File Coverage

blib/lib/Ceph/RadosGW/Admin/HTTPRequest.pm

Criterion	Covered	Total	%
statement	1	3	33.3
branch			n/a
condition			n/a
subroutine	1	1	100.0
pod			n/a
total	2	4	50.0

line	stmt	sub	time	code
1				package Ceph::RadosGW::Admin::HTTPRequest;
2				$Ceph::RadosGW::Admin::HTTPRequest::VERSION = '0.4';
3	2	2	1457	use Moose 0.85;
	0
	0
4				use MooseX::StrictConstructor 0.16;
5				use HTTP::Date;
6				use MIME::Base64 qw( encode_base64 );
7				use Moose::Util::TypeConstraints;
8				use URI::Escape qw( uri_escape_utf8 );
9				use URI::QueryParam;
10				use URI;
11				use Digest::HMAC_SHA1;
12				use Digest::MD5 ();
13
14				# this is almost a direct copy of
15				# https://metacpan.org/pod/Net::Amazon::S3::HTTPRequest
16
17				# ABSTRACT: Create a signed HTTP::Request
18
19				my $METADATA_PREFIX = 'x-amz-meta-';
20				my $AMAZON_HEADER_PREFIX = 'x-amz-';
21
22				enum 'HTTPMethod' => [ qw(DELETE GET HEAD PUT POST) ];
23
24				has 'url' => ( is => 'ro', isa => 'Str', required => 1 );
25				has 'method' => ( is => 'ro', isa => 'HTTPMethod', required => 1 );
26				has 'path' => ( is => 'ro', isa => 'Str', required => 1 );
27				has 'access_key' => ( is => 'ro', isa => 'Str', required => 1 );
28				has 'secret_key' => ( is => 'ro', isa => 'Str', required => 1 );
29
30				has 'headers' =>
31				( is => 'ro', isa => 'HashRef', required => 0, default => sub { {} } );
32				has 'content' =>
33				( is => 'ro', isa => 'Str\|CodeRef', required => 0, default => '' );
34				has 'metadata' =>
35				( is => 'ro', isa => 'HashRef', required => 0, default => sub { {} } );
36
37				__PACKAGE__->meta->make_immutable;
38
39				# make the HTTP::Request object
40				sub http_request {
41				my $self = shift;
42				my $method = $self->method;
43				my $path = $self->path;
44				my $headers = $self->headers;
45				my $content = $self->content;
46				my $metadata = $self->metadata;
47				my $uri = $self->url . $path;
48
49				my $http_headers = $self->_merge_meta( $headers, $metadata );
50
51				$self->_add_auth_header( $http_headers, $method, $path )
52				unless exists $headers->{Authorization};
53
54
55
56				my $request
57				= HTTP::Request->new( $method, $uri, $http_headers, $content );
58
59				#my $req_as = $request->as_string;
60				#$req_as =~ s/[^\n\r\x20-\x7f]/?/g;
61				#$req_as = substr( $req_as, 0, 1024 ) . "\n\n";
62				#warn $req_as;
63
64				return $request;
65				}
66
67				sub query_string_authentication_uri {
68				my ( $self, $expires ) = @_;
69				my $method = $self->method;
70				my $path = $self->path;
71				my $headers = $self->headers;
72
73				my $aws_access_key_id = $self->access_key;
74				my $aws_secret_access_key = $self->secret_key;
75				my $canonical_string
76				= $self->_canonical_string( $method, $path, $headers, $expires );
77				my $encoded_canonical
78				= $self->_encode( $aws_secret_access_key, $canonical_string );
79
80				my $uri = $self->url . $path;
81				$uri = URI->new($uri);
82
83				$uri->query_param( AWSAccessKeyId => $aws_access_key_id );
84				$uri->query_param( Expires => $expires );
85				$uri->query_param( Signature => $encoded_canonical );
86
87				return $uri;
88				}
89
90
91				sub _add_auth_header {
92				my ( $self, $headers, $method, $path ) = @_;
93				my $aws_access_key_id = $self->access_key;
94				my $aws_secret_access_key = $self->secret_key;
95
96				if ( not $headers->header('Date') ) {
97				$headers->header( Date => time2str(time) );
98				}
99
100				if ( not $headers->header('Content-Type') ) {
101				$headers->header( 'Content-Type' => 'text/plain' );
102				}
103
104				if ( not $headers->header('Content-MD5') ) {
105				$headers->header( 'Content-MD5' => Digest::MD5::md5_base64($self->content));
106				}
107
108				my $canonical_string
109				= $self->_canonical_string( $method, $path, $headers );
110				my $encoded_canonical
111				= $self->_encode( $aws_secret_access_key, $canonical_string );
112				$headers->header(
113				Authorization => "AWS $aws_access_key_id:$encoded_canonical" );
114				}
115
116				# generate a canonical string for the given parameters. expires is optional and is
117				# only used by query string authentication.
118				sub _canonical_string {
119				my ( $self, $method, $path, $headers, $expires ) = @_;
120				my %interesting_headers = ();
121				while ( my ( $key, $value ) = each %$headers ) {
122				my $lk = lc $key;
123				if ( $lk eq 'content-md5'
124				or $lk eq 'content-type'
125				or $lk eq 'date'
126				or $lk =~ /^$AMAZON_HEADER_PREFIX/ )
127				{
128				$interesting_headers{$lk} = $self->_trim($value);
129				}
130				}
131
132
133
134				# just in case someone used this. it's not necessary in this lib.
135				$interesting_headers{'date'} = ''
136				if $interesting_headers{'x-amz-date'};
137
138				# if you're using expires for query string auth, then it trumps date
139				# (and x-amz-date)
140				$interesting_headers{'date'} = $expires if $expires;
141
142				my $buf = "$method\n";
143				foreach my $key ( sort keys %interesting_headers ) {
144				if ( $key =~ /^$AMAZON_HEADER_PREFIX/ ) {
145				$buf .= "$key:$interesting_headers{$key}\n";
146				} else {
147				$buf .= "$interesting_headers{$key}\n";
148				}
149				}
150
151				# don't include anything after the first ? in the resource...
152				$path =~ /^([^?]*)/;
153				$path = "/$1";
154				$path =~ s:/+:/:g;
155				$buf .= $path;
156
157
158				# ...unless there any parameters we're interested in...
159				if ( $path =~ /[&?](acl\|torrent\|location\|uploads\|delete)($\|=\|&)/ ) {
160				$buf .= "?$1";
161				} elsif ( my %query_params = URI->new($path)->query_form ){
162				#see if the remaining parsed query string provides us with any query string or upload id
163				if($query_params{partNumber} && $query_params{uploadId}){
164				#re-evaluate query string, the order of the params is important for request signing, so we can't depend on URI to do the right thing
165				$buf .= sprintf("?partNumber=%s&uploadId=%s", $query_params{partNumber}, $query_params{uploadId});
166				}
167				elsif($query_params{uploadId}){
168				$buf .= sprintf("?uploadId=%s",$query_params{uploadId});
169				}
170				}
171
172				#warn "Buf:\n$buf\n";
173
174				return $buf;
175				}
176
177				# finds the hmac-sha1 hash of the canonical string and the aws secret access key and then
178				# base64 encodes the result (optionally urlencoding after that).
179				sub _encode {
180				my ( $self, $aws_secret_access_key, $str, $urlencode ) = @_;
181				my $hmac = Digest::HMAC_SHA1->new($aws_secret_access_key);
182				$hmac->add($str);
183				my $b64 = encode_base64( $hmac->digest, '' );
184				if ($urlencode) {
185				return $self->_urlencode($b64);
186				} else {
187				return $b64;
188				}
189				}
190
191				# EU buckets must be accessed via their DNS name. This routine figures out if
192				# a given bucket name can be safely used as a DNS name.
193				sub _is_dns_bucket {
194				my $bucketname = $_[0];
195
196				if ( length $bucketname > 63 ) {
197				return 0;
198				}
199				if ( length $bucketname < 3 ) {
200				return;
201				}
202				return 0 unless $bucketname =~ m{^[a-z0-9][a-z0-9.-]+$};
203				my @components = split /\./, $bucketname;
204				for my $c (@components) {
205				return 0 if $c =~ m{^-};
206				return 0 if $c =~ m{-$};
207				return 0 if $c eq '';
208				}
209				return 1;
210				}
211
212				# generates an HTTP::Headers objects given one hash that represents http
213				# headers to set and another hash that represents an object's metadata.
214				sub _merge_meta {
215				my ( $self, $headers, $metadata ) = @_;
216				$headers \|\|= {};
217				$metadata \|\|= {};
218
219				my $http_header = HTTP::Headers->new;
220				while ( my ( $k, $v ) = each %$headers ) {
221				$http_header->header( $k => $v );
222				}
223				while ( my ( $k, $v ) = each %$metadata ) {
224				$http_header->header( "$METADATA_PREFIX$k" => $v );
225				}
226
227				return $http_header;
228				}
229
230				sub _trim {
231				my ( $self, $value ) = @_;
232				$value =~ s/^\s+//;
233				$value =~ s/\s+$//;
234				return $value;
235				}
236
237				sub _urlencode {
238				my ( $self, $unencoded ) = @_;
239				return uri_escape_utf8( $unencoded, '^A-Za-z0-9_-' );
240				}
241
242				1;
243
244				__END__
245
246				=pod
247
248				=head1 NAME
249
250				Ceph::RadosGW::Admin::HTTPRequest::HTTPRequest - Create a signed HTTP::Request
251
252				=head1 VERSION
253
254				version 0.60
255
256				=head1 SYNOPSIS
257
258				my $http_request = Ceph::RadosGW::Admin::HTTPRequest::HTTPRequest->new(
259				method => 'PUT',
260				path => $self->bucket . '/',
261				headers => $headers,
262				content => $content,
263				)->http_request;
264
265				=head1 DESCRIPTION
266
267				This module creates an HTTP::Request object that is signed
268				appropriately for Amazon S3.
269
270				=for test_synopsis no strict 'vars'
271
272				=head1 METHODS
273
274				=head2 http_request
275
276				This method creates, signs and returns a HTTP::Request object.
277
278				=head2 query_string_authentication_uri
279
280				This method creates, signs and returns a query string authentication
281				URI.
282
283				=head1 AUTHOR
284
285				Pedro Figueiredo <me@pedrofigueiredo.org>
286
287				=head1 COPYRIGHT AND LICENSE
288
289				This software is copyright (c) 2014 by Amazon Digital Services, Leon Brocard, Brad Fitzpatrick, Pedro Figueiredo.
290
291				This is free software; you can redistribute it and/or modify it under
292				the same terms as the Perl 5 programming language system itself.
293
294				=cut