node_modules/npm/node_modules/request/node_modules/aws4/aws4.js - cordova-create - Git at Google

 var aws4 = exports,
     url = require('url'),
     querystring = require('querystring'),
     crypto = require('crypto'),
     lru = require('lru-cache'),
     credentialsCache = lru(1000)

 // http://docs.amazonwebservices.com/general/latest/gr/signature-version-4.html

 function hmac(key, string, encoding) {
   return crypto.createHmac('sha256', key).update(string, 'utf8').digest(encoding)
 }

 function hash(string, encoding) {
   return crypto.createHash('sha256').update(string, 'utf8').digest(encoding)
 }

 // This function assumes the string has already been percent encoded
 function encodeRfc3986(urlEncodedString) {
   return urlEncodedString.replace(/[!'()*]/g, function(c) {
     return '%' + c.charCodeAt(0).toString(16).toUpperCase()
   })
 }

 // request: { path | body, [host], [method], [headers], [service], [region] }
 // credentials: { accessKeyId, secretAccessKey, [sessionToken] }
 function RequestSigner(request, credentials) {

   if (typeof request === 'string') request = url.parse(request)

   var headers = request.headers = (request.headers || {}),
       hostParts = this.matchHost(request.hostname || request.host || headers.Host || headers.host)

   this.request = request
   this.credentials = credentials || this.defaultCredentials()

   this.service = request.service || hostParts[0] || ''
   this.region = request.region || hostParts[1] || 'us-east-1'

   // SES uses a different domain from the service name
   if (this.service === 'email') this.service = 'ses'

   if (!request.method && request.body)
     request.method = 'POST'

   if (!headers.Host && !headers.host) {
     headers.Host = request.hostname || request.host || this.createHost()

     // If a port is specified explicitly, use it as is
     if (request.port)
       headers.Host += ':' + request.port
   }
   if (!request.hostname && !request.host)
     request.hostname = headers.Host || headers.host
 }

 RequestSigner.prototype.matchHost = function(host) {
   var match = (host || '').match(/([^\.]+)\.(?:([^\.]*)\.)?amazonaws\.com$/)
   var hostParts = (match || []).slice(1, 3)

   // ES's hostParts are sometimes the other way round, if the value that is expected
   // to be region equals ‘es’ switch them back
   // e.g. search-cluster-name-aaaa00aaaa0aaa0aaaaaaa0aaa.us-east-1.es.amazonaws.com
   if (hostParts[1] === 'es')
     hostParts = hostParts.reverse()

   return hostParts
 }

 // http://docs.aws.amazon.com/general/latest/gr/rande.html
 RequestSigner.prototype.isSingleRegion = function() {
   // Special case for S3 and SimpleDB in us-east-1
   if (['s3', 'sdb'].indexOf(this.service) >= 0 && this.region === 'us-east-1') return true

   return ['cloudfront', 'ls', 'route53', 'iam', 'importexport', 'sts']
     .indexOf(this.service) >= 0
 }

 RequestSigner.prototype.createHost = function() {
   var region = this.isSingleRegion() ? '' :
         (this.service === 's3' && this.region !== 'us-east-1' ? '-' : '.') + this.region,
       service = this.service === 'ses' ? 'email' : this.service
   return service + region + '.amazonaws.com'
 }

 RequestSigner.prototype.prepareRequest = function() {
   this.parsePath()

   var request = this.request, headers = request.headers, query

   if (request.signQuery) {

     this.parsedPath.query = query = this.parsedPath.query || {}

     if (this.credentials.sessionToken)
       query['X-Amz-Security-Token'] = this.credentials.sessionToken

     if (this.service === 's3' && !query['X-Amz-Expires'])
       query['X-Amz-Expires'] = 86400

     if (query['X-Amz-Date'])
       this.datetime = query['X-Amz-Date']
     else
       query['X-Amz-Date'] = this.getDateTime()

     query['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
     query['X-Amz-Credential'] = this.credentials.accessKeyId + '/' + this.credentialString()
     query['X-Amz-SignedHeaders'] = this.signedHeaders()

   } else {

     if (!request.doNotModifyHeaders) {
       if (request.body && !headers['Content-Type'] && !headers['content-type'])
         headers['Content-Type'] = 'application/x-www-form-urlencoded; charset=utf-8'

       if (request.body && !headers['Content-Length'] && !headers['content-length'])
         headers['Content-Length'] = Buffer.byteLength(request.body)

       if (this.credentials.sessionToken)
         headers['X-Amz-Security-Token'] = this.credentials.sessionToken

       if (this.service === 's3')
         headers['X-Amz-Content-Sha256'] = hash(this.request.body || '', 'hex')

       if (headers['X-Amz-Date'])
         this.datetime = headers['X-Amz-Date']
       else
         headers['X-Amz-Date'] = this.getDateTime()
     }

     delete headers.Authorization
     delete headers.authorization
   }
 }

 RequestSigner.prototype.sign = function() {
   if (!this.parsedPath) this.prepareRequest()

   if (this.request.signQuery) {
     this.parsedPath.query['X-Amz-Signature'] = this.signature()
   } else {
     this.request.headers.Authorization = this.authHeader()
   }

   this.request.path = this.formatPath()

   return this.request
 }

 RequestSigner.prototype.getDateTime = function() {
   if (!this.datetime) {
     var headers = this.request.headers,
       date = new Date(headers.Date || headers.date || new Date)

     this.datetime = date.toISOString().replace(/[:\-]|\.\d{3}/g, '')
   }
   return this.datetime
 }

 RequestSigner.prototype.getDate = function() {
   return this.getDateTime().substr(0, 8)
 }

 RequestSigner.prototype.authHeader = function() {
   return [
     'AWS4-HMAC-SHA256 Credential=' + this.credentials.accessKeyId + '/' + this.credentialString(),
     'SignedHeaders=' + this.signedHeaders(),
     'Signature=' + this.signature(),
   ].join(', ')
 }

 RequestSigner.prototype.signature = function() {
   var date = this.getDate(),
       cacheKey = [this.credentials.secretAccessKey, date, this.region, this.service].join(),
       kDate, kRegion, kService, kCredentials = credentialsCache.get(cacheKey)
   if (!kCredentials) {
     kDate = hmac('AWS4' + this.credentials.secretAccessKey, date)
     kRegion = hmac(kDate, this.region)
     kService = hmac(kRegion, this.service)
     kCredentials = hmac(kService, 'aws4_request')
     credentialsCache.set(cacheKey, kCredentials)
   }
   return hmac(kCredentials, this.stringToSign(), 'hex')
 }

 RequestSigner.prototype.stringToSign = function() {
   return [
     'AWS4-HMAC-SHA256',
     this.getDateTime(),
     this.credentialString(),
     hash(this.canonicalString(), 'hex'),
   ].join('\n')
 }

 RequestSigner.prototype.canonicalString = function() {
   if (!this.parsedPath) this.prepareRequest()

   var pathStr = this.parsedPath.path,
       query = this.parsedPath.query,
       queryStr = '',
       normalizePath = this.service !== 's3',
       decodePath = this.service === 's3' || this.request.doNotEncodePath,
       decodeSlashesInPath = this.service === 's3',
       firstValOnly = this.service === 's3',
       bodyHash = this.service === 's3' && this.request.signQuery ?
         'UNSIGNED-PAYLOAD' : hash(this.request.body || '', 'hex')

   if (query) {
     queryStr = encodeRfc3986(querystring.stringify(Object.keys(query).sort().reduce(function(obj, key) {
       if (!key) return obj
       obj[key] = !Array.isArray(query[key]) ? query[key] :
         (firstValOnly ? query[key][0] : query[key].slice().sort())
       return obj
     }, {})))
   }
   if (pathStr !== '/') {
     if (normalizePath) pathStr = pathStr.replace(/\/{2,}/g, '/')
     pathStr = pathStr.split('/').reduce(function(path, piece) {
       if (normalizePath && piece === '..') {
         path.pop()
       } else if (!normalizePath || piece !== '.') {
         if (decodePath) piece = querystring.unescape(piece)
         path.push(encodeRfc3986(querystring.escape(piece)))
       }
       return path
     }, []).join('/')
     if (pathStr[0] !== '/') pathStr = '/' + pathStr
     if (decodeSlashesInPath) pathStr = pathStr.replace(/%2F/g, '/')
   }

   return [
     this.request.method || 'GET',
     pathStr,
     queryStr,
     this.canonicalHeaders() + '\n',
     this.signedHeaders(),
     bodyHash,
   ].join('\n')
 }

 RequestSigner.prototype.canonicalHeaders = function() {
   var headers = this.request.headers
   function trimAll(header) {
     return header.toString().trim().replace(/\s+/g, ' ')
   }
   return Object.keys(headers)
     .sort(function(a, b) { return a.toLowerCase() < b.toLowerCase() ? -1 : 1 })
     .map(function(key) { return key.toLowerCase() + ':' + trimAll(headers[key]) })
     .join('\n')
 }

 RequestSigner.prototype.signedHeaders = function() {
   return Object.keys(this.request.headers)
     .map(function(key) { return key.toLowerCase() })
     .sort()
     .join(';')
 }

 RequestSigner.prototype.credentialString = function() {
   return [
     this.getDate(),
     this.region,
     this.service,
     'aws4_request',
   ].join('/')
 }

 RequestSigner.prototype.defaultCredentials = function() {
   var env = process.env
   return {
     accessKeyId: env.AWS_ACCESS_KEY_ID || env.AWS_ACCESS_KEY,
     secretAccessKey: env.AWS_SECRET_ACCESS_KEY || env.AWS_SECRET_KEY,
     sessionToken: env.AWS_SESSION_TOKEN,
   }
 }

 RequestSigner.prototype.parsePath = function() {
   var path = this.request.path || '/',
       queryIx = path.indexOf('?'),
       query = null

   if (queryIx >= 0) {
     query = querystring.parse(path.slice(queryIx + 1))
     path = path.slice(0, queryIx)
   }

   // S3 doesn't always encode characters > 127 correctly and
   // all services don't encode characters > 255 correctly
   // So if there are non-reserved chars (and it's not already all % encoded), just encode them all
   if (/[^0-9A-Za-z!'()*\-._~%/]/.test(path)) {
     path = path.split('/').map(function(piece) {
       return querystring.escape(querystring.unescape(piece))
     }).join('/')
   }

   this.parsedPath = {
     path: path,
     query: query,
   }
 }

 RequestSigner.prototype.formatPath = function() {
   var path = this.parsedPath.path,
       query = this.parsedPath.query

   if (!query) return path

   // Services don't support empty query string keys
   if (query[''] != null) delete query['']

   return path + '?' + encodeRfc3986(querystring.stringify(query))
 }

 aws4.RequestSigner = RequestSigner

 aws4.sign = function(request, credentials) {
   return new RequestSigner(request, credentials).sign()
 }
	var aws4 = exports,
	url = require('url'),
	querystring = require('querystring'),
	crypto = require('crypto'),
	lru = require('lru-cache'),
	credentialsCache = lru(1000)

	// http://docs.amazonwebservices.com/general/latest/gr/signature-version-4.html

	function hmac(key, string, encoding) {
	return crypto.createHmac('sha256', key).update(string, 'utf8').digest(encoding)
	}

	function hash(string, encoding) {
	return crypto.createHash('sha256').update(string, 'utf8').digest(encoding)
	}

	// This function assumes the string has already been percent encoded
	function encodeRfc3986(urlEncodedString) {
	return urlEncodedString.replace(/[!'()*]/g, function(c) {
	return '%' + c.charCodeAt(0).toString(16).toUpperCase()
	})
	}

	// request: { path \| body, [host], [method], [headers], [service], [region] }
	// credentials: { accessKeyId, secretAccessKey, [sessionToken] }
	function RequestSigner(request, credentials) {

	if (typeof request === 'string') request = url.parse(request)

	var headers = request.headers = (request.headers \|\| {}),
	hostParts = this.matchHost(request.hostname \|\| request.host \|\| headers.Host \|\| headers.host)

	this.request = request
	this.credentials = credentials \|\| this.defaultCredentials()

	this.service = request.service \|\| hostParts[0] \|\| ''
	this.region = request.region \|\| hostParts[1] \|\| 'us-east-1'

	// SES uses a different domain from the service name
	if (this.service === 'email') this.service = 'ses'

	if (!request.method && request.body)
	request.method = 'POST'

	if (!headers.Host && !headers.host) {
	headers.Host = request.hostname \|\| request.host \|\| this.createHost()

	// If a port is specified explicitly, use it as is
	if (request.port)
	headers.Host += ':' + request.port
	}
	if (!request.hostname && !request.host)
	request.hostname = headers.Host \|\| headers.host
	}

	RequestSigner.prototype.matchHost = function(host) {
	var match = (host \|\| '').match(/([^\.]+)\.(?:([^\.]*)\.)?amazonaws\.com$/)
	var hostParts = (match \|\| []).slice(1, 3)

	// ES's hostParts are sometimes the other way round, if the value that is expected
	// to be region equals ‘es’ switch them back
	// e.g. search-cluster-name-aaaa00aaaa0aaa0aaaaaaa0aaa.us-east-1.es.amazonaws.com
	if (hostParts[1] === 'es')
	hostParts = hostParts.reverse()

	return hostParts
	}

	// http://docs.aws.amazon.com/general/latest/gr/rande.html
	RequestSigner.prototype.isSingleRegion = function() {
	// Special case for S3 and SimpleDB in us-east-1
	if (['s3', 'sdb'].indexOf(this.service) >= 0 && this.region === 'us-east-1') return true

	return ['cloudfront', 'ls', 'route53', 'iam', 'importexport', 'sts']
	.indexOf(this.service) >= 0
	}

	RequestSigner.prototype.createHost = function() {
	var region = this.isSingleRegion() ? '' :
	(this.service === 's3' && this.region !== 'us-east-1' ? '-' : '.') + this.region,
	service = this.service === 'ses' ? 'email' : this.service
	return service + region + '.amazonaws.com'
	}

	RequestSigner.prototype.prepareRequest = function() {
	this.parsePath()

	var request = this.request, headers = request.headers, query

	if (request.signQuery) {

	this.parsedPath.query = query = this.parsedPath.query \|\| {}

	if (this.credentials.sessionToken)
	query['X-Amz-Security-Token'] = this.credentials.sessionToken

	if (this.service === 's3' && !query['X-Amz-Expires'])
	query['X-Amz-Expires'] = 86400

	if (query['X-Amz-Date'])
	this.datetime = query['X-Amz-Date']
	else
	query['X-Amz-Date'] = this.getDateTime()

	query['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'
	query['X-Amz-Credential'] = this.credentials.accessKeyId + '/' + this.credentialString()
	query['X-Amz-SignedHeaders'] = this.signedHeaders()

	} else {

	if (!request.doNotModifyHeaders) {
	if (request.body && !headers['Content-Type'] && !headers['content-type'])
	headers['Content-Type'] = 'application/x-www-form-urlencoded; charset=utf-8'

	if (request.body && !headers['Content-Length'] && !headers['content-length'])
	headers['Content-Length'] = Buffer.byteLength(request.body)

	if (this.credentials.sessionToken)
	headers['X-Amz-Security-Token'] = this.credentials.sessionToken

	if (this.service === 's3')
	headers['X-Amz-Content-Sha256'] = hash(this.request.body \|\| '', 'hex')

	if (headers['X-Amz-Date'])
	this.datetime = headers['X-Amz-Date']
	else
	headers['X-Amz-Date'] = this.getDateTime()
	}

	delete headers.Authorization
	delete headers.authorization
	}
	}

	RequestSigner.prototype.sign = function() {
	if (!this.parsedPath) this.prepareRequest()

	if (this.request.signQuery) {
	this.parsedPath.query['X-Amz-Signature'] = this.signature()
	} else {
	this.request.headers.Authorization = this.authHeader()
	}

	this.request.path = this.formatPath()

	return this.request
	}

	RequestSigner.prototype.getDateTime = function() {
	if (!this.datetime) {
	var headers = this.request.headers,
	date = new Date(headers.Date \|\| headers.date \|\| new Date)

	this.datetime = date.toISOString().replace(/[:\-]\|\.\d{3}/g, '')
	}
	return this.datetime
	}

	RequestSigner.prototype.getDate = function() {
	return this.getDateTime().substr(0, 8)
	}

	RequestSigner.prototype.authHeader = function() {
	return [
	'AWS4-HMAC-SHA256 Credential=' + this.credentials.accessKeyId + '/' + this.credentialString(),
	'SignedHeaders=' + this.signedHeaders(),
	'Signature=' + this.signature(),
	].join(', ')
	}

	RequestSigner.prototype.signature = function() {
	var date = this.getDate(),
	cacheKey = [this.credentials.secretAccessKey, date, this.region, this.service].join(),
	kDate, kRegion, kService, kCredentials = credentialsCache.get(cacheKey)
	if (!kCredentials) {
	kDate = hmac('AWS4' + this.credentials.secretAccessKey, date)
	kRegion = hmac(kDate, this.region)
	kService = hmac(kRegion, this.service)
	kCredentials = hmac(kService, 'aws4_request')
	credentialsCache.set(cacheKey, kCredentials)
	}
	return hmac(kCredentials, this.stringToSign(), 'hex')
	}

	RequestSigner.prototype.stringToSign = function() {
	return [
	'AWS4-HMAC-SHA256',
	this.getDateTime(),
	this.credentialString(),
	hash(this.canonicalString(), 'hex'),
	].join('\n')
	}

	RequestSigner.prototype.canonicalString = function() {
	if (!this.parsedPath) this.prepareRequest()

	var pathStr = this.parsedPath.path,
	query = this.parsedPath.query,
	queryStr = '',
	normalizePath = this.service !== 's3',
	decodePath = this.service === 's3' \|\| this.request.doNotEncodePath,
	decodeSlashesInPath = this.service === 's3',
	firstValOnly = this.service === 's3',
	bodyHash = this.service === 's3' && this.request.signQuery ?
	'UNSIGNED-PAYLOAD' : hash(this.request.body \|\| '', 'hex')

	if (query) {
	queryStr = encodeRfc3986(querystring.stringify(Object.keys(query).sort().reduce(function(obj, key) {
	if (!key) return obj
	obj[key] = !Array.isArray(query[key]) ? query[key] :
	(firstValOnly ? query[key][0] : query[key].slice().sort())
	return obj
	}, {})))
	}
	if (pathStr !== '/') {
	if (normalizePath) pathStr = pathStr.replace(/\/{2,}/g, '/')
	pathStr = pathStr.split('/').reduce(function(path, piece) {
	if (normalizePath && piece === '..') {
	path.pop()
	} else if (!normalizePath \|\| piece !== '.') {
	if (decodePath) piece = querystring.unescape(piece)
	path.push(encodeRfc3986(querystring.escape(piece)))
	}
	return path
	}, []).join('/')
	if (pathStr[0] !== '/') pathStr = '/' + pathStr
	if (decodeSlashesInPath) pathStr = pathStr.replace(/%2F/g, '/')
	}

	return [
	this.request.method \|\| 'GET',
	pathStr,
	queryStr,
	this.canonicalHeaders() + '\n',
	this.signedHeaders(),
	bodyHash,
	].join('\n')
	}

	RequestSigner.prototype.canonicalHeaders = function() {
	var headers = this.request.headers
	function trimAll(header) {
	return header.toString().trim().replace(/\s+/g, ' ')
	}
	return Object.keys(headers)
	.sort(function(a, b) { return a.toLowerCase() < b.toLowerCase() ? -1 : 1 })
	.map(function(key) { return key.toLowerCase() + ':' + trimAll(headers[key]) })
	.join('\n')
	}

	RequestSigner.prototype.signedHeaders = function() {
	return Object.keys(this.request.headers)
	.map(function(key) { return key.toLowerCase() })
	.sort()
	.join(';')
	}

	RequestSigner.prototype.credentialString = function() {
	return [
	this.getDate(),
	this.region,
	this.service,
	'aws4_request',
	].join('/')
	}

	RequestSigner.prototype.defaultCredentials = function() {
	var env = process.env
	return {
	accessKeyId: env.AWS_ACCESS_KEY_ID \|\| env.AWS_ACCESS_KEY,
	secretAccessKey: env.AWS_SECRET_ACCESS_KEY \|\| env.AWS_SECRET_KEY,
	sessionToken: env.AWS_SESSION_TOKEN,
	}
	}

	RequestSigner.prototype.parsePath = function() {
	var path = this.request.path \|\| '/',
	queryIx = path.indexOf('?'),
	query = null

	if (queryIx >= 0) {
	query = querystring.parse(path.slice(queryIx + 1))
	path = path.slice(0, queryIx)
	}

	// S3 doesn't always encode characters > 127 correctly and
	// all services don't encode characters > 255 correctly
	// So if there are non-reserved chars (and it's not already all % encoded), just encode them all
	if (/[^0-9A-Za-z!'()*\-._~%/]/.test(path)) {
	path = path.split('/').map(function(piece) {
	return querystring.escape(querystring.unescape(piece))
	}).join('/')
	}

	this.parsedPath = {
	path: path,
	query: query,
	}
	}

	RequestSigner.prototype.formatPath = function() {
	var path = this.parsedPath.path,
	query = this.parsedPath.query

	if (!query) return path

	// Services don't support empty query string keys
	if (query[''] != null) delete query['']

	return path + '?' + encodeRfc3986(querystring.stringify(query))
	}

	aws4.RequestSigner = RequestSigner

	aws4.sign = function(request, credentials) {
	return new RequestSigner(request, credentials).sign()
	}