File Explorer

/proc/self/root/var/runtime/node_modules/@aws-sdk/node_modules/aws-crt/lib/native
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
0 dirs
33 files
auth.spec.ts10.9 KB · 292 lines
1/*2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.3 * SPDX-License-Identifier: Apache-2.0.4 */5 6import { auth as native, http as native_http } from '../index';7import { io as native_io } from '../index';8import { ProxyConfig, ProxyTestType } from "@test/proxy";9 10import { InputStream } from './io';11import { PassThrough } from "stream";12import { aws_sign_request, aws_verify_sigv4a_signing } from './auth';13 14const DATE_STR = '2015-08-30T12:36:00Z';15 16// Test values copied from aws-c-auth/tests/aws-sig-v4-test-suite/get-vanilla"17const SIGV4TEST_ACCESS_KEY_ID = 'AKIDEXAMPLE';18const SIGV4TEST_SECRET_ACCESS_KEY = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY';19const SIGV4TEST_SERVICE = 'service';20const SIGV4TEST_REGION = 'us-east-1';21const SIGV4TEST_METHOD = 'GET';22const SIGV4TEST_PATH = '/';23const SIGV4TEST_UNSIGNED_HEADERS: [string, string][] = [24    ['Host', 'example.amazonaws.com']25];26const SIGV4TEST_SIGNED_HEADERS: [string, string][] = [27    ['Host', 'example.amazonaws.com'],28    ['Authorization', 'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=5fa00fa31553b73ebf1942676e86291e8372ff2a2260956d9b8aae1d763fbf31'],29    ['X-Amz-Date', DATE_STR.replace(/[-:]/g, '')],30];31 32const SIGV4ATEST_SIGNED_HEADERS: [string, string][] = [33    ['Host', 'example.amazonaws.com'],34    ['X-Amz-Date', DATE_STR.replace(/[-:]/g, '')],35    ['X-Amz-Region-Set', SIGV4TEST_REGION],36    ['Authorization', 'AWS4-ECDSA-P256-SHA256 Credential=AKIDEXAMPLE/20150830/service/aws4_request, SignedHeaders=host;x-amz-date;x-amz-region-set, Signature='],37];38 39const SIGV4ATEST_EXPECTED_CANONICAL_REQUEST: string =40    SIGV4TEST_METHOD + "\n" +41    SIGV4TEST_PATH + "\n" +42    "\n" +43    "host:example.amazonaws.com\n" +44    "x-amz-date:20150830T123600Z\n" +45    "x-amz-region-set:" + SIGV4TEST_REGION + "\n" +46    "\n" +47    "host;x-amz-date;x-amz-region-set\n" +48    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";49 50const ECC_KEY_PUB = {51    X: "b6618f6a65740a99e650b33b6b4b5bd0d43b176d721a3edfea7e7d2d56d936b1",52    Y: "865ed22a7eadc9c5cb9d2cbaca1b3699139fedc5043dc6661864218330c8e518"53};54 55test('AWS Signer SigV4 Headers', async () => {56 57    const credentials_provider = native.AwsCredentialsProvider.newStatic(58        SIGV4TEST_ACCESS_KEY_ID,59        SIGV4TEST_SECRET_ACCESS_KEY,60    );61 62    const signing_config: native.AwsSigningConfig = {63        algorithm: native.AwsSigningAlgorithm.SigV4,64        signature_type: native.AwsSignatureType.HttpRequestViaHeaders,65        provider: credentials_provider,66        region: SIGV4TEST_REGION,67        service: SIGV4TEST_SERVICE,68        date: new Date(DATE_STR),69        signed_body_value: native.AwsSignedBodyValue.EmptySha256,70        signed_body_header: native.AwsSignedBodyHeaderType.None,71    };72 73    let http_request = new native_http.HttpRequest(74        SIGV4TEST_METHOD,75        SIGV4TEST_PATH,76        new native_http.HttpHeaders(SIGV4TEST_UNSIGNED_HEADERS));77 78    const signing_result = await aws_sign_request(http_request, signing_config);79 80    expect(http_request).toBe(signing_result); // should be same object81 82    // everything should be the same EXCEPT the addition of the Authorization header83    expect(http_request.method).toBe(SIGV4TEST_METHOD);84    expect(http_request.path).toBe(SIGV4TEST_PATH);85 86    const expected_headers = [...SIGV4TEST_SIGNED_HEADERS].sort()87    const signed_headers = [...http_request.headers._flatten()].sort()88    expect(signed_headers).toEqual(expected_headers)89});90 91test('AWS Signer SigV4 Request with body', async () => {92 93    const credentials_provider = native.AwsCredentialsProvider.newStatic(94        SIGV4TEST_ACCESS_KEY_ID,95        SIGV4TEST_SECRET_ACCESS_KEY,96    );97 98    const signing_config: native.AwsSigningConfig = {99        algorithm: native.AwsSigningAlgorithm.SigV4,100        signature_type: native.AwsSignatureType.HttpRequestViaHeaders,101        provider: credentials_provider,102        region: SIGV4TEST_REGION,103        service: SIGV4TEST_SERVICE,104        date: new Date(DATE_STR),105        signed_body_header: native.AwsSignedBodyHeaderType.None,106    };107    let stream = new PassThrough();108    let body_stream;109    stream.write("test");110    stream.end(() => {111        body_stream = new InputStream(stream);112    });113    let http_request = new native_http.HttpRequest(114        SIGV4TEST_METHOD,115        SIGV4TEST_PATH,116        new native_http.HttpHeaders(SIGV4TEST_UNSIGNED_HEADERS),117        body_stream);118 119    const signing_result = await aws_sign_request(http_request, signing_config);120 121    expect(http_request).toBe(signing_result); // should be same object122 123    // everything should be the same EXCEPT the addition of the Authorization header124    expect(http_request.method).toBe(SIGV4TEST_METHOD);125    expect(http_request.path).toBe(SIGV4TEST_PATH);126});127 128test('AWS Signer SigV4A Headers', async () => {129 130    const credentials_provider = native.AwsCredentialsProvider.newStatic(131        SIGV4TEST_ACCESS_KEY_ID,132        SIGV4TEST_SECRET_ACCESS_KEY,133    );134 135    const signing_config: native.AwsSigningConfig = {136        algorithm: native.AwsSigningAlgorithm.SigV4Asymmetric,137        signature_type: native.AwsSignatureType.HttpRequestViaHeaders,138        provider: credentials_provider,139        region: SIGV4TEST_REGION,140        service: SIGV4TEST_SERVICE,141        date: new Date(DATE_STR),142        signed_body_value: native.AwsSignedBodyValue.EmptySha256,143        signed_body_header: native.AwsSignedBodyHeaderType.None,144    };145 146    let http_request = new native_http.HttpRequest(147        SIGV4TEST_METHOD,148        SIGV4TEST_PATH,149        new native_http.HttpHeaders(SIGV4TEST_UNSIGNED_HEADERS));150 151    // copy the request for verification152    let ori_http_request = new native_http.HttpRequest(153        SIGV4TEST_METHOD,154        SIGV4TEST_PATH,155        new native_http.HttpHeaders(SIGV4TEST_UNSIGNED_HEADERS));156 157    const signing_result = await aws_sign_request(http_request, signing_config);158 159    expect(http_request).toBe(signing_result); // should be same object160 161    // everything should be the same EXCEPT the addition of the Authorization header162    expect(http_request.method).toBe(SIGV4TEST_METHOD);163    expect(http_request.path).toBe(SIGV4TEST_PATH);164 165    // Get the signature string166    let authorization = http_request.headers.get("Authorization");167    let separator = "Signature=";168    let splits = authorization.split(separator);169    let signature = splits[splits.length - 1];170    // Add the signature to expected header171    SIGV4ATEST_SIGNED_HEADERS[3][1] += signature;172    expect(http_request.headers._flatten()).toEqual(SIGV4ATEST_SIGNED_HEADERS);173 174    // Verify the signature175    let verification_result = aws_verify_sigv4a_signing(176        ori_http_request, signing_config, SIGV4ATEST_EXPECTED_CANONICAL_REQUEST, signature, ECC_KEY_PUB.X, ECC_KEY_PUB.Y);177    expect(verification_result).toBe(true);178});179 180// Without a binding for fetching credentials yet, so just check creation successful181test('Default credentials provider create', async () => {182    const credentials_provider = native.AwsCredentialsProvider.newDefault(new native_io.ClientBootstrap());183 184    expect(credentials_provider);185});186 187test('Default credentials provider create no bootstrap', async () => {188    const credentials_provider = native.AwsCredentialsProvider.newDefault();189 190    expect(credentials_provider);191});192 193test('Cognito credentials provider create success - minimal config', async () => {194    let config : native.CognitoCredentialsProviderConfig = {195        endpoint: "sample.com",196        identity: "MyIdentity"197    };198 199    const credentials_provider = native.AwsCredentialsProvider.newCognito(config);200 201    expect(credentials_provider);202});203 204test('Cognito credentials provider create success - maximal config', async () => {205    let tlsCtx : native_io.ClientTlsContext = new native_io.ClientTlsContext();206 207    let config : native.CognitoCredentialsProviderConfig = {208        endpoint: "sample.com",209        identity: "MyIdentity",210        logins: [211            { identityProviderName: "SecureProvider", identityProviderToken: "RootAccess" },212            { identityProviderName: "SketchyProvider", identityProviderToken: "ImIn" },213        ],214        customRoleArn: "arn:us-east-1:totally4real",215        tlsContext: tlsCtx,216        bootstrap: new native_io.ClientBootstrap(),217    };218 219    const credentials_provider = native.AwsCredentialsProvider.newCognito(config);220 221    expect(credentials_provider);222});223 224const AWS_TESTING_COGNITO_IDENTITY : string = process.env.AWS_TESTING_COGNITO_IDENTITY ?? "";225 226function hasCognitoTestEnvironment() {227    return AWS_TESTING_COGNITO_IDENTITY !== "";228}229 230const conditional_test = (condition : boolean) => condition ? it : it.skip;231 232async function do_body_request_signing(provider: native.AwsCredentialsProvider) {233    const signing_config: native.AwsSigningConfig = {234        algorithm: native.AwsSigningAlgorithm.SigV4,235        signature_type: native.AwsSignatureType.HttpRequestViaHeaders,236        provider: provider,237        region: SIGV4TEST_REGION,238        service: SIGV4TEST_SERVICE,239        date: new Date(DATE_STR),240        signed_body_header: native.AwsSignedBodyHeaderType.None,241    };242    let stream = new PassThrough();243    let body_stream;244    stream.write("test");245    stream.end(() => {246        body_stream = new InputStream(stream);247    });248    let http_request = new native_http.HttpRequest(249        SIGV4TEST_METHOD,250        SIGV4TEST_PATH,251        new native_http.HttpHeaders(SIGV4TEST_UNSIGNED_HEADERS),252        body_stream);253 254    return await aws_sign_request(http_request, signing_config);255}256 257conditional_test(hasCognitoTestEnvironment())('Cognito credentials provider usage success - signing', async () => {258    let config : native.CognitoCredentialsProviderConfig = {259        endpoint: "cognito-identity.us-east-1.amazonaws.com",260        identity: AWS_TESTING_COGNITO_IDENTITY261    };262 263    const credentials_provider = native.AwsCredentialsProvider.newCognito(config);264 265    expect(credentials_provider);266 267    const signing_result = await do_body_request_signing(credentials_provider);268 269    expect(signing_result.method).toBe(SIGV4TEST_METHOD);270    expect(signing_result.path).toBe(SIGV4TEST_PATH);271});272 273conditional_test(hasCognitoTestEnvironment() && ProxyConfig.is_valid())('Cognito credentials provider through http proxy usage success - signing', async () => {274    let proxyOptions: native_http.HttpProxyOptions = ProxyConfig.create_http_proxy_options_from_environment(275        ProxyTestType.TUNNELING_HTTPS, native_http.HttpProxyAuthenticationType.None);276 277    let config : native.CognitoCredentialsProviderConfig = {278        endpoint: "cognito-identity.us-east-1.amazonaws.com",279        identity: AWS_TESTING_COGNITO_IDENTITY,280        httpProxyOptions: proxyOptions281    };282 283    const credentials_provider = native.AwsCredentialsProvider.newCognito(config);284 285    expect(credentials_provider);286 287    const signing_result = await do_body_request_signing(credentials_provider);288 289    expect(signing_result.method).toBe(SIGV4TEST_METHOD);290    expect(signing_result.path).toBe(SIGV4TEST_PATH);291});292