101 lines
2.1 KiB
JavaScript
101 lines
2.1 KiB
JavaScript
var AWS = require('../core');
|
|
|
|
/**
|
|
* @api private
|
|
*/
|
|
var cachedSecret = {};
|
|
|
|
/**
|
|
* @api private
|
|
*/
|
|
var cacheQueue = [];
|
|
|
|
/**
|
|
* @api private
|
|
*/
|
|
var maxCacheEntries = 50;
|
|
|
|
/**
|
|
* @api private
|
|
*/
|
|
var v4Identifier = 'aws4_request';
|
|
|
|
/**
|
|
* @api private
|
|
*/
|
|
module.exports = {
|
|
/**
|
|
* @api private
|
|
*
|
|
* @param date [String]
|
|
* @param region [String]
|
|
* @param serviceName [String]
|
|
* @return [String]
|
|
*/
|
|
createScope: function createScope(date, region, serviceName) {
|
|
return [
|
|
date.substr(0, 8),
|
|
region,
|
|
serviceName,
|
|
v4Identifier
|
|
].join('/');
|
|
},
|
|
|
|
/**
|
|
* @api private
|
|
*
|
|
* @param credentials [Credentials]
|
|
* @param date [String]
|
|
* @param region [String]
|
|
* @param service [String]
|
|
* @param shouldCache [Boolean]
|
|
* @return [String]
|
|
*/
|
|
getSigningKey: function getSigningKey(
|
|
credentials,
|
|
date,
|
|
region,
|
|
service,
|
|
shouldCache
|
|
) {
|
|
var credsIdentifier = AWS.util.crypto
|
|
.hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64');
|
|
var cacheKey = [credsIdentifier, date, region, service].join('_');
|
|
shouldCache = shouldCache !== false;
|
|
if (shouldCache && (cacheKey in cachedSecret)) {
|
|
return cachedSecret[cacheKey];
|
|
}
|
|
|
|
var kDate = AWS.util.crypto.hmac(
|
|
'AWS4' + credentials.secretAccessKey,
|
|
date,
|
|
'buffer'
|
|
);
|
|
var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer');
|
|
var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer');
|
|
|
|
var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer');
|
|
if (shouldCache) {
|
|
cachedSecret[cacheKey] = signingKey;
|
|
cacheQueue.push(cacheKey);
|
|
if (cacheQueue.length > maxCacheEntries) {
|
|
// remove the oldest entry (not the least recently used)
|
|
delete cachedSecret[cacheQueue.shift()];
|
|
}
|
|
}
|
|
|
|
return signingKey;
|
|
},
|
|
|
|
/**
|
|
* @api private
|
|
*
|
|
* Empties the derived signing key cache. Made available for testing purposes
|
|
* only.
|
|
*/
|
|
emptyCache: function emptyCache() {
|
|
cachedSecret = {};
|
|
cacheQueue = [];
|
|
}
|
|
};
|