{
  "context": "This criteria evaluates how well the engineer uses the aws-requests-auth package to implement AWS Signature Version 4 key derivation. The focus is on proper usage of the package's signature key derivation functionality and correct implementation of the multi-stage HMAC-SHA256 signing process.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses getSignatureKey function",
      "description": "Implementation imports and uses the getSignatureKey() helper function from aws-requests-auth package rather than reimplementing the entire key derivation process",
      "max_score": 40
    },
    {
      "name": "Correct function signature",
      "description": "The derive_signing_key() function accepts the correct parameters (secret_key, date, region, service) and calls getSignatureKey with these parameters in the correct order",
      "max_score": 20
    },
    {
      "name": "Proper key format",
      "description": "The secret key is properly formatted with 'AWS4' prefix (e.g., 'AWS4' + secret_key) before being passed to getSignatureKey, as required by AWS Signature Version 4",
      "max_score": 20
    },
    {
      "name": "Returns correct type",
      "description": "The derive_signing_key() function returns the signing key as bytes, matching the expected return type from getSignatureKey",
      "max_score": 10
    },
    {
      "name": "Implements validation function",
      "description": "The validate_signing_key() function correctly compares two byte arrays and returns a boolean result",
      "max_score": 10
    }
  ]
}