| 1 | var AWS = require('../core');
|
| 2 | var inherit = AWS.util.inherit;
|
| 3 |
|
| 4 | |
| 5 | |
| 6 |
|
| 7 | AWS.Signers.V3 = inherit(AWS.Signers.RequestSigner, {
|
| 8 | addAuthorization: function addAuthorization(credentials, date) {
|
| 9 |
|
| 10 | var datetime = AWS.util.date.rfc822(date);
|
| 11 |
|
| 12 | this.request.headers['X-Amz-Date'] = datetime;
|
| 13 |
|
| 14 | if (credentials.sessionToken) {
|
| 15 | this.request.headers['x-amz-security-token'] = credentials.sessionToken;
|
| 16 | }
|
| 17 |
|
| 18 | this.request.headers['X-Amzn-Authorization'] =
|
| 19 | this.authorization(credentials, datetime);
|
| 20 |
|
| 21 | },
|
| 22 |
|
| 23 | authorization: function authorization(credentials) {
|
| 24 | return 'AWS3 ' +
|
| 25 | 'AWSAccessKeyId=' + credentials.accessKeyId + ',' +
|
| 26 | 'Algorithm=HmacSHA256,' +
|
| 27 | 'SignedHeaders=' + this.signedHeaders() + ',' +
|
| 28 | 'Signature=' + this.signature(credentials);
|
| 29 | },
|
| 30 |
|
| 31 | signedHeaders: function signedHeaders() {
|
| 32 | var headers = [];
|
| 33 | AWS.util.arrayEach(this.headersToSign(), function iterator(h) {
|
| 34 | headers.push(h.toLowerCase());
|
| 35 | });
|
| 36 | return headers.sort().join(';');
|
| 37 | },
|
| 38 |
|
| 39 | canonicalHeaders: function canonicalHeaders() {
|
| 40 | var headers = this.request.headers;
|
| 41 | var parts = [];
|
| 42 | AWS.util.arrayEach(this.headersToSign(), function iterator(h) {
|
| 43 | parts.push(h.toLowerCase().trim() + ':' + String(headers[h]).trim());
|
| 44 | });
|
| 45 | return parts.sort().join('\n') + '\n';
|
| 46 | },
|
| 47 |
|
| 48 | headersToSign: function headersToSign() {
|
| 49 | var headers = [];
|
| 50 | AWS.util.each(this.request.headers, function iterator(k) {
|
| 51 | if (k === 'Host' || k === 'Content-Encoding' || k.match(/^X-Amz/i)) {
|
| 52 | headers.push(k);
|
| 53 | }
|
| 54 | });
|
| 55 | return headers;
|
| 56 | },
|
| 57 |
|
| 58 | signature: function signature(credentials) {
|
| 59 | return AWS.util.crypto.hmac(credentials.secretAccessKey, this.stringToSign(), 'base64');
|
| 60 | },
|
| 61 |
|
| 62 | stringToSign: function stringToSign() {
|
| 63 | var parts = [];
|
| 64 | parts.push(this.request.method);
|
| 65 | parts.push('/');
|
| 66 | parts.push('');
|
| 67 | parts.push(this.canonicalHeaders());
|
| 68 | parts.push(this.request.body);
|
| 69 | return AWS.util.crypto.sha256(parts.join('\n'));
|
| 70 | }
|
| 71 |
|
| 72 | });
|
| 73 |
|
| 74 | |
| 75 | |
| 76 |
|
| 77 | module.exports = AWS.Signers.V3;
|