From aec498ceffb0621592b04edbc3e4162df8faac6e Mon Sep 17 00:00:00 2001
From: Taylor Finnell <tmfinnell@gmail.com>
Date: Tue, 8 May 2018 17:12:14 -0400
Subject: [PATCH 1/2] fix time skew errors

---
 src/awscr-signer/signers/v2.cr | 16 ++++++++++------
 src/awscr-signer/signers/v4.cr | 20 +++++++++++---------
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/src/awscr-signer/signers/v2.cr b/src/awscr-signer/signers/v2.cr
index 95c4f80..e044991 100644
--- a/src/awscr-signer/signers/v2.cr
+++ b/src/awscr-signer/signers/v2.cr
@@ -6,18 +6,20 @@ module Awscr
       class V2
         include Interface
 
-        def initialize(service : String, region : String, aws_access_key : String, aws_secret_key : String)
-          @scope = Signer::Scope.new(region, service)
+        def initialize(@service : String, @region : String, @aws_access_key : String, @aws_secret_key : String)
           @credentials = Signer::Credentials.new(aws_access_key, aws_secret_key)
         end
 
         def sign(string : String)
-          sig = Signer::V2::Signature.new(@scope, string, @credentials)
+          scope = Signer::Scope.new(@region, @service)
+          sig = Signer::V2::Signature.new(scope, string, @credentials)
           sig.to_s
         end
 
         # Sign an HTTP::Request
         def sign(request : HTTP::Request)
+          scope = Signer::Scope.new(@region, @service)
+
           # Replace "Date" with X-Amz-Date.
           # Only if X-Amz-Date is not already set. AWS prefers
           # X-Amz-Date
@@ -25,7 +27,7 @@ module Awscr
             request.headers["Date"] ||= date
           else
             # Default it to the given scope time, if not set
-            request.headers["Date"] ||= @scope.date.rfc1123z
+            request.headers["Date"] ||= scope.date.rfc1123z
           end
 
           canonical_request = Signer::V2::Request.new(request.method,
@@ -39,7 +41,7 @@ module Awscr
             canonical_request.headers.add(Signer::Header.new(k, v))
           end
 
-          signature = Signer::V2::Signature.new(@scope, canonical_request.to_s, @credentials)
+          signature = Signer::V2::Signature.new(scope, canonical_request.to_s, @credentials)
 
           request.headers["Authorization"] = [
             "AWS ", @credentials.key, ":", signature,
@@ -47,6 +49,8 @@ module Awscr
         end
 
         def presign(request, expires = nil)
+          scope = Signer::Scope.new(@region, @service)
+
           expires ||= Time.utc_now.epoch + 86_400
 
           canonical_request = Signer::V2::Request.new(request.method,
@@ -60,7 +64,7 @@ module Awscr
             canonical_request.headers.add(Signer::Header.new(k, v))
           end
 
-          signature = Signer::V2::Signature.new(@scope, canonical_request.to_s, @credentials)
+          signature = Signer::V2::Signature.new(scope, canonical_request.to_s, @credentials)
 
           request.query_params.add("AWSAccessKeyId", @credentials.key)
           request.query_params.add("Signature", signature.to_s)
diff --git a/src/awscr-signer/signers/v4.cr b/src/awscr-signer/signers/v4.cr
index 0d70de1..07bf91f 100644
--- a/src/awscr-signer/signers/v4.cr
+++ b/src/awscr-signer/signers/v4.cr
@@ -14,13 +14,13 @@ module Awscr
       class V4
         include Interface
 
-        def initialize(service : String, region : String, aws_access_key : String, aws_secret_key : String)
-          @scope = Signer::Scope.new(region, service)
+        def initialize(@service : String, @region : String, @aws_access_key : String, @aws_secret_key : String)
           @credentials = Signer::Credentials.new(aws_access_key, aws_secret_key)
         end
 
         def sign(string : String)
-          sig = Signer::V4::Signature.new(@scope, string, @credentials, compute_digest: false)
+          scope = Signer::Scope.new(@region, @service)
+          sig = Signer::V4::Signature.new(scope, string, @credentials, compute_digest: false)
           sig.to_s
         end
 
@@ -34,9 +34,10 @@ module Awscr
         end
 
         private def querystring_impl(request)
+          scope = Signer::Scope.new(@region, @service)
           request.query_params.add("X-Amz-Algorithm", Signer::ALGORITHM)
-          request.query_params.add("X-Amz-Credential", "#{@credentials.key}/#{@scope}")
-          request.query_params.add("X-Amz-Date", @scope.date.iso8601)
+          request.query_params.add("X-Amz-Credential", "#{@credentials.key}/#{scope}")
+          request.query_params.add("X-Amz-Date", scope.date.iso8601)
 
           canonical_request = Signer::V4::Request.new(request.method,
             URI.parse(request.path), request.body)
@@ -51,12 +52,13 @@ module Awscr
 
           canonical_request.query.add("X-Amz-SignedHeaders", "#{canonical_request.headers.keys.join(";")}")
 
-          signature = Signer::V4::Signature.new(@scope, canonical_request.to_s, @credentials)
+          signature = Signer::V4::Signature.new(scope, canonical_request.to_s, @credentials)
           request.query_params.add("X-Amz-SignedHeaders", "#{canonical_request.headers.keys.join(";")}")
           request.query_params.add("X-Amz-Signature", signature.to_s)
         end
 
         private def header_impl(request, add_sha)
+          scope = Signer::Scope.new(@region, @service)
           # Replace "Date" with X-Amz-Date.
           # Only if X-Amz-Date is not already set. AWS prefers
           # X-Amz-Date
@@ -64,7 +66,7 @@ module Awscr
             request.headers["X-Amz-Date"] ||= date
           else
             # Default it to the given scope time, if not set
-            request.headers["X-Amz-Date"] ||= @scope.date.iso8601
+            request.headers["X-Amz-Date"] ||= scope.date.iso8601
           end
 
           canonical_request = Signer::V4::Request.new(request.method,
@@ -86,10 +88,10 @@ module Awscr
               canonical_request.digest)
           end
 
-          signature = Signer::V4::Signature.new(@scope, canonical_request.to_s, @credentials)
+          signature = Signer::V4::Signature.new(scope, canonical_request.to_s, @credentials)
 
           request.headers["Authorization"] = [
-            [Signer::ALGORITHM, "Credential=#{@credentials.key}/#{@scope}"].join(" "),
+            [Signer::ALGORITHM, "Credential=#{@credentials.key}/#{scope}"].join(" "),
             "SignedHeaders=#{canonical_request.headers.keys.join(";")}",
             "Signature=#{signature}",
           ].join(", ")

From 73c88529a5166ca12b2704709e289b75d7b6fa22 Mon Sep 17 00:00:00 2001
From: Taylor Finnell <tmfinnell@gmail.com>
Date: Tue, 8 May 2018 17:56:00 -0400
Subject: [PATCH 2/2] bump version

---
 shard.yml                   | 4 ++--
 src/awscr-signer/version.cr | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/shard.yml b/shard.yml
index c3ac134..fb74d8b 100644
--- a/shard.yml
+++ b/shard.yml
@@ -1,6 +1,6 @@
 name: awscr-signer
-version: 0.5.0
-crystal: 0.24.1
+version: 0.5.1
+crystal: 0.24.2
 
 authors:
   - Taylor Finnell <tmfinnell@gmail.com>
diff --git a/src/awscr-signer/version.cr b/src/awscr-signer/version.cr
index d41e409..8336139 100644
--- a/src/awscr-signer/version.cr
+++ b/src/awscr-signer/version.cr
@@ -1,7 +1,7 @@
 module Awscr
   MAJOR = "0"
   MINOR = "5"
-  PATCH = "0"
+  PATCH = "1"
 
   VERSION = [MAJOR, MINOR, PATCH].join(".")
 end