A quick, *ring*-based SigV4 signer draft #1
Description
Hey Doug! I've got a quick draft of a SigV4 signer I drew up a while back using ring. I haven't really tested it end-to-end, but it might be useful to you!
use bytes::Bytes;
use ring::{
digest,
hmac::{self, Signature, SigningKey},
rand::{self, SecureRandom},
};
use std::error::Error;
fn sign_inner(mut data: Vec<u8>, key: Bytes) -> Result<Signature, Box<Error>> {
rand::SystemRandom::new().fill(&mut data)?;
let signature = SigningKey::new(&digest::SHA256, &data);
let signature = hmac::sign(&signature, &key.as_ref());
Ok(signature)
}
pub fn sign(
key: String,
date: Vec<u8>,
region: Vec<u8>,
service: Vec<u8>,
) -> Result<Signature, Box<Error>> {
let sig = format!("AWS4{}", key);
let sig = sign_inner(date, Bytes::from(sig.as_bytes()))?;
let sig = sign_inner(region, Bytes::from(sig.as_ref()))?;
let sig = sign_inner(service, Bytes::from(sig.as_ref()))?;
let sig = sign_inner(
String::from("aws4_request").as_bytes().to_vec(),
Bytes::from(sig.as_ref()),
)?;
Ok(sig)
}
#[test]
fn test_sign() {
let key = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
let date = "20120215";
let region_name = "us-east-1";
let service = "iam";
let result = sign(
key.to_string(),
date.as_bytes().to_vec(),
region_name.as_bytes().to_vec(),
service.as_bytes().to_vec(),
)
.unwrap();
dbg!(result);
}