UNPKG

aws-crt

Version:

NodeJS/browser bindings to the aws-c-* libraries

github.com/awslabs/aws-crt-nodejs

awslabs/aws-crt-nodejs

132 lines (131 loc) 5.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ import crt_native from './binding'; import { HttpRequest } from './http'; import { ClientBootstrap } from './io'; /** @category System */ declare type StringLike = string | ArrayBuffer | DataView; /** * AWS signing algorithm enumeration. * * @module aws-crt * @category Auth */ export declare enum AwsSigningAlgorithm { /** Use the Aws signature version 4 signing process to sign the request */ SigV4 = 0, /** Use the Aws signature version 4 Asymmetric signing process to sign the request */ SigV4Asymmetric = 1 } /** * AWS signature type enumeration. * * @category Auth */ export declare enum AwsSignatureType { /** Sign an http request and apply the signing results as headers */ HttpRequestViaHeaders = 0, /** Sign an http request and apply the signing results as query params */ HttpRequestViaQueryParams = 1, /** Sign an http request payload chunk */ HttpRequestChunk = 2, /** Sign an event stream event */ HttpRequestEvent = 3 } /** * Values for use with {@link AwsSigningConfig.signed_body_value}. * * Some services use special values (e.g. 'UNSIGNED-PAYLOAD') when the body * is not being signed in the usual way. * * @category Auth */ export declare enum AwsSignedBodyValue { /** Use the SHA-256 of the empty string as the canonical request payload value */ EmptySha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", /** Use the literal string 'UNSIGNED-PAYLOAD' as the canonical request payload value */ UnsignedPayload = "UNSIGNED-PAYLOAD", /** Use the literal string 'STREAMING-AWS4-HMAC-SHA256-PAYLOAD' as the canonical request payload value */ StreamingAws4HmacSha256Payload = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD", /** Use the literal string 'STREAMING-AWS4-HMAC-SHA256-EVENTS' as the canonical request payload value */ StreamingAws4HmacSha256Events = "STREAMING-AWS4-HMAC-SHA256-EVENTS" } /** * AWS signed body header enumeration. * * @category Auth */ export declare enum AwsSignedBodyHeaderType { /** Do not add a header containing the canonical request payload value */ None = 0, /** Add the X-Amz-Content-Sha256 header with the canonical request payload value */ XAmzContentSha256 = 1 } /** * Credentials providers source the AwsCredentials needed to sign an authenticated AWS request. * * @module aws-crt * @category Auth */ export declare class AwsCredentialsProvider extends crt_native.AwsCredentialsProvider { static newDefault(bootstrap: ClientBootstrap): AwsCredentialsProvider; } /** * Configuration for use in AWS-related signing. * AwsSigningConfig is immutable. * It is good practice to use a new config for each signature, or the date might get too old. * * @module aws-crt * @category Auth */ export declare type AwsSigningConfig = crt_native.AwsSigningConfig; /** * Perform AWS HTTP request signing. * * The {@link HttpRequest} is transformed asynchronously, * according to the {@link AwsSigningConfig}. * * When signing: * 1. It is good practice to use a new config for each signature, * or the date might get too old. * * 2. Do not add the following headers to requests before signing, they may be added by the signer: * x-amz-content-sha256, * X-Amz-Date, * Authorization * * 3. Do not add the following query params to requests before signing, they may be added by the signer: * X-Amz-Signature, * X-Amz-Date, * X-Amz-Credential, * X-Amz-Algorithm, * X-Amz-SignedHeaders * @param request The HTTP request to sign. * @param config Configuration for signing. * @returns A Future whose result will be the signed * {@link HttpRequest}. The future will contain an exception * if the signing process fails. * * @module aws-crt * @category Auth */ export declare function aws_sign_request(request: HttpRequest, config: AwsSigningConfig): Promise<HttpRequest>; /** * Test only. * Verifies: * (1) The canonical request generated during sigv4a signing of the request matches what is passed in * (2) The signature passed in is a valid ECDSA signature of the hashed string-to-sign derived from the * canonical request * * @param request The HTTP request to sign. * @param config Configuration for signing. * @param expected_canonical_request String type of expected canonical request. Refer to XXX(link to doc?) * @param signature The generated signature string from {@link aws_sign_request}, which is verified here. * @param ecc_key_pub_x the x coordinate of the public part of the ecc key to verify the signature. * @param ecc_key_pub_y the y coordinate of the public part of the ecc key to verify the signature * @returns True, if the verification succeed. Otherwise, false. */ export declare function aws_verify_sigv4a_signing(request: HttpRequest, config: AwsSigningConfig, expected_canonical_request: StringLike, signature: StringLike, ecc_key_pub_x: StringLike, ecc_key_pub_y: StringLike): boolean; export {};