Socket
Socket
Sign inDemoInstall

@trivikr-test/signature-v4

Package Overview
Dependencies
Maintainers
1
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@trivikr-test/signature-v4 - npm Package Compare versions

Comparing version 3.170.0-es2016 to 3.170.0-es2017

9

dist-es/credentialDerivation.js

@@ -1,2 +0,1 @@

import { __awaiter } from "tslib";
import { toHex } from "@trivikr-test/util-hex-encoding";

@@ -7,4 +6,4 @@ import { KEY_TYPE_IDENTIFIER, MAX_CACHE_SIZE } from "./constants";

export const createScope = (shortDate, region, service) => `${shortDate}/${region}/${service}/${KEY_TYPE_IDENTIFIER}`;
export const getSigningKey = (sha256Constructor, credentials, shortDate, region, service) => __awaiter(void 0, void 0, void 0, function* () {
const credsHash = yield hmac(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
export const getSigningKey = async (sha256Constructor, credentials, shortDate, region, service) => {
const credsHash = await hmac(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
const cacheKey = `${shortDate}:${region}:${service}:${toHex(credsHash)}:${credentials.sessionToken}`;

@@ -20,6 +19,6 @@ if (cacheKey in signingKeyCache) {

for (const signable of [shortDate, region, service, KEY_TYPE_IDENTIFIER]) {
key = yield hmac(sha256Constructor, key, signable);
key = await hmac(sha256Constructor, key, signable);
}
return (signingKeyCache[cacheKey] = key);
});
};
export const clearCredentialCache = () => {

@@ -26,0 +25,0 @@ cacheQueue.length = 0;

7

dist-es/getPayloadHash.js

@@ -1,6 +0,5 @@

import { __awaiter } from "tslib";
import { isArrayBuffer } from "@trivikr-test/is-array-buffer";
import { toHex } from "@trivikr-test/util-hex-encoding";
import { SHA256_HEADER, UNSIGNED_PAYLOAD } from "./constants";
export const getPayloadHash = ({ headers, body }, hashConstructor) => __awaiter(void 0, void 0, void 0, function* () {
export const getPayloadHash = async ({ headers, body }, hashConstructor) => {
for (const headerName of Object.keys(headers)) {

@@ -17,5 +16,5 @@ if (headerName.toLowerCase() === SHA256_HEADER) {

hashCtor.update(body);
return toHex(yield hashCtor.digest());
return toHex(await hashCtor.digest());
}
return UNSIGNED_PAYLOAD;
});
};

195

dist-es/SignatureV4.js

@@ -1,2 +0,1 @@

import { __awaiter } from "tslib";
import { toHex } from "@trivikr-test/util-hex-encoding";

@@ -22,96 +21,86 @@ import { normalizeProvider } from "@trivikr-test/util-middleware";

}
presign(originalRequest, options = {}) {
return __awaiter(this, void 0, void 0, function* () {
const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, } = options;
const credentials = yield this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider());
const { longDate, shortDate } = formatDate(signingDate);
if (expiresIn > MAX_PRESIGNED_TTL) {
return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
}
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders });
if (credentials.sessionToken) {
request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
}
request.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER;
request.query[CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`;
request.query[AMZ_DATE_QUERY_PARAM] = longDate;
request.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10);
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
request.query[SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders);
request.query[SIGNATURE_QUERY_PARAM] = yield this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, yield getPayloadHash(originalRequest, this.sha256)));
return request;
});
async presign(originalRequest, options = {}) {
const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, } = options;
const credentials = await this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider());
const { longDate, shortDate } = formatDate(signingDate);
if (expiresIn > MAX_PRESIGNED_TTL) {
return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
}
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders });
if (credentials.sessionToken) {
request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
}
request.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER;
request.query[CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`;
request.query[AMZ_DATE_QUERY_PARAM] = longDate;
request.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10);
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
request.query[SIGNED_HEADERS_QUERY_PARAM] = getCanonicalHeaderList(canonicalHeaders);
request.query[SIGNATURE_QUERY_PARAM] = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, await getPayloadHash(originalRequest, this.sha256)));
return request;
}
sign(toSign, options) {
return __awaiter(this, void 0, void 0, function* () {
if (typeof toSign === "string") {
return this.signString(toSign, options);
}
else if (toSign.headers && toSign.payload) {
return this.signEvent(toSign, options);
}
else {
return this.signRequest(toSign, options);
}
});
async sign(toSign, options) {
if (typeof toSign === "string") {
return this.signString(toSign, options);
}
else if (toSign.headers && toSign.payload) {
return this.signEvent(toSign, options);
}
else {
return this.signRequest(toSign, options);
}
}
signEvent({ headers, payload }, { signingDate = new Date(), priorSignature, signingRegion, signingService }) {
return __awaiter(this, void 0, void 0, function* () {
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider());
const { shortDate, longDate } = formatDate(signingDate);
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
const hashedPayload = yield getPayloadHash({ headers: {}, body: payload }, this.sha256);
const hash = new this.sha256();
hash.update(headers);
const hashedHeaders = toHex(yield hash.digest());
const stringToSign = [
EVENT_ALGORITHM_IDENTIFIER,
longDate,
scope,
priorSignature,
hashedHeaders,
hashedPayload,
].join("\n");
return this.signString(stringToSign, { signingDate, signingRegion: region, signingService });
});
async signEvent({ headers, payload }, { signingDate = new Date(), priorSignature, signingRegion, signingService }) {
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider());
const { shortDate, longDate } = formatDate(signingDate);
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
const hashedPayload = await getPayloadHash({ headers: {}, body: payload }, this.sha256);
const hash = new this.sha256();
hash.update(headers);
const hashedHeaders = toHex(await hash.digest());
const stringToSign = [
EVENT_ALGORITHM_IDENTIFIER,
longDate,
scope,
priorSignature,
hashedHeaders,
hashedPayload,
].join("\n");
return this.signString(stringToSign, { signingDate, signingRegion: region, signingService });
}
signString(stringToSign, { signingDate = new Date(), signingRegion, signingService } = {}) {
return __awaiter(this, void 0, void 0, function* () {
const credentials = yield this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider());
const { shortDate } = formatDate(signingDate);
const hash = new this.sha256(yield this.getSigningKey(credentials, region, shortDate, signingService));
hash.update(stringToSign);
return toHex(yield hash.digest());
});
async signString(stringToSign, { signingDate = new Date(), signingRegion, signingService } = {}) {
const credentials = await this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider());
const { shortDate } = formatDate(signingDate);
const hash = new this.sha256(await this.getSigningKey(credentials, region, shortDate, signingService));
hash.update(stringToSign);
return toHex(await hash.digest());
}
signRequest(requestToSign, { signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}) {
return __awaiter(this, void 0, void 0, function* () {
const credentials = yield this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (yield this.regionProvider());
const request = prepareRequest(requestToSign);
const { longDate, shortDate } = formatDate(signingDate);
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
request.headers[AMZ_DATE_HEADER] = longDate;
if (credentials.sessionToken) {
request.headers[TOKEN_HEADER] = credentials.sessionToken;
}
const payloadHash = yield getPayloadHash(request, this.sha256);
if (!hasHeader(SHA256_HEADER, request.headers) && this.applyChecksum) {
request.headers[SHA256_HEADER] = payloadHash;
}
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
const signature = yield this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, payloadHash));
request.headers[AUTH_HEADER] =
`${ALGORITHM_IDENTIFIER} ` +
`Credential=${credentials.accessKeyId}/${scope}, ` +
`SignedHeaders=${getCanonicalHeaderList(canonicalHeaders)}, ` +
`Signature=${signature}`;
return request;
});
async signRequest(requestToSign, { signingDate = new Date(), signableHeaders, unsignableHeaders, signingRegion, signingService, } = {}) {
const credentials = await this.credentialProvider();
this.validateResolvedCredentials(credentials);
const region = signingRegion !== null && signingRegion !== void 0 ? signingRegion : (await this.regionProvider());
const request = prepareRequest(requestToSign);
const { longDate, shortDate } = formatDate(signingDate);
const scope = createScope(shortDate, region, signingService !== null && signingService !== void 0 ? signingService : this.service);
request.headers[AMZ_DATE_HEADER] = longDate;
if (credentials.sessionToken) {
request.headers[TOKEN_HEADER] = credentials.sessionToken;
}
const payloadHash = await getPayloadHash(request, this.sha256);
if (!hasHeader(SHA256_HEADER, request.headers) && this.applyChecksum) {
request.headers[SHA256_HEADER] = payloadHash;
}
const canonicalHeaders = getCanonicalHeaders(request, unsignableHeaders, signableHeaders);
const signature = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request, canonicalHeaders, payloadHash));
request.headers[AUTH_HEADER] =
`${ALGORITHM_IDENTIFIER} ` +
`Credential=${credentials.accessKeyId}/${scope}, ` +
`SignedHeaders=${getCanonicalHeaderList(canonicalHeaders)}, ` +
`Signature=${signature}`;
return request;
}

@@ -128,12 +117,10 @@ createCanonicalRequest(request, canonicalHeaders, payloadHash) {

}
createStringToSign(longDate, credentialScope, canonicalRequest) {
return __awaiter(this, void 0, void 0, function* () {
const hash = new this.sha256();
hash.update(canonicalRequest);
const hashedRequest = yield hash.digest();
return `${ALGORITHM_IDENTIFIER}
async createStringToSign(longDate, credentialScope, canonicalRequest) {
const hash = new this.sha256();
hash.update(canonicalRequest);
const hashedRequest = await hash.digest();
return `${ALGORITHM_IDENTIFIER}
${longDate}
${credentialScope}
${toHex(hashedRequest)}`;
});
}

@@ -161,9 +148,7 @@ getCanonicalPath({ path }) {

}
getSignature(longDate, credentialScope, keyPromise, canonicalRequest) {
return __awaiter(this, void 0, void 0, function* () {
const stringToSign = yield this.createStringToSign(longDate, credentialScope, canonicalRequest);
const hash = new this.sha256(yield keyPromise);
hash.update(stringToSign);
return toHex(yield hash.digest());
});
async getSignature(longDate, credentialScope, keyPromise, canonicalRequest) {
const stringToSign = await this.createStringToSign(longDate, credentialScope, canonicalRequest);
const hash = new this.sha256(await keyPromise);
hash.update(stringToSign);
return toHex(await hash.digest());
}

@@ -170,0 +155,0 @@ getSigningKey(credentials, region, shortDate, service) {

16

package.json
{
"name": "@trivikr-test/signature-v4",
"version": "3.170.0-es2016",
"version": "3.170.0-es2017",
"description": "A standalone implementation of the AWS Signature V4 request signing algorithm",

@@ -24,7 +24,7 @@ "main": "./dist-cjs/index.js",

"dependencies": {
"@trivikr-test/is-array-buffer": "3.170.0-es2016",
"@trivikr-test/types": "3.170.0-es2016",
"@trivikr-test/util-hex-encoding": "3.170.0-es2016",
"@trivikr-test/util-middleware": "3.170.0-es2016",
"@trivikr-test/util-uri-escape": "3.170.0-es2016",
"@trivikr-test/is-array-buffer": "3.170.0-es2017",
"@trivikr-test/types": "3.170.0-es2017",
"@trivikr-test/util-hex-encoding": "3.170.0-es2017",
"@trivikr-test/util-middleware": "3.170.0-es2017",
"@trivikr-test/util-uri-escape": "3.170.0-es2017",
"tslib": "^2.3.1"

@@ -34,4 +34,4 @@ },

"@aws-crypto/sha256-js": "2.0.0",
"@trivikr-test/protocol-http": "3.170.0-es2016",
"@trivikr-test/util-buffer-from": "3.170.0-es2016",
"@trivikr-test/protocol-http": "3.170.0-es2017",
"@trivikr-test/util-buffer-from": "3.170.0-es2017",
"@tsconfig/recommended": "1.0.1",

@@ -38,0 +38,0 @@ "concurrently": "7.0.0",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc