v4_credentials.js
2.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
var AWS = require('../core');
/**
* @api private
*/
var cachedSecret = {};
/**
* @api private
*/
var cacheQueue = [];
/**
* @api private
*/
var maxCacheEntries = 50;
/**
* @api private
*/
var v4Identifier = 'aws4_request';
/**
* @api private
*/
module.exports = {
/**
* @api private
*
* @param date [String]
* @param region [String]
* @param serviceName [String]
* @return [String]
*/
createScope: function createScope(date, region, serviceName) {
return [
date.substr(0, 8),
region,
serviceName,
v4Identifier
].join('/');
},
/**
* @api private
*
* @param credentials [Credentials]
* @param date [String]
* @param region [String]
* @param service [String]
* @param shouldCache [Boolean]
* @return [String]
*/
getSigningKey: function getSigningKey(
credentials,
date,
region,
service,
shouldCache
) {
var credsIdentifier = AWS.util.crypto
.hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64');
var cacheKey = [credsIdentifier, date, region, service].join('_');
shouldCache = shouldCache !== false;
if (shouldCache && (cacheKey in cachedSecret)) {
return cachedSecret[cacheKey];
}
var kDate = AWS.util.crypto.hmac(
'AWS4' + credentials.secretAccessKey,
date,
'buffer'
);
var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer');
var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer');
var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer');
if (shouldCache) {
cachedSecret[cacheKey] = signingKey;
cacheQueue.push(cacheKey);
if (cacheQueue.length > maxCacheEntries) {
// remove the oldest entry (not the least recently used)
delete cachedSecret[cacheQueue.shift()];
}
}
return signingKey;
},
/**
* @api private
*
* Empties the derived signing key cache. Made available for testing purposes
* only.
*/
emptyCache: function emptyCache() {
cachedSecret = {};
cacheQueue = [];
}
};