Skip to content
Browse files

Fix signed request

  • Loading branch information...
1 parent b49fc3e commit 4d7c0ff920a10ae8c66327a8cd158ec9bd806e46 @cmdrkeene cmdrkeene committed Mar 24, 2012
Showing with 38 additions and 32 deletions.
  1. +4 −0 Rakefile
  2. +1 −1 lib/jedlik/connection.rb
  3. +25 −19 lib/jedlik/security_token_service.rb
  4. +8 −12 spec/jedlik/security_token_service_spec.rb
View
4 Rakefile
@@ -0,0 +1,4 @@
+require 'bundler/gem_tasks'
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec
View
2 lib/jedlik/connection.rb
@@ -15,7 +15,7 @@ class Connection
#
def initialize(access_key_id, secret_access_key, opts={})
opts = DEFAULTS.merge opts
- @sts = SecurityTokenService.new access_key_id, secret_access_key
+ @sts = SecurityTokenService.new(access_key_id, secret_access_key)
@endpoint = opts[:endpoint]
end
View
44 lib/jedlik/security_token_service.rb
@@ -37,6 +37,10 @@ def session_token
@session_token
end
+ def signature
+ sign(string_to_sign)
+ end
+
private
# Extract the contents of a given tag.
@@ -54,7 +58,14 @@ def get_tag(tag, string)
# expire.
def obtain_credentials
if not @expiration or @expiration <= Time.now.utc
- response = Typhoeus::Request.get(request_uri)
+ params = {
+ :AWSAccessKeyId => @_access_key_id,
+ :SignatureMethod => 'HmacSHA256',
+ :SignatureVersion => '2',
+ :Signature => signature
+ }.merge(authorization_params)
+
+ response = Typhoeus::Request.post("https://sts.amazonaws.com", :params => params)
if response.success?
body = response.body
@session_token = get_tag(:SessionToken, body)
@@ -67,34 +78,29 @@ def obtain_credentials
end
end
- # Generate the params to be sent to STS.
- def request_params
- {
- :AWSAccessKeyId => @_access_key_id,
+ def authorization_params
+ @authorization_params ||= {
:Action => 'GetSessionToken',
- :DurationSeconds => '3600',
- :SignatureMethod => 'HmacSHA256',
- :SignatureVersion => '2',
:Timestamp => Time.now.utc.iso8601,
- :Version => '2011-06-15',
+ :Version => '2011-06-15'
}
end
- # Generate the URI that should be requested.
- def request_uri
- qs = request_params.map { |key, val|
- [CGI.escape(key.to_s), CGI.escape(val)].join('=')
- }.join('&')
-
- "https://sts.amazonaws.com/?#{qs}&Signature=" +
- CGI.escape(sign("GET\nsts.amazonaws.com\n/\n#{qs}"))
+ def string_to_sign
+ [
+ "POST",
+ "sts.amazonaws.com",
+ "/",
+ "Action=GetSessionToken&Timestamp=#{CGI.escape(authorization_params[:Timestamp])}&Version=2011-06-15"
+ ].join("\n")
end
# Sign (HMAC-SHA256) a string using the secret key given at
# initialization.
def sign(string)
- digested = OpenSSL::HMAC.digest('sha256', @_secret_access_key, string)
- Base64.encode64(digested).chomp
+ Base64.encode64(
+ OpenSSL::HMAC.digest('sha256', @_secret_access_key, string)
+ ).strip
end
end
end
View
20 spec/jedlik/security_token_service_spec.rb
@@ -5,9 +5,9 @@
<GetSessionTokenResult>
<Credentials>
<SessionToken>SESSION_TOKEN</SessionToken>
-<SecretAccessKey>SECRET_ACCESS_KEY</SecretAccessKey>
+<SecretAccessKey>secret_access_key</SecretAccessKey>
<Expiration>2036-03-19T01:03:22.276Z</Expiration>
-<AccessKeyId>ACCESS_KEY_ID</AccessKeyId>
+<AccessKeyId>access_key_id</AccessKeyId>
</Credentials>
</GetSessionTokenResult>
<ResponseMetadata>
@@ -21,18 +21,14 @@ module Jedlik
let(:sts) { SecurityTokenService.new("access_key_id", "secret_access_key") }
before do
- Time.stub(:now).and_return(Time.parse("2012-03-24T20:03:36Z"))
- OpenSSL::HMAC.stub!(:digest).and_return("sha256-hash") # base64 => c2hhMjU2LWhhc2g=
- url = "https://sts.amazonaws.com/?AWSAccessKeyId=access_key_id&Action=GetSessionToken&DurationSeconds=3600&Signature=c2hhMjU2LWhhc2g=&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-03-24T20:03:36Z&Version=2011-06-15"
- stub_request(:get, url).to_return(:status => 200, :body => VALID_RESPONSE_BODY)
+ Time.stub(:now).and_return(Time.parse("2012-03-24T21:11:02Z"))
+ stub_request(:post, "https://sts.amazonaws.com/").
+ with(:body => "AWSAccessKeyId=access_key_id&Action=GetSessionToken&Signature=Mna7q/X+GkaDJv7pmfrtIR83rdPKLogbawR2QVMPhxI=&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-03-24T21:11:02Z&Version=2011-06-15").
+ to_return(:status => 200, :body => VALID_RESPONSE_BODY)
end
- it "returns access_key_id" do
- sts.access_key_id.should == "ACCESS_KEY_ID"
- end
-
- it "returns secret_access_key" do
- sts.secret_access_key.should == "SECRET_ACCESS_KEY"
+ it "computes proper signature" do
+ sts.signature.should == "Mna7q/X+GkaDJv7pmfrtIR83rdPKLogbawR2QVMPhxI="
end
it "returns session_token" do

0 comments on commit 4d7c0ff

Please sign in to comment.
Something went wrong with that request. Please try again.