line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package WebService::Amazon::Signature::v4; |
2
|
|
|
|
|
|
|
$WebService::Amazon::Signature::v4::VERSION = '0.002'; |
3
|
1
|
|
|
1
|
|
4
|
use strict; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
28
|
|
4
|
1
|
|
|
1
|
|
4
|
use warnings; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
55
|
|
5
|
|
|
|
|
|
|
|
6
|
1
|
|
|
1
|
|
403
|
use parent qw(WebService::Amazon::Signature); |
|
1
|
|
|
|
|
234
|
|
|
1
|
|
|
|
|
5
|
|
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
=head1 NAME |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
WebService::Amazon::Signature::v4 - support for v4 of the Amazon signing method |
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
=head1 VERSION |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
version 0.002 |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
=head1 SYNOPSIS |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
my $req = 'GET / HTTP/1.1 ...'; |
19
|
|
|
|
|
|
|
my $amz = WebService::Amazon::Signature::v4->new( |
20
|
|
|
|
|
|
|
scope => '20110909/us-east-1/host/aws4_request', |
21
|
|
|
|
|
|
|
access_key => 'AKIDEXAMPLE', |
22
|
|
|
|
|
|
|
secret_key => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', |
23
|
|
|
|
|
|
|
); |
24
|
|
|
|
|
|
|
$amz->parse_request($req) |
25
|
|
|
|
|
|
|
my $signed_req = $amz->signed_request($req); |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
=head1 DESCRIPTION |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
=cut |
30
|
|
|
|
|
|
|
|
31
|
1
|
|
|
1
|
|
463
|
use Time::Moment; |
|
1
|
|
|
|
|
2963
|
|
|
1
|
|
|
|
|
26
|
|
32
|
1
|
|
|
1
|
|
462
|
use POSIX qw(strftime); |
|
1
|
|
|
|
|
5430
|
|
|
1
|
|
|
|
|
5
|
|
33
|
1
|
|
|
1
|
|
1359
|
use Digest::SHA qw(sha256 sha256_hex); |
|
1
|
|
|
|
|
22295
|
|
|
1
|
|
|
|
|
109
|
|
34
|
1
|
|
|
1
|
|
656
|
use Digest::HMAC qw(hmac hmac_hex); |
|
1
|
|
|
|
|
644
|
|
|
1
|
|
|
|
|
88
|
|
35
|
1
|
|
|
1
|
|
710
|
use List::UtilsBy qw(sort_by); |
|
1
|
|
|
|
|
1878
|
|
|
1
|
|
|
|
|
81
|
|
36
|
1
|
|
|
1
|
|
724
|
use HTTP::StreamParser::Request; |
|
1
|
|
|
|
|
7743
|
|
|
1
|
|
|
|
|
44
|
|
37
|
1
|
|
|
1
|
|
834
|
use URI; |
|
1
|
|
|
|
|
3898
|
|
|
1
|
|
|
|
|
27
|
|
38
|
1
|
|
|
1
|
|
436
|
use URI::QueryParam; |
|
1
|
|
|
|
|
522
|
|
|
1
|
|
|
|
|
26
|
|
39
|
1
|
|
|
1
|
|
5
|
use URI::Escape qw(uri_escape_utf8 uri_unescape); |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
60
|
|
40
|
|
|
|
|
|
|
|
41
|
1
|
|
|
1
|
|
3
|
use constant DEBUG => 0; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
59
|
|
42
|
|
|
|
|
|
|
|
43
|
1
|
|
|
1
|
|
448
|
use Log::Any qw($log); |
|
1
|
|
|
|
|
1375
|
|
|
1
|
|
|
|
|
4
|
|
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
=head1 METHODS - Constructor |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
=cut |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
=head2 new |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
Instantiate a signing object. Expects the following named parameters: |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
=over 4 |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
=item * scope - the scope used for requests, typically something like C<20130112/us-west-2/dynamodb/aws4_request> |
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
=item * secret_key - your secret key |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
=item * access_key - your access key |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
=back |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
=cut |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
sub new { |
66
|
31
|
|
|
31
|
1
|
64
|
my $class = shift; |
67
|
31
|
|
|
|
|
255
|
bless { |
68
|
|
|
|
|
|
|
algorithm => 'AWS4-HMAC-SHA256', |
69
|
|
|
|
|
|
|
@_ |
70
|
|
|
|
|
|
|
}, $class |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
=head1 METHODS - Accessors |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
=head2 algorithm |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
Read-only accessor for the algorithm (default is C) |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
=cut |
80
|
|
|
|
|
|
|
|
81
|
152
|
|
|
152
|
1
|
467
|
sub algorithm { shift->{algorithm} } |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
=head2 date |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
Read-only accessor for the date field. |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
=cut |
88
|
|
|
|
|
|
|
|
89
|
91
|
|
|
91
|
1
|
218
|
sub date { shift->{date} } |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
=head2 scope |
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
Read-only accessor for scope information - typically something like |
94
|
|
|
|
|
|
|
C<20110909/us-east-1/host/aws4_request>. |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
=cut |
97
|
|
|
|
|
|
|
|
98
|
274
|
|
|
274
|
1
|
1058
|
sub scope { shift->{scope} } |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
=head2 access_key |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
Readonly accessor for the access key used when signing requests. |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
=cut |
105
|
|
|
|
|
|
|
|
106
|
61
|
|
|
61
|
1
|
194
|
sub access_key { shift->{access_key} } |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
=head2 secret_key |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
Readonly accessor for the secret key used when signing requests. |
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
=cut |
113
|
|
|
|
|
|
|
|
114
|
122
|
|
|
122
|
1
|
352
|
sub secret_key { shift->{secret_key} } |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
=head2 signed_headers |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
Read-only accessor for the headers used for signing purposes |
119
|
|
|
|
|
|
|
(a string consisting of the lowercase headers separated by ; |
120
|
|
|
|
|
|
|
in lexical order) |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
=cut |
123
|
|
|
|
|
|
|
|
124
|
61
|
|
|
61
|
1
|
133
|
sub signed_headers { shift->{signed_headers} } |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
=head1 METHODS |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
=head2 parse_request |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
Parses a given request. Takes a single parameter - the HTTP request as a string. |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
=cut |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
sub parse_request { |
135
|
31
|
|
|
31
|
1
|
22460
|
my $self = shift; |
136
|
31
|
|
|
|
|
54
|
my $txt = shift; |
137
|
31
|
|
|
|
|
340
|
my $parser = HTTP::StreamParser::Request->new; |
138
|
31
|
|
|
|
|
1062
|
my $method; |
139
|
|
|
|
|
|
|
my $uri; |
140
|
0
|
|
|
|
|
0
|
my %header; |
141
|
0
|
|
|
|
|
0
|
my @headers; |
142
|
31
|
|
|
|
|
58
|
my $payload = ''; |
143
|
|
|
|
|
|
|
$parser->subscribe_to_event( |
144
|
31
|
|
|
31
|
|
2446
|
http_method => sub { $method = $_[1] }, |
145
|
31
|
|
|
31
|
|
2782
|
http_uri => sub { $uri = $_[1]; }, |
146
|
|
|
|
|
|
|
http_header => sub { |
147
|
75
|
100
|
|
75
|
|
5832
|
if(exists $header{lc $_[1]}) { |
148
|
5
|
100
|
|
|
|
25
|
$header{lc $_[1]} = [ |
149
|
|
|
|
|
|
|
$header{lc $_[1]} |
150
|
|
|
|
|
|
|
] unless ref $header{lc $_[1]}; |
151
|
5
|
|
|
|
|
5
|
push @{$header{lc $_[1]}}, $_[2] |
|
5
|
|
|
|
|
19
|
|
152
|
|
|
|
|
|
|
} else { |
153
|
70
|
|
|
|
|
326
|
$header{lc $_[1]} = $_[2] |
154
|
|
|
|
|
|
|
} |
155
|
|
|
|
|
|
|
}, |
156
|
|
|
|
|
|
|
http_body_chunk => sub { |
157
|
2
|
|
|
2
|
|
123
|
$payload .= $_[1] |
158
|
|
|
|
|
|
|
} |
159
|
31
|
|
|
|
|
492
|
); |
160
|
31
|
|
|
|
|
1530
|
$parser->parse($txt); |
161
|
31
|
|
|
|
|
1742
|
$self->{headers} = \@headers; |
162
|
31
|
|
|
|
|
72
|
$self->{header} = \%header; |
163
|
31
|
|
|
|
|
60
|
$self->{method} = $method; |
164
|
31
|
|
|
|
|
84
|
$self->{uri} = $uri; |
165
|
31
|
|
|
|
|
79
|
$self->{payload} = $payload; |
166
|
31
|
|
|
|
|
456
|
$self |
167
|
|
|
|
|
|
|
} |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
=head2 from_http_request |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
Parses information from an L instance. |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
=cut |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
sub from_http_request { |
176
|
0
|
|
|
0
|
1
|
0
|
my $self = shift; |
177
|
0
|
|
|
|
|
0
|
my $req = shift; |
178
|
0
|
|
|
|
|
0
|
$self->{method} = $req->method; |
179
|
0
|
|
|
|
|
0
|
$self->{uri} = '' . $req->uri; |
180
|
0
|
|
|
|
|
0
|
$self->{payload} = $req->content; |
181
|
0
|
|
|
|
|
0
|
my %header; |
182
|
|
|
|
|
|
|
$req->scan(sub { |
183
|
0
|
|
|
0
|
|
0
|
my ($k, $v) = @_; |
184
|
0
|
0
|
|
|
|
0
|
if(exists $header{lc $k}) { |
185
|
0
|
0
|
|
|
|
0
|
$header{lc $k} = [ |
186
|
|
|
|
|
|
|
$header{lc $k} |
187
|
|
|
|
|
|
|
] unless ref $header{lc $k}; |
188
|
0
|
|
|
|
|
0
|
push @{$header{lc $k}}, $v |
|
0
|
|
|
|
|
0
|
|
189
|
|
|
|
|
|
|
} else { |
190
|
0
|
|
|
|
|
0
|
$header{lc $k} = $v |
191
|
|
|
|
|
|
|
} |
192
|
0
|
|
|
|
|
0
|
}); |
193
|
0
|
|
|
|
|
0
|
$self->{header} = \%header; |
194
|
0
|
|
|
|
|
0
|
$self |
195
|
|
|
|
|
|
|
} |
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
=head2 canonical_request |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
Returns the string form of the canonical request, used |
200
|
|
|
|
|
|
|
as an intermediate point in generating the signature. |
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
=cut |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
sub canonical_request { |
205
|
121
|
|
|
121
|
1
|
12438
|
my $self = shift; |
206
|
|
|
|
|
|
|
|
207
|
121
|
|
|
|
|
133
|
my %header = %{$self->{header}}; |
|
121
|
|
|
|
|
664
|
|
208
|
121
|
|
|
|
|
218
|
my $method = $self->{method}; |
209
|
121
|
|
|
|
|
167
|
my $payload = $self->{payload}; |
210
|
121
|
|
|
|
|
172
|
my $uri = $self->{uri}; |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
# Strip all leading/trailing whitespace from headers, |
213
|
|
|
|
|
|
|
# convert to canonical comma-separated format |
214
|
121
|
|
|
|
|
535
|
s/^\s+//, s/\s+$// for map @$_, grep ref($_), values %header; |
215
|
121
|
|
|
|
|
318
|
$_ = join ',', sort @$_ for grep ref($_), values %header; |
216
|
121
|
|
|
|
|
1115
|
s/^\s+//, s/\s+$// for values %header; |
217
|
|
|
|
|
|
|
|
218
|
121
|
|
|
|
|
262
|
$uri =~ s{ .*$}{}g; |
219
|
121
|
|
|
|
|
165
|
$uri =~ s{#}{%23}g; |
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
# We're not actually connecting to this so a default |
222
|
|
|
|
|
|
|
# value should be safe here. Only used to ensure URI |
223
|
|
|
|
|
|
|
# detects this as an HTTP URI. |
224
|
121
|
50
|
33
|
|
|
878
|
$uri = 'http://localhost' . $uri if !length($uri) or $uri !~ /^https?:/; |
225
|
|
|
|
|
|
|
|
226
|
121
|
50
|
|
|
|
788
|
my $u = (ref $uri ? $uri : URI->new($uri))->clone->canonical; |
227
|
121
|
|
|
|
|
26654
|
$uri = $u->path; |
228
|
121
|
|
|
|
|
891
|
my $path = ''; |
229
|
121
|
|
|
|
|
325
|
while(length $uri) { |
230
|
173
|
50
|
33
|
|
|
1450
|
if(substr($uri, 0, 3) eq '../') { |
|
|
50
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
231
|
0
|
|
|
|
|
0
|
substr $uri, 0, 3, ''; |
232
|
|
|
|
|
|
|
} elsif(substr($uri, 0, 2) eq './') { |
233
|
0
|
|
|
|
|
0
|
substr $uri, 0, 2, ''; |
234
|
|
|
|
|
|
|
} elsif(substr($uri, 0, 3) eq '/./') { |
235
|
8
|
|
|
|
|
21
|
substr $uri, 0, 3, '/'; |
236
|
|
|
|
|
|
|
} elsif(substr($uri, 0, 4) eq '/../') { |
237
|
4
|
|
|
|
|
10
|
substr $uri, 0, 4, '/'; |
238
|
4
|
|
|
|
|
17
|
$path =~ s{/?[^/]*$}{}; |
239
|
|
|
|
|
|
|
} elsif(substr($uri, 0, 3) eq '/..') { |
240
|
8
|
|
|
|
|
15
|
substr $uri, 0, 3, '/'; |
241
|
8
|
|
|
|
|
34
|
$path =~ s{/?[^/]*$}{}; |
242
|
|
|
|
|
|
|
} elsif(substr($uri, 0, 2) eq '/.') { |
243
|
0
|
|
|
|
|
0
|
substr $uri, 0, 3, '/'; |
244
|
|
|
|
|
|
|
} elsif($uri eq '.' or $uri eq '..') { |
245
|
0
|
|
|
|
|
0
|
$uri = ''; |
246
|
|
|
|
|
|
|
} else { |
247
|
153
|
50
|
|
|
|
967
|
$path .= $1 if $uri =~ s{^(/?[^/]*)}{}; |
248
|
|
|
|
|
|
|
} |
249
|
|
|
|
|
|
|
} |
250
|
121
|
|
|
|
|
414
|
$path =~ s{/+}{/}g; |
251
|
121
|
|
|
|
|
308
|
$u->path($path); |
252
|
121
|
|
|
|
|
3243
|
my @query; |
253
|
121
|
100
|
|
|
|
364
|
if(length $u->query) { |
254
|
40
|
|
|
|
|
416
|
for my $qp (split /&/, $u->query) { |
255
|
56
|
|
|
|
|
480
|
my ($k, $v) = map uri_unescape($_), split /=/, $qp, 2; |
256
|
56
|
|
|
|
|
641
|
for ($k, $v) { |
257
|
112
|
|
100
|
|
|
939
|
$_ //= ''; |
258
|
112
|
|
|
|
|
135
|
s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; |
|
0
|
|
|
|
|
0
|
|
259
|
112
|
|
|
|
|
239
|
$_ = Encode::decode('UTF-8' => $_); |
260
|
112
|
|
|
|
|
3519
|
s{\+}{ }g; |
261
|
112
|
|
|
|
|
224
|
$_ = uri_escape_utf8($_); |
262
|
|
|
|
|
|
|
} |
263
|
56
|
|
|
|
|
822
|
push @query, "$k=$_" for $v |
264
|
|
|
|
|
|
|
} |
265
|
|
|
|
|
|
|
} |
266
|
121
|
|
|
|
|
1041
|
my $query = join '&', sort @query; |
267
|
|
|
|
|
|
|
|
268
|
|
|
|
|
|
|
# Now apply the date. This can come from various sources: |
269
|
|
|
|
|
|
|
# * X-Amz-Date: |
270
|
|
|
|
|
|
|
# * Date: |
271
|
|
|
|
|
|
|
# * Current date/time |
272
|
121
|
50
|
|
|
|
399
|
if(exists $header{'x-amz-date'}) { |
|
|
50
|
|
|
|
|
|
273
|
0
|
|
|
|
|
0
|
$self->{date} = $header{'x-amz-date'}; |
274
|
|
|
|
|
|
|
} elsif(exists $header{'date'}) { |
275
|
121
|
|
|
|
|
134
|
eval { |
276
|
121
|
|
|
|
|
1336692
|
require Time::Piece; |
277
|
121
|
|
|
|
|
11628
|
$self->{date} = Time::Piece->strptime($header{date}, '%a, %d %b %Y %H:%M:%S GMT')->strftime('%Y%m%dT%H%M%SZ'); |
278
|
|
|
|
|
|
|
}; |
279
|
|
|
|
|
|
|
# ignore $@, we'll fall through to default value on failure |
280
|
|
|
|
|
|
|
} |
281
|
|
|
|
|
|
|
# Worst-case scenario: apply a default value. |
282
|
121
|
|
33
|
|
|
7752
|
$self->{date} ||= strftime '%Y%m%dT%H%M%SZ', gmtime; |
283
|
|
|
|
|
|
|
|
284
|
121
|
|
|
|
|
314
|
my $can_req = join "\n", |
285
|
|
|
|
|
|
|
$method, |
286
|
|
|
|
|
|
|
$path, |
287
|
|
|
|
|
|
|
$query; |
288
|
121
|
|
|
271
|
|
896
|
my @can_header = map { lc($_) . ':' . $header{$_} } sort_by { lc } keys %header; |
|
271
|
|
|
|
|
2027
|
|
|
271
|
|
|
|
|
1645
|
|
289
|
121
|
|
|
|
|
581
|
$can_req .= "\n" . join "\n", @can_header; |
290
|
121
|
|
|
|
|
588
|
$can_req .= "\n\n" . join ';', sort map lc, keys %header; |
291
|
121
|
|
|
|
|
540
|
$self->{signed_headers} = join ';', sort map lc, keys %header; |
292
|
121
|
|
|
|
|
1201
|
$can_req .= "\n" . sha256_hex($payload); |
293
|
121
|
|
|
|
|
601
|
return $can_req; |
294
|
|
|
|
|
|
|
} |
295
|
|
|
|
|
|
|
|
296
|
|
|
|
|
|
|
=head2 string_to_sign |
297
|
|
|
|
|
|
|
|
298
|
|
|
|
|
|
|
Returns the \n-separated string as the last step before |
299
|
|
|
|
|
|
|
generating the signature itself. |
300
|
|
|
|
|
|
|
|
301
|
|
|
|
|
|
|
=cut |
302
|
|
|
|
|
|
|
|
303
|
|
|
|
|
|
|
sub string_to_sign { |
304
|
91
|
|
|
91
|
1
|
16393
|
my $self = shift; |
305
|
91
|
|
|
|
|
190
|
my $can_req = $self->canonical_request; |
306
|
91
|
|
|
|
|
101
|
$log->debugf("Canonical request:\n%s", $can_req) if DEBUG; |
307
|
91
|
|
|
|
|
701
|
my $hashed = sha256_hex($can_req); |
308
|
91
|
|
|
|
|
91
|
$log->debugf("Hashed [%s]", $hashed) if DEBUG; |
309
|
91
|
|
|
|
|
274
|
my $to_sign = join "\n", |
310
|
|
|
|
|
|
|
$self->algorithm, |
311
|
|
|
|
|
|
|
$self->date, |
312
|
|
|
|
|
|
|
$self->scope, |
313
|
|
|
|
|
|
|
$hashed; |
314
|
91
|
|
|
|
|
99
|
$log->debugf("To sign:\n%s", $to_sign) if DEBUG; |
315
|
91
|
|
|
|
|
326
|
$to_sign |
316
|
|
|
|
|
|
|
} |
317
|
|
|
|
|
|
|
|
318
|
|
|
|
|
|
|
=head2 calculate_signature |
319
|
|
|
|
|
|
|
|
320
|
|
|
|
|
|
|
Calculates the signature for the current request and returns it |
321
|
|
|
|
|
|
|
as a string suitable for the C header. |
322
|
|
|
|
|
|
|
|
323
|
|
|
|
|
|
|
=cut |
324
|
|
|
|
|
|
|
|
325
|
|
|
|
|
|
|
sub calculate_signature { |
326
|
61
|
|
|
61
|
1
|
14700
|
my $self = shift; |
327
|
61
|
50
|
|
|
|
155
|
die "No secret key" unless defined($self->secret_key); |
328
|
61
|
50
|
|
|
|
118
|
die "No scope" unless defined($self->scope); |
329
|
61
|
|
|
|
|
116
|
my $hmac = 'AWS4' . $self->secret_key; |
330
|
61
|
|
|
|
|
419
|
$hmac = hmac($_, $hmac, \&sha256) for split qr{/}, $self->scope; |
331
|
61
|
|
|
|
|
3814
|
my $signature = hmac_hex($self->string_to_sign, $hmac, \&sha256); |
332
|
61
|
|
|
|
|
1458
|
my $headers = $self->signed_headers; |
333
|
61
|
|
|
|
|
103
|
return $self->algorithm . ' Credential=' . $self->access_key . '/' . $self->scope . ', SignedHeaders=' . $headers . ', Signature=' . $signature; |
334
|
|
|
|
|
|
|
} |
335
|
|
|
|
|
|
|
|
336
|
|
|
|
|
|
|
=head2 signed_request |
337
|
|
|
|
|
|
|
|
338
|
|
|
|
|
|
|
Returns a signed version of the request. |
339
|
|
|
|
|
|
|
|
340
|
|
|
|
|
|
|
=cut |
341
|
|
|
|
|
|
|
|
342
|
|
|
|
|
|
|
sub signed_request { |
343
|
31
|
|
|
31
|
1
|
14622
|
my $self = shift; |
344
|
31
|
|
|
|
|
55
|
my $req = shift; |
345
|
31
|
|
|
|
|
73
|
my $signature = $self->calculate_signature; |
346
|
31
|
|
|
|
|
273
|
$req =~ s{\x0D\x0A\x0D\x0A}{\x0D\x0AAuthorization: $signature\x0D\x0A\x0D\x0A}; |
347
|
31
|
|
|
|
|
176
|
$req |
348
|
|
|
|
|
|
|
} |
349
|
|
|
|
|
|
|
|
350
|
|
|
|
|
|
|
1; |
351
|
|
|
|
|
|
|
|
352
|
|
|
|
|
|
|
__END__ |