Compare commits

..

No commits in common. "5d13b48da6253e5d372c81c9b360f7d43f254643" and "ff1e6f4cf3d555374f7b0e9a596e6c4eb5c10836" have entirely different histories.

3 changed files with 15 additions and 71 deletions

View File

@ -91,7 +91,7 @@ Compiler wishlist/watchlist:
* [comptime allocations](https://github.com/ziglang/zig/issues/1291) so we can read files, etc (or is there another way)
Services with TLS 1.3 Support (116 services)
Services with TLS 1.3 Support (115 services)
--------------------------------------------
```
acm
@ -101,7 +101,6 @@ apigateway
appconfig
application-autoscaling
applicationinsights
appmesh
apprunner
appstream2
appsync
@ -212,7 +211,7 @@ workspaces
xray
```
Services without TLS 1.3 support (139 services)
Services without TLS 1.3 support (140 services)
-----------------------------------------------
```
@ -224,6 +223,7 @@ appflow
app-integrations
application-cost-profiler
discovery
appmesh
auditmanager
autoscaling
autoscaling-plans
@ -356,50 +356,3 @@ wafv2
wellarchitected
worklink
```
Dependency tree
---------------
No dependencies:
* aws_authentication: base structure for credentials (only one type)
* aws_http_base: contains basic structures for http requests/results
* case: provides functions to change casing
* date: provides limited date manipulation functions
* http_client_17015_issue: zig 0.11 http client, with changes
* json: custom version of earlier stdlib json parser
* xml: custom xml parser library
* url: custom url encoding
aws_credentials: Allows credential handling
aws_authentication
aws_http:
http_client_17015_issue
aws_http_base
aws_signing
aws_signing: handles signing of http requests
aws_http_base
aws_authentication
date
aws: main usage point for libraries
aws_http
json
url
case
date
servicemodel
xml_shaper
aws_credentials
aws_authentication
main: main entrypoint for demo executable
aws
servicemodel: Provides access to all aws service generated models
all generated model files
xml_shaper: Manages interface from xml to in memory structures
xml
date

View File

@ -45,21 +45,13 @@ pub fn build(b: *Builder) !void {
const smithy_module = smithy_dep.module("smithy");
exe.addModule("smithy", smithy_module); // not sure this should be here...
// Expose module to others
_ = b.addModule("aws", .{
const module = b.addModule("aws", .{
.source_file = .{ .path = "src/aws.zig" },
.dependencies = &[_]std.build.ModuleDependency{
.{ .name = "smithy", .module = smithy_module },
},
});
// Expose module to others
_ = b.addModule("aws-signing", .{
.source_file = .{ .path = "src/aws_signing.zig" },
.dependencies = &[_]std.build.ModuleDependency{
.{ .name = "smithy", .module = smithy_module },
},
});
exe.addModule("aws", module);
// TODO: This does not work correctly due to https://github.com/ziglang/zig/issues/16354
//
// We are working here with kind of a weird dependency though. So we can do this

View File

@ -31,12 +31,11 @@ const log = std.log.scoped(.aws_signing);
// // If true, this parameter is still added, but omitted from the canonical request.
// omit_session_token: bool = true,
// };
pub const Credentials = auth.Credentials;
pub const Config = struct {
// These two should be all you need to set most of the time
service: []const u8,
credentials: Credentials,
credentials: auth.Credentials,
region: []const u8 = "aws-global",
// https://github.com/awslabs/aws-c-auth/blob/ace1311f8ef6ea890b26dd376031bed2721648eb/include/aws/auth/signing_config.h#L38
@ -283,8 +282,8 @@ pub fn freeSignedRequest(allocator: std.mem.Allocator, request: *base.Request, c
allocator.free(request.headers);
}
pub const credentialsFn = *const fn ([]const u8) ?Credentials;
pub fn verify(allocator: std.mem.Allocator, request: std.http.Server.Request, request_body_reader: anytype, credentials_fn: credentialsFn) !bool {
pub const CredentialsFn = *const fn ([]const u8) ?auth.Credentials;
pub fn verify(allocator: std.mem.Allocator, request: std.http.Server.Request, request_body_reader: anytype, credentials_fn: CredentialsFn) !bool {
// Authorization: AWS4-HMAC-SHA256 Credential=ACCESS/20230908/us-west-2/s3/aws4_request, SignedHeaders=accept;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=fcc43ce73a34c9bd1ddf17e8a435f46a859812822f944f9eeb2aabcd64b03523
const auth_header = request.headers.getFirstValue("Authorization").?;
if (!std.mem.startsWith(u8, auth_header, "AWS4-HMAC-SHA256")) return error.UnsupportedAuthorizationType;
@ -328,7 +327,7 @@ fn verifyParsedAuthorization(
credential: []const u8,
signed_headers: []const u8,
signature: []const u8,
credentials_fn: credentialsFn,
credentials_fn: CredentialsFn,
) !bool {
// AWS4-HMAC-SHA256
// Credential=ACCESS/20230908/us-west-2/s3/aws4_request
@ -934,7 +933,7 @@ test "canonical request" {
};
const access_key = try allocator.dupe(u8, "AKIDEXAMPLE");
const secret_key = try allocator.dupe(u8, "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY");
const credential = Credentials.init(allocator, access_key, secret_key, null);
const credential = auth.Credentials.init(allocator, access_key, secret_key, null);
defer credential.deinit();
const request = try createCanonicalRequest(allocator, req, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", .{
.region = "us-west-2", // us-east-1
@ -1000,7 +999,7 @@ test "can sign" {
const access_key = try allocator.dupe(u8, "AKIDEXAMPLE");
const secret_key = try allocator.dupe(u8, "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY");
const credential = Credentials.init(allocator, access_key, secret_key, null);
const credential = auth.Credentials.init(allocator, access_key, secret_key, null);
defer credential.deinit();
// we could look at sigv4 signing tests at:
// https://github.com/awslabs/aws-c-auth/blob/ace1311f8ef6ea890b26dd376031bed2721648eb/tests/sigv4_signing_tests.c#L1478
@ -1028,13 +1027,13 @@ test "can sign" {
try std.testing.expectEqualStrings(expected_auth, signed_req.headers[signed_req.headers.len - 1].value);
}
var test_credential: ?Credentials = null;
var test_credential: ?auth.Credentials = null;
test "can verify" {
const allocator = std.testing.allocator;
const access_key = try allocator.dupe(u8, "ACCESS");
const secret_key = try allocator.dupe(u8, "SECRET");
test_credential = Credentials.init(allocator, access_key, secret_key, null);
test_credential = auth.Credentials.init(allocator, access_key, secret_key, null);
defer test_credential.?.deinit();
var headers = std.http.Headers.init(allocator);
@ -1065,10 +1064,10 @@ test "can verify" {
// std.testing.log_level = .debug;
try std.testing.expect(try verify(allocator, request, fis.reader(), struct {
cred: Credentials,
cred: auth.Credentials,
const Self = @This();
fn getCreds(access: []const u8) ?Credentials {
fn getCreds(access: []const u8) ?auth.Credentials {
if (std.mem.eql(u8, access, "ACCESS")) return test_credential.?;
return null;
}