var AWS = require('../core'); /** * @api private */ var cachedSecret = {}; /** * @api private */ var cacheQueue = []; /** * @api private */ var maxCacheEntries = 50; /** * @api private */ var v4Identifier = 'aws4_request'; /** * @api private */ module.exports = { /** * @api private * * @param date [String] * @param region [String] * @param serviceName [String] * @return [String] */ createScope: function createScope(date, region, serviceName) { return [ date.substr(0, 8), region, serviceName, v4Identifier ].join('/'); }, /** * @api private * * @param credentials [Credentials] * @param date [String] * @param region [String] * @param service [String] * @param shouldCache [Boolean] * @return [String] */ getSigningKey: function getSigningKey( credentials, date, region, service, shouldCache ) { var credsIdentifier = AWS.util.crypto .hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64'); var cacheKey = [credsIdentifier, date, region, service].join('_'); shouldCache = shouldCache !== false; if (shouldCache && (cacheKey in cachedSecret)) { return cachedSecret[cacheKey]; } var kDate = AWS.util.crypto.hmac( 'AWS4' + credentials.secretAccessKey, date, 'buffer' ); var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer'); var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer'); var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer'); if (shouldCache) { cachedSecret[cacheKey] = signingKey; cacheQueue.push(cacheKey); if (cacheQueue.length > maxCacheEntries) { // remove the oldest entry (not the least recently used) delete cachedSecret[cacheQueue.shift()]; } } return signingKey; }, /** * @api private * * Empties the derived signing key cache. Made available for testing purposes * only. */ emptyCache: function emptyCache() { cachedSecret = {}; cacheQueue = []; } };