class Aws::Plugins::S3RequestSigner::SigningHandler

Constants

V2_REGIONS

List of regions that support older S3 signature versions. All new regions only support signature version 4.

Public Instance Methods

call(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 25
def call(context)
  require_credentials(context)
  version = signature_version(context)
  case version
  when /v4/ then apply_v4_signature(context)
  when /s3/ then apply_v2_signature(context)
  else raise "unsupported signature version #{version.inspect}"
  end
  @handler.call(context)
end

Private Instance Methods

apply_v2_signature(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 45
def apply_v2_signature(context)
  Signers::S3.sign(context)
end
apply_v4_signature(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 38
def apply_v4_signature(context)
  Signers::V4.new(
    context.config.credentials, 's3',
    context[:cached_sigv4_region] || context.config.sigv4_region,
  ).sign(context.http_request)
end
classic_endpoint?(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 63
def classic_endpoint?(context)
  context.config.region == 'us-east-1'
end
classic_sigv(context) click to toggle source

When accessing the classic endpoint, s3.amazonaws.com, we don't know the region name. This makes creating a version 4 signature difficult. Choose v4 only if using KMS encryptions, which requires v4.

# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 70
def classic_sigv(context)
  if kms_encrypted?(context)
    :v4
  else
    :s3
  end
end
kms_encrypted?(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 89
def kms_encrypted?(context)
  context.params[:server_side_encryption] == 'aws:kms'
end
regional_sigv(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 78
def regional_sigv(context)
  # Drop back to older S3 signature version when uploading objects for
  # better performance. This optimization may be removed at some point
  # in favor of always using signature version 4.
  if V2_REGIONS.include?(context.config.region)
    uploading_file?(context) && !kms_encrypted?(context) ? :s3 : :v4
  else
    :v4
  end
end
signature_version(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 49
def signature_version(context)
  context[:cached_signature_version] ||
  context.config.signature_version ||
  version_by_region(context)
end
uploading_file?(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 93
def uploading_file?(context)
  [:put_object, :upload_part].include?(context.operation_name) &&
    context.http_request.body.size > 0
end
version_by_region(context) click to toggle source
# File lib/aws-sdk-core/plugins/s3_request_signer.rb, line 55
def version_by_region(context)
  if classic_endpoint?(context)
    classic_sigv(context)
  else
    regional_sigv(context)
  end
end