Socket
Socket
Sign inDemoInstall

@aws-sdk/signature-v4

Package Overview
Dependencies
Maintainers
5
Versions
142
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@aws-sdk/signature-v4 - npm Package Compare versions

Comparing version 3.183.0 to 3.186.0

24

dist-es/cloneRequest.js

@@ -1,12 +0,12 @@

export const cloneRequest = ({ headers, query, ...rest }) => ({
...rest,
headers: { ...headers },
query: query ? cloneQuery(query) : undefined,
});
export const cloneQuery = (query) => Object.keys(query).reduce((carry, paramName) => {
const param = query[paramName];
return {
...carry,
[paramName]: Array.isArray(param) ? [...param] : param,
};
}, {});
import { __assign, __read, __rest, __spreadArray } from "tslib";
export var cloneRequest = function (_a) {
var headers = _a.headers, query = _a.query, rest = __rest(_a, ["headers", "query"]);
return (__assign(__assign({}, rest), { headers: __assign({}, headers), query: query ? cloneQuery(query) : undefined }));
};
export var cloneQuery = function (query) {
return Object.keys(query).reduce(function (carry, paramName) {
var _a;
var param = query[paramName];
return __assign(__assign({}, carry), (_a = {}, _a[paramName] = Array.isArray(param) ? __spreadArray([], __read(param), false) : param, _a));
}, {});
};

54

dist-es/constants.js

@@ -1,18 +0,18 @@

export const ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
export const CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
export const AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
export const SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
export const EXPIRES_QUERY_PARAM = "X-Amz-Expires";
export const SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
export const TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
export const REGION_SET_PARAM = "X-Amz-Region-Set";
export const AUTH_HEADER = "authorization";
export const AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();
export const DATE_HEADER = "date";
export const GENERATED_HEADERS = [AUTH_HEADER, AMZ_DATE_HEADER, DATE_HEADER];
export const SIGNATURE_HEADER = SIGNATURE_QUERY_PARAM.toLowerCase();
export const SHA256_HEADER = "x-amz-content-sha256";
export const TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();
export const HOST_HEADER = "host";
export const ALWAYS_UNSIGNABLE_HEADERS = {
export var ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
export var CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
export var AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
export var SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
export var EXPIRES_QUERY_PARAM = "X-Amz-Expires";
export var SIGNATURE_QUERY_PARAM = "X-Amz-Signature";
export var TOKEN_QUERY_PARAM = "X-Amz-Security-Token";
export var REGION_SET_PARAM = "X-Amz-Region-Set";
export var AUTH_HEADER = "authorization";
export var AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();
export var DATE_HEADER = "date";
export var GENERATED_HEADERS = [AUTH_HEADER, AMZ_DATE_HEADER, DATE_HEADER];
export var SIGNATURE_HEADER = SIGNATURE_QUERY_PARAM.toLowerCase();
export var SHA256_HEADER = "x-amz-content-sha256";
export var TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();
export var HOST_HEADER = "host";
export var ALWAYS_UNSIGNABLE_HEADERS = {
authorization: true,

@@ -34,11 +34,11 @@ "cache-control": true,

};
export const PROXY_HEADER_PATTERN = /^proxy-/;
export const SEC_HEADER_PATTERN = /^sec-/;
export const UNSIGNABLE_PATTERNS = [/^proxy-/i, /^sec-/i];
export const ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";
export const ALGORITHM_IDENTIFIER_V4A = "AWS4-ECDSA-P256-SHA256";
export const EVENT_ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256-PAYLOAD";
export const UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
export const MAX_CACHE_SIZE = 50;
export const KEY_TYPE_IDENTIFIER = "aws4_request";
export const MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;
export var PROXY_HEADER_PATTERN = /^proxy-/;
export var SEC_HEADER_PATTERN = /^sec-/;
export var UNSIGNABLE_PATTERNS = [/^proxy-/i, /^sec-/i];
export var ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";
export var ALGORITHM_IDENTIFIER_V4A = "AWS4-ECDSA-P256-SHA256";
export var EVENT_ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256-PAYLOAD";
export var UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
export var MAX_CACHE_SIZE = 50;
export var KEY_TYPE_IDENTIFIER = "aws4_request";
export var MAX_PRESIGNED_TTL = 60 * 60 * 24 * 7;

78

dist-es/credentialDerivation.js

@@ -0,32 +1,66 @@

import { __awaiter, __generator, __values } from "tslib";
import { toHex } from "@aws-sdk/util-hex-encoding";
import { KEY_TYPE_IDENTIFIER, MAX_CACHE_SIZE } from "./constants";
const signingKeyCache = {};
const cacheQueue = [];
export const createScope = (shortDate, region, service) => `${shortDate}/${region}/${service}/${KEY_TYPE_IDENTIFIER}`;
export const getSigningKey = async (sha256Constructor, credentials, shortDate, region, service) => {
const credsHash = await hmac(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
const cacheKey = `${shortDate}:${region}:${service}:${toHex(credsHash)}:${credentials.sessionToken}`;
if (cacheKey in signingKeyCache) {
return signingKeyCache[cacheKey];
}
cacheQueue.push(cacheKey);
while (cacheQueue.length > MAX_CACHE_SIZE) {
delete signingKeyCache[cacheQueue.shift()];
}
let key = `AWS4${credentials.secretAccessKey}`;
for (const signable of [shortDate, region, service, KEY_TYPE_IDENTIFIER]) {
key = await hmac(sha256Constructor, key, signable);
}
return (signingKeyCache[cacheKey] = key);
var signingKeyCache = {};
var cacheQueue = [];
export var createScope = function (shortDate, region, service) {
return "".concat(shortDate, "/").concat(region, "/").concat(service, "/").concat(KEY_TYPE_IDENTIFIER);
};
export const clearCredentialCache = () => {
export var getSigningKey = function (sha256Constructor, credentials, shortDate, region, service) { return __awaiter(void 0, void 0, void 0, function () {
var credsHash, cacheKey, key, _a, _b, signable, e_1_1;
var e_1, _c;
return __generator(this, function (_d) {
switch (_d.label) {
case 0: return [4, hmac(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId)];
case 1:
credsHash = _d.sent();
cacheKey = "".concat(shortDate, ":").concat(region, ":").concat(service, ":").concat(toHex(credsHash), ":").concat(credentials.sessionToken);
if (cacheKey in signingKeyCache) {
return [2, signingKeyCache[cacheKey]];
}
cacheQueue.push(cacheKey);
while (cacheQueue.length > MAX_CACHE_SIZE) {
delete signingKeyCache[cacheQueue.shift()];
}
key = "AWS4".concat(credentials.secretAccessKey);
_d.label = 2;
case 2:
_d.trys.push([2, 7, 8, 9]);
_a = __values([shortDate, region, service, KEY_TYPE_IDENTIFIER]), _b = _a.next();
_d.label = 3;
case 3:
if (!!_b.done) return [3, 6];
signable = _b.value;
return [4, hmac(sha256Constructor, key, signable)];
case 4:
key = _d.sent();
_d.label = 5;
case 5:
_b = _a.next();
return [3, 3];
case 6: return [3, 9];
case 7:
e_1_1 = _d.sent();
e_1 = { error: e_1_1 };
return [3, 9];
case 8:
try {
if (_b && !_b.done && (_c = _a.return)) _c.call(_a);
}
finally { if (e_1) throw e_1.error; }
return [7];
case 9: return [2, (signingKeyCache[cacheKey] = key)];
}
});
}); };
export var clearCredentialCache = function () {
cacheQueue.length = 0;
Object.keys(signingKeyCache).forEach((cacheKey) => {
Object.keys(signingKeyCache).forEach(function (cacheKey) {
delete signingKeyCache[cacheKey];
});
};
const hmac = (ctor, secret, data) => {
const hash = new ctor(secret);
var hmac = function (ctor, secret, data) {
var hash = new ctor(secret);
hash.update(data);
return hash.digest();
};

39

dist-es/getCanonicalHeaders.js

@@ -0,20 +1,33 @@

import { __values } from "tslib";
import { ALWAYS_UNSIGNABLE_HEADERS, PROXY_HEADER_PATTERN, SEC_HEADER_PATTERN } from "./constants";
export const getCanonicalHeaders = ({ headers }, unsignableHeaders, signableHeaders) => {
const canonical = {};
for (const headerName of Object.keys(headers).sort()) {
if (headers[headerName] == undefined) {
continue;
}
const canonicalHeaderName = headerName.toLowerCase();
if (canonicalHeaderName in ALWAYS_UNSIGNABLE_HEADERS ||
unsignableHeaders?.has(canonicalHeaderName) ||
PROXY_HEADER_PATTERN.test(canonicalHeaderName) ||
SEC_HEADER_PATTERN.test(canonicalHeaderName)) {
if (!signableHeaders || (signableHeaders && !signableHeaders.has(canonicalHeaderName))) {
export var getCanonicalHeaders = function (_a, unsignableHeaders, signableHeaders) {
var e_1, _b;
var headers = _a.headers;
var canonical = {};
try {
for (var _c = __values(Object.keys(headers).sort()), _d = _c.next(); !_d.done; _d = _c.next()) {
var headerName = _d.value;
if (headers[headerName] == undefined) {
continue;
}
var canonicalHeaderName = headerName.toLowerCase();
if (canonicalHeaderName in ALWAYS_UNSIGNABLE_HEADERS ||
(unsignableHeaders === null || unsignableHeaders === void 0 ? void 0 : unsignableHeaders.has(canonicalHeaderName)) ||
PROXY_HEADER_PATTERN.test(canonicalHeaderName) ||
SEC_HEADER_PATTERN.test(canonicalHeaderName)) {
if (!signableHeaders || (signableHeaders && !signableHeaders.has(canonicalHeaderName))) {
continue;
}
}
canonical[canonicalHeaderName] = headers[headerName].trim().replace(/\s+/g, " ");
}
canonical[canonicalHeaderName] = headers[headerName].trim().replace(/\s+/g, " ");
}
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_d && !_d.done && (_b = _c.return)) _b.call(_c);
}
finally { if (e_1) throw e_1.error; }
}
return canonical;
};

36

dist-es/getCanonicalQuery.js

@@ -0,14 +1,17 @@

import { __values } from "tslib";
import { escapeUri } from "@aws-sdk/util-uri-escape";
import { SIGNATURE_HEADER } from "./constants";
export const getCanonicalQuery = ({ query = {} }) => {
const keys = [];
const serialized = {};
for (const key of Object.keys(query).sort()) {
export var getCanonicalQuery = function (_a) {
var e_1, _b;
var _c = _a.query, query = _c === void 0 ? {} : _c;
var keys = [];
var serialized = {};
var _loop_1 = function (key) {
if (key.toLowerCase() === SIGNATURE_HEADER) {
continue;
return "continue";
}
keys.push(key);
const value = query[key];
var value = query[key];
if (typeof value === "string") {
serialized[key] = `${escapeUri(key)}=${escapeUri(value)}`;
serialized[key] = "".concat(escapeUri(key), "=").concat(escapeUri(value));
}

@@ -19,10 +22,23 @@ else if (Array.isArray(value)) {

.sort()
.reduce((encoded, value) => encoded.concat([`${escapeUri(key)}=${escapeUri(value)}`]), [])
.reduce(function (encoded, value) { return encoded.concat(["".concat(escapeUri(key), "=").concat(escapeUri(value))]); }, [])
.join("&");
}
};
try {
for (var _d = __values(Object.keys(query).sort()), _e = _d.next(); !_e.done; _e = _d.next()) {
var key = _e.value;
_loop_1(key);
}
}
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_e && !_e.done && (_b = _d.return)) _b.call(_d);
}
finally { if (e_1) throw e_1.error; }
}
return keys
.map((key) => serialized[key])
.filter((serialized) => serialized)
.map(function (key) { return serialized[key]; })
.filter(function (serialized) { return serialized; })
.join("&");
};

52

dist-es/getPayloadHash.js

@@ -0,19 +1,41 @@

import { __awaiter, __generator, __values } from "tslib";
import { isArrayBuffer } from "@aws-sdk/is-array-buffer";
import { toHex } from "@aws-sdk/util-hex-encoding";
import { SHA256_HEADER, UNSIGNED_PAYLOAD } from "./constants";
export const getPayloadHash = async ({ headers, body }, hashConstructor) => {
for (const headerName of Object.keys(headers)) {
if (headerName.toLowerCase() === SHA256_HEADER) {
return headers[headerName];
}
}
if (body == undefined) {
return "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
}
else if (typeof body === "string" || ArrayBuffer.isView(body) || isArrayBuffer(body)) {
const hashCtor = new hashConstructor();
hashCtor.update(body);
return toHex(await hashCtor.digest());
}
return UNSIGNED_PAYLOAD;
export var getPayloadHash = function (_a, hashConstructor) {
var headers = _a.headers, body = _a.body;
return __awaiter(void 0, void 0, void 0, function () {
var _b, _c, headerName, hashCtor, _d;
var e_1, _e;
return __generator(this, function (_f) {
switch (_f.label) {
case 0:
try {
for (_b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
headerName = _c.value;
if (headerName.toLowerCase() === SHA256_HEADER) {
return [2, headers[headerName]];
}
}
}
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_c && !_c.done && (_e = _b.return)) _e.call(_b);
}
finally { if (e_1) throw e_1.error; }
}
if (!(body == undefined)) return [3, 1];
return [2, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"];
case 1:
if (!(typeof body === "string" || ArrayBuffer.isView(body) || isArrayBuffer(body))) return [3, 3];
hashCtor = new hashConstructor();
hashCtor.update(body);
_d = toHex;
return [4, hashCtor.digest()];
case 2: return [2, _d.apply(void 0, [_f.sent()])];
case 3: return [2, UNSIGNED_PAYLOAD];
}
});
});
};

58

dist-es/headerUtil.js

@@ -1,26 +0,60 @@

export const hasHeader = (soughtHeader, headers) => {
import { __values } from "tslib";
export var hasHeader = function (soughtHeader, headers) {
var e_1, _a;
soughtHeader = soughtHeader.toLowerCase();
for (const headerName of Object.keys(headers)) {
if (soughtHeader === headerName.toLowerCase()) {
return true;
try {
for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
var headerName = _c.value;
if (soughtHeader === headerName.toLowerCase()) {
return true;
}
}
}
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
}
finally { if (e_1) throw e_1.error; }
}
return false;
};
export const getHeaderValue = (soughtHeader, headers) => {
export var getHeaderValue = function (soughtHeader, headers) {
var e_2, _a;
soughtHeader = soughtHeader.toLowerCase();
for (const headerName of Object.keys(headers)) {
if (soughtHeader === headerName.toLowerCase()) {
return headers[headerName];
try {
for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
var headerName = _c.value;
if (soughtHeader === headerName.toLowerCase()) {
return headers[headerName];
}
}
}
catch (e_2_1) { e_2 = { error: e_2_1 }; }
finally {
try {
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
}
finally { if (e_2) throw e_2.error; }
}
return undefined;
};
export const deleteHeader = (soughtHeader, headers) => {
export var deleteHeader = function (soughtHeader, headers) {
var e_3, _a;
soughtHeader = soughtHeader.toLowerCase();
for (const headerName of Object.keys(headers)) {
if (soughtHeader === headerName.toLowerCase()) {
delete headers[headerName];
try {
for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
var headerName = _c.value;
if (soughtHeader === headerName.toLowerCase()) {
delete headers[headerName];
}
}
}
catch (e_3_1) { e_3 = { error: e_3_1 }; }
finally {
try {
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
}
finally { if (e_3) throw e_3.error; }
}
};

34

dist-es/moveHeadersToQuery.js

@@ -0,16 +1,26 @@

import { __assign, __values } from "tslib";
import { cloneRequest } from "./cloneRequest";
export const moveHeadersToQuery = (request, options = {}) => {
const { headers, query = {} } = typeof request.clone === "function" ? request.clone() : cloneRequest(request);
for (const name of Object.keys(headers)) {
const lname = name.toLowerCase();
if (lname.slice(0, 6) === "x-amz-" && !options.unhoistableHeaders?.has(lname)) {
query[name] = headers[name];
delete headers[name];
export var moveHeadersToQuery = function (request, options) {
var e_1, _a;
var _b;
if (options === void 0) { options = {}; }
var _c = typeof request.clone === "function" ? request.clone() : cloneRequest(request), headers = _c.headers, _d = _c.query, query = _d === void 0 ? {} : _d;
try {
for (var _e = __values(Object.keys(headers)), _f = _e.next(); !_f.done; _f = _e.next()) {
var name_1 = _f.value;
var lname = name_1.toLowerCase();
if (lname.slice(0, 6) === "x-amz-" && !((_b = options.unhoistableHeaders) === null || _b === void 0 ? void 0 : _b.has(lname))) {
query[name_1] = headers[name_1];
delete headers[name_1];
}
}
}
return {
...request,
headers,
query,
};
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_f && !_f.done && (_a = _e.return)) _a.call(_e);
}
finally { if (e_1) throw e_1.error; }
}
return __assign(__assign({}, request), { headers: headers, query: query });
};

20

dist-es/prepareRequest.js

@@ -0,11 +1,23 @@

import { __values } from "tslib";
import { cloneRequest } from "./cloneRequest";
import { GENERATED_HEADERS } from "./constants";
export const prepareRequest = (request) => {
export var prepareRequest = function (request) {
var e_1, _a;
request = typeof request.clone === "function" ? request.clone() : cloneRequest(request);
for (const headerName of Object.keys(request.headers)) {
if (GENERATED_HEADERS.indexOf(headerName.toLowerCase()) > -1) {
delete request.headers[headerName];
try {
for (var _b = __values(Object.keys(request.headers)), _c = _b.next(); !_c.done; _c = _b.next()) {
var headerName = _c.value;
if (GENERATED_HEADERS.indexOf(headerName.toLowerCase()) > -1) {
delete request.headers[headerName];
}
}
}
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
}
finally { if (e_1) throw e_1.error; }
}
return request;
};

404

dist-es/SignatureV4.js

@@ -0,1 +1,2 @@

import { __awaiter, __generator, __values } from "tslib";
import { toHex } from "@aws-sdk/util-hex-encoding";

@@ -12,4 +13,5 @@ import { normalizeProvider } from "@aws-sdk/util-middleware";

import { iso8601 } from "./utilDate";
export class SignatureV4 {
constructor({ applyChecksum, credentials, region, service, sha256, uriEscapePath = true, }) {
var SignatureV4 = (function () {
function SignatureV4(_a) {
var applyChecksum = _a.applyChecksum, credentials = _a.credentials, region = _a.region, service = _a.service, sha256 = _a.sha256, _b = _a.uriEscapePath, uriEscapePath = _b === void 0 ? true : _b;
this.service = service;

@@ -22,137 +24,267 @@ this.sha256 = sha256;

}
async presign(originalRequest, options = {}) {
const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, } = options;
const credentials = await this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion ?? (await this.regionProvider());
const { longDate, shortDate } = formatDate(signingDate);
if (expiresIn > MAX_PRESIGNED_TTL) {
return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
}
const scope = createScope(shortDate, region, signingService ?? this.service);
const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders });
if (credentials.sessionToken) {
request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
}
request.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER;
request.query[CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`;
request.query[AMZ_DATE_QUERY_PARAM] = longDate;
request.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10);
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
request.query[SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders);
request.query[SIGNATURE_QUERY_PARAM] = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, await getPayloadHash(originalRequest, this.sha256)));
return request;
}
async sign(toSign, options) {
if (typeof toSign === "string") {
return this.signString(toSign, options);
}
else if (toSign.headers && toSign.payload) {
return this.signEvent(toSign, options);
}
else {
return this.signRequest(toSign, options);
}
}
async signEvent({ headers, payload }, { signingDate = new Date(), priorSignature, signingRegion, signingService }) {
const region = signingRegion ?? (await this.regionProvider());
const { shortDate, longDate } = formatDate(signingDate);
const scope = createScope(shortDate, region, signingService ?? this.service);
const hashedPayload = await getPayloadHash({ headers: {}, body: payload }, this.sha256);
const hash = new this.sha256();
hash.update(headers);
const hashedHeaders = toHex(await hash.digest());
const stringToSign = [
EVENT_ALGORITHM_IDENTIFIER,
longDate,
scope,
priorSignature,
hashedHeaders,
hashedPayload,
].join("\n");
return this.signString(stringToSign, { signingDate, signingRegion: region, signingService });
}
async signString(stringToSign, { signingDate = new Date(), signingRegion, signingService } = {}) {
const credentials = await this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion ?? (await this.regionProvider());
const { shortDate } = formatDate(signingDate);
const hash = new this.sha256(await this.getSigningKey(credentials, region, shortDate, signingService));
hash.update(stringToSign);
return toHex(await hash.digest());
}
async signRequest(requestToSign, { signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}) {
const credentials = await this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion ?? (await this.regionProvider());
const request = prepareRequest(requestToSign);
const { longDate, shortDate } = formatDate(signingDate);
const scope = createScope(shortDate, region, signingService ?? this.service);
request.headers[AMZ_DATE_HEADER] = longDate;
if (credentials.sessionToken) {
request.headers[TOKEN_HEADER] = credentials.sessionToken;
}
const payloadHash = await getPayloadHash(request, this.sha256);
if (!hasHeader(SHA256_HEADER, request.headers) && this.applyChecksum) {
request.headers[SHA256_HEADER] = payloadHash;
}
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
const signature = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, payloadHash));
request.headers[AUTH_HEADER] =
`${ALGORITHM_IDENTIFIER} ` +
`Credential=${credentials.accessKeyId}/${scope}, ` +
`SignedHeaders=${getCanonicalHeaderList(canonicalHeaders)}, ` +
`Signature=${signature}`;
return request;
}
createCanonicalRequest(request, canonicalHeaders, payloadHash) {
const sortedHeaders = Object.keys(canonicalHeaders).sort();
return `${request.method}
${this.getCanonicalPath(request)}
${getCanonicalQuery(request)}
${sortedHeaders.map((name) => `${name}:${canonicalHeaders[name]}`).join("\n")}
${sortedHeaders.join(";")}
${payloadHash}`;
}
async createStringToSign(longDate, credentialScope, canonicalRequest) {
const hash = new this.sha256();
hash.update(canonicalRequest);
const hashedRequest = await hash.digest();
return `${ALGORITHM_IDENTIFIER}
${longDate}
${credentialScope}
${toHex(hashedRequest)}`;
}
getCanonicalPath({ path }) {
if (this.uriEscapePath) {
const normalizedPathSegments = [];
for (const pathSegment of path.split("/")) {
if (pathSegment?.length === 0)
continue;
if (pathSegment === ".")
continue;
if (pathSegment === "..") {
normalizedPathSegments.pop();
SignatureV4.prototype.presign = function (originalRequest, options) {
if (options === void 0) { options = {}; }
return __awaiter(this, void 0, void 0, function () {
var _a, signingDate, _b, expiresIn, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, credentials, region, _c, _d, longDate, shortDate, scope, request, canonicalHeaders, _e, _f, _g, _h, _j, _k;
return __generator(this, function (_l) {
switch (_l.label) {
case 0:
_a = options.signingDate, signingDate = _a === void 0 ? new Date() : _a, _b = options.expiresIn, expiresIn = _b === void 0 ? 3600 : _b, unsignableHeaders = options.unsignableHeaders, unhoistableHeaders = options.unhoistableHeaders, signableHeaders = options.signableHeaders, signingRegion = options.signingRegion, signingService = options.signingService;
return [4, this.credentialProvider()];
case 1:
credentials = _l.sent();
this.validateResolvedCredentials(credentials);
if (!(signingRegion !== null && signingRegion !== void 0)) return [3, 2];
_c = signingRegion;
return [3, 4];
case 2: return [4, this.regionProvider()];
case 3:
_c = (_l.sent());
_l.label = 4;
case 4:
region = _c;
_d = formatDate(signingDate), longDate = _d.longDate, shortDate = _d.shortDate;
if (expiresIn > MAX_PRESIGNED_TTL) {
return [2, Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future")];
}
scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders: unhoistableHeaders });
if (credentials.sessionToken) {
request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
}
request.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER;
request.query[CREDENTIAL_QUERY_PARAM] = "".concat(credentials.accessKeyId, "/").concat(scope);
request.query[AMZ_DATE_QUERY_PARAM] = longDate;
request.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10);
canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
request.query[SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders);
_e = request.query;
_f = SIGNATURE_QUERY_PARAM;
_g = this.getSignature;
_h = [longDate,
scope,
this.getSigningKey(credentials, region, shortDate, signingService)];
_j = this.createCanonicalRequest;
_k = [request, canonicalHeaders];
return [4, getPayloadHash(originalRequest, this.sha256)];
case 5: return [4, _g.apply(this, _h.concat([_j.apply(this, _k.concat([_l.sent()]))]))];
case 6:
_e[_f] = _l.sent();
return [2, request];
}
});
});
};
SignatureV4.prototype.sign = function (toSign, options) {
return __awaiter(this, void 0, void 0, function () {
return __generator(this, function (_a) {
if (typeof toSign === "string") {
return [2, this.signString(toSign, options)];
}
else if (toSign.headers && toSign.payload) {
return [2, this.signEvent(toSign, options)];
}
else {
normalizedPathSegments.push(pathSegment);
return [2, this.signRequest(toSign, options)];
}
return [2];
});
});
};
SignatureV4.prototype.signEvent = function (_a, _b) {
var headers = _a.headers, payload = _a.payload;
var _c = _b.signingDate, signingDate = _c === void 0 ? new Date() : _c, priorSignature = _b.priorSignature, signingRegion = _b.signingRegion, signingService = _b.signingService;
return __awaiter(this, void 0, void 0, function () {
var region, _d, _e, shortDate, longDate, scope, hashedPayload, hash, hashedHeaders, _f, stringToSign;
return __generator(this, function (_g) {
switch (_g.label) {
case 0:
if (!(signingRegion !== null && signingRegion !== void 0)) return [3, 1];
_d = signingRegion;
return [3, 3];
case 1: return [4, this.regionProvider()];
case 2:
_d = (_g.sent());
_g.label = 3;
case 3:
region = _d;
_e = formatDate(signingDate), shortDate = _e.shortDate, longDate = _e.longDate;
scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
return [4, getPayloadHash({ headers: {}, body: payload }, this.sha256)];
case 4:
hashedPayload = _g.sent();
hash = new this.sha256();
hash.update(headers);
_f = toHex;
return [4, hash.digest()];
case 5:
hashedHeaders = _f.apply(void 0, [_g.sent()]);
stringToSign = [
EVENT_ALGORITHM_IDENTIFIER,
longDate,
scope,
priorSignature,
hashedHeaders,
hashedPayload,
].join("\n");
return [2, this.signString(stringToSign, { signingDate: signingDate, signingRegion: region, signingService: signingService })];
}
});
});
};
SignatureV4.prototype.signString = function (stringToSign, _a) {
var _b = _a === void 0 ? {} : _a, _c = _b.signingDate, signingDate = _c === void 0 ? new Date() : _c, signingRegion = _b.signingRegion, signingService = _b.signingService;
return __awaiter(this, void 0, void 0, function () {
var credentials, region, _d, shortDate, hash, _e, _f, _g;
return __generator(this, function (_h) {
switch (_h.label) {
case 0: return [4, this.credentialProvider()];
case 1:
credentials = _h.sent();
this.validateResolvedCredentials(credentials);
if (!(signingRegion !== null && signingRegion !== void 0)) return [3, 2];
_d = signingRegion;
return [3, 4];
case 2: return [4, this.regionProvider()];
case 3:
_d = (_h.sent());
_h.label = 4;
case 4:
region = _d;
shortDate = formatDate(signingDate).shortDate;
_f = (_e = this.sha256).bind;
return [4, this.getSigningKey(credentials, region, shortDate, signingService)];
case 5:
hash = new (_f.apply(_e, [void 0, _h.sent()]))();
hash.update(stringToSign);
_g = toHex;
return [4, hash.digest()];
case 6: return [2, _g.apply(void 0, [_h.sent()])];
}
});
});
};
SignatureV4.prototype.signRequest = function (requestToSign, _a) {
var _b = _a === void 0 ? {} : _a, _c = _b.signingDate, signingDate = _c === void 0 ? new Date() : _c, signableHeaders = _b.signableHeaders, unsignableHeaders = _b.unsignableHeaders, signingRegion = _b.signingRegion, signingService = _b.signingService;
return __awaiter(this, void 0, void 0, function () {
var credentials, region, _d, request, _e, longDate, shortDate, scope, payloadHash, canonicalHeaders, signature;
return __generator(this, function (_f) {
switch (_f.label) {
case 0: return [4, this.credentialProvider()];
case 1:
credentials = _f.sent();
this.validateResolvedCredentials(credentials);
if (!(signingRegion !== null && signingRegion !== void 0)) return [3, 2];
_d = signingRegion;
return [3, 4];
case 2: return [4, this.regionProvider()];
case 3:
_d = (_f.sent());
_f.label = 4;
case 4:
region = _d;
request = prepareRequest(requestToSign);
_e = formatDate(signingDate), longDate = _e.longDate, shortDate = _e.shortDate;
scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
request.headers[AMZ_DATE_HEADER] = longDate;
if (credentials.sessionToken) {
request.headers[TOKEN_HEADER] = credentials.sessionToken;
}
return [4, getPayloadHash(request, this.sha256)];
case 5:
payloadHash = _f.sent();
if (!hasHeader(SHA256_HEADER, request.headers) && this.applyChecksum) {
request.headers[SHA256_HEADER] = payloadHash;
}
canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
return [4, this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, payloadHash))];
case 6:
signature = _f.sent();
request.headers[AUTH_HEADER] =
"".concat(ALGORITHM_IDENTIFIER, " ") +
"Credential=".concat(credentials.accessKeyId, "/").concat(scope, ", ") +
"SignedHeaders=".concat(getCanonicalHeaderList(canonicalHeaders), ", ") +
"Signature=".concat(signature);
return [2, request];
}
});
});
};
SignatureV4.prototype.createCanonicalRequest = function (request, canonicalHeaders, payloadHash) {
var sortedHeaders = Object.keys(canonicalHeaders).sort();
return "".concat(request.method, "\n").concat(this.getCanonicalPath(request), "\n").concat(getCanonicalQuery(request), "\n").concat(sortedHeaders.map(function (name) { return "".concat(name, ":").concat(canonicalHeaders[name]); }).join("\n"), "\n\n").concat(sortedHeaders.join(";"), "\n").concat(payloadHash);
};
SignatureV4.prototype.createStringToSign = function (longDate, credentialScope, canonicalRequest) {
return __awaiter(this, void 0, void 0, function () {
var hash, hashedRequest;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
hash = new this.sha256();
hash.update(canonicalRequest);
return [4, hash.digest()];
case 1:
hashedRequest = _a.sent();
return [2, "".concat(ALGORITHM_IDENTIFIER, "\n").concat(longDate, "\n").concat(credentialScope, "\n").concat(toHex(hashedRequest))];
}
});
});
};
SignatureV4.prototype.getCanonicalPath = function (_a) {
var e_1, _b;
var path = _a.path;
if (this.uriEscapePath) {
var normalizedPathSegments = [];
try {
for (var _c = __values(path.split("/")), _d = _c.next(); !_d.done; _d = _c.next()) {
var pathSegment = _d.value;
if ((pathSegment === null || pathSegment === void 0 ? void 0 : pathSegment.length) === 0)
continue;
if (pathSegment === ".")
continue;
if (pathSegment === "..") {
normalizedPathSegments.pop();
}
else {
normalizedPathSegments.push(pathSegment);
}
}
}
const normalizedPath = `${path?.startsWith("/") ? "/" : ""}${normalizedPathSegments.join("/")}${normalizedPathSegments.length > 0 && path?.endsWith("/") ? "/" : ""}`;
const doubleEncoded = encodeURIComponent(normalizedPath);
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_d && !_d.done && (_b = _c.return)) _b.call(_c);
}
finally { if (e_1) throw e_1.error; }
}
var normalizedPath = "".concat((path === null || path === void 0 ? void 0 : path.startsWith("/")) ? "/" : "").concat(normalizedPathSegments.join("/")).concat(normalizedPathSegments.length > 0 && (path === null || path === void 0 ? void 0 : path.endsWith("/")) ? "/" : "");
var doubleEncoded = encodeURIComponent(normalizedPath);
return doubleEncoded.replace(/%2F/g, "/");
}
return path;
}
async getSignature(longDate, credentialScope, keyPromise, canonicalRequest) {
const stringToSign = await this.createStringToSign(longDate, credentialScope, canonicalRequest);
const hash = new this.sha256(await keyPromise);
hash.update(stringToSign);
return toHex(await hash.digest());
}
getSigningKey(credentials, region, shortDate, service) {
};
SignatureV4.prototype.getSignature = function (longDate, credentialScope, keyPromise, canonicalRequest) {
return __awaiter(this, void 0, void 0, function () {
var stringToSign, hash, _a, _b, _c;
return __generator(this, function (_d) {
switch (_d.label) {
case 0: return [4, this.createStringToSign(longDate, credentialScope, canonicalRequest)];
case 1:
stringToSign = _d.sent();
_b = (_a = this.sha256).bind;
return [4, keyPromise];
case 2:
hash = new (_b.apply(_a, [void 0, _d.sent()]))();
hash.update(stringToSign);
_c = toHex;
return [4, hash.digest()];
case 3: return [2, _c.apply(void 0, [_d.sent()])];
}
});
});
};
SignatureV4.prototype.getSigningKey = function (credentials, region, shortDate, service) {
return getSigningKey(this.sha256, credentials, shortDate, region, service || this.service);
}
validateResolvedCredentials(credentials) {
};
SignatureV4.prototype.validateResolvedCredentials = function (credentials) {
if (typeof credentials !== "object" ||

@@ -163,11 +295,13 @@ typeof credentials.accessKeyId !== "string" ||

}
}
}
const formatDate = (now) => {
const longDate = iso8601(now).replace(/[\-:]/g, "");
};
return SignatureV4;
}());
export { SignatureV4 };
var formatDate = function (now) {
var longDate = iso8601(now).replace(/[\-:]/g, "");
return {
longDate,
longDate: longDate,
shortDate: longDate.slice(0, 8),
};
};
const getCanonicalHeaderList = (headers) => Object.keys(headers).sort().join(";");
var getCanonicalHeaderList = function (headers) { return Object.keys(headers).sort().join(";"); };

10

dist-es/suite.fixture.js

@@ -1,9 +0,9 @@

export const region = "us-east-1";
export const service = "service";
export const credentials = {
export var region = "us-east-1";
export var service = "service";
export var credentials = {
accessKeyId: "AKIDEXAMPLE",
secretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
};
export const signingDate = new Date("2015-08-30T12:36:00Z");
export const requests = [
export var signingDate = new Date("2015-08-30T12:36:00Z");
export var requests = [
{

@@ -10,0 +10,0 @@ name: "get-header-key-duplicate",

10

dist-es/utilDate.js

@@ -1,5 +0,7 @@

export const iso8601 = (time) => toDate(time)
.toISOString()
.replace(/\.\d{3}Z$/, "Z");
export const toDate = (time) => {
export var iso8601 = function (time) {
return toDate(time)
.toISOString()
.replace(/\.\d{3}Z$/, "Z");
};
export var toDate = function (time) {
if (typeof time === "number") {

@@ -6,0 +8,0 @@ return new Date(time * 1000);

16

package.json
{
"name": "@aws-sdk/signature-v4",
"version": "3.183.0",
"version": "3.186.0",
"description": "A standalone implementation of the AWS Signature V4 request signing algorithm",

@@ -24,7 +24,7 @@ "main": "./dist-cjs/index.js",

"dependencies": {
"@aws-sdk/is-array-buffer": "3.183.0",
"@aws-sdk/types": "3.183.0",
"@aws-sdk/util-hex-encoding": "3.183.0",
"@aws-sdk/util-middleware": "3.183.0",
"@aws-sdk/util-uri-escape": "3.183.0",
"@aws-sdk/is-array-buffer": "3.186.0",
"@aws-sdk/types": "3.186.0",
"@aws-sdk/util-hex-encoding": "3.186.0",
"@aws-sdk/util-middleware": "3.186.0",
"@aws-sdk/util-uri-escape": "3.186.0",
"tslib": "^2.3.1"

@@ -34,4 +34,4 @@ },

"@aws-crypto/sha256-js": "2.0.0",
"@aws-sdk/protocol-http": "3.183.0",
"@aws-sdk/util-buffer-from": "3.183.0",
"@aws-sdk/protocol-http": "3.186.0",
"@aws-sdk/util-buffer-from": "3.186.0",
"@tsconfig/recommended": "1.0.1",

@@ -38,0 +38,0 @@ "concurrently": "7.0.0",

CHANGELOG.md

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc