@trivikr-test/signature-v4
Advanced tools
Comparing version 3.170.0-es2016 to 3.170.0-es2017
@@ -1,2 +0,1 @@ | ||
import { __awaiter } from "tslib"; | ||
import { toHex } from "@trivikr-test/util-hex-encoding"; | ||
@@ -7,4 +6,4 @@ import { KEY_TYPE_IDENTIFIER, MAX_CACHE_SIZE } from "./constants"; | ||
export const createScope = (shortDate, region, service) => `${shortDate}/${region}/${service}/${KEY_TYPE_IDENTIFIER}`; | ||
export const getSigningKey = (sha256Constructor, credentials, shortDate, region, service) => __awaiter(void 0, void 0, void 0, function* () { | ||
const credsHash = yield hmac(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId); | ||
export const getSigningKey = async (sha256Constructor, credentials, shortDate, region, service) => { | ||
const credsHash = await hmac(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId); | ||
const cacheKey = `${shortDate}:${region}:${service}:${toHex(credsHash)}:${credentials.sessionToken}`; | ||
@@ -20,6 +19,6 @@ if (cacheKey in signingKeyCache) { | ||
for (const signable of [shortDate, region, service, KEY_TYPE_IDENTIFIER]) { | ||
key = yield hmac(sha256Constructor, key, signable); | ||
key = await hmac(sha256Constructor, key, signable); | ||
} | ||
return (signingKeyCache[cacheKey] = key); | ||
}); | ||
}; | ||
export const clearCredentialCache = () => { | ||
@@ -26,0 +25,0 @@ cacheQueue.length = 0; |
@@ -1,6 +0,5 @@ | ||
import { __awaiter } from "tslib"; | ||
import { isArrayBuffer } from "@trivikr-test/is-array-buffer"; | ||
import { toHex } from "@trivikr-test/util-hex-encoding"; | ||
import { SHA256_HEADER, UNSIGNED_PAYLOAD } from "./constants"; | ||
export const getPayloadHash = ({ headers, body }, hashConstructor) => __awaiter(void 0, void 0, void 0, function* () { | ||
export const getPayloadHash = async ({ headers, body }, hashConstructor) => { | ||
for (const headerName of Object.keys(headers)) { | ||
@@ -17,5 +16,5 @@ if (headerName.toLowerCase() === SHA256_HEADER) { | ||
hashCtor.update(body); | ||
return toHex(yield hashCtor.digest()); | ||
return toHex(await hashCtor.digest()); | ||
} | ||
return UNSIGNED_PAYLOAD; | ||
}); | ||
}; |
@@ -1,2 +0,1 @@ | ||
import { __awaiter } from "tslib"; | ||
import { toHex } from "@trivikr-test/util-hex-encoding"; | ||
@@ -22,96 +21,86 @@ import { normalizeProvider } from "@trivikr-test/util-middleware"; | ||
} | ||
presign(originalRequest, options = {}) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, } = options; | ||
const credentials = yield this.credentialProvider(); | ||
this.validateResolvedCredentials(credentials); | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider()); | ||
const { longDate, shortDate } = formatDate(signingDate); | ||
if (expiresIn > MAX_PRESIGNED_TTL) { | ||
return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future"); | ||
} | ||
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service); | ||
const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders }); | ||
if (credentials.sessionToken) { | ||
request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken; | ||
} | ||
request.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER; | ||
request.query[CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`; | ||
request.query[AMZ_DATE_QUERY_PARAM] = longDate; | ||
request.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10); | ||
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders); | ||
request.query[SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders); | ||
request.query[SIGNATURE_QUERY_PARAM] = yield this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, yield getPayloadHash(originalRequest, this.sha256))); | ||
return request; | ||
}); | ||
async presign(originalRequest, options = {}) { | ||
const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, } = options; | ||
const credentials = await this.credentialProvider(); | ||
this.validateResolvedCredentials(credentials); | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider()); | ||
const { longDate, shortDate } = formatDate(signingDate); | ||
if (expiresIn > MAX_PRESIGNED_TTL) { | ||
return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future"); | ||
} | ||
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service); | ||
const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders }); | ||
if (credentials.sessionToken) { | ||
request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken; | ||
} | ||
request.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER; | ||
request.query[CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`; | ||
request.query[AMZ_DATE_QUERY_PARAM] = longDate; | ||
request.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10); | ||
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders); | ||
request.query[SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders); | ||
request.query[SIGNATURE_QUERY_PARAM] = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, await getPayloadHash(originalRequest, this.sha256))); | ||
return request; | ||
} | ||
sign(toSign, options) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
if (typeof toSign === "string") { | ||
return this.signString(toSign, options); | ||
} | ||
else if (toSign.headers && toSign.payload) { | ||
return this.signEvent(toSign, options); | ||
} | ||
else { | ||
return this.signRequest(toSign, options); | ||
} | ||
}); | ||
async sign(toSign, options) { | ||
if (typeof toSign === "string") { | ||
return this.signString(toSign, options); | ||
} | ||
else if (toSign.headers && toSign.payload) { | ||
return this.signEvent(toSign, options); | ||
} | ||
else { | ||
return this.signRequest(toSign, options); | ||
} | ||
} | ||
signEvent({ headers, payload }, { signingDate = new Date(), priorSignature, signingRegion, signingService }) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider()); | ||
const { shortDate, longDate } = formatDate(signingDate); | ||
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service); | ||
const hashedPayload = yield getPayloadHash({ headers: {}, body: payload }, this.sha256); | ||
const hash = new this.sha256(); | ||
hash.update(headers); | ||
const hashedHeaders = toHex(yield hash.digest()); | ||
const stringToSign = [ | ||
EVENT_ALGORITHM_IDENTIFIER, | ||
longDate, | ||
scope, | ||
priorSignature, | ||
hashedHeaders, | ||
hashedPayload, | ||
].join("\n"); | ||
return this.signString(stringToSign, { signingDate, signingRegion: region, signingService }); | ||
}); | ||
async signEvent({ headers, payload }, { signingDate = new Date(), priorSignature, signingRegion, signingService }) { | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider()); | ||
const { shortDate, longDate } = formatDate(signingDate); | ||
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service); | ||
const hashedPayload = await getPayloadHash({ headers: {}, body: payload }, this.sha256); | ||
const hash = new this.sha256(); | ||
hash.update(headers); | ||
const hashedHeaders = toHex(await hash.digest()); | ||
const stringToSign = [ | ||
EVENT_ALGORITHM_IDENTIFIER, | ||
longDate, | ||
scope, | ||
priorSignature, | ||
hashedHeaders, | ||
hashedPayload, | ||
].join("\n"); | ||
return this.signString(stringToSign, { signingDate, signingRegion: region, signingService }); | ||
} | ||
signString(stringToSign, { signingDate = new Date(), signingRegion, signingService } = {}) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
const credentials = yield this.credentialProvider(); | ||
this.validateResolvedCredentials(credentials); | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider()); | ||
const { shortDate } = formatDate(signingDate); | ||
const hash = new this.sha256(yield this.getSigningKey(credentials, region, shortDate, signingService)); | ||
hash.update(stringToSign); | ||
return toHex(yield hash.digest()); | ||
}); | ||
async signString(stringToSign, { signingDate = new Date(), signingRegion, signingService } = {}) { | ||
const credentials = await this.credentialProvider(); | ||
this.validateResolvedCredentials(credentials); | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider()); | ||
const { shortDate } = formatDate(signingDate); | ||
const hash = new this.sha256(await this.getSigningKey(credentials, region, shortDate, signingService)); | ||
hash.update(stringToSign); | ||
return toHex(await hash.digest()); | ||
} | ||
signRequest(requestToSign, { signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
const credentials = yield this.credentialProvider(); | ||
this.validateResolvedCredentials(credentials); | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider()); | ||
const request = prepareRequest(requestToSign); | ||
const { longDate, shortDate } = formatDate(signingDate); | ||
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service); | ||
request.headers[AMZ_DATE_HEADER] = longDate; | ||
if (credentials.sessionToken) { | ||
request.headers[TOKEN_HEADER] = credentials.sessionToken; | ||
} | ||
const payloadHash = yield getPayloadHash(request, this.sha256); | ||
if (!hasHeader(SHA256_HEADER, request.headers) && this.applyChecksum) { | ||
request.headers[SHA256_HEADER] = payloadHash; | ||
} | ||
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders); | ||
const signature = yield this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, payloadHash)); | ||
request.headers[AUTH_HEADER] = | ||
`${ALGORITHM_IDENTIFIER} ` + | ||
`Credential=${credentials.accessKeyId}/${scope}, ` + | ||
`SignedHeaders=${getCanonicalHeaderList(canonicalHeaders)}, ` + | ||
`Signature=${signature}`; | ||
return request; | ||
}); | ||
async signRequest(requestToSign, { signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}) { | ||
const credentials = await this.credentialProvider(); | ||
this.validateResolvedCredentials(credentials); | ||
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider()); | ||
const request = prepareRequest(requestToSign); | ||
const { longDate, shortDate } = formatDate(signingDate); | ||
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service); | ||
request.headers[AMZ_DATE_HEADER] = longDate; | ||
if (credentials.sessionToken) { | ||
request.headers[TOKEN_HEADER] = credentials.sessionToken; | ||
} | ||
const payloadHash = await getPayloadHash(request, this.sha256); | ||
if (!hasHeader(SHA256_HEADER, request.headers) && this.applyChecksum) { | ||
request.headers[SHA256_HEADER] = payloadHash; | ||
} | ||
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders); | ||
const signature = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, payloadHash)); | ||
request.headers[AUTH_HEADER] = | ||
`${ALGORITHM_IDENTIFIER} ` + | ||
`Credential=${credentials.accessKeyId}/${scope}, ` + | ||
`SignedHeaders=${getCanonicalHeaderList(canonicalHeaders)}, ` + | ||
`Signature=${signature}`; | ||
return request; | ||
} | ||
@@ -128,12 +117,10 @@ createCanonicalRequest(request, canonicalHeaders, payloadHash) { | ||
} | ||
createStringToSign(longDate, credentialScope, canonicalRequest) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
const hash = new this.sha256(); | ||
hash.update(canonicalRequest); | ||
const hashedRequest = yield hash.digest(); | ||
return `${ALGORITHM_IDENTIFIER} | ||
async createStringToSign(longDate, credentialScope, canonicalRequest) { | ||
const hash = new this.sha256(); | ||
hash.update(canonicalRequest); | ||
const hashedRequest = await hash.digest(); | ||
return `${ALGORITHM_IDENTIFIER} | ||
${longDate} | ||
${credentialScope} | ||
${toHex(hashedRequest)}`; | ||
}); | ||
} | ||
@@ -161,9 +148,7 @@ getCanonicalPath({ path }) { | ||
} | ||
getSignature(longDate, credentialScope, keyPromise, canonicalRequest) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
const stringToSign = yield this.createStringToSign(longDate, credentialScope, canonicalRequest); | ||
const hash = new this.sha256(yield keyPromise); | ||
hash.update(stringToSign); | ||
return toHex(yield hash.digest()); | ||
}); | ||
async getSignature(longDate, credentialScope, keyPromise, canonicalRequest) { | ||
const stringToSign = await this.createStringToSign(longDate, credentialScope, canonicalRequest); | ||
const hash = new this.sha256(await keyPromise); | ||
hash.update(stringToSign); | ||
return toHex(await hash.digest()); | ||
} | ||
@@ -170,0 +155,0 @@ getSigningKey(credentials, region, shortDate, service) { |
{ | ||
"name": "@trivikr-test/signature-v4", | ||
"version": "3.170.0-es2016", | ||
"version": "3.170.0-es2017", | ||
"description": "A standalone implementation of the AWS Signature V4 request signing algorithm", | ||
@@ -24,7 +24,7 @@ "main": "./dist-cjs/index.js", | ||
"dependencies": { | ||
"@trivikr-test/is-array-buffer": "3.170.0-es2016", | ||
"@trivikr-test/types": "3.170.0-es2016", | ||
"@trivikr-test/util-hex-encoding": "3.170.0-es2016", | ||
"@trivikr-test/util-middleware": "3.170.0-es2016", | ||
"@trivikr-test/util-uri-escape": "3.170.0-es2016", | ||
"@trivikr-test/is-array-buffer": "3.170.0-es2017", | ||
"@trivikr-test/types": "3.170.0-es2017", | ||
"@trivikr-test/util-hex-encoding": "3.170.0-es2017", | ||
"@trivikr-test/util-middleware": "3.170.0-es2017", | ||
"@trivikr-test/util-uri-escape": "3.170.0-es2017", | ||
"tslib": "^2.3.1" | ||
@@ -34,4 +34,4 @@ }, | ||
"@aws-crypto/sha256-js": "2.0.0", | ||
"@trivikr-test/protocol-http": "3.170.0-es2016", | ||
"@trivikr-test/util-buffer-from": "3.170.0-es2016", | ||
"@trivikr-test/protocol-http": "3.170.0-es2017", | ||
"@trivikr-test/util-buffer-from": "3.170.0-es2017", | ||
"@tsconfig/recommended": "1.0.1", | ||
@@ -38,0 +38,0 @@ "concurrently": "7.0.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
101743
2039
+ Added@trivikr-test/is-array-buffer@3.170.0-es2017(transitive)
+ Added@trivikr-test/types@3.170.0-es2017(transitive)
+ Added@trivikr-test/util-hex-encoding@3.170.0-es2017(transitive)
+ Added@trivikr-test/util-middleware@3.170.0-es2017(transitive)
+ Added@trivikr-test/util-uri-escape@3.170.0-es2017(transitive)
- Removed@trivikr-test/is-array-buffer@3.170.0-es2016(transitive)
- Removed@trivikr-test/types@3.170.0-es2016(transitive)
- Removed@trivikr-test/util-hex-encoding@3.170.0-es2016(transitive)
- Removed@trivikr-test/util-middleware@3.170.0-es2016(transitive)
- Removed@trivikr-test/util-uri-escape@3.170.0-es2016(transitive)