Gecko [ www.jdcpatala.org ]

Name	Size	Permission
commands	[ DIR ]	drwxr-xr-x
core_ext	[ DIR ]	drwxr-xr-x
ext	[ DIR ]	drwxr-xr-x
package	[ DIR ]	drwxr-xr-x
request	[ DIR ]	drwxr-xr-x
request_set	[ DIR ]	drwxr-xr-x
resolver	[ DIR ]	drwxr-xr-x
security	[ DIR ]	drwxr-xr-x
source	[ DIR ]	drwxr-xr-x
ssl_certs	[ DIR ]	drwxr-xr-x
util	[ DIR ]	drwxr-xr-x
available_set.rb	3.02 KB	-rw-r--r--
basic_specification.rb	7.61 KB	-rw-r--r--
bundler_version_finder.rb	2.97 KB	-rw-r--r--
command.rb	15.79 KB	-rw-r--r--
command_manager.rb	4.99 KB	-rw-r--r--
compatibility.rb	1022 B	-rw-r--r--
config_file.rb	12.69 KB	-rw-r--r--
defaults.rb	4.55 KB	-rw-r--r--
dependency.rb	8.64 KB	-rw-r--r--
dependency_installer.rb	12 KB	-rw-r--r--
dependency_list.rb	5.54 KB	-rw-r--r--
deprecate.rb	1.75 KB	-rw-r--r--
doctor.rb	3.06 KB	-rw-r--r--
errors.rb	4.64 KB	-rw-r--r--
exceptions.rb	6.49 KB	-rw-r--r--
ext.rb	460 B	-rw-r--r--
gem_runner.rb	2.18 KB	-rw-r--r--
gemcutter_utilities.rb	5.16 KB	-rw-r--r--
indexer.rb	11.29 KB	-rw-r--r--
install_default_message.rb	336 B	-rw-r--r--
install_message.rb	310 B	-rw-r--r--
install_update_options.rb	6.26 KB	-rw-r--r--
installer.rb	26.62 KB	-rw-r--r--
installer_test_case.rb	4.8 KB	-rw-r--r--
local_remote_options.rb	3.53 KB	-rw-r--r--
mock_gem_ui.rb	1.38 KB	-rw-r--r--
name_tuple.rb	2.42 KB	-rw-r--r--
package.rb	17.99 KB	-rw-r--r--
package_task.rb	3.8 KB	-rw-r--r--
path_support.rb	1.88 KB	-rw-r--r--
platform.rb	6.25 KB	-rw-r--r--
psych_additions.rb	300 B	-rw-r--r--
psych_tree.rb	796 B	-rw-r--r--
rdoc.rb	524 B	-rw-r--r--
remote_fetcher.rb	9.48 KB	-rw-r--r--
request.rb	8.7 KB	-rw-r--r--
request_set.rb	11.94 KB	-rw-r--r--
requirement.rb	7.15 KB	-rw-r--r--
resolver.rb	9.46 KB	-rw-r--r--
s3_uri_signer.rb	5.93 KB	-rw-r--r--
safe_yaml.rb	1.55 KB	-rw-r--r--
security.rb	21.24 KB	-rw-r--r--
security_option.rb	1.03 KB	-rw-r--r--
server.rb	22.72 KB	-rw-r--r--
source.rb	5.38 KB	-rw-r--r--
source_list.rb	2.55 KB	-rw-r--r--
source_local.rb	274 B	-rw-r--r--
source_specific_file.rb	272 B	-rw-r--r--
spec_fetcher.rb	6.3 KB	-rw-r--r--
specification.rb	70.69 KB	-rw-r--r--
specification_policy.rb	11.38 KB	-rw-r--r--
stub_specification.rb	4.74 KB	-rw-r--r--
syck_hack.rb	2.12 KB	-rw-r--r--
test_case.rb	39.51 KB	-rw-r--r--
test_utilities.rb	8.84 KB	-rw-r--r--
text.rb	1.85 KB	-rw-r--r--
uninstaller.rb	8.83 KB	-rw-r--r--
uri_formatter.rb	778 B	-rw-r--r--
uri_parser.rb	785 B	-rw-r--r--
uri_parsing.rb	324 B	-rw-r--r--
user_interaction.rb	13.3 KB	-rw-r--r--
util.rb	2.22 KB	-rw-r--r--
validator.rb	3.65 KB	-rw-r--r--
version.rb	12.43 KB	-rw-r--r--
version_option.rb	2.02 KB	-rw-r--r--

Code Editor : s3_uri_signer.rb

require 'base64'
require 'digest'
require 'openssl'

##
# S3URISigner implements AWS SigV4 for S3 Source to avoid a dependency on the aws-sdk-* gems
# More on AWS SigV4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
class Gem::S3URISigner

class ConfigurationError < Gem::Exception

def initialize(message)
      super message
    end

def to_s # :nodoc:
      "#{super}"
    end

end

class InstanceProfileError < Gem::Exception

def initialize(message)
      super message
    end

def to_s # :nodoc:
      "#{super}"
    end

end

attr_accessor :uri

def initialize(uri)
    @uri = uri
  end

##
  # Signs S3 URI using query-params according to the reference: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
  def sign(expiration = 86400)
    s3_config = fetch_s3_config

current_time = Time.now.utc
    date_time = current_time.strftime("%Y%m%dT%H%m%SZ")
    date = date_time[0,8]

credential_info = "#{date}/#{s3_config.region}/s3/aws4_request"
    canonical_host = "#{uri.host}.s3.#{s3_config.region}.amazonaws.com"

query_params = generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
    canonical_request = generate_canonical_request(canonical_host, query_params)
    string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request)
    signature = generate_signature(s3_config, date, string_to_sign)

URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
  end

private

S3Config = Struct.new :access_key_id, :secret_access_key, :security_token, :region

def generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
    canonical_params = {}
    canonical_params["X-Amz-Algorithm"] = "AWS4-HMAC-SHA256"
    canonical_params["X-Amz-Credential"] = "#{s3_config.access_key_id}/#{credential_info}"
    canonical_params["X-Amz-Date"] = date_time
    canonical_params["X-Amz-Expires"] = expiration.to_s
    canonical_params["X-Amz-SignedHeaders"] = "host"
    canonical_params["X-Amz-Security-Token"] = s3_config.security_token if s3_config.security_token

# Sorting is required to generate proper signature
    canonical_params.sort.to_h.map do |key, value|
      "#{base64_uri_escape(key)}=#{base64_uri_escape(value)}"
    end.join("&")
  end

def generate_canonical_request(canonical_host, query_params)
    [
      "GET",
      uri.path,
      query_params,
      "host:#{canonical_host}",
      "", # empty params
      "host",
      "UNSIGNED-PAYLOAD",
    ].join("\n")
  end

def generate_string_to_sign(date_time, credential_info, canonical_request)
    [
      "AWS4-HMAC-SHA256",
      date_time,
      credential_info,
      Digest::SHA256.hexdigest(canonical_request)
    ].join("\n")
  end

def generate_signature(s3_config, date, string_to_sign)
    date_key = OpenSSL::HMAC.digest("sha256", "AWS4" + s3_config.secret_access_key, date)
    date_region_key = OpenSSL::HMAC.digest("sha256", date_key, s3_config.region)
    date_region_service_key = OpenSSL::HMAC.digest("sha256", date_region_key, "s3")
    signing_key = OpenSSL::HMAC.digest("sha256", date_region_service_key, "aws4_request")
    OpenSSL::HMAC.hexdigest("sha256", signing_key, string_to_sign)
  end

##
  # Extracts S3 configuration for S3 bucket
  def fetch_s3_config
    return S3Config.new(uri.user, uri.password, nil, "us-east-1") if uri.user && uri.password

s3_source = Gem.configuration[:s3_source] || Gem.configuration["s3_source"]
    host = uri.host
    raise ConfigurationError.new("no s3_source key exists in .gemrc") unless s3_source

auth = s3_source[host] || s3_source[host.to_sym]
    raise ConfigurationError.new("no key for host #{host} in s3_source in .gemrc") unless auth

provider = auth[:provider] || auth["provider"]
    case provider
    when "env"
      id = ENV["AWS_ACCESS_KEY_ID"]
      secret = ENV["AWS_SECRET_ACCESS_KEY"]
      security_token = ENV["AWS_SESSION_TOKEN"]
    when "instance_profile"
      credentials = ec2_metadata_credentials_json
      id = credentials["AccessKeyId"]
      secret = credentials["SecretAccessKey"]
      security_token = credentials["Token"]
    else
      id = auth[:id] || auth["id"]
      secret = auth[:secret] || auth["secret"]
      security_token = auth[:security_token] || auth["security_token"]
    end

raise ConfigurationError.new("s3_source for #{host} missing id or secret") unless id && secret

region = auth[:region] || auth["region"] || "us-east-1"
    S3Config.new(id, secret, security_token, region)
  end

def base64_uri_escape(str)
    str.gsub(/[\+\/=\n]/, BASE64_URI_TRANSLATE)
  end

def ec2_metadata_credentials_json
    require 'net/http'
    require 'rubygems/request'
    require 'rubygems/request/connection_pools'
    require 'json'

iam_info = ec2_metadata_request(EC2_IAM_INFO)
    # Expected format: arn:aws:iam::<id>:instance-profile/<role_name>
    role_name = iam_info['InstanceProfileArn'].split('/').last
    ec2_metadata_request(EC2_IAM_SECURITY_CREDENTIALS + role_name)
  end

def ec2_metadata_request(url)
    uri = URI(url)
    @request_pool ||= create_request_pool(uri)
    request = Gem::Request.new(uri, Net::HTTP::Get, nil, @request_pool)
    response = request.fetch

case response
    when Net::HTTPOK then
      JSON.parse(response.body)
    else
      raise InstanceProfileError.new("Unable to fetch AWS metadata from #{uri}: #{response.message} #{response.code}")
    end
  end

def create_request_pool(uri)
    proxy_uri = Gem::Request.proxy_uri(Gem::Request.get_proxy_from_env(uri.scheme))
    certs = Gem::Request.get_cert_files
    Gem::Request::ConnectionPools.new(proxy_uri, certs).pool_for(uri)
  end

BASE64_URI_TRANSLATE = { "+" => "%2B", "/" => "%2F", "=" => "%3D", "\n" => "" }.freeze
  EC2_IAM_INFO = "http://169.254.169.254/latest/meta-data/iam/info".freeze
  EC2_IAM_SECURITY_CREDENTIALS = "http://169.254.169.254/latest/meta-data/iam/security-credentials/".freeze

end

${this.title}

Code Editor : s3_uri_signer.rb