File Coverage

blib/lib/WebService/DS/SOP/Auth/V1_1/Util.pm

Criterion	Covered	Total	%
statement	33	34	97.0
branch	11	12	91.6
condition	6	8	75.0
subroutine	9	9	100.0
pod	3	3	100.0
total	62	66	93.9

line	stmt	bran	cond	sub	pod	time	code
1							package WebService::DS::SOP::Auth::V1_1::Util;
2	9			9		312017	use strict;
	9					60
	9					272
3	9			9		49	use warnings;
	9					32
	9					237
4	9			9		47	use Carp ();
	9					18
	9					179
5	9			9		4783	use Digest::SHA qw(hmac_sha256_hex);
	9					29735
	9					798
6	9			9		74	use Exporter qw(import);
	9					18
	9					313
7	9			9		4331	use JSON::XS qw(decode_json);
	9					31599
	9					3464
8
9							our @EXPORT_OK = qw( create_signature is_signature_valid );
10
11							our $SIG_VALID_FOR_SEC = 10 * 60; # Valid for 10 min by default
12
13							sub create_signature {
14	33			33	1	31119	my ($params, $app_secret) = @_;
15							my $data_string
16							= ref($params) eq 'HASH' ? create_string_from_hashref($params)
17							: !ref($params) ? $params
18	33	50				139	: do { Carp::croak("create_signature does not handle type: ". ref($params)) };
	0	100				0
19	33					571	hmac_sha256_hex($data_string, $app_secret);
20							}
21
22							sub create_string_from_hashref {
23	28			28	1	1328	my $params = shift;
24							join(
25							'&',
26							map {
27	76	100				213	Carp::croak("Structured data not allowed") if ref $params->{$_};
28	75		50			304	$_. '='. ($params->{$_} \|\| '');
29	28					91	} sort { $a cmp $b } grep { !m/^sop_/ } keys %$params
	61					145
	78					266
30							);
31							}
32
33							sub is_signature_valid {
34	12			12	1	2408	my ($sig, $params, $app_secret, $time) = @_;
35	12		66			39	$time \|\|= time;
36
37							my $req_time = ref($params) ? $params->{time}
38	12	100				101	: decode_json($params)->{time};
39
40	11	100				36	return if not $req_time;
41	9	100	100			55	return if $req_time < ($time - $SIG_VALID_FOR_SEC)
42							or $req_time > ($time + $SIG_VALID_FOR_SEC);
43
44	7					22	$sig eq create_signature($params, $app_secret);
45							}
46
47							1;
48
49							__END__
50
51							=encoding utf-8
52
53							=head1 NAME
54
55							WebService::DS::SOP::Auth::V1_1::Util - SOP version 1.1 authentication handy utilities
56
57							=head1 SYNOPSIS
58
59							use WebService::DS::SOP::Auth::V1_1 qw(create_signature is_signature_valid);
60
61							When creating a signature:
62
63							my $params = {
64							app_id => 12345,
65							app_mid => 'my-uniq-id-12345',
66							time => 123456,
67							};
68							$params->{sig} = create_signature($params, $app_secret);
69							#=> "$params" is signed with a valid HMAC SHA256 hash signature.
70
71							or when validating a signature:
72
73							my $sig = delete $params->{sig};
74							my $is_valid = is_signature_valid($sig, $params, $app_secret);
75							#=> "$is_valid" is 1 if "sig" value is acceptable.
76
77							=head1 METHODS
78
79							=head2 create_signature( $params, $app_secret )
80
81							Creates a HMAC SHA256 hash signature.
82							C<$params> can either be a SCALAR or a HASH-ref.
83
84							=head2 create_string_from_hashref( $params )
85
86							Creates a string from parameters in type hashref.
87
88							=head2 is_signature_valid( $sig, $params, $app_secret, $time )
89
90							Validates if a signature is valid for given parameters.
91							C<$time> is optional where C<time()> is used by default.
92
93							=head1 SEE ALSO
94
95							L<WebService::DS::SOP::Auth::V1_1>
96
97							=head1 LICENSE
98
99							Copyright (C) dataSpring, Inc.
100							Copyright (C) Research Panel Asia, Inc.
101
102							This library is free software; you can redistribute it and/or modify
103							it under the same terms as Perl itself.
104
105							=head1 AUTHOR
106
107							yowcow E<lt>yoko.oyama [ at ] d8aspring.comE<gt>
108
109							=cut
110