Skip to content

V4 Signer #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Jul 26, 2017
Merged

V4 Signer #36

merged 15 commits into from
Jul 26, 2017

Conversation

jeskew
Copy link
Contributor

@jeskew jeskew commented Jul 20, 2017
edited
Loading

The signatures in the functional tests in __tests__/SignatureV4.ts were calculated using the PHP SDK's signers. Tests use node crypto packages, with the expectation that browser SDK modules will inject the browser Sha256 implementation via the SignatureV4 constructor.

Jest reports the following in Node 4, 5, 6, 7, and 8:

Test Suites: 8 passed, 8 total
Tests:       52 passed, 52 total
Snapshots:   0 total
Time:        1.048s
Ran all test suites.
-------------------------|----------|----------|----------|----------|----------------|
File                     |  % Stmts | % Branch |  % Funcs |  % Lines |Uncovered Lines |
-------------------------|----------|----------|----------|----------|----------------|
All files                |      100 |      100 |      100 |      100 |                |
 SignatureV4.ts          |      100 |      100 |      100 |      100 |                |
 cloneRequest.ts         |      100 |      100 |      100 |      100 |                |
 constants.ts            |      100 |      100 |      100 |      100 |                |
 credentialDerivation.ts |      100 |      100 |      100 |      100 |                |
 getCanonicalHeaders.ts  |      100 |      100 |      100 |      100 |                |
 getCanonicalQuery.ts    |      100 |      100 |      100 |      100 |                |
 getPayloadHash.ts       |      100 |      100 |      100 |      100 |                |
 moveHeadersToQuery.ts   |      100 |      100 |      100 |      100 |                |
 prepareRequest.ts       |      100 |      100 |      100 |      100 |                |
-------------------------|----------|----------|----------|----------|----------------|

@jeskew jeskew changed the title [WIP] V4 Signer V4 Signer Jul 22, 2017
chrisradek
chrisradek reviewed Jul 25, 2017
View reviewed changes
Copy link
Contributor

@chrisradek chrisradek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had 2 main comments.

  1. We talked about this yesterday but just reiterating here. It might be nice to allow customers to specify a list of unsignable headers that can be merged into our known list of unsignable headers. Ruby currently allows this, and it could be nice if they need to not sign a header that gets modified by a proxy, or we need to work-around an issue like we did with XRay.

  2. Are you still expecting to have separate node and browser packages? It might be a lot to ask customers to also provide a SHA256 implementation if we can easily hook that up for them.

packages/is-array-buffer/__tests__/index.ts
});

it(
'should return true for ArrayBuffers created with a different instance of the ArrayBuffer constructor',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice test! Take that, frames!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out to be surprisingly relevant to running Jest, too.

@jeskew
Copy link
Contributor Author

jeskew commented Jul 25, 2017

  1. I've added a parameter to the object accepted by presignRequest and signRequest that allows customers to specify a custom set of unsignable headers. For performance and environment compatibility reasons, this parameter is of type {[key: string]: any}, and header names are lower-cased and then checked against this object with the in keyword.

  2. Yes, definitely. At a minimum, the browser and node specific packages would supply the correct sha-256 implementation.

@jeskew jeskew merged commit c82133c into aws:master Jul 26, 2017
@jeskew jeskew deleted the feature/v4-signer branch July 26, 2017 18:02
trivikr referenced this pull request in trivikr/aws-sdk-js-v3 Dec 10, 2018
@jeskew
V4 Signer (#36)
2654b1a 
* Add a VM- and WebWorker-safe way to check if an object is an ArrayBuffer

* Document expectations on headers and querystring params

* WIP commit

* WIP commit

* Add a node stream collector

* Add a hex encoding package

* Add tests for getCanonicalQuery

* Add tests for getPayloadHash

* Remove dependency on and use of stream collectors. Streams should be considered always unsignable

* Add tests to fully cover SignatureV4::signRequest

* Remove unused packages

* Update RequestSigner interface to take keywords args instead of positional arguments

* Add presigner and functional and unit tests

* Cover the last uncovered line of code

* Allow the set of unsignable headers to be customized
@lock
Copy link

lock bot commented Sep 26, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@lock lock bot locked as resolved and limited conversation to collaborators Sep 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chrisradek chrisradek chrisradek left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeskew @chrisradek