sign_s3_url(uri, expiration = nil)
protected
we have our own signing code here to avoid a dependency on the aws-sdk gem
fortunately, a simple GET request isn’t too complex to
sign properly
# File lib/rubygems/remote_fetcher.rb, line 356
def sign_s3_url(uri, expiration = nil)
require 'base64'
require 'openssl'
id, secret = s3_source_auth uri
expiration ||= s3_expiration
canonical_path = "/#{uri.host}#{uri.path}"
payload = "GET\n\n\n#{expiration}\n#{canonical_path}"
digest = OpenSSL::HMAC.digest('sha1', secret, payload)
# URI.escape is deprecated, and there isn't yet a replacement that does quite what we want
signature = Base64.encode64(digest).gsub("\n", '').gsub(/[\+\/=]/) { |c| BASE64_URI_TRANSLATE[c] }
URI.parse("https://#{uri.host}.s3.amazonaws.com#{uri.path}?AWSAccessKeyId=#{id}&Expires=#{expiration}&Signature=#{signature}")
end