method

sign_s3_url

ruby latest stable - Class: Gem::RemoteFetcher

sign_s3_url(uri, expiration = nil)

protected

we have our own signing code here to avoid a dependency on the aws-sdk gem fortunately, a simple GET request isn’t too complex to sign properly

# File lib/rubygems/remote_fetcher.rb, line 385
  def sign_s3_url(uri, expiration = nil)
    require 'base64'
    require 'openssl'

    unless uri.user && uri.password
      raise FetchError.new("credentials needed in s3 source, like s3://key:secret@bucket-name/", uri.to_s)
    end

    expiration ||= s3_expiration
    canonical_path = "/#{uri.host}#{uri.path}"
    payload = "GET\n\n\n#{expiration}\n#{canonical_path}"
    digest = OpenSSL::HMAC.digest('sha1', uri.password, payload)
    # URI.escape is deprecated, and there isn't yet a replacement that does quite what we want
    signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] }
    URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{uri.user}&Expires=#{expiration}&Signature=#{signature}")
  end

sign_s3_url

Related methods