Fix signed request

hashmal · Mar 24, 2012 · 4d7c0ff · 4d7c0ff
1 parent b49fc3e
commit 4d7c0ff
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 32 deletions.
diff --git a/Rakefile b/Rakefile
@@ -0,0 +1,4 @@
+require 'bundler/gem_tasks'
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec
diff --git a/lib/jedlik/connection.rb b/lib/jedlik/connection.rb
@@ -15,7 +15,7 @@ class Connection
     #
     def initialize(access_key_id, secret_access_key, opts={})
       opts = DEFAULTS.merge opts
-      @sts = SecurityTokenService.new access_key_id, secret_access_key
+      @sts = SecurityTokenService.new(access_key_id, secret_access_key)
       @endpoint = opts[:endpoint]
     end
 

diff --git a/lib/jedlik/security_token_service.rb b/lib/jedlik/security_token_service.rb
@@ -37,6 +37,10 @@ def session_token
       @session_token
     end
 
+    def signature
+      sign(string_to_sign)
+    end
+
     private
 
     # Extract the contents of a given tag.
@@ -54,7 +58,14 @@ def get_tag(tag, string)
     # expire.
     def obtain_credentials
       if not @expiration or @expiration <= Time.now.utc
-        response = Typhoeus::Request.get(request_uri)
+        params = {
+          :AWSAccessKeyId   => @_access_key_id,
+          :SignatureMethod  => 'HmacSHA256',
+          :SignatureVersion => '2',
+          :Signature        => signature
+        }.merge(authorization_params)
+
+        response = Typhoeus::Request.post("https://sts.amazonaws.com", :params => params)
         if response.success?
           body = response.body
           @session_token      = get_tag(:SessionToken, body)
@@ -67,34 +78,29 @@ def obtain_credentials
       end
     end
 
-    # Generate the params to be sent to STS.
-    def request_params
-      {
-        :AWSAccessKeyId   => @_access_key_id,
+    def authorization_params
+      @authorization_params ||= {
         :Action           => 'GetSessionToken',
-        :DurationSeconds  => '3600',
-        :SignatureMethod  => 'HmacSHA256',
-        :SignatureVersion => '2',
         :Timestamp        => Time.now.utc.iso8601,
-        :Version          => '2011-06-15',
+        :Version          => '2011-06-15'
       }
     end
 
-    # Generate the URI that should be requested.
-    def request_uri
-      qs = request_params.map { |key, val|
-        [CGI.escape(key.to_s), CGI.escape(val)].join('=')
-      }.join('&')
-
-      "https://sts.amazonaws.com/?#{qs}&Signature=" +
-      CGI.escape(sign("GET\nsts.amazonaws.com\n/\n#{qs}"))
+    def string_to_sign
+      [
+        "POST",
+        "sts.amazonaws.com",
+        "/",
+        "Action=GetSessionToken&Timestamp=#{CGI.escape(authorization_params[:Timestamp])}&Version=2011-06-15"
+      ].join("\n")
     end
 
     # Sign (HMAC-SHA256) a string using the secret key given at
     # initialization.
     def sign(string)
-      digested = OpenSSL::HMAC.digest('sha256', @_secret_access_key, string)
-      Base64.encode64(digested).chomp
+      Base64.encode64(
+        OpenSSL::HMAC.digest('sha256', @_secret_access_key, string)
+      ).strip
     end
   end
 end
diff --git a/spec/jedlik/security_token_service_spec.rb b/spec/jedlik/security_token_service_spec.rb
@@ -5,9 +5,9 @@
 <GetSessionTokenResult>
 <Credentials>
 <SessionToken>SESSION_TOKEN</SessionToken>
-<SecretAccessKey>SECRET_ACCESS_KEY</SecretAccessKey>
+<SecretAccessKey>secret_access_key</SecretAccessKey>
 <Expiration>2036-03-19T01:03:22.276Z</Expiration>
-<AccessKeyId>ACCESS_KEY_ID</AccessKeyId>
+<AccessKeyId>access_key_id</AccessKeyId>
 </Credentials>
 </GetSessionTokenResult>
 <ResponseMetadata>
@@ -21,18 +21,14 @@ module Jedlik
     let(:sts) { SecurityTokenService.new("access_key_id", "secret_access_key") }
 
     before do
-      Time.stub(:now).and_return(Time.parse("2012-03-24T20:03:36Z"))
-      OpenSSL::HMAC.stub!(:digest).and_return("sha256-hash") # base64 => c2hhMjU2LWhhc2g=
-      url = "https://sts.amazonaws.com/?AWSAccessKeyId=access_key_id&Action=GetSessionToken&DurationSeconds=3600&Signature=c2hhMjU2LWhhc2g=&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-03-24T20:03:36Z&Version=2011-06-15"
-      stub_request(:get, url).to_return(:status => 200, :body => VALID_RESPONSE_BODY)
+      Time.stub(:now).and_return(Time.parse("2012-03-24T21:11:02Z"))
+      stub_request(:post, "https://sts.amazonaws.com/").
+        with(:body => "AWSAccessKeyId=access_key_id&Action=GetSessionToken&Signature=Mna7q/X+GkaDJv7pmfrtIR83rdPKLogbawR2QVMPhxI=&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-03-24T21:11:02Z&Version=2011-06-15").
+        to_return(:status => 200, :body => VALID_RESPONSE_BODY)
     end
 
-    it "returns access_key_id" do
-      sts.access_key_id.should == "ACCESS_KEY_ID"
-    end
-
-    it "returns secret_access_key" do
-      sts.secret_access_key.should == "SECRET_ACCESS_KEY"
+    it "computes proper signature" do
+      sts.signature.should == "Mna7q/X+GkaDJv7pmfrtIR83rdPKLogbawR2QVMPhxI="
     end
 
     it "returns session_token" do