Send to zulip

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/bearer.js

@@ -0,0 +1,14 @@
+var AWS = require('../core');
+
+/**
+ * @api private
+ */
+AWS.Signers.Bearer = AWS.util.inherit(AWS.Signers.RequestSigner, {
+  constructor: function Bearer(request) {
+    AWS.Signers.RequestSigner.call(this, request);
+  },
+
+  addAuthorization: function addAuthorization(token) {
+    this.request.headers['Authorization'] = 'Bearer ' + token.token;
+  }
+});

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/presign.js

@@ -0,0 +1,119 @@
+var AWS = require('../core');
+var inherit = AWS.util.inherit;
+
+/**
+ * @api private
+ */
+var expiresHeader = 'presigned-expires';
+
+/**
+ * @api private
+ */
+function signedUrlBuilder(request) {
+  var expires = request.httpRequest.headers[expiresHeader];
+  var signerClass = request.service.getSignerClass(request);
+
+  delete request.httpRequest.headers['User-Agent'];
+  delete request.httpRequest.headers['X-Amz-User-Agent'];
+
+  if (signerClass === AWS.Signers.V4) {
+    if (expires > 604800) { // one week expiry is invalid
+      var message = 'Presigning does not support expiry time greater ' +
+                    'than a week with SigV4 signing.';
+      throw AWS.util.error(new Error(), {
+        code: 'InvalidExpiryTime', message: message, retryable: false
+      });
+    }
+    request.httpRequest.headers[expiresHeader] = expires;
+  } else if (signerClass === AWS.Signers.S3) {
+    var now = request.service ? request.service.getSkewCorrectedDate() : AWS.util.date.getDate();
+    request.httpRequest.headers[expiresHeader] = parseInt(
+      AWS.util.date.unixTimestamp(now) + expires, 10).toString();
+  } else {
+    throw AWS.util.error(new Error(), {
+      message: 'Presigning only supports S3 or SigV4 signing.',
+      code: 'UnsupportedSigner', retryable: false
+    });
+  }
+}
+
+/**
+ * @api private
+ */
+function signedUrlSigner(request) {
+  var endpoint = request.httpRequest.endpoint;
+  var parsedUrl = AWS.util.urlParse(request.httpRequest.path);
+  var queryParams = {};
+
+  if (parsedUrl.search) {
+    queryParams = AWS.util.queryStringParse(parsedUrl.search.substr(1));
+  }
+
+  var auth = request.httpRequest.headers['Authorization'].split(' ');
+  if (auth[0] === 'AWS') {
+    auth = auth[1].split(':');
+    queryParams['Signature'] = auth.pop();
+    queryParams['AWSAccessKeyId'] = auth.join(':');
+
+    AWS.util.each(request.httpRequest.headers, function (key, value) {
+      if (key === expiresHeader) key = 'Expires';
+      if (key.indexOf('x-amz-meta-') === 0) {
+        // Delete existing, potentially not normalized key
+        delete queryParams[key];
+        key = key.toLowerCase();
+      }
+      queryParams[key] = value;
+    });
+    delete request.httpRequest.headers[expiresHeader];
+    delete queryParams['Authorization'];
+    delete queryParams['Host'];
+  } else if (auth[0] === 'AWS4-HMAC-SHA256') { // SigV4 signing
+    auth.shift();
+    var rest = auth.join(' ');
+    var signature = rest.match(/Signature=(.*?)(?:,|\s|\r?\n|$)/)[1];
+    queryParams['X-Amz-Signature'] = signature;
+    delete queryParams['Expires'];
+  }
+
+  // build URL
+  endpoint.pathname = parsedUrl.pathname;
+  endpoint.search = AWS.util.queryParamsToString(queryParams);
+}
+
+/**
+ * @api private
+ */
+AWS.Signers.Presign = inherit({
+  /**
+   * @api private
+   */
+  sign: function sign(request, expireTime, callback) {
+    request.httpRequest.headers[expiresHeader] = expireTime || 3600;
+    request.on('build', signedUrlBuilder);
+    request.on('sign', signedUrlSigner);
+    request.removeListener('afterBuild',
+      AWS.EventListeners.Core.SET_CONTENT_LENGTH);
+    request.removeListener('afterBuild',
+      AWS.EventListeners.Core.COMPUTE_SHA256);
+
+    request.emit('beforePresign', [request]);
+
+    if (callback) {
+      request.build(function() {
+        if (this.response.error) callback(this.response.error);
+        else {
+          callback(null, AWS.util.urlFormat(request.httpRequest.endpoint));
+        }
+      });
+    } else {
+      request.build();
+      if (request.response.error) throw request.response.error;
+      return AWS.util.urlFormat(request.httpRequest.endpoint);
+    }
+  }
+});
+
+/**
+ * @api private
+ */
+module.exports = AWS.Signers.Presign;

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/request_signer.js

@@ -0,0 +1,41 @@
+var AWS = require('../core');
+
+var inherit = AWS.util.inherit;
+
+/**
+ * @api private
+ */
+AWS.Signers.RequestSigner = inherit({
+  constructor: function RequestSigner(request) {
+    this.request = request;
+  },
+
+  setServiceClientId: function setServiceClientId(id) {
+    this.serviceClientId = id;
+  },
+
+  getServiceClientId: function getServiceClientId() {
+    return this.serviceClientId;
+  }
+});
+
+AWS.Signers.RequestSigner.getVersion = function getVersion(version) {
+  switch (version) {
+    case 'v2': return AWS.Signers.V2;
+    case 'v3': return AWS.Signers.V3;
+    case 's3v4': return AWS.Signers.V4;
+    case 'v4': return AWS.Signers.V4;
+    case 's3': return AWS.Signers.S3;
+    case 'v3https': return AWS.Signers.V3Https;
+    case 'bearer': return AWS.Signers.Bearer;
+  }
+  throw new Error('Unknown signing version ' + version);
+};
+
+require('./v2');
+require('./v3');
+require('./v3https');
+require('./v4');
+require('./s3');
+require('./presign');
+require('./bearer');

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/s3.js

@@ -0,0 +1,175 @@
+var AWS = require('../core');
+var inherit = AWS.util.inherit;
+
+/**
+ * @api private
+ */
+AWS.Signers.S3 = inherit(AWS.Signers.RequestSigner, {
+  /**
+   * When building the stringToSign, these sub resource params should be
+   * part of the canonical resource string with their NON-decoded values
+   */
+  subResources: {
+    'acl': 1,
+    'accelerate': 1,
+    'analytics': 1,
+    'cors': 1,
+    'lifecycle': 1,
+    'delete': 1,
+    'inventory': 1,
+    'location': 1,
+    'logging': 1,
+    'metrics': 1,
+    'notification': 1,
+    'partNumber': 1,
+    'policy': 1,
+    'requestPayment': 1,
+    'replication': 1,
+    'restore': 1,
+    'tagging': 1,
+    'torrent': 1,
+    'uploadId': 1,
+    'uploads': 1,
+    'versionId': 1,
+    'versioning': 1,
+    'versions': 1,
+    'website': 1
+  },
+
+  // when building the stringToSign, these querystring params should be
+  // part of the canonical resource string with their NON-encoded values
+  responseHeaders: {
+    'response-content-type': 1,
+    'response-content-language': 1,
+    'response-expires': 1,
+    'response-cache-control': 1,
+    'response-content-disposition': 1,
+    'response-content-encoding': 1
+  },
+
+  addAuthorization: function addAuthorization(credentials, date) {
+    if (!this.request.headers['presigned-expires']) {
+      this.request.headers['X-Amz-Date'] = AWS.util.date.rfc822(date);
+    }
+
+    if (credentials.sessionToken) {
+      // presigned URLs require this header to be lowercased
+      this.request.headers['x-amz-security-token'] = credentials.sessionToken;
+    }
+
+    var signature = this.sign(credentials.secretAccessKey, this.stringToSign());
+    var auth = 'AWS ' + credentials.accessKeyId + ':' + signature;
+
+    this.request.headers['Authorization'] = auth;
+  },
+
+  stringToSign: function stringToSign() {
+    var r = this.request;
+
+    var parts = [];
+    parts.push(r.method);
+    parts.push(r.headers['Content-MD5'] || '');
+    parts.push(r.headers['Content-Type'] || '');
+
+    // This is the "Date" header, but we use X-Amz-Date.
+    // The S3 signing mechanism requires us to pass an empty
+    // string for this Date header regardless.
+    parts.push(r.headers['presigned-expires'] || '');
+
+    var headers = this.canonicalizedAmzHeaders();
+    if (headers) parts.push(headers);
+    parts.push(this.canonicalizedResource());
+
+    return parts.join('\n');
+
+  },
+
+  canonicalizedAmzHeaders: function canonicalizedAmzHeaders() {
+
+    var amzHeaders = [];
+
+    AWS.util.each(this.request.headers, function (name) {
+      if (name.match(/^x-amz-/i))
+        amzHeaders.push(name);
+    });
+
+    amzHeaders.sort(function (a, b) {
+      return a.toLowerCase() < b.toLowerCase() ? -1 : 1;
+    });
+
+    var parts = [];
+    AWS.util.arrayEach.call(this, amzHeaders, function (name) {
+      parts.push(name.toLowerCase() + ':' + String(this.request.headers[name]));
+    });
+
+    return parts.join('\n');
+
+  },
+
+  canonicalizedResource: function canonicalizedResource() {
+
+    var r = this.request;
+
+    var parts = r.path.split('?');
+    var path = parts[0];
+    var querystring = parts[1];
+
+    var resource = '';
+
+    if (r.virtualHostedBucket)
+      resource += '/' + r.virtualHostedBucket;
+
+    resource += path;
+
+    if (querystring) {
+
+      // collect a list of sub resources and query params that need to be signed
+      var resources = [];
+
+      AWS.util.arrayEach.call(this, querystring.split('&'), function (param) {
+        var name = param.split('=')[0];
+        var value = param.split('=')[1];
+        if (this.subResources[name] || this.responseHeaders[name]) {
+          var subresource = { name: name };
+          if (value !== undefined) {
+            if (this.subResources[name]) {
+              subresource.value = value;
+            } else {
+              subresource.value = decodeURIComponent(value);
+            }
+          }
+          resources.push(subresource);
+        }
+      });
+
+      resources.sort(function (a, b) { return a.name < b.name ? -1 : 1; });
+
+      if (resources.length) {
+
+        querystring = [];
+        AWS.util.arrayEach(resources, function (res) {
+          if (res.value === undefined) {
+            querystring.push(res.name);
+          } else {
+            querystring.push(res.name + '=' + res.value);
+          }
+        });
+
+        resource += '?' + querystring.join('&');
+      }
+
+    }
+
+    return resource;
+
+  },
+
+  sign: function sign(secret, string) {
+    return AWS.util.crypto.hmac(secret, string, 'base64', 'sha1');
+  }
+});
+
+/**
+ * @api private
+ */
+module.exports = AWS.Signers.S3;

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/v2.js

@@ -0,0 +1,48 @@
+var AWS = require('../core');
+var inherit = AWS.util.inherit;
+
+/**
+ * @api private
+ */
+AWS.Signers.V2 = inherit(AWS.Signers.RequestSigner, {
+  addAuthorization: function addAuthorization(credentials, date) {
+
+    if (!date) date = AWS.util.date.getDate();
+
+    var r = this.request;
+
+    r.params.Timestamp = AWS.util.date.iso8601(date);
+    r.params.SignatureVersion = '2';
+    r.params.SignatureMethod = 'HmacSHA256';
+    r.params.AWSAccessKeyId = credentials.accessKeyId;
+
+    if (credentials.sessionToken) {
+      r.params.SecurityToken = credentials.sessionToken;
+    }
+
+    delete r.params.Signature; // delete old Signature for re-signing
+    r.params.Signature = this.signature(credentials);
+
+    r.body = AWS.util.queryParamsToString(r.params);
+    r.headers['Content-Length'] = r.body.length;
+  },
+
+  signature: function signature(credentials) {
+    return AWS.util.crypto.hmac(credentials.secretAccessKey, this.stringToSign(), 'base64');
+  },
+
+  stringToSign: function stringToSign() {
+    var parts = [];
+    parts.push(this.request.method);
+    parts.push(this.request.endpoint.host.toLowerCase());
+    parts.push(this.request.pathname());
+    parts.push(AWS.util.queryParamsToString(this.request.params));
+    return parts.join('\n');
+  }
+
+});
+
+/**
+ * @api private
+ */
+module.exports = AWS.Signers.V2;

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/v3.js

@@ -0,0 +1,77 @@
+var AWS = require('../core');
+var inherit = AWS.util.inherit;
+
+/**
+ * @api private
+ */
+AWS.Signers.V3 = inherit(AWS.Signers.RequestSigner, {
+  addAuthorization: function addAuthorization(credentials, date) {
+
+    var datetime = AWS.util.date.rfc822(date);
+
+    this.request.headers['X-Amz-Date'] = datetime;
+
+    if (credentials.sessionToken) {
+      this.request.headers['x-amz-security-token'] = credentials.sessionToken;
+    }
+
+    this.request.headers['X-Amzn-Authorization'] =
+      this.authorization(credentials, datetime);
+
+  },
+
+  authorization: function authorization(credentials) {
+    return 'AWS3 ' +
+      'AWSAccessKeyId=' + credentials.accessKeyId + ',' +
+      'Algorithm=HmacSHA256,' +
+      'SignedHeaders=' + this.signedHeaders() + ',' +
+      'Signature=' + this.signature(credentials);
+  },
+
+  signedHeaders: function signedHeaders() {
+    var headers = [];
+    AWS.util.arrayEach(this.headersToSign(), function iterator(h) {
+      headers.push(h.toLowerCase());
+    });
+    return headers.sort().join(';');
+  },
+
+  canonicalHeaders: function canonicalHeaders() {
+    var headers = this.request.headers;
+    var parts = [];
+    AWS.util.arrayEach(this.headersToSign(), function iterator(h) {
+      parts.push(h.toLowerCase().trim() + ':' + String(headers[h]).trim());
+    });
+    return parts.sort().join('\n') + '\n';
+  },
+
+  headersToSign: function headersToSign() {
+    var headers = [];
+    AWS.util.each(this.request.headers, function iterator(k) {
+      if (k === 'Host' || k === 'Content-Encoding' || k.match(/^X-Amz/i)) {
+        headers.push(k);
+      }
+    });
+    return headers;
+  },
+
+  signature: function signature(credentials) {
+    return AWS.util.crypto.hmac(credentials.secretAccessKey, this.stringToSign(), 'base64');
+  },
+
+  stringToSign: function stringToSign() {
+    var parts = [];
+    parts.push(this.request.method);
+    parts.push('/');
+    parts.push('');
+    parts.push(this.canonicalHeaders());
+    parts.push(this.request.body);
+    return AWS.util.crypto.sha256(parts.join('\n'));
+  }
+
+});
+
+/**
+ * @api private
+ */
+module.exports = AWS.Signers.V3;

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/v3https.js

@@ -0,0 +1,25 @@
+var AWS = require('../core');
+var inherit = AWS.util.inherit;
+
+require('./v3');
+
+/**
+ * @api private
+ */
+AWS.Signers.V3Https = inherit(AWS.Signers.V3, {
+  authorization: function authorization(credentials) {
+    return 'AWS3-HTTPS ' +
+      'AWSAccessKeyId=' + credentials.accessKeyId + ',' +
+      'Algorithm=HmacSHA256,' +
+      'Signature=' + this.signature(credentials);
+  },
+
+  stringToSign: function stringToSign() {
+    return this.request.headers['X-Amz-Date'];
+  }
+});
+
+/**
+ * @api private
+ */
+module.exports = AWS.Signers.V3Https;

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/v4.js

@@ -0,0 +1,215 @@
+var AWS = require('../core');
+var v4Credentials = require('./v4_credentials');
+var inherit = AWS.util.inherit;
+
+/**
+ * @api private
+ */
+var expiresHeader = 'presigned-expires';
+
+/**
+ * @api private
+ */
+AWS.Signers.V4 = inherit(AWS.Signers.RequestSigner, {
+  constructor: function V4(request, serviceName, options) {
+    AWS.Signers.RequestSigner.call(this, request);
+    this.serviceName = serviceName;
+    options = options || {};
+    this.signatureCache = typeof options.signatureCache === 'boolean' ? options.signatureCache : true;
+    this.operation = options.operation;
+    this.signatureVersion = options.signatureVersion;
+  },
+
+  algorithm: 'AWS4-HMAC-SHA256',
+
+  addAuthorization: function addAuthorization(credentials, date) {
+    var datetime = AWS.util.date.iso8601(date).replace(/[:\-]|\.\d{3}/g, '');
+
+    if (this.isPresigned()) {
+      this.updateForPresigned(credentials, datetime);
+    } else {
+      this.addHeaders(credentials, datetime);
+    }
+
+    this.request.headers['Authorization'] =
+      this.authorization(credentials, datetime);
+  },
+
+  addHeaders: function addHeaders(credentials, datetime) {
+    this.request.headers['X-Amz-Date'] = datetime;
+    if (credentials.sessionToken) {
+      this.request.headers['x-amz-security-token'] = credentials.sessionToken;
+    }
+  },
+
+  updateForPresigned: function updateForPresigned(credentials, datetime) {
+    var credString = this.credentialString(datetime);
+    var qs = {
+      'X-Amz-Date': datetime,
+      'X-Amz-Algorithm': this.algorithm,
+      'X-Amz-Credential': credentials.accessKeyId + '/' + credString,
+      'X-Amz-Expires': this.request.headers[expiresHeader],
+      'X-Amz-SignedHeaders': this.signedHeaders()
+    };
+
+    if (credentials.sessionToken) {
+      qs['X-Amz-Security-Token'] = credentials.sessionToken;
+    }
+
+    if (this.request.headers['Content-Type']) {
+      qs['Content-Type'] = this.request.headers['Content-Type'];
+    }
+    if (this.request.headers['Content-MD5']) {
+      qs['Content-MD5'] = this.request.headers['Content-MD5'];
+    }
+    if (this.request.headers['Cache-Control']) {
+      qs['Cache-Control'] = this.request.headers['Cache-Control'];
+    }
+
+    // need to pull in any other X-Amz-* headers
+    AWS.util.each.call(this, this.request.headers, function(key, value) {
+      if (key === expiresHeader) return;
+      if (this.isSignableHeader(key)) {
+        var lowerKey = key.toLowerCase();
+        // Metadata should be normalized
+        if (lowerKey.indexOf('x-amz-meta-') === 0) {
+          qs[lowerKey] = value;
+        } else if (lowerKey.indexOf('x-amz-') === 0) {
+          qs[key] = value;
+        }
+      }
+    });
+
+    var sep = this.request.path.indexOf('?') >= 0 ? '&' : '?';
+    this.request.path += sep + AWS.util.queryParamsToString(qs);
+  },
+
+  authorization: function authorization(credentials, datetime) {
+    var parts = [];
+    var credString = this.credentialString(datetime);
+    parts.push(this.algorithm + ' Credential=' +
+      credentials.accessKeyId + '/' + credString);
+    parts.push('SignedHeaders=' + this.signedHeaders());
+    parts.push('Signature=' + this.signature(credentials, datetime));
+    return parts.join(', ');
+  },
+
+  signature: function signature(credentials, datetime) {
+    var signingKey = v4Credentials.getSigningKey(
+      credentials,
+      datetime.substr(0, 8),
+      this.request.region,
+      this.serviceName,
+      this.signatureCache
+    );
+    return AWS.util.crypto.hmac(signingKey, this.stringToSign(datetime), 'hex');
+  },
+
+  stringToSign: function stringToSign(datetime) {
+    var parts = [];
+    parts.push('AWS4-HMAC-SHA256');
+    parts.push(datetime);
+    parts.push(this.credentialString(datetime));
+    parts.push(this.hexEncodedHash(this.canonicalString()));
+    return parts.join('\n');
+  },
+
+  canonicalString: function canonicalString() {
+    var parts = [], pathname = this.request.pathname();
+    if (this.serviceName !== 's3' && this.signatureVersion !== 's3v4') pathname = AWS.util.uriEscapePath(pathname);
+
+    parts.push(this.request.method);
+    parts.push(pathname);
+    parts.push(this.request.search());
+    parts.push(this.canonicalHeaders() + '\n');
+    parts.push(this.signedHeaders());
+    parts.push(this.hexEncodedBodyHash());
+    return parts.join('\n');
+  },
+
+  canonicalHeaders: function canonicalHeaders() {
+    var headers = [];
+    AWS.util.each.call(this, this.request.headers, function (key, item) {
+      headers.push([key, item]);
+    });
+    headers.sort(function (a, b) {
+      return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : 1;
+    });
+    var parts = [];
+    AWS.util.arrayEach.call(this, headers, function (item) {
+      var key = item[0].toLowerCase();
+      if (this.isSignableHeader(key)) {
+        var value = item[1];
+        if (typeof value === 'undefined' || value === null || typeof value.toString !== 'function') {
+          throw AWS.util.error(new Error('Header ' + key + ' contains invalid value'), {
+            code: 'InvalidHeader'
+          });
+        }
+        parts.push(key + ':' +
+          this.canonicalHeaderValues(value.toString()));
+      }
+    });
+    return parts.join('\n');
+  },
+
+  canonicalHeaderValues: function canonicalHeaderValues(values) {
+    return values.replace(/\s+/g, ' ').replace(/^\s+|\s+$/g, '');
+  },
+
+  signedHeaders: function signedHeaders() {
+    var keys = [];
+    AWS.util.each.call(this, this.request.headers, function (key) {
+      key = key.toLowerCase();
+      if (this.isSignableHeader(key)) keys.push(key);
+    });
+    return keys.sort().join(';');
+  },
+
+  credentialString: function credentialString(datetime) {
+    return v4Credentials.createScope(
+      datetime.substr(0, 8),
+      this.request.region,
+      this.serviceName
+    );
+  },
+
+  hexEncodedHash: function hash(string) {
+    return AWS.util.crypto.sha256(string, 'hex');
+  },
+
+  hexEncodedBodyHash: function hexEncodedBodyHash() {
+    var request = this.request;
+    if (this.isPresigned() && (['s3', 's3-object-lambda'].indexOf(this.serviceName) > -1) && !request.body) {
+      return 'UNSIGNED-PAYLOAD';
+    } else if (request.headers['X-Amz-Content-Sha256']) {
+      return request.headers['X-Amz-Content-Sha256'];
+    } else {
+      return this.hexEncodedHash(this.request.body || '');
+    }
+  },
+
+  unsignableHeaders: [
+    'authorization',
+    'content-type',
+    'content-length',
+    'user-agent',
+    expiresHeader,
+    'expect',
+    'x-amzn-trace-id'
+  ],
+
+  isSignableHeader: function isSignableHeader(key) {
+    if (key.toLowerCase().indexOf('x-amz-') === 0) return true;
+    return this.unsignableHeaders.indexOf(key) < 0;
+  },
+
+  isPresigned: function isPresigned() {
+    return this.request.headers[expiresHeader] ? true : false;
+  }
+
+});
+
+/**
+ * @api private
+ */
+module.exports = AWS.Signers.V4;

aws/lambda-nodejs18.x/UpdateZulipStreams/node_modules/aws-sdk/lib/signers/v4_credentials.js

@@ -0,0 +1,100 @@
+var AWS = require('../core');
+
+/**
+ * @api private
+ */
+var cachedSecret = {};
+
+/**
+ * @api private
+ */
+var cacheQueue = [];
+
+/**
+ * @api private
+ */
+var maxCacheEntries = 50;
+
+/**
+ * @api private
+ */
+var v4Identifier = 'aws4_request';
+
+/**
+ * @api private
+ */
+module.exports = {
+  /**
+   * @api private
+   *
+   * @param date [String]
+   * @param region [String]
+   * @param serviceName [String]
+   * @return [String]
+   */
+  createScope: function createScope(date, region, serviceName) {
+    return [
+      date.substr(0, 8),
+      region,
+      serviceName,
+      v4Identifier
+    ].join('/');
+  },
+
+  /**
+   * @api private
+   *
+   * @param credentials [Credentials]
+   * @param date [String]
+   * @param region [String]
+   * @param service [String]
+   * @param shouldCache [Boolean]
+   * @return [String]
+   */
+  getSigningKey: function getSigningKey(
+    credentials,
+    date,
+    region,
+    service,
+    shouldCache
+  ) {
+    var credsIdentifier = AWS.util.crypto
+      .hmac(credentials.secretAccessKey, credentials.accessKeyId, 'base64');
+    var cacheKey = [credsIdentifier, date, region, service].join('_');
+    shouldCache = shouldCache !== false;
+    if (shouldCache && (cacheKey in cachedSecret)) {
+      return cachedSecret[cacheKey];
+    }
+
+    var kDate = AWS.util.crypto.hmac(
+      'AWS4' + credentials.secretAccessKey,
+      date,
+      'buffer'
+    );
+    var kRegion = AWS.util.crypto.hmac(kDate, region, 'buffer');
+    var kService = AWS.util.crypto.hmac(kRegion, service, 'buffer');
+
+    var signingKey = AWS.util.crypto.hmac(kService, v4Identifier, 'buffer');
+    if (shouldCache) {
+      cachedSecret[cacheKey] = signingKey;
+      cacheQueue.push(cacheKey);
+      if (cacheQueue.length > maxCacheEntries) {
+        // remove the oldest entry (not the least recently used)
+        delete cachedSecret[cacheQueue.shift()];
+      }
+    }
+
+    return signingKey;
+  },
+
+  /**
+   * @api private
+   *
+   * Empties the derived signing key cache. Made available for testing purposes
+   * only.
+   */
+  emptyCache: function emptyCache() {
+    cachedSecret = {};
+    cacheQueue = [];
+  }
+};