get-vanilla test

Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

Gemfile.lock

@@ -0,0 +1,16 @@
+PATH
+  remote: .
+  specs:
+    aws4 (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    rake (10.0.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aws4!
+  rake

Rakefile

@@ -0,0 +1,9 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs.push "lib"
+  t.test_files = FileList['test/*_test.rb']
+  t.verbose = true
+end
+
+task :default => :test

aws4.gemspec

@@ -0,0 +1,18 @@
+require "./lib/aws4/version"
+
+Gem::Specification.new do |s|
+  s.name         = 'aws4'
+  s.version      = AWS4::VERSION
+  s.summary      = "A ruby gem for AWS Signature version 4"
+  s.description  = "A ruby gem for AWS Signature version 4"
+  s.authors      = ["Brandon Keene"]
+  s.email        = ["[email protected]"]
+  s.require_path = 'lib'
+  s.files        = `git ls-files`.split("\n")
+  s.test_files   = `git ls-files -- {test}/*`.split("\n")
+  s.executables  = []
+  s.homepage     = 'http://github.com/cmdrkeene/aws4'
+
+  s.add_development_dependency "rake"
+end
+

lib/aws4/signature.rb

@@ -0,0 +1,95 @@
+require "openssl"
+require "time"
+
+module AWS4
+  class Signature
+    attr_reader :access_key, :secret_key, :region
+    attr_reader :date, :method, :uri, :headers, :body
+
+    def initialize(config)
+      @access_key = config[:access_key] || config["access_key"]
+      @secret_key = config[:secret_key] || config["secret_key"]
+      @region = config[:region] || config["region"]
+    end
+
+    def sign(method, uri, headers, body)
+      @method = method.upcase
+      @uri = uri
+      @headers = headers
+      @body = body
+      @date = Time.parse(headers["Date"]).utc.strftime("%Y%m%dT%H%M%SZ")
+      signed = headers.dup
+      signed['Authorization'] = authorization(headers)
+      signed
+    end
+
+    def service
+      @uri.host.split(".", 2)[0]
+    end
+
+    def authorization(headers)
+      parts = []
+      parts << "AWS4-HMAC-SHA256 Credential=#{access_key}/#{credential_string}"
+      parts << "SignedHeaders=#{headers.keys.map(&:downcase).sort.join(";")}"
+      parts << "Signature=#{signature}"
+      parts.join(', ')
+    end
+
+    def signature
+      k_secret = secret_key
+      k_date = hmac("AWS4" + k_secret, date[0,8])
+      k_region = hmac(k_date, region)
+      k_service = hmac(k_region, service)
+      k_credentials = hmac(k_service, 'aws4_request')
+      hexhmac(k_credentials, string_to_sign)
+    end
+
+    def string_to_sign
+      parts = []
+      parts << 'AWS4-HMAC-SHA256'
+      parts << date
+      parts << credential_string
+      parts << hexdigest(canonical_request)
+      s = parts.join("\n")
+      puts "string to sign", s
+      puts
+      s
+    end
+
+    def credential_string
+      parts = []
+      parts << date[0,8]
+      parts << region
+      parts << service
+      parts << 'aws4_request'
+      parts.join("/")
+    end
+
+    def canonical_request
+      parts = []
+      parts << method
+      parts << uri.path + "\n"
+      parts << headers.sort.map {|k, v| [k.downcase,v].join(':')}.join("\n") + "\n"
+      parts << headers.sort.map {|k, v| k.downcase}.join(";")
+      parts << hexdigest(body || '')
+      s = parts.join("\n")
+      puts "canonical request", s
+      puts
+      s
+    end
+
+    def hexdigest(value)
+      digest = Digest::SHA256.new
+      digest.update(value)
+      digest.hexdigest
+    end
+
+    def hmac(key, value)
+      OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, value)
+    end
+
+    def hexhmac(key, value)
+      OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), key, value)
+    end
+  end
+end

lib/aws4/version.rb

@@ -0,0 +1,3 @@
+module AWS4
+  VERSION = "0.0.1"
+end

test/signature_test.rb

@@ -0,0 +1,27 @@
+require 'minitest/spec'
+require 'minitest/autorun'
+require 'aws4/signature'
+require 'net/http'
+require 'uri'
+
+describe AWS4::Signature do
+  @@signature = AWS4::Signature.new(
+    access_key: "AKIDEXAMPLE",
+    secret_key: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
+    region: "us-east-1",
+    host: "host.foo.com"
+  )
+
+  it "signs get-vanilla" do
+    uri = URI("http://host.foo.com/")
+    headers = {
+      "Host" => "host.foo.com",
+      "Date" => "Mon, 09 Sep 2011 23:36:00 GMT"
+    }
+    body = ""
+    signed = @@signature.sign("GET", uri, headers, body)
+    signed["Date"].must_equal("Mon, 09 Sep 2011 23:36:00 GMT")
+    signed["Host"].must_equal("host.foo.com")
+    signed["Authorization"].must_equal("AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470")
+  end
+end

test/suite/get-header-key-duplicate.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;zoo, Signature=54afcaaf45b331f81cd2edb974f7b824ff4dd594cbbaa945ed636b48477368ed

test/suite/get-header-key-duplicate.creq

@@ -0,0 +1,9 @@
+POST
+/
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+zoo:foobar,zoobar,zoobar
+
+date;host;zoo
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

test/suite/get-header-key-duplicate.req

@@ -0,0 +1,7 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+ZOO:zoobar
+zoo:foobar
+zoo:zoobar
+

test/suite/get-header-key-duplicate.sreq

@@ -0,0 +1,8 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+ZOO:zoobar
+zoo:foobar
+zoo:zoobar
+Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;zoo, Signature=54afcaaf45b331f81cd2edb974f7b824ff4dd594cbbaa945ed636b48477368ed
+

test/suite/get-header-key-duplicate.sts

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20110909T233600Z
+20110909/us-east-1/host/aws4_request
+3c52f0eaae2b61329c0a332e3fa15842a37bc5812cf4d80eb64784308850e313

test/suite/get-header-value-multiline.req

@@ -0,0 +1,7 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p:a
+  b
+	c
+

test/suite/get-header-value-order.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;p, Signature=d2973954263943b11624a11d1c963ca81fb274169c7868b2858c04f083199e3d

test/suite/get-header-value-order.creq

@@ -0,0 +1,9 @@
+POST
+/
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p:a,a,p,z
+
+date;host;p
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

test/suite/get-header-value-order.req

@@ -0,0 +1,8 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p:z
+p:a
+p:p
+p:a
+

test/suite/get-header-value-order.sreq

@@ -0,0 +1,9 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p:z
+p:a
+p:p
+p:a
+Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;p, Signature=d2973954263943b11624a11d1c963ca81fb274169c7868b2858c04f083199e3d
+

test/suite/get-header-value-order.sts

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20110909T233600Z
+20110909/us-east-1/host/aws4_request
+94c0389fefe0988cbbedc8606f0ca0b485b48da010d09fc844b45b697c8924fe

test/suite/get-header-value-trim.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;p, Signature=debf546796015d6f6ded8626f5ce98597c33b47b9164cf6b17b4642036fcb592

test/suite/get-header-value-trim.creq

@@ -0,0 +1,9 @@
+POST
+/
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p:phfft
+
+date;host;p
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

test/suite/get-header-value-trim.req

@@ -0,0 +1,5 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p: phfft 
+

test/suite/get-header-value-trim.sreq

@@ -0,0 +1,6 @@
+POST / http/1.1
+DATE:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+p: phfft 
+Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;p, Signature=debf546796015d6f6ded8626f5ce98597c33b47b9164cf6b17b4642036fcb592
+

test/suite/get-header-value-trim.sts

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20110909T233600Z
+20110909/us-east-1/host/aws4_request
+dddd1902add08da1ac94782b05f9278c08dc7468db178a84f8950d93b30b1f35

test/suite/get-relative-relative.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470

test/suite/get-relative-relative.creq

@@ -0,0 +1,8 @@
+GET
+/
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+
+date;host
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

test/suite/get-relative-relative.req

@@ -0,0 +1,4 @@
+GET /foo/bar/../.. http/1.1
+Date:Mon, 09 Sep 2011 23:36:00 GMT
+Host:host.foo.com
+

test/suite/get-relative-relative.sreq

@@ -0,0 +1,5 @@
+GET /foo/bar/../.. http/1.1
+Date:Mon, 09 Sep 2011 23:36:00 GMT
+Host:host.foo.com
+Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470
+

test/suite/get-relative-relative.sts

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20110909T233600Z
+20110909/us-east-1/host/aws4_request
+366b91fb121d72a00f46bbe8d395f53a102b06dfb7e79636515208ed3fa606b1

test/suite/get-relative.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470

test/suite/get-relative.creq

@@ -0,0 +1,8 @@
+GET
+/
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+
+date;host
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

test/suite/get-relative.req

@@ -0,0 +1,4 @@
+GET /foo/.. http/1.1
+Date:Mon, 09 Sep 2011 23:36:00 GMT
+Host:host.foo.com
+

test/suite/get-relative.sreq

@@ -0,0 +1,5 @@
+GET /foo/.. http/1.1
+Date:Mon, 09 Sep 2011 23:36:00 GMT
+Host:host.foo.com
+Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470
+

test/suite/get-relative.sts

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20110909T233600Z
+20110909/us-east-1/host/aws4_request
+366b91fb121d72a00f46bbe8d395f53a102b06dfb7e79636515208ed3fa606b1

test/suite/get-slash-dot-slash.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470

test/suite/get-slash-dot-slash.creq

@@ -0,0 +1,8 @@
+GET
+/
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+
+date;host
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

test/suite/get-slash-dot-slash.req

@@ -0,0 +1,4 @@
+GET /./ http/1.1
+Date:Mon, 09 Sep 2011 23:36:00 GMT
+Host:host.foo.com
+

test/suite/get-slash-dot-slash.sreq

@@ -0,0 +1,5 @@
+GET /./ http/1.1
+Date:Mon, 09 Sep 2011 23:36:00 GMT
+Host:host.foo.com
+Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470
+

test/suite/get-slash-dot-slash.sts

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20110909T233600Z
+20110909/us-east-1/host/aws4_request
+366b91fb121d72a00f46bbe8d395f53a102b06dfb7e79636515208ed3fa606b1

test/suite/get-slash-pointless-dot.authz

@@ -0,0 +1 @@
+AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=910e4d6c9abafaf87898e1eb4c929135782ea25bb0279703146455745391e63a

test/suite/get-slash-pointless-dot.creq

@@ -0,0 +1,8 @@
+GET
+/foo
+
+date:Mon, 09 Sep 2011 23:36:00 GMT
+host:host.foo.com
+
+date;host
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855