Merge pull request #32 from mikpe/sigv4a-followup

Sigv4a followup

Author: mikpe

src/aws_sigv4_internal.erl

@@ -6,24 +6,28 @@
         , resolve_time/1
         ]).
 
-%% exported for tests
+-ifdef(TEST).
 -export([ build_canonical_request/1
         , default_is_signed/1
         , resolve_payload_hash/1
         , set_required_headers/1
         ]).
+-endif.
 
 -include("aws_sigv4_internal.hrl").
 
 -type credentials() :: #credentials{}.
+-type headers() :: [{binary(), binary()}].
 -type internal_signer() :: #internal_signer{}.
 -type request() :: #request{}.
+-type sign_string() :: fun((binary()) -> {ok, binary()} | {error, any()}).
 -type v4_signer_options() :: #v4_signer_options{}.
 
 -export_type([ credentials/0
              , headers/0
              , internal_signer/0
              , request/0
+             , sign_string/0
              , v4_signer_options/0
              ]).
 
@@ -132,7 +136,7 @@ build_canonical_request(Signer) ->
 
 -spec build_canonical_method(internal_signer()) -> binary().
 build_canonical_method(Signer) ->
-  aws_sigv4_utils:toupper(Signer#internal_signer.request#request.method).
+  string:uppercase(Signer#internal_signer.request#request.method).
 
 -spec build_canonical_path(internal_signer()) -> binary().
 build_canonical_path(Signer) ->
@@ -189,7 +193,7 @@ build_canonical_headers(Signer) ->
   SignedHeadersMap =
     lists:foldl(
       fun({Header, Value}, Map) ->
-        Lowercase = aws_sigv4_utils:tolower(Header),
+        Lowercase = string:lowercase(Header),
         case IsSigned(Lowercase) of
           true ->
             Values = maps:get(Lowercase, Map, []),
@@ -204,7 +208,7 @@ build_canonical_headers(Signer) ->
         fun({Header, Values}) ->
           [ Header
           , ":"
-          , lists:join(",", lists:map(fun aws_sigv4_utils:trimspace/1, lists:reverse(Values)))
+          , lists:join(",", lists:map(fun string:trim/1, lists:reverse(Values)))
           , "\n"
           ]
         end, SignedHeadersList)),

src/aws_sigv4_internal.hrl

@@ -1,12 +1,10 @@
 -ifndef(_AWS_SIGV4_INTERNAL_HRL_).
 -define(_AWS_SIGV4_INTERNAL_HRL_, true).
 
--type headers() :: [{binary(), binary()}].
-
 -record(request,
         { method :: binary()
         , url :: binary()
-        , headers :: headers()
+        , headers :: aws_sigv4_internal:headers()
         , body :: binary()
         , host :: binary()
         }).
@@ -21,10 +19,8 @@
 
 %% https://github.com/aws/smithy-go/blob/main/aws-http-auth/v4/v4.go
 
--type is_signed() :: fun((binary()) -> boolean()).
-
 -record(v4_signer_options,
-        { is_signed :: is_signed() | undefined
+        { is_signed :: fun((binary()) -> boolean()) | undefined
         , disable_implicit_payload_hashing = false :: boolean()
         , disable_double_path_escape = false :: boolean()
         , add_payload_hash_header = false :: boolean()
@@ -34,8 +30,6 @@
 
 %% https://github.com/aws/smithy-go/blob/main/aws-http-auth/internal/v4/signer.go
 
--type sign_string() :: fun((binary()) -> {ok, binary()} | {error, any()}).
-
 -record(internal_signer,
         { request :: aws_sigv4_internal:request()
         , payload_hash :: binary() % raw binary, NOT hex-encoded
@@ -44,7 +38,7 @@
         , options :: aws_sigv4_internal:v4_signer_options()
         , algorithm :: binary()
         , credential_scope :: binary()
-        , sign_string :: sign_string()
+        , sign_string :: aws_sigv4_internal:sign_string()
         }).
 
 %% https://github.com/aws/smithy-go/blob/main/aws-http-auth/sigv4a/sigv4a.go

src/aws_sigv4_utils.erl

@@ -4,9 +4,6 @@
         , format_time_long/1
         , format_time_short/1
         , sha256/1
-        , tolower/1
-        , toupper/1
-        , trimspace/1
         ]).
 
 -spec binaries_join(binary(), [binary()]) -> binary().
@@ -44,15 +41,3 @@ maybe_pad(X) ->
 -spec sha256(binary()) -> binary().
 sha256(Binary) ->
   crypto:hash(sha256, Binary).
-
--spec tolower(binary()) -> binary().
-tolower(Binary) ->
-  list_to_binary(string:lowercase(binary_to_list(Binary))).
-
--spec toupper(binary()) -> binary().
-toupper(Binary) ->
-  list_to_binary(string:uppercase(binary_to_list(Binary))).
-
--spec trimspace(binary()) -> binary().
-trimspace(Binary) ->
-   list_to_binary(string:trim(binary_to_list(Binary))).

src/aws_sigv4a.erl

@@ -5,9 +5,10 @@
 -export([ sign_request/10
         ]).
 
-%% exported for tests
+-ifdef(TEST).
 -export([ sign_request/2
         ]).
+-endif.
 
 -include("aws_sigv4_internal.hrl").
 
@@ -19,8 +20,8 @@
 -define(ALGORITHM, <<"AWS4-ECDSA-P256-SHA256">>).
 
 -spec sign_request(binary(), binary(), binary(), [binary()], binary(),
-                   binary(), binary(), headers(), binary(), map())
-       -> {ok, headers()} | {error, any()}.
+                   binary(), binary(), aws_sigv4_internal:headers(), binary(), map())
+       -> {ok, aws_sigv4_internal:headers()} | {error, any()}.
 sign_request(AccessKeyID, SecretAccessKey, SessionToken, Regions,
              Service, Method, URL, Headers, Body, Options) ->
   Credentials =
@@ -56,7 +57,7 @@ sign_request(AccessKeyID, SecretAccessKey, SessionToken, Regions,
   sign_request(V4ASignerOptions, V4ASignRequestInput).
 
 -spec sign_request(aws_sigv4_internal:v4_signer_options(), v4a_sign_request_input())
-               -> {ok, headers()} | {error, any()}.
+               -> {ok, aws_sigv4_internal:headers()} | {error, any()}.
 sign_request(Options, SignRequestInput) ->
   case aws_sigv4a_credentials:derive(SignRequestInput#v4a_sign_request_input.credentials) of
     {ok, PrivateKey} ->
@@ -88,7 +89,7 @@ scope(Time, Service) ->
   <<(aws_sigv4_utils:format_time_short(Time))/binary, $/, Service/binary, $/, <<"aws4_request">>/binary>>.
 
 %% sigv4a.SignString
--spec sign_string(binary()) -> sign_string().
+-spec sign_string(binary()) -> aws_sigv4_internal:sign_string().
 sign_string(PrivateKey) ->
   fun(StrToSign) ->
     {ok, aws_signature_utils:base16(ecdsa_sign(PrivateKey, aws_sigv4_utils:sha256(StrToSign)))}

src/aws_sigv4a_credentials.erl

@@ -5,9 +5,10 @@
 -export([ derive/1
         ]).
 
-%% exported for tests
+-ifdef(TEST).
 -export([ derive_private_key/1
         ]).
+-endif.
 
 -include("aws_sigv4_internal.hrl").
 

test/aws_sigv4a_tests.erl

@@ -268,7 +268,7 @@ test_sign_request(TT) ->
   expect_signature(Headers, TT),
   ?assertEqual(Input#v4a_sign_request_input.request#request.host, get_header(<<"Host">>, Headers)).
 
--spec expect_signature(headers(), #sign_request_test{}) -> ok.
+-spec expect_signature(aws_sigv4_internal:headers(), #sign_request_test{}) -> ok.
 expect_signature(Headers, TT) ->
   {Preamble, SignedHeaders, Signature} = get_signature(Headers),
   ?assertEqual(TT#sign_request_test.preamble, Preamble),
@@ -282,20 +282,20 @@ public_key(PrivateKey) ->
   {PublicKey, _PrivateKey} = crypto:generate_key(ecdh, secp256r1, PrivateKey),
   PublicKey.
 
--spec get_signature(headers()) -> {binary(), binary(), binary()}.
+-spec get_signature(aws_sigv4_internal:headers()) -> {binary(), binary(), binary()}.
 get_signature(Headers) ->
   Auth = get_header(<<"Authorization">>, Headers),
   [Preamble, SignedHeaders, SigPart] = binary:split(Auth, <<", ">>, [global]),
   [_Key, Hex] = binary:split(SigPart, <<"=">>, [global]),
   Signature = binary:decode_hex(Hex),
   {Preamble, SignedHeaders, Signature}.
 
--spec get_header(binary(), headers()) -> binary().
+-spec get_header(binary(), aws_sigv4_internal:headers()) -> binary().
 get_header(Key, Headers) ->
   {_Key, Hdr} = lists:keyfind(Key, 1, Headers),
   Hdr.
 
--spec get_header_opt(binary(), headers()) -> binary() | false.
+-spec get_header_opt(binary(), aws_sigv4_internal:headers()) -> binary() | false.
 get_header_opt(Key, Headers) ->
   case lists:keyfind(Key, 1, Headers) of
     false -> false;