rgw: replace magic strings in the AWSv4 code.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>

diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h
index 0d9c8eac28a8243ed122701a5fc29233377bff97..2cb8c0da6a00ee1319c71221adc1c3135341ac3a 100644 (file)
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@@ -9,6 +9,7 @@
 #include <string>
 #include <tuple>
 
+#include <boost/algorithm/string.hpp>
 #include <boost/container/static_vector.hpp>
 #include <boost/utility/string_ref.hpp>
 #include <boost/utility/string_view.hpp>
@@ -322,6 +323,11 @@ static constexpr char AWS4_HMAC_SHA256_STR[] = "AWS4-HMAC-SHA256";
 static constexpr char AWS4_EMPTY_PAYLOAD_HASH[] = \
   "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
 
+static constexpr char AWS4_UNSIGNED_PAYLOAD_HASH[] = "UNSIGNED-PAYLOAD";
+
+static constexpr char AWS4_STREAMING_PAYLOAD_HASH[] = \
+  "STREAMING-AWS4-HMAC-SHA256-PAYLOAD";
+
 int parse_credentials(const req_info& info,                     /* in */
                       boost::string_view& access_key_id,        /* out */
                       boost::string_view& credential_scope,     /* out */
@@ -365,7 +371,7 @@ static inline const char* get_v4_exp_payload_hash(const req_info& info)
      *  when you create a presigned URL, you don't know the payload content
      *  because the URL is used to upload an arbitrary payload. Instead, you
      *  use a constant string UNSIGNED-PAYLOAD. */
-    expected_request_payload_hash = "UNSIGNED-PAYLOAD";
+    expected_request_payload_hash = AWS4_UNSIGNED_PAYLOAD_HASH;
   }
 
   return expected_request_payload_hash;
@@ -373,7 +379,7 @@ static inline const char* get_v4_exp_payload_hash(const req_info& info)
 
 static inline bool is_v4_payload_unsigned(const char* const exp_payload_hash)
 {
-  return boost::string_ref("UNSIGNED-PAYLOAD").compare(exp_payload_hash) == 0;
+  return boost::equals(exp_payload_hash, AWS4_UNSIGNED_PAYLOAD_HASH);
 }
 
 static inline bool is_v4_payload_empty(const req_state* const s)
@@ -389,7 +395,7 @@ static inline bool is_v4_payload_empty(const req_state* const s)
 
 static inline bool is_v4_payload_streamed(const char* const exp_payload_hash)
 {
-  return boost::string_ref("STREAMING-AWS4-HMAC-SHA256-PAYLOAD").compare(exp_payload_hash) == 0;
+  return boost::equals(exp_payload_hash, AWS4_STREAMING_PAYLOAD_HASH);
 }
 
 std::string get_v4_canonical_qs(const req_info& info, bool using_qs);

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index f8a76071847f7ea2c4517e7a19b9bfd2d0a354a1..49895bee710aeecb6085f687e45096eb43da5c56 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -1507,8 +1507,9 @@ int RGWPostObj_ObjStore_S3::get_policy()
     bool aws4_auth = false;
 
     /* x-amz-algorithm handling */
+    using rgw::auth::s3::AWS4_HMAC_SHA256_STR;
     if ((part_str(parts, "x-amz-algorithm", &s->auth.s3_postobj_creds.x_amz_algorithm)) &&
-        (s->auth.s3_postobj_creds.x_amz_algorithm.compare("AWS4-HMAC-SHA256") == 0)) {
+        (s->auth.s3_postobj_creds.x_amz_algorithm == AWS4_HMAC_SHA256_STR)) {
       ldout(s->cct, 0) << "Signature verification algorithm AWS v4 (AWS4-HMAC-SHA256)" << dendl;
       aws4_auth = true;
     } else {
@@ -3640,7 +3641,7 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
 
   auto string_to_sign = \
     rgw::auth::s3::get_v4_string_to_sign(s->cct,
-                                         "AWS4-HMAC-SHA256",
+                                         AWS4_HMAC_SHA256_STR,
                                          date,
                                          credential_scope,
                                          std::move(canonical_req_hash));
@@ -3869,7 +3870,7 @@ std::tuple<AWSVerAbstractor::access_key_id_t,
            AWSVerAbstractor::completer_factory_t>
 AWSBrowserUploadAbstractor::get_auth_data(const req_state* const s) const
 {
-  if (s->auth.s3_postobj_creds.x_amz_algorithm == "AWS4-HMAC-SHA256") {
+  if (s->auth.s3_postobj_creds.x_amz_algorithm == AWS4_HMAC_SHA256_STR) {
     ldout(s->cct, 0) << "Signature verification algorithm AWS v4"
                      << " (AWS4-HMAC-SHA256)" << dendl;
     return get_auth_data_v2(s);