Crate scratchstack_aws_signature
source · [−]Expand description
The aws_sig_verify crate provides AWS SigV4 verification routines. This is not the library you want if you
just want to call AWS services or other services that use AWS SigV4 signatures.
Rusoto already has a library,
rusoto_signature, that provides this functionality.
If you are attempting to perform AWS SigV4 verification using AWS-vended credentials, this library also will not work for you. You need the caller’s secret key (or a derivative), and AWS does not allow this for obvious reasons. Instead, you should be using API Gateway with IAM authentication.
On the other hand, if you have your own ecosystem of AWS-like credentials and are developing mock-AWS services or just really like AWS SigV4 but can’t run within AWS, this library might be for you.
Structs
A data structure containing the elements of the request (some client-supplied, some service-supplied) involved in the SigV4 verification process.
A signing key of some type.
Enums
Error returned when an attempt at validating an AWS SigV4 signature fails.
The types of signing key available.
Traits
A trait bound that describes how we obtain a signing key of a given type given a request. If you need to encapsulate additional data (e.g. a database connection) to look up a key, use this to implement a struct.
Functions
Normalizes the specified URI path, removing redundant slashes and relative path components.
Wrap an async function taking a signing request and returns a result into a GetSigningKey trait implementation.
Normalize the query parameters by normalizing the keys and values of each parameter and return a HashMap mapping
each key to a vector of values (since it is valid for a query parameters to appear multiple times).
Normalize the path component according to RFC 3986. This performs the following operations:
Return the expected signature for a request.
Verify a SigV4 request. This verifies that the request timestamp is not beyond the allowed timestamp mismatch against the current time, and that the request signature matches our expected signature.
Verify a SigV4 request at a particular point-in-time. This verifies that the request timestamp is not beyond the allowed timestamp mismatch against the specified point-in-time, and that the request signature matches our expected signature.