UNPKG

aws-sdk/lib/signers/v4_credentials.js

Version:

2.1 kBJavaScriptView Raw

1var AWS = require('../core');
2
3/**
* @api private
*/
6var cachedSecret = {};
7
8/**
* @api private
*/
11var cacheQueue = [];
12
13/**
* @api private
*/
16var maxCacheEntries = 50;
17
18/**
* @api private
*/
21var v4Identifier = 'aws4_request';
22
23/**
* @api private
*/
26module.exports = {
/**
 * @api private
 *
 * @param date [String]
 * @param region [String]
 * @param serviceName [String]
 * @return [String]
 */
createScope: function createScope(date, region, serviceName) {
  return [
    date.substr(0, 8),
    region,
    serviceName,
    v4Identifier
  ].join('/');
},
43
/**
 * @api private
 *
 * @param credentials [Credentials]
 * @param date [String]
 * @param region [String]
 * @param service [String]
 * @param shouldCache [Boolean]
 * @return [String]
 */
getSigningKey: function getSigningKey(
  credentials,
  date,
  region,
  service,
  shouldCache
) {
  var credsIdentifier = AWS.util.crypto
    .hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64');
  var cacheKey = [credsIdentifier, date, region, service].join('_');
  shouldCache = shouldCache !== false;
  if (shouldCache && (cacheKey in cachedSecret)) {
    return cachedSecret[cacheKey];
  }
68
  var kDate = AWS.util.crypto.hmac(
    'AWS4' + credentials.secretAccessKey,
    date,
    'buffer'
  );
  var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer');
  var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer');
76
  var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer');
  if (shouldCache) {
    cachedSecret[cacheKey] = signingKey;
    cacheQueue.push(cacheKey);
    if (cacheQueue.length > maxCacheEntries) {
      // remove the oldest entry (not the least recently used)
      delete cachedSecret[cacheQueue.shift()];
    }
  }
86
  return signingKey;
},
89
/**
 * @api private
 *
 * Empties the derived signing key cache. Made available for testing purposes
 * only.
 */
emptyCache: function emptyCache() {
  cachedSecret = {};
  cacheQueue = [];
}
100};

1	`var AWS = require('../core');`
2
3	`/**`
4	`* @api private`
5	`*/`
6	`var cachedSecret = {};`
7
8	`/**`
9	`* @api private`
10	`*/`
11	`var cacheQueue = [];`
12
13	`/**`
14	`* @api private`
15	`*/`
16	`var maxCacheEntries = 50;`
17
18	`/**`
19	`* @api private`
20	`*/`
21	`var v4Identifier = 'aws4_request';`
22
23	`/**`
24	`* @api private`
25	`*/`
26	`module.exports = {`
27	`/**`
28	`* @api private`
29	`*`
30	`* @param date [String]`
31	`* @param region [String]`
32	`* @param serviceName [String]`
33	`* @return [String]`
34	`*/`
35	`createScope: function createScope(date, region, serviceName) {`
36	`return [`
37	`date.substr(0, 8),`
38	`region,`
39	`serviceName,`
40	`v4Identifier`
41	`].join('/');`
42	`},`
43
44	`/**`
45	`* @api private`
46	`*`
47	`* @param credentials [Credentials]`
48	`* @param date [String]`
49	`* @param region [String]`
50	`* @param service [String]`
51	`* @param shouldCache [Boolean]`
52	`* @return [String]`
53	`*/`
54	`getSigningKey: function getSigningKey(`
55	`credentials,`
56	`date,`
57	`region,`
58	`service,`
59	`shouldCache`
60	`) {`
61	`var credsIdentifier = AWS.util.crypto`
62	`.hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64');`
63	`var cacheKey = [credsIdentifier, date, region, service].join('_');`
64	`shouldCache = shouldCache !== false;`
65	`if (shouldCache && (cacheKey in cachedSecret)) {`
66	`return cachedSecret[cacheKey];`
67	`}`
68
69	`var kDate = AWS.util.crypto.hmac(`
70	`'AWS4' + credentials.secretAccessKey,`
71	`date,`
72	`'buffer'`
73	`);`
74	`var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer');`
75	`var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer');`
76
77	`var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer');`
78	`if (shouldCache) {`
79	`cachedSecret[cacheKey] = signingKey;`
80	`cacheQueue.push(cacheKey);`
81	`if (cacheQueue.length > maxCacheEntries) {`
82	`// remove the oldest entry (not the least recently used)`
83	`delete cachedSecret[cacheQueue.shift()];`
84	`}`
85	`}`
86
87	`return signingKey;`
88	`},`
89
90	`/**`
91	`* @api private`
92	`*`
93	`* Empties the derived signing key cache. Made available for testing purposes`
94	`* only.`
95	`*/`
96	`emptyCache: function emptyCache() {`
97	`cachedSecret = {};`
98	`cacheQueue = [];`
99	`}`
100	`};`