class Aws::Plugins::SignatureV4

Necessary to exist after endpoints 2.0
@api private

def add_handlers(handlers, cfg) 

def add_handlers(handlers, cfg)
  if cfg.unsigned_operations.empty?
    handlers.add(Handler, step: :sign)
  else
    operations = cfg.api.operation_names - cfg.unsigned_operations
    handlers.add(Handler, step: :sign, operations: operations)
  end
end

def apply_authtype(context)

Other tags:
    Api: - private 
def apply_authtype(context)
  if context.operation['authtype'].eql?('v4-unsigned-body') &&
     context.http_request.endpoint.scheme.eql?('https')
    context.http_request.headers['X-Amz-Content-Sha256'] ||= 'UNSIGNED-PAYLOAD'
  end
  context
end

def apply_signature(options = {})

Other tags:
    Api: - private 
def apply_signature(options = {})
  context = apply_authtype(options[:context])
  signer = options[:signer] || context.config.sigv4_signer
  req = context.http_request
  # in case this request is being re-signed
  req.headers.delete('Authorization')
  req.headers.delete('X-Amz-Security-Token')
  req.headers.delete('X-Amz-Date')
  req.headers.delete('x-Amz-Region-Set')
  if context.config.respond_to?(:clock_skew) &&
     context.config.clock_skew &&
     context.config.correct_clock_skew
    endpoint = context.http_request.endpoint
    skew = context.config.clock_skew.clock_correction(endpoint)
    if skew.abs > 0
      req.headers['X-Amz-Date'] = (Time.now.utc + skew).strftime("%Y%m%dT%H%M%SZ")
    end
  end
  # compute the signature
  begin
    signature = signer.sign_request(
      http_method: req.http_method,
      url: req.endpoint,
      headers: req.headers,
      body: req.body
    )
  rescue Aws::Sigv4::Errors::MissingCredentialsError
    raise Aws::Errors::MissingCredentialsError
  end
  # apply signature headers
  req.headers.update(signature.headers)
  # add request metadata with signature components for debugging
  context[:canonical_request] = signature.canonical_request
  context[:string_to_sign] = signature.string_to_sign
end

def build_signer(cfg)

Other tags:
    Api: - private 
def build_signer(cfg)
  if cfg.credentials && cfg.sigv4_region
    Aws::Sigv4::Signer.new(
      service: cfg.sigv4_name,
      region: cfg.sigv4_region,
      credentials_provider: cfg.credentials,
      unsigned_headers: ['content-length', 'user-agent', 'x-amzn-trace-id']
    )
  elsif cfg.credentials
    raise Errors::MissingRegionError
  elsif cfg.sigv4_region
    # Instead of raising now, we return a signer that raises only
    # if you attempt to sign a request. Some services have unsigned
    # operations and it okay to initialize clients for these services
    # without credentials. Unsigned operations have an "authtype"
    # trait of "none".
    MissingCredentialsSigner.new
  end
end