@aws-sdk/signature-v4 - npm Package Compare versions

dist/es/cloneRequest.d.ts

dist/es/cloneRequest.js

dist/es/cloneRequest.js.map

dist/es/constants.d.ts

dist/es/constants.js

dist/es/constants.js.map

dist/es/credentialDerivation.d.ts

dist/es/credentialDerivation.js

dist/es/credentialDerivation.js.map

dist/es/getCanonicalHeaders.d.ts

dist/es/getCanonicalHeaders.js

dist/es/getCanonicalHeaders.js.map

dist/es/getCanonicalQuery.d.ts

dist/es/getCanonicalQuery.js

dist/es/getCanonicalQuery.js.map

dist/es/getPayloadHash.d.ts

dist/es/getPayloadHash.js

dist/es/getPayloadHash.js.map

dist/es/hasHeader.d.ts

dist/es/hasHeader.js

dist/es/hasHeader.js.map

dist/es/index.d.ts

dist/es/index.js

dist/es/index.js.map

dist/es/moveHeadersToQuery.d.ts

dist/es/moveHeadersToQuery.js

dist/es/moveHeadersToQuery.js.map

dist/es/prepareRequest.d.ts

dist/es/prepareRequest.js

dist/es/prepareRequest.js.map

dist/es/SignatureV4.d.ts

dist/es/SignatureV4.js

dist/es/SignatureV4.js.map

dist/es/suite.fixture.d.ts

dist/es/suite.fixture.js

dist/es/suite.fixture.js.map

tsconfig.es.json

13

build/cloneRequest.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var tslib_1 = require("tslib");
		const tslib_1 = require("tslib");
		/**
		@@ -8,13 +8,12 @@ * @internal
		function cloneRequest(_a) {
		var headers = _a.headers, query = _a.query, rest = tslib_1.__rest(_a, ["headers", "query"]);
		return tslib_1.__assign({}, rest, { headers: tslib_1.__assign({}, headers), query: query ? cloneQuery(query) : undefined });
		var { headers, query } = _a, rest = tslib_1.__rest(_a, ["headers", "query"]);
		return Object.assign({}, rest, { headers: Object.assign({}, headers), query: query ? cloneQuery(query) : undefined });
		}
		exports.cloneRequest = cloneRequest;
		function cloneQuery(query) {
		return Object.keys(query).reduce(function (carry, paramName) {
		var _a;
		var param = query[paramName];
		return tslib_1.__assign({}, carry, (_a = {}, _a[paramName] = Array.isArray(param) ? param.slice() : param, _a));
		return Object.keys(query).reduce((carry, paramName) => {
		const param = query[paramName];
		return Object.assign({}, carry, { [paramName]: Array.isArray(param) ? [...param] : param });
		}, {});
		}
		//# sourceMappingURL=cloneRequest.js.map

34

build/credentialDerivation.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var constants_1 = require("./constants");
		var signingKeyCache = {};
		var cacheQueue = [];
		const constants_1 = require("./constants");
		const signingKeyCache = {};
		const cacheQueue = [];
		/**
		@@ -14,3 +14,3 @@ * Create a string describing the scope of credentials used to sign a request.
		function createScope(shortDate, region, service) {
		return shortDate + "/" + region + "/" + service + "/" + constants_1.KEY_TYPE_IDENTIFIER;
		return `${shortDate}/${region}/${service}/${constants_1.KEY_TYPE_IDENTIFIER}`;
		}
		@@ -31,4 +31,4 @@ exports.createScope = createScope;
		function getSigningKey(sha256Constructor, credentials, shortDate, region, service) {
		var cacheKey = shortDate + ":" + region + ":" + service + ":" +
		(credentials.accessKeyId + ":" + credentials.sessionToken);
		const cacheKey = `${shortDate}:${region}:${service}:` +
		`${credentials.accessKeyId}:${credentials.sessionToken}`;
		if (cacheKey in signingKeyCache) {
		@@ -41,15 +41,9 @@ return signingKeyCache[cacheKey];
		}
		return (signingKeyCache[cacheKey] = new Promise(function (resolve, reject) {
		var keyPromise = Promise.resolve("AWS4" + credentials.secretAccessKey);
		var _loop_1 = function (signable) {
		keyPromise = keyPromise.then(function (intermediateKey) {
		return hmac(sha256Constructor, intermediateKey, signable);
		});
		keyPromise.catch(function () { });
		};
		for (var _i = 0, _a = [shortDate, region, service, constants_1.KEY_TYPE_IDENTIFIER]; _i < _a.length; _i++) {
		var signable = _a[_i];
		_loop_1(signable);
		return (signingKeyCache[cacheKey] = new Promise((resolve, reject) => {
		let keyPromise = Promise.resolve(`AWS4${credentials.secretAccessKey}`);
		for (let signable of [shortDate, region, service, constants_1.KEY_TYPE_IDENTIFIER]) {
		keyPromise = keyPromise.then(intermediateKey => hmac(sha256Constructor, intermediateKey, signable));
		keyPromise.catch(() => { });
		}
		keyPromise.then(resolve, function (reason) {
		keyPromise.then(resolve, reason => {
		delete signingKeyCache[cacheKey];
		@@ -66,3 +60,3 @@ reject(reason);
		cacheQueue.length = 0;
		Object.keys(signingKeyCache).forEach(function (cacheKey) {
		Object.keys(signingKeyCache).forEach(cacheKey => {
		delete signingKeyCache[cacheKey];
		@@ -73,3 +67,3 @@ });
		function hmac(ctor, secret, data) {
		var hash = new ctor(secret);
		const hash = new ctor(secret);
		hash.update(data);
		@@ -76,0 +70,0 @@ return hash.digest();

12

build/getCanonicalHeaders.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var constants_1 = require("./constants");
		const constants_1 = require("./constants");
		/**
		* @internal
		*/
		function getCanonicalHeaders(_a, unsignableHeaders) {
		var headers = _a.headers;
		var canonical = {};
		for (var _i = 0, _b = Object.keys(headers).sort(); _i < _b.length; _i++) {
		var headerName = _b[_i];
		var canonicalHeaderName = headerName.toLowerCase();
		function getCanonicalHeaders({ headers }, unsignableHeaders) {
		const canonical = {};
		for (let headerName of Object.keys(headers).sort()) {
		const canonicalHeaderName = headerName.toLowerCase();
		if (canonicalHeaderName in constants_1.ALWAYS_UNSIGNABLE_HEADERS \|\|
		@@ -14,0 +12,0 @@ (unsignableHeaders && unsignableHeaders.has(canonicalHeaderName)) \|\|

33

build/getCanonicalQuery.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var constants_1 = require("./constants");
		const constants_1 = require("./constants");
		/**
		* @internal
		*/
		function getCanonicalQuery(_a) {
		var _b = _a.query, query = _b === void 0 ? {} : _b;
		var keys = [];
		var serialized = {};
		var _loop_1 = function (key) {
		function getCanonicalQuery({ query = {} }) {
		const keys = [];
		const serialized = {};
		for (let key of Object.keys(query).sort()) {
		if (key.toLowerCase() === constants_1.SIGNATURE_HEADER) {
		return "continue";
		continue;
		}
		keys.push(key);
		var value = query[key];
		const value = query[key];
		if (typeof value === "string") {
		serialized[key] = encodeURIComponent(key) + "=" + encodeURIComponent(value);
		serialized[key] = `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
		}
		@@ -24,17 +23,11 @@ else if (Array.isArray(value)) {
		.sort()
		.reduce(function (encoded, value) {
		return encoded.concat([
		encodeURIComponent(key) + "=" + encodeURIComponent(value)
		]);
		}, [])
		.reduce((encoded, value) => encoded.concat([
		`${encodeURIComponent(key)}=${encodeURIComponent(value)}`
		]), [])
		.join("&");
		}
		};
		for (var _i = 0, _c = Object.keys(query).sort(); _i < _c.length; _i++) {
		var key = _c[_i];
		_loop_1(key);
		}
		return keys
		.map(function (key) { return serialized[key]; })
		.filter(function (serialized) { return serialized; }) // omit any falsy values
		.map(key => serialized[key])
		.filter(serialized => serialized) // omit any falsy values
		.join("&");
		@@ -41,0 +34,0 @@ }

59

build/getPayloadHash.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var tslib_1 = require("tslib");
		var constants_1 = require("./constants");
		var is_array_buffer_1 = require("@aws-sdk/is-array-buffer");
		var util_hex_encoding_1 = require("@aws-sdk/util-hex-encoding");
		const constants_1 = require("./constants");
		const is_array_buffer_1 = require("@aws-sdk/is-array-buffer");
		const util_hex_encoding_1 = require("@aws-sdk/util-hex-encoding");
		/**
		* @internal
		*/
		function getPayloadHash(_a, hashConstructor) {
		var headers = _a.headers, body = _a.body;
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var _i, _b, headerName, hashCtor, _c;
		return tslib_1.__generator(this, function (_d) {
		switch (_d.label) {
		case 0:
		for (_i = 0, _b = Object.keys(headers); _i < _b.length; _i++) {
		headerName = _b[_i];
		if (headerName.toLowerCase() === constants_1.SHA256_HEADER) {
		return [2 /return/, headers[headerName]];
		}
		}
		if (!(body == undefined)) return [3 /break/, 1];
		return [2 /return/, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"];
		case 1:
		if (!(typeof body === "string" \|\|
		ArrayBuffer.isView(body) \|\|
		is_array_buffer_1.isArrayBuffer(body))) return [3 /break/, 3];
		hashCtor = new hashConstructor();
		hashCtor.update(body);
		_c = util_hex_encoding_1.toHex;
		return [4 /yield/, hashCtor.digest()];
		case 2: return [2 /return/, _c.apply(void 0, [_d.sent()])];
		case 3:
		// As any defined body that is not a string or binary data is a stream, this
		// body is unsignable. Attempt to send the request with an unsigned payload,
		// which may or may not be accepted by the service.
		return [2 /return/, constants_1.UNSIGNED_PAYLOAD];
		}
		});
		});
		async function getPayloadHash({ headers, body }, hashConstructor) {
		for (const headerName of Object.keys(headers)) {
		if (headerName.toLowerCase() === constants_1.SHA256_HEADER) {
		return headers[headerName];
		}
		}
		if (body == undefined) {
		return "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
		}
		else if (typeof body === "string" \|\|
		ArrayBuffer.isView(body) \|\|
		is_array_buffer_1.isArrayBuffer(body)) {
		const hashCtor = new hashConstructor();
		hashCtor.update(body);
		return util_hex_encoding_1.toHex(await hashCtor.digest());
		}
		// As any defined body that is not a string or binary data is a stream, this
		// body is unsignable. Attempt to send the request with an unsigned payload,
		// which may or may not be accepted by the service.
		return constants_1.UNSIGNED_PAYLOAD;
		}
		exports.getPayloadHash = getPayloadHash;
		//# sourceMappingURL=getPayloadHash.js.map

3

build/hasHeader.js

		@@ -5,4 +5,3 @@ "use strict";
		soughtHeader = soughtHeader.toLowerCase();
		for (var _i = 0, _a = Object.keys(headers); _i < _a.length; _i++) {
		var headerName = _a[_i];
		for (const headerName of Object.keys(headers)) {
		if (soughtHeader === headerName.toLowerCase()) {
		@@ -9,0 +8,0 @@ return true;

2

build/index.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var tslib_1 = require("tslib");
		const tslib_1 = require("tslib");
		tslib_1.__exportStar(require("./credentialDerivation"), exports);
		tslib_1.__exportStar(require("./SignatureV4"), exports);
		//# sourceMappingURL=index.js.map

14

build/moveHeadersToQuery.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var tslib_1 = require("tslib");
		var cloneRequest_1 = require("./cloneRequest");
		const cloneRequest_1 = require("./cloneRequest");
		/**
		@@ -9,6 +8,5 @@ * @internal
		function moveHeadersToQuery(request) {
		var _a = cloneRequest_1.cloneRequest(request), headers = _a.headers, _b = _a.query, query = _b === void 0 ? {} : _b;
		for (var _i = 0, _c = Object.keys(headers); _i < _c.length; _i++) {
		var name = _c[_i];
		var lname = name.toLowerCase();
		const { headers, query = {} } = cloneRequest_1.cloneRequest(request);
		for (let name of Object.keys(headers)) {
		const lname = name.toLowerCase();
		if (lname.substr(0, 6) === "x-amz-") {
		@@ -19,6 +17,6 @@ query[name] = headers[name];
		}
		return tslib_1.__assign({}, request, { headers: headers,
		query: query });
		return Object.assign({}, request, { headers,
		query });
		}
		exports.moveHeadersToQuery = moveHeadersToQuery;
		//# sourceMappingURL=moveHeadersToQuery.js.map

7

build/prepareRequest.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var cloneRequest_1 = require("./cloneRequest");
		var constants_1 = require("./constants");
		const cloneRequest_1 = require("./cloneRequest");
		const constants_1 = require("./constants");
		/**
		@@ -11,4 +11,3 @@ * @internal
		request = cloneRequest_1.cloneRequest(request);
		for (var _i = 0, _a = Object.keys(request.headers); _i < _a.length; _i++) {
		var headerName = _a[_i];
		for (let headerName of Object.keys(request.headers)) {
		if (constants_1.GENERATED_HEADERS.indexOf(headerName.toLowerCase()) > -1) {
		@@ -15,0 +14,0 @@ delete request.headers[headerName];

314

build/SignatureV4.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var tslib_1 = require("tslib");
		var credentialDerivation_1 = require("./credentialDerivation");
		var getCanonicalHeaders_1 = require("./getCanonicalHeaders");
		var getCanonicalQuery_1 = require("./getCanonicalQuery");
		var getPayloadHash_1 = require("./getPayloadHash");
		var prepareRequest_1 = require("./prepareRequest");
		var moveHeadersToQuery_1 = require("./moveHeadersToQuery");
		var constants_1 = require("./constants");
		var protocol_timestamp_1 = require("@aws-sdk/protocol-timestamp");
		var util_hex_encoding_1 = require("@aws-sdk/util-hex-encoding");
		var hasHeader_1 = require("./hasHeader");
		var SignatureV4 = /** @class */ (function () {
		function SignatureV4(_a) {
		var applyChecksum = _a.applyChecksum, credentials = _a.credentials, region = _a.region, service = _a.service, sha256 = _a.sha256, _b = _a.uriEscapePath, uriEscapePath = _b === void 0 ? true : _b;
		const tslib_1 = require("tslib");
		const credentialDerivation_1 = require("./credentialDerivation");
		const getCanonicalHeaders_1 = require("./getCanonicalHeaders");
		const getCanonicalQuery_1 = require("./getCanonicalQuery");
		const getPayloadHash_1 = require("./getPayloadHash");
		const prepareRequest_1 = require("./prepareRequest");
		const moveHeadersToQuery_1 = require("./moveHeadersToQuery");
		const constants_1 = require("./constants");
		const protocol_timestamp_1 = require("@aws-sdk/protocol-timestamp");
		const util_hex_encoding_1 = require("@aws-sdk/util-hex-encoding");
		const hasHeader_1 = require("./hasHeader");
		class SignatureV4 {
		constructor({ applyChecksum, credentials, region, service, sha256, uriEscapePath = true }) {
		this.service = service;
		@@ -24,4 +23,4 @@ this.sha256 = sha256;
		if (typeof region === "string") {
		var promisified_1 = Promise.resolve(region);
		this.regionProvider = function () { return promisified_1; };
		const promisified = Promise.resolve(region);
		this.regionProvider = () => promisified;
		}
		@@ -32,4 +31,4 @@ else {
		if (typeof credentials === "object") {
		var promisified_2 = Promise.resolve(credentials);
		this.credentialProvider = function () { return promisified_2; };
		const promisified = Promise.resolve(credentials);
		this.credentialProvider = () => promisified;
		}
		@@ -40,186 +39,111 @@ else {
		}
		SignatureV4.prototype.presignRequest = function (originalRequest, expiration, options) {
		if (options === void 0) { options = {}; }
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var _a, region, credentials, _b, signingDate, unsignableHeaders, _c, longDate, shortDate, ttl, scope, request, canonicalHeaders, _d, _e, _f, _g, _h, _j;
		return tslib_1.__generator(this, function (_k) {
		switch (_k.label) {
		case 0: return [4 /yield/, Promise.all([
		this.regionProvider(),
		this.credentialProvider()
		])];
		case 1:
		_a = _k.sent(), region = _a[0], credentials = _a[1];
		_b = options.signingDate, signingDate = _b === void 0 ? new Date() : _b, unsignableHeaders = options.unsignableHeaders;
		_c = formatDate(signingDate), longDate = _c.longDate, shortDate = _c.shortDate;
		ttl = getTtl(signingDate, expiration);
		if (ttl > constants_1.MAX_PRESIGNED_TTL) {
		return [2 /return/, Promise.reject("Signature version 4 presigned URLs" +
		" must have an expiration date less than one week in" +
		" the future")];
		}
		scope = credentialDerivation_1.createScope(shortDate, region, this.service);
		request = moveHeadersToQuery_1.moveHeadersToQuery(prepareRequest_1.prepareRequest(originalRequest));
		if (credentials.sessionToken) {
		request.query[constants_1.TOKEN_QUERY_PARAM] = credentials.sessionToken;
		}
		request.query[constants_1.ALGORITHM_QUERY_PARAM] = constants_1.ALGORITHM_IDENTIFIER;
		request.query[constants_1.CREDENTIAL_QUERY_PARAM] = credentials.accessKeyId + "/" + scope;
		request.query[constants_1.AMZ_DATE_QUERY_PARAM] = longDate;
		request.query[constants_1.EXPIRES_QUERY_PARAM] = ttl.toString(10);
		canonicalHeaders = getCanonicalHeaders_1.getCanonicalHeaders(request, unsignableHeaders);
		request.query[constants_1.SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders);
		_d = request.query;
		_e = constants_1.SIGNATURE_QUERY_PARAM;
		_f = this.getSignature;
		_g = [longDate,
		scope,
		this.getSigningKey(credentials, region, shortDate)];
		_h = this.createCanonicalRequest;
		_j = [request,
		canonicalHeaders];
		return [4 /yield/, getPayloadHash_1.getPayloadHash(originalRequest, this.sha256)];
		case 2: return [4 /yield/, _f.apply(this, _g.concat([_h.apply(this, _j.concat([_k.sent()]))]))];
		case 3:
		_d[_e] = _k.sent();
		return [2 /return/, request];
		}
		});
		});
		};
		SignatureV4.prototype.sign = function (toSign, _a) {
		if (_a === void 0) { _a = {}; }
		var _b = _a.signingDate, signingDate = _b === void 0 ? new Date() : _b, options = tslib_1.__rest(_a, ["signingDate"]);
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var _c, region, credentials, unsignableHeaders;
		return tslib_1.__generator(this, function (_d) {
		switch (_d.label) {
		case 0: return [4 /yield/, Promise.all([
		this.regionProvider(),
		this.credentialProvider()
		])];
		case 1:
		_c = _d.sent(), region = _c[0], credentials = _c[1];
		if (typeof toSign === "string") {
		return [2 /return/, this.signString(toSign, signingDate, region, credentials)];
		}
		else {
		unsignableHeaders = options.unsignableHeaders;
		return [2 /return/, this.signRequest(toSign, signingDate, region, credentials, unsignableHeaders)];
		}
		return [2 /return/];
		}
		});
		});
		};
		SignatureV4.prototype.signString = function (stringToSign, signingDate, region, credentials) {
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var shortDate, hash, _a, _b, _c;
		return tslib_1.__generator(this, function (_d) {
		switch (_d.label) {
		case 0:
		shortDate = formatDate(signingDate).shortDate;
		_b = (_a = this.sha256).bind;
		return [4 /yield/, this.getSigningKey(credentials, region, shortDate)];
		case 1:
		hash = new (_b.apply(_a, [void 0, _d.sent()]))();
		hash.update(stringToSign);
		_c = util_hex_encoding_1.toHex;
		return [4 /yield/, hash.digest()];
		case 2: return [2 /return/, _c.apply(void 0, [_d.sent()])];
		}
		});
		});
		};
		SignatureV4.prototype.signRequest = function (originalRequest, signingDate, region, credentials, unsignableHeaders) {
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var request, _a, longDate, shortDate, scope, payloadHash, canonicalHeaders, signature;
		return tslib_1.__generator(this, function (_b) {
		switch (_b.label) {
		case 0:
		request = prepareRequest_1.prepareRequest(originalRequest);
		_a = formatDate(signingDate), longDate = _a.longDate, shortDate = _a.shortDate;
		scope = credentialDerivation_1.createScope(shortDate, region, this.service);
		request.headers[constants_1.AMZ_DATE_HEADER] = longDate;
		if (credentials.sessionToken) {
		request.headers[constants_1.TOKEN_HEADER] = credentials.sessionToken;
		}
		return [4 /yield/, getPayloadHash_1.getPayloadHash(request, this.sha256)];
		case 1:
		payloadHash = _b.sent();
		if (!hasHeader_1.hasHeader(constants_1.SHA256_HEADER, request.headers) && this.applyChecksum) {
		request.headers[constants_1.SHA256_HEADER] = payloadHash;
		}
		canonicalHeaders = getCanonicalHeaders_1.getCanonicalHeaders(request, unsignableHeaders);
		return [4 /yield/, this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate), this.createCanonicalRequest(request, canonicalHeaders, payloadHash))];
		case 2:
		signature = _b.sent();
		request.headers[constants_1.AUTH_HEADER] =
		constants_1.ALGORITHM_IDENTIFIER + " " +
		("Credential=" + credentials.accessKeyId + "/" + scope + ", ") +
		("SignedHeaders=" + getCanonicalHeaderList(canonicalHeaders) + ", ") +
		("Signature=" + signature);
		return [2 /return/, request];
		}
		});
		});
		};
		SignatureV4.prototype.createCanonicalRequest = function (request, canonicalHeaders, payloadHash) {
		var sortedHeaders = Object.keys(canonicalHeaders).sort();
		return request.method + "\n" + this.getCanonicalPath(request) + "\n" + getCanonicalQuery_1.getCanonicalQuery(request) + "\n" + sortedHeaders.map(function (name) { return name + ":" + canonicalHeaders[name]; }).join("\n") + "\n\n" + sortedHeaders.join(";") + "\n" + payloadHash;
		};
		SignatureV4.prototype.createStringToSign = function (longDate, credentialScope, canonicalRequest) {
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var hash, hashedRequest;
		return tslib_1.__generator(this, function (_a) {
		switch (_a.label) {
		case 0:
		hash = new this.sha256();
		hash.update(canonicalRequest);
		return [4 /yield/, hash.digest()];
		case 1:
		hashedRequest = _a.sent();
		return [2 /return/, constants_1.ALGORITHM_IDENTIFIER + "\n" + longDate + "\n" + credentialScope + "\n" + util_hex_encoding_1.toHex(hashedRequest)];
		}
		});
		});
		};
		SignatureV4.prototype.getCanonicalPath = function (_a) {
		var path = _a.path;
		async presignRequest(originalRequest, expiration, options = {}) {
		const [region, credentials] = await Promise.all([
		this.regionProvider(),
		this.credentialProvider()
		]);
		const { signingDate = new Date(), unsignableHeaders } = options;
		const { longDate, shortDate } = formatDate(signingDate);
		const ttl = getTtl(signingDate, expiration);
		if (ttl > constants_1.MAX_PRESIGNED_TTL) {
		return Promise.reject("Signature version 4 presigned URLs" +
		" must have an expiration date less than one week in" +
		" the future");
		}
		const scope = credentialDerivation_1.createScope(shortDate, region, this.service);
		const request = moveHeadersToQuery_1.moveHeadersToQuery(prepareRequest_1.prepareRequest(originalRequest));
		if (credentials.sessionToken) {
		request.query[constants_1.TOKEN_QUERY_PARAM] = credentials.sessionToken;
		}
		request.query[constants_1.ALGORITHM_QUERY_PARAM] = constants_1.ALGORITHM_IDENTIFIER;
		request.query[constants_1.CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`;
		request.query[constants_1.AMZ_DATE_QUERY_PARAM] = longDate;
		request.query[constants_1.EXPIRES_QUERY_PARAM] = ttl.toString(10);
		const canonicalHeaders = getCanonicalHeaders_1.getCanonicalHeaders(request, unsignableHeaders);
		request.query[constants_1.SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders);
		request.query[constants_1.SIGNATURE_QUERY_PARAM] = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate), this.createCanonicalRequest(request, canonicalHeaders, await getPayloadHash_1.getPayloadHash(originalRequest, this.sha256)));
		return request;
		}
		async sign(toSign, _a = {}) {
		var { signingDate = new Date() } = _a, options = tslib_1.__rest(_a, ["signingDate"]);
		const [region, credentials] = await Promise.all([
		this.regionProvider(),
		this.credentialProvider()
		]);
		if (typeof toSign === "string") {
		return this.signString(toSign, signingDate, region, credentials);
		}
		else {
		const { unsignableHeaders } = options;
		return this.signRequest(toSign, signingDate, region, credentials, unsignableHeaders);
		}
		}
		async signString(stringToSign, signingDate, region, credentials) {
		const { shortDate } = formatDate(signingDate);
		const hash = new this.sha256(await this.getSigningKey(credentials, region, shortDate));
		hash.update(stringToSign);
		return util_hex_encoding_1.toHex(await hash.digest());
		}
		async signRequest(originalRequest, signingDate, region, credentials, unsignableHeaders) {
		const request = prepareRequest_1.prepareRequest(originalRequest);
		const { longDate, shortDate } = formatDate(signingDate);
		const scope = credentialDerivation_1.createScope(shortDate, region, this.service);
		request.headers[constants_1.AMZ_DATE_HEADER] = longDate;
		if (credentials.sessionToken) {
		request.headers[constants_1.TOKEN_HEADER] = credentials.sessionToken;
		}
		const payloadHash = await getPayloadHash_1.getPayloadHash(request, this.sha256);
		if (!hasHeader_1.hasHeader(constants_1.SHA256_HEADER, request.headers) && this.applyChecksum) {
		request.headers[constants_1.SHA256_HEADER] = payloadHash;
		}
		const canonicalHeaders = getCanonicalHeaders_1.getCanonicalHeaders(request, unsignableHeaders);
		const signature = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate), this.createCanonicalRequest(request, canonicalHeaders, payloadHash));
		request.headers[constants_1.AUTH_HEADER] =
		`${constants_1.ALGORITHM_IDENTIFIER} ` +
		`Credential=${credentials.accessKeyId}/${scope}, ` +
		`SignedHeaders=${getCanonicalHeaderList(canonicalHeaders)}, ` +
		`Signature=${signature}`;
		return request;
		}
		createCanonicalRequest(request, canonicalHeaders, payloadHash) {
		const sortedHeaders = Object.keys(canonicalHeaders).sort();
		return `${request.method}
		${this.getCanonicalPath(request)}
		${getCanonicalQuery_1.getCanonicalQuery(request)}
		${sortedHeaders.map(name => `${name}:${canonicalHeaders[name]}`).join("\n")}

		${sortedHeaders.join(";")}
		${payloadHash}`;
		}
		async createStringToSign(longDate, credentialScope, canonicalRequest) {
		const hash = new this.sha256();
		hash.update(canonicalRequest);
		const hashedRequest = await hash.digest();
		return `${constants_1.ALGORITHM_IDENTIFIER}
		${longDate}
		${credentialScope}
		${util_hex_encoding_1.toHex(hashedRequest)}`;
		}
		getCanonicalPath({ path }) {
		if (this.uriEscapePath) {
		var doubleEncoded = encodeURIComponent(path.replace(/^\//, ""));
		return "/" + doubleEncoded.replace(/%2F/g, "/");
		const doubleEncoded = encodeURIComponent(path.replace(/^\//, ""));
		return `/${doubleEncoded.replace(/%2F/g, "/")}`;
		}
		return path;
		};
		SignatureV4.prototype.getSignature = function (longDate, credentialScope, keyPromise, canonicalRequest) {
		return tslib_1.__awaiter(this, void 0, void 0, function () {
		var stringToSign, hash, _a, _b, _c;
		return tslib_1.__generator(this, function (_d) {
		switch (_d.label) {
		case 0: return [4 /yield/, this.createStringToSign(longDate, credentialScope, canonicalRequest)];
		case 1:
		stringToSign = _d.sent();
		_b = (_a = this.sha256).bind;
		return [4 /yield/, keyPromise];
		case 2:
		hash = new (_b.apply(_a, [void 0, _d.sent()]))();
		hash.update(stringToSign);
		_c = util_hex_encoding_1.toHex;
		return [4 /yield/, hash.digest()];
		case 3: return [2 /return/, _c.apply(void 0, [_d.sent()])];
		}
		});
		});
		};
		SignatureV4.prototype.getSigningKey = function (credentials, region, shortDate) {
		}
		async getSignature(longDate, credentialScope, keyPromise, canonicalRequest) {
		const stringToSign = await this.createStringToSign(longDate, credentialScope, canonicalRequest);
		const hash = new this.sha256(await keyPromise);
		hash.update(stringToSign);
		return util_hex_encoding_1.toHex(await hash.digest());
		}
		getSigningKey(credentials, region, shortDate) {
		return credentialDerivation_1.getSigningKey(this.sha256, credentials, shortDate, region, this.service);
		};
		return SignatureV4;
		}());
		}
		}
		exports.SignatureV4 = SignatureV4;
		function formatDate(now) {
		var longDate = protocol_timestamp_1.iso8601(now).replace(/[\-:]/g, "");
		const longDate = protocol_timestamp_1.iso8601(now).replace(/[\-:]/g, "");
		return {
		longDate: longDate,
		longDate,
		shortDate: longDate.substr(0, 8)
		@@ -226,0 +150,0 @@ };

29

CHANGELOG.md

		@@ -6,2 +6,31 @@ # Change Log

		# [0.1.0-preview.7](https://github.com/aws/aws-sdk-js-v3/compare/@aws-sdk/signature-v4@0.1.0-preview.3...@aws-sdk/signature-v4@0.1.0-preview.7) (2019-09-19)



		# 0.3.0 (2019-09-09)


		### Features

		* commit all clients ([#324](https://github.com/aws/aws-sdk-js-v3/issues/324)) ([cb268ed](https://github.com/aws/aws-sdk-js-v3/commit/cb268ed))



		# 0.2.0 (2019-07-12)


		### Features

		* add npm badges for individual packages ([#251](https://github.com/aws/aws-sdk-js-v3/issues/251)) ([8adc10c](https://github.com/aws/aws-sdk-js-v3/commit/8adc10c))
		* update jest v20 to v24 ([#243](https://github.com/aws/aws-sdk-js-v3/issues/243)) ([1e156ab](https://github.com/aws/aws-sdk-js-v3/commit/1e156ab))



		# 0.1.0 (2019-04-19)





		# [0.1.0-preview.6](https://github.com/aws/aws-sdk-js-v3/compare/@aws-sdk/signature-v4@0.1.0-preview.3...@aws-sdk/signature-v4@0.1.0-preview.6) (2019-09-09)
		@@ -8,0 +37,0 @@

3

jest.config.js

		const base = require("../../jest.config.base.js");

		module.exports = {
		...base
		...base,
		testPathIgnorePatterns: ["/node_modules/", "/es/"]
		};

9

package.json

		{
		"name": "@aws-sdk/signature-v4",
		"version": "0.1.0-preview.6",
		"version": "0.1.0-preview.7",
		"description": "A standalone implementation of the AWS Signature V4 request signing algorithm",
		"main": "./build/index.js",
		"browser": "./dist/es/index.js",
		"scripts": {
		"build": "node scripts/buildSuiteFixture.js && tsc",
		"prepublishOnly": "npm run build",
		"build:cjs": "tsc -p ./tsconfig.json",
		"build:es": "tsc -p ./tsconfig.es.json",
		"build": "node scripts/buildSuiteFixture.js && yarn build:es && yarn build:cjs",
		"prepublishOnly": "yarn build",
		"pretest": "tsc -p tsconfig.test.json",
		@@ -10,0 +13,0 @@ "test": "jest --coverage"

3

tsconfig.json

		{
		"compilerOptions": {
		"target": "es5",
		"target": "es2017",
		"module": "commonjs",
		"lib": ["es5", "es2015.promise", "es2015.collection"],
		"declaration": true,
		@@ -7,0 +6,0 @@ "sourceMap": true,

build/cloneRequest.js.map