		return new crtHttp.HttpRequest(sdkRequest.method, sdkRequest.path + "?" + queryString, crtHttpHeaders);
		}
		var CrtSignerV4 = (function () {
		function CrtSignerV4(_a) {
		var credentials = _a.credentials, region = _a.region, service = _a.service, sha256 = _a.sha256, _b = _a.applyChecksum, applyChecksum = _b === void 0 ? true : _b, _c = _a.uriEscapePath, uriEscapePath = _c === void 0 ? true : _c, _d = _a.signingAlgorithm, signingAlgorithm = _d === void 0 ? crtAuth.AwsSigningAlgorithm.SigV4 : _d;
		export class CrtSignerV4 {
		constructor({ credentials, region, service, sha256, applyChecksum = true, uriEscapePath = true, signingAlgorithm = crtAuth.AwsSigningAlgorithm.SigV4, }) {
		this.service = service;
		@@ -28,177 +26,80 @@ this.sha256 = sha256;
		}
		CrtSignerV4.prototype.options2crtConfigure = function (_a, viaHeader, payloadHash, expiresIn) {
		var _b = _a === void 0 ? {} : _a, _c = _b.signingDate, signingDate = _c === void 0 ? new Date() : _c, signableHeaders = _b.signableHeaders, unsignableHeaders = _b.unsignableHeaders, signingRegion = _b.signingRegion, signingService = _b.signingService;
		return __awaiter(this, void 0, void 0, function () {
		var credentials, region, _d, service, headersUnsignable;
		return __generator(this, function (_e) {
		switch (_e.label) {
		case 0: return [4, this.credentialProvider()];
		case 1:
		credentials = _e.sent();
		if (!(signingRegion !== null && signingRegion !== void 0)) return [3, 2];
		_d = signingRegion;
		return [3, 4];
		case 2: return [4, this.regionProvider()];
		case 3:
		_d = (_e.sent());
		_e.label = 4;
		case 4:
		region = _d;
		service = signingService !== null && signingService !== void 0 ? signingService : this.service;
		if ((signableHeaders === null \|\| signableHeaders === void 0 ? void 0 : signableHeaders.has("x-amzn-trace-id")) \|\| (signableHeaders === null \|\| signableHeaders === void 0 ? void 0 : signableHeaders.has("user-agent"))) {
		throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
		}
		headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
		return [2, {
		algorithm: this.signingAlgorithm,
		signature_type: viaHeader
		? crtAuth.AwsSignatureType.HttpRequestViaHeaders
		: crtAuth.AwsSignatureType.HttpRequestViaQueryParams,
		provider: sdk2crtCredentialsProvider(credentials),
		region: region,
		service: service,
		date: new Date(signingDate),
		header_blacklist: headersUnsignable,
		use_double_uri_encode: this.uriEscapePath,
		signed_body_value: payloadHash,
		signed_body_header: this.applyChecksum && viaHeader
		? crtAuth.AwsSignedBodyHeaderType.XAmzContentSha256
		: crtAuth.AwsSignedBodyHeaderType.None,
		expiration_in_seconds: expiresIn,
		}];
		}
		});
		});
		};
		CrtSignerV4.prototype.presign = function (originalRequest, options) {
		if (options === void 0) { options = {}; }
		return __awaiter(this, void 0, void 0, function () {
		var request, crtSignedRequest, _a, _b, _c, _d;
		return __generator(this, function (_e) {
		switch (_e.label) {
		case 0:
		if (options.expiresIn && options.expiresIn > MAX_PRESIGNED_TTL) {
		return [2, Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future")];
		}
		request = moveHeadersToQuery(prepareRequest(originalRequest));
		_a = this.signRequest;
		_b = [request];
		_c = this.options2crtConfigure;
		_d = [options,
		false];
		return [4, getPayloadHash(originalRequest, this.sha256)];
		case 1: return [4, _c.apply(this, _d.concat([_e.sent(), options.expiresIn ? options.expiresIn : 3600]))];
		case 2: return [4, _a.apply(this, _b.concat([_e.sent()]))];
		case 3:
		crtSignedRequest = _e.sent();
		request.query = this.getQueryParam(crtSignedRequest.path);
		return [2, request];
		}
		});
		});
		};
		CrtSignerV4.prototype.sign = function (toSign, options) {
		return __awaiter(this, void 0, void 0, function () {
		var request, crtSignedRequest, _a, _b, _c, _d;
		return __generator(this, function (_e) {
		switch (_e.label) {
		case 0:
		request = prepareRequest(toSign);
		_a = this.signRequest;
		_b = [request];
		_c = this.options2crtConfigure;
		_d = [options, true];
		return [4, getPayloadHash(toSign, this.sha256)];
		case 1: return [4, _c.apply(this, _d.concat([_e.sent()]))];
		case 2: return [4, _a.apply(this, _b.concat([_e.sent()]))];
		case 3:
		crtSignedRequest = _e.sent();
		request.headers = crtSignedRequest.headers._flatten().reduce(function (acc, _a) {
		var _b;
		var _c = __read(_a, 2), key = _c[0], value = _c[1];
		return (__assign(__assign({}, acc), (_b = {}, _b[key] = value, _b)));
		}, {});
		return [2, request];
		}
		});
		});
		};
		CrtSignerV4.prototype.getQueryParam = function (crtPath) {
		var start = crtPath.search(/\?/);
		var startHash = crtPath.search(/\#/);
		var end = startHash == -1 ? undefined : startHash;
		var queryParam = {};
		async options2crtConfigure({ signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}, viaHeader, payloadHash, expiresIn) {
		const credentials = await this.credentialProvider();
		const region = signingRegion ?? (await this.regionProvider());
		const service = signingService ?? this.service;
		if (signableHeaders?.has("x-amzn-trace-id") \|\| signableHeaders?.has("user-agent")) {
		throw new Error("internal check (x-amzn-trace-id, user-agent) is not supported to be included to sign with CRT.");
		}
		const headersUnsignable = getHeadersUnsignable(unsignableHeaders, signableHeaders);
		return {
		algorithm: this.signingAlgorithm,
		signature_type: viaHeader
		? crtAuth.AwsSignatureType.HttpRequestViaHeaders
		: crtAuth.AwsSignatureType.HttpRequestViaQueryParams,
		provider: sdk2crtCredentialsProvider(credentials),
		region: region,
		service: service,
		date: new Date(signingDate),
		header_blacklist: headersUnsignable,
		use_double_uri_encode: this.uriEscapePath,
		signed_body_value: payloadHash,
		signed_body_header: this.applyChecksum && viaHeader
		? crtAuth.AwsSignedBodyHeaderType.XAmzContentSha256
		: crtAuth.AwsSignedBodyHeaderType.None,
		expiration_in_seconds: expiresIn,
		};
		}
		async presign(originalRequest, options = {}) {
		if (options.expiresIn && options.expiresIn > MAX_PRESIGNED_TTL) {
		return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
		}
		const request = moveHeadersToQuery(prepareRequest(originalRequest));
		const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, false, await getPayloadHash(originalRequest, this.sha256), options.expiresIn ? options.expiresIn : 3600));
		request.query = this.getQueryParam(crtSignedRequest.path);
		return request;
		}
		async sign(toSign, options) {
		const request = prepareRequest(toSign);
		const crtSignedRequest = await this.signRequest(request, await this.options2crtConfigure(options, true, await getPayloadHash(toSign, this.sha256)));
		request.headers = crtSignedRequest.headers._flatten().reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {});
		return request;
		}
		getQueryParam(crtPath) {
		const start = crtPath.search(/\?/);
		const startHash = crtPath.search(/\#/);
		const end = startHash == -1 ? undefined : startHash;
		const queryParam = {};
		if (start == -1) {
		return queryParam;
		}
		var queryString = crtPath.slice(start + 1, end);
		const queryString = crtPath.slice(start + 1, end);
		return parseQueryString(queryString);
		};
		CrtSignerV4.prototype.signRequest = function (requestToSign, crtConfig) {
		return __awaiter(this, void 0, void 0, function () {
		var request, error_1;
		return __generator(this, function (_a) {
		switch (_a.label) {
		case 0:
		request = sdkHttpRequest2crtHttpRequest(requestToSign);
		_a.label = 1;
		case 1:
		_a.trys.push([1, 3, , 4]);
		return [4, crtAuth.aws_sign_request(request, crtConfig)];
		case 2: return [2, _a.sent()];
		case 3:
		error_1 = _a.sent();
		throw new Error(error_1);
		case 4: return [2];
		}
		});
		});
		};
		CrtSignerV4.prototype.verifySigv4aSigning = function (request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options) {
		if (options === void 0) { options = {}; }
		return __awaiter(this, void 0, void 0, function () {
		var sdkRequest, crtRequest, payloadHash, crtConfig;
		return __generator(this, function (_a) {
		switch (_a.label) {
		case 0:
		sdkRequest = prepareRequest(request);
		crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
		return [4, getPayloadHash(request, this.sha256)];
		case 1:
		payloadHash = _a.sent();
		return [4, this.options2crtConfigure(options, true, payloadHash)];
		case 2:
		crtConfig = _a.sent();
		return [2, crtAuth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY)];
		}
		});
		});
		};
		CrtSignerV4.prototype.verifySigv4aPreSigning = function (request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options) {
		if (options === void 0) { options = {}; }
		return __awaiter(this, void 0, void 0, function () {
		var sdkRequest, crtRequest, crtConfig, _a, _b;
		return __generator(this, function (_c) {
		switch (_c.label) {
		case 0:
		if (typeof signature != "string") {
		return [2, false];
		}
		sdkRequest = prepareRequest(request);
		crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
		_a = this.options2crtConfigure;
		_b = [options,
		false];
		return [4, getPayloadHash(request, this.sha256)];
		case 1: return [4, _a.apply(this, _b.concat([_c.sent(), options.expiresIn ? options.expiresIn : 3600]))];
		case 2:
		crtConfig = _c.sent();
		return [2, crtAuth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY)];
		}
		});
		});
		};
		return CrtSignerV4;
		}());
		export { CrtSignerV4 };
		}
		async signRequest(requestToSign, crtConfig) {
		const request = sdkHttpRequest2crtHttpRequest(requestToSign);
		try {
		return await crtAuth.aws_sign_request(request, crtConfig);
		}
		catch (error) {
		throw new Error(error);
		}
		}
		async verifySigv4aSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
		const sdkRequest = prepareRequest(request);
		const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
		const payloadHash = await getPayloadHash(request, this.sha256);
		const crtConfig = await this.options2crtConfigure(options, true, payloadHash);
		return crtAuth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
		}
		async verifySigv4aPreSigning(request, signature, expectedCanonicalRequest, eccPubKeyX, eccPubKeyY, options = {}) {
		if (typeof signature != "string") {
		return false;
		}
		const sdkRequest = prepareRequest(request);
		const crtRequest = sdkHttpRequest2crtHttpRequest(sdkRequest);
		const crtConfig = await this.options2crtConfigure(options, false, await getPayloadHash(request, this.sha256), options.expiresIn ? options.expiresIn : 3600);
		return crtAuth.aws_verify_sigv4a_signing(crtRequest, crtConfig, expectedCanonicalRequest, signature, eccPubKeyX, eccPubKeyY);
		}
		}
		function sdk2crtCredentialsProvider(credentials) {
		@@ -212,6 +113,6 @@ return crtAuth.AwsCredentialsProvider.newStatic(credentials.accessKeyId, credentials.secretAccessKey, credentials.sessionToken);
		if (!signableHeaders) {
		return __spreadArray([], __read(unsignableHeaders), false);
		return [...unsignableHeaders];
		}
		var result = new Set(__spreadArray([], __read(unsignableHeaders), false));
		for (var it_1 = signableHeaders.values(), val = null; (val = it_1.next().value);) {
		const result = new Set([...unsignableHeaders]);
		for (let it = signableHeaders.values(), val = null; (val = it.next().value);) {
		if (result.has(val)) {
		@@ -221,3 +122,3 @@ result.delete(val);
		}
		return __spreadArray([], __read(result), false);
		return [...result];
		}

dist-es/headerUtil.js

		@@ -1,60 +0,26 @@
		import { __values } from "tslib";
		export function hasHeader(soughtHeader, headers) {
		var e_1, _a;
		soughtHeader = soughtHeader.toLowerCase();
		try {
		for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
		var headerName = _c.value;
		if (soughtHeader === headerName.toLowerCase()) {
		return true;
		}
		for (const headerName of Object.keys(headers)) {
		if (soughtHeader === headerName.toLowerCase()) {
		return true;
		}
		}
		catch (e_1_1) { e_1 = { error: e_1_1 }; }
		finally {
		try {
		if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
		}
		finally { if (e_1) throw e_1.error; }
		}
		return false;
		}
		export function getHeaderValue(soughtHeader, headers) {
		var e_2, _a;
		soughtHeader = soughtHeader.toLowerCase();
		try {
		for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
		var headerName = _c.value;
		if (soughtHeader === headerName.toLowerCase()) {
		return headers[headerName];
		}
		for (const headerName of Object.keys(headers)) {
		if (soughtHeader === headerName.toLowerCase()) {
		return headers[headerName];
		}
		}
		catch (e_2_1) { e_2 = { error: e_2_1 }; }
		finally {
		try {
		if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
		}
		finally { if (e_2) throw e_2.error; }
		}
		return undefined;
		}
		export function deleteHeader(soughtHeader, headers) {
		var e_3, _a;
		soughtHeader = soughtHeader.toLowerCase();
		try {
		for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
		var headerName = _c.value;
		if (soughtHeader === headerName.toLowerCase()) {
		delete headers[headerName];
		}
		for (const headerName of Object.keys(headers)) {
		if (soughtHeader === headerName.toLowerCase()) {
		delete headers[headerName];
		}
		}
		catch (e_3_1) { e_3 = { error: e_3_1 }; }
		finally {
		try {
		if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
		}
		finally { if (e_3) throw e_3.error; }
		}
		}

dist-es/suite.fixture.js

		@@ -1,9 +0,9 @@
		export var region = "us-east-1";
		export var service = "service";
		export var credentials = {
		export const region = "us-east-1";
		export const service = "service";
		export const credentials = {
		accessKeyId: "AKIDEXAMPLE",
		secretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
		};
		export var signingDate = new Date("2015-08-30T12:36:00Z");
		export var requests = [
		export const signingDate = new Date("2015-08-30T12:36:00Z");
		export const requests = [
		{
		@@ -10,0 +10,0 @@ name: "get-header-key-duplicate",

package.json

		{
		"name": "@aws-sdk/signature-v4-crt",
		"version": "3.186.0",
		"version": "3.188.0",
		"description": "A revision of AWS Signature V4 request signer based on AWS Common Runtime https://github.com/awslabs/aws-crt-nodejs",
		@@ -24,8 +24,8 @@ "main": "./dist-cjs/index.js",
		"dependencies": {
		"@aws-sdk/is-array-buffer": "3.186.0",
		"@aws-sdk/querystring-parser": "3.186.0",
		"@aws-sdk/signature-v4": "3.186.0",
		"@aws-sdk/util-hex-encoding": "3.186.0",
		"@aws-sdk/util-middleware": "3.186.0",
		"@aws-sdk/util-uri-escape": "3.186.0",
		"@aws-sdk/is-array-buffer": "3.188.0",
		"@aws-sdk/querystring-parser": "3.188.0",
		"@aws-sdk/signature-v4": "3.188.0",
		"@aws-sdk/util-hex-encoding": "3.188.0",
		"@aws-sdk/util-middleware": "3.188.0",
		"@aws-sdk/util-uri-escape": "3.188.0",
		"aws-crt": "^1.13.2",
		@@ -36,5 +36,5 @@ "tslib": "^2.3.1"
		"@aws-crypto/sha256-js": "2.0.0",
		"@aws-sdk/protocol-http": "3.186.0",
		"@aws-sdk/types": "3.186.0",
		"@aws-sdk/util-buffer-from": "3.186.0",
		"@aws-sdk/protocol-http": "3.188.0",
		"@aws-sdk/types": "3.188.0",
		"@aws-sdk/util-buffer-from": "3.188.0",
		"@tsconfig/recommended": "1.0.1",
		@@ -41,0 +41,0 @@ "concurrently": "7.0.0",

@aws-sdk/signature-v4-crt - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics

Dependency changes