module AWS::Core::Signature::Version4

def self.included base 

def self.included base
  base.send(:include, Signer)
end

def action_name 

def action_name
  http_method.to_s.upcase
end

def add_authorization! credentials 

def add_authorization! credentials
  datetime = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
  headers['content-type'] ||= 'application/x-www-form-urlencoded'
  headers['host'] = host
  headers['x-amz-date'] = datetime
  headers['x-amz-security-token'] = credentials.session_token if 
    credentials.session_token
  headers['authorization'] = authorization(credentials, datetime)
end

def authorization credentials, datetime 

def authorization credentials, datetime
  parts = []
  parts << "AWS4-HMAC-SHA256 Credential=#{credentials.access_key_id}/#{credential_string(datetime)}"
  parts << "SignedHeaders=#{signed_headers}"
  parts << "Signature=#{hex16(signature(credentials, datetime))}"
  parts.join(', ')
end

def canonical_header_values values 

def canonical_header_values values
  values = [values] unless values.is_a?(Array)
  values.map(&:to_s).map(&:strip).join(',')
end

def canonical_headers 

def canonical_headers
  headers = []
  self.headers.each_pair do |k,v|
    header = [k.to_s.downcase, v]
    headers << header unless header.first == 'authorization'
  end
  headers = headers.sort_by(&:first)
  headers.map{|k,v| "#{k}:#{canonical_header_values(v)}" }.join("\n")
end

def canonical_querystring 

def canonical_querystring
  http_method.to_s.upcase == 'GET' ? url_encoded_params : ''
end

def canonical_request 

def canonical_request
  parts = []
  parts << action_name
  parts << canonical_uri
  parts << canonical_querystring
  parts << canonical_headers + "\n"
  parts << signed_headers
  parts << hex16(hash(payload))
  parts.join("\n")
end

def canonical_uri 

def canonical_uri
  path
end

def credential_string datetime 

def credential_string datetime 
  parts = []
  parts << datetime[0,8]
  parts << region
  parts << service
  parts << 'aws4_request'
  parts.join("/")
end

def hash string 

def hash string
  Digest::SHA256.digest(string)
end

def hex16 string 

def hex16 string
  string.unpack('H*').first
end

def payload 

def payload
  body || ''
end

def service 

def service
  # this method is implemented in the request class for each service
  raise NotImplementedError
end

def signature credentials, datetime 

def signature credentials, datetime
  k_secret = credentials.secret_access_key
  k_date = hmac("AWS4" + k_secret, datetime[0,8])
  k_region = hmac(k_date, region)
  k_service = hmac(k_region, service)
  k_credentials = hmac(k_service, 'aws4_request')
  hmac(k_credentials, string_to_sign(datetime))
end

def signed_headers 

def signed_headers
  to_sign = headers.keys.map{|k| k.to_s.downcase }
  to_sign.delete('authorization')
  to_sign.sort.join(";")
end

def string_to_sign datetime 

def string_to_sign datetime
  parts = []
  parts << 'AWS4-HMAC-SHA256'
  parts << datetime
  parts << credential_string(datetime)
  parts << hex16(hash(canonical_request))
  parts.join("\n")
end