Merge pull request #4 from nodes-vapor/signature-test-suite

Amazon's signature test suite

Author: BrettRToomey

.gitignore

@@ -1,3 +1,4 @@
+.build/
 .DS_Store
 *.xcodeproj
 Packages/

Package.swift

@@ -2,13 +2,15 @@ import PackageDescription
 
 let package = Package(
     name: "AWS",
-    /*targets: [
-        Target(name: "AWS"),
-        Target(name: "EC2", dependencies: ["AWS"]),
-        Target(name: "S3", dependencies: ["AWS"])
-    ],*/
+    targets: [
+        Target(name: "AWS", dependencies: ["EC2", "S3", "Driver"]),
+        Target(name: "EC2", dependencies: ["Driver"]),
+        Target(name: "S3", dependencies: ["Driver"]),
+        Target(name: "Driver")
+    ],
     dependencies: [
         .Package(url: "https://github.com/vapor/crypto.git", majorVersion: 1),
-        .Package(url: "https://github.com/vapor/engine.git", majorVersion: 1)
+        .Package(url: "https://github.com/vapor/engine.git", majorVersion: 1),
+        .Package(url: "https://github.com/JustinM1/S3SignerAWS.git", majorVersion: 1),
     ]
 )

Sources/AWS/AWS.swift

@@ -0,0 +1,46 @@
+import HTTP
+import Transport
+
+public enum AccessControlList: String {
+    case privateAccess = "private"
+    case publicRead = "public-read"
+    case publicReadWrite = "public-read-write"
+    case awsExecRead = "aws-exec-read"
+    case authenticatedRead = "authenticated-read"
+    case bucketOwnerRead = "bucket-owner-read"
+    case bucketOwnerFullControl = "bucket-owner-full-control"
+}
+
+class AWSDriver {
+    enum Error: Swift.Error {
+        case unsupported(String)
+    }
+    
+    public func put() {
+    }
+    
+    public func get() {
+    }
+    
+    public func delete() {
+        
+    }
+    
+    public func call(authentication: Authentication) throws -> Response {
+        let headers = authentication.getCanonicalHeaders()
+
+        let response: Response
+        switch authentication.method {
+        case .get:
+            response = try BasicClient.get(
+                "\(authentication.baseURL)?\(authentication.requestParam)",
+                headers: headers
+            )
+            
+        default:
+            throw Error.unsupported("method: \(authentication.method)")
+        }
+        
+        return response
+    }
+}

Sources/AWS/AWSApi/CallAWS.swift

@@ -5,35 +5,66 @@ import HTTP
 import Essentials
 import Foundation
 
-class Authentication {
-    enum Method {
-        case get
-        case post
+struct Authentication {
+    enum Method: String {
+        case get = "GET"
+        case put = "PUT"
+        case post = "POST"
     }
 
     let method: Method
     let service: String
     let host: String
     let region: String
     let baseURL: String
-    var amzDate: String
     let key: String
     let secret: String
-    let requestParam: String!
+    let requestParam: String?
+    
+    //used for unit tests
+    var unitTestDate: Date?
+
+    static let awsQueryAllowed = CharacterSet(
+        charactersIn: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._~="
+    )
+    
+    static let awsPathAllowed = CharacterSet(
+        charactersIn: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._~/"
+    )
+    
+    var amzDate: String {
+        let dateFormatter = DateFormatter()
+        dateFormatter.timeZone = TimeZone(secondsFromGMT: 0)
+        dateFormatter.dateFormat = "YYYYMMdd'T'HHmmss'Z'"
+        return dateFormatter.string(from: unitTestDate ?? Date())
+    }
 
-    public init(method: Method, service: String, host: String, region: String, baseURL: String, key: String, secret: String, requestParam: String!) {
+    init(
+        method: Method,
+        service: String,
+        host: String,
+        region: String,
+        baseURL: String,
+        key: String,
+        secret: String,
+        requestParam: String? = nil
+    ) {
         self.method = method
         self.service = service
         self.host = host
         self.region = region
-        self.baseURL = baseURL
-        self.amzDate = ""
+        //TODO(Brett): Proper encoding and error handling.
+        self.baseURL = baseURL.addingPercentEncoding(
+            withAllowedCharacters: Authentication.awsPathAllowed
+        )!
         self.key = key
         self.secret = secret
-        self.requestParam = requestParam.addingPercentEncoding(withAllowedCharacters: .urlHostAllowed)
+        self.requestParam = requestParam?.addingPercentEncoding(
+            withAllowedCharacters: Authentication.awsQueryAllowed
+        )
     }
 
-    public func getSignature(stringToSign: String) throws -> String {
+    func getSignature(stringToSign: String) throws -> String {
         let dateHMAC = try HMAC.make(.sha256, dateStamp().bytes, key: "AWS4\(self.secret)".bytes)
         let regionHMAC = try HMAC.make(.sha256, self.region.bytes, key: dateHMAC)
         let serviceHMAC = try HMAC.make(.sha256, self.service.bytes, key: regionHMAC)
@@ -44,11 +75,15 @@ class Authentication {
         return Data(bytes: signature).hexEncodedString()
     }
 
-    public func canonicalRequest() -> String {
+    func getCredentialScope() -> String {
+        return "\(dateStamp())/\(self.region)/\(self.service)/aws4_request"
+    }
+    
+    func getCanonicalRequest() -> String {
         var request: String = ""
 
-        let uri = "/"
-        let queryString = self.requestParam
+        let uri = baseURL
+        let queryString = self.requestParam ?? ""
         let headers = "host:\(host)\nx-amz-date:\(amzDate)\n"
         let signedHeaders = "host;x-amz-date"
         var payload: [UInt8]
@@ -57,24 +92,25 @@ class Authentication {
         do {
             payload = try Hash.make(.sha256, "")
             payloadHash = Data(bytes: payload).hexEncodedString()
-            request = "\(method)\n\(uri)\n\(queryString)\n\(headers)\n\(signedHeaders)\n\(payloadHash)"
+            request = "\(method.rawValue)\n\(uri)\n\(queryString)\n\(headers)\n\(signedHeaders)\n\(payloadHash)"
         } catch {
 
         }
 
         return request
     }
-
-    public func authorizationHeader() -> String {
+    
+    func authorizationHeader() -> String {
         let algorithm = "AWS4-HMAC-SHA256"
-        let credentialScope = "\(dateStamp())/\(self.region)/\(self.service)/aws4_request"
+        let credentialScope = getCredentialScope()
         let canonicalHash: String
         let canonical: [UInt8]
         var stringToSign: String = ""
 
         do {
-            canonical = try Hash.make(.sha256, canonicalRequest())
+            canonical = try Hash.make(.sha256, getCanonicalRequest())
             canonicalHash = Data(bytes: canonical).hexEncodedString()
+            //TODO(Brett): pull out to make testable
             stringToSign = "\(algorithm)\n\(amzDate)\n\(credentialScope)\n\(canonicalHash)"
         } catch {
         }
@@ -89,26 +125,15 @@ class Authentication {
         return "\(algorithm) Credential=\(self.key)/\(credentialScope), SignedHeaders=host;x-amz-date, Signature=\(signature)"
     }
 
-    public func getAWSHeaders() -> [HeaderKey : String] {
-        amzDateHeader()
+     func getCanonicalHeaders() -> [HeaderKey : String] {
         return [
-            "Authorization": authorizationHeader(),
-            "x-amz-date": amzDate
+            "X-Amz-Date": amzDate,
+            "Authorization": authorizationHeader()
         ]
     }
 
-    public func amzDateHeader() {
-        let date = Date()
-
-        let dateFormatter = DateFormatter()
-        dateFormatter.timeZone = TimeZone(secondsFromGMT: 0)
-        dateFormatter.dateFormat = "YYYYMMdd'T'HHmmss'Z'"
-
-        self.amzDate = dateFormatter.string(from: date)
-    }
-
-    public func dateStamp() -> String {
-        let date = Date()
+    func dateStamp() -> String {
+        let date = unitTestDate ?? Date()
 
         let dateFormatter = DateFormatter()
 

Sources/AWS/S3/S3.swift

@@ -19,7 +19,7 @@ class EC2 {
 
     public func describeInstances() throws -> String {
         //TODO(Brett): wrap this result in a model instead of a string type
-        let response =  try CallAWS().call(
+        /*let response =  try AWSDriver().call(
             method: .get,
             service: service,
             host: host,
@@ -30,6 +30,7 @@ class EC2 {
             requestParam: "Action=DescribeRegions&Version=2015-10-01"
         )
 
-        return response.description
+        return response.description*/
+        return ""
     }
 }