1 | var AWS = require('../core');
|
2 |
|
3 |
|
4 |
|
5 |
|
6 | var cachedSecret = {};
|
7 |
|
8 |
|
9 |
|
10 |
|
11 | var cacheQueue = [];
|
12 |
|
13 |
|
14 |
|
15 |
|
16 | var maxCacheEntries = 50;
|
17 |
|
18 |
|
19 |
|
20 |
|
21 | var v4Identifier = 'aws4_request';
|
22 |
|
23 |
|
24 |
|
25 |
|
26 | module.exports = {
|
27 | |
28 |
|
29 |
|
30 |
|
31 |
|
32 |
|
33 |
|
34 |
|
35 | createScope: function createScope(date, region, serviceName) {
|
36 | return [
|
37 | date.substr(0, 8),
|
38 | region,
|
39 | serviceName,
|
40 | v4Identifier
|
41 | ].join('/');
|
42 | },
|
43 |
|
44 | |
45 |
|
46 |
|
47 |
|
48 |
|
49 |
|
50 |
|
51 |
|
52 |
|
53 |
|
54 | getSigningKey: function getSigningKey(
|
55 | credentials,
|
56 | date,
|
57 | region,
|
58 | service,
|
59 | shouldCache
|
60 | ) {
|
61 | var credsIdentifier = AWS.util.crypto
|
62 | .hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64');
|
63 | var cacheKey = [credsIdentifier, date, region, service].join('_');
|
64 | shouldCache = shouldCache !== false;
|
65 | if (shouldCache && (cacheKey in cachedSecret)) {
|
66 | return cachedSecret[cacheKey];
|
67 | }
|
68 |
|
69 | var kDate = AWS.util.crypto.hmac(
|
70 | 'AWS4' + credentials.secretAccessKey,
|
71 | date,
|
72 | 'buffer'
|
73 | );
|
74 | var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer');
|
75 | var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer');
|
76 |
|
77 | var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer');
|
78 | if (shouldCache) {
|
79 | cachedSecret[cacheKey] = signingKey;
|
80 | cacheQueue.push(cacheKey);
|
81 | if (cacheQueue.length > maxCacheEntries) {
|
82 |
|
83 | delete cachedSecret[cacheQueue.shift()];
|
84 | }
|
85 | }
|
86 |
|
87 | return signingKey;
|
88 | },
|
89 |
|
90 | |
91 |
|
92 |
|
93 |
|
94 |
|
95 |
|
96 | emptyCache: function emptyCache() {
|
97 | cachedSecret = {};
|
98 | cacheQueue = [];
|
99 | }
|
100 | };
|