return std::make_tuple(ok, dest, header_time);
}
-int rgw_get_s3_header_digest(const string& auth_hdr, const string& key,
- string& dest);
-int rgw_get_s3_header_digest(const string& auth_hdr, const string& key, string& dest);
+int rgw_get_s3_header_digest(const std::string& auth_hdr,
+ const std::string& key,
+ std::string& dest);
namespace rgw {
namespace auth {
std::string get_v4_signature(CephContext* cct,
const std::array<unsigned char, CEPH_CRYPTO_HMACSHA256_DIGESTSIZE>& signing_key,
const std::string& string_to_sign);
+
+static inline
+std::string get_v2_signature(CephContext*,
+ const std::string& secret_key,
+ const std::string& string_to_sign) {
+ std::string signature_dest;
+ const int ret = rgw_get_s3_header_digest(string_to_sign, secret_key,
+ signature_dest);
+ if (ret < 0) {
+ throw ret;
+ } else {
+ return signature_dest;
+ }
+}
+
} /* namespace s3 */
} /* namespace auth */
} /* namespace rgw */
}
}
+
+static rgw::auth::Completer::cmplptr_t null_completer_factory()
+{
+ return nullptr;
+}
+
std::tuple<Version2ndEngine::Extractor::access_key_id_t,
Version2ndEngine::Extractor::signature_t,
- Version2ndEngine::Extractor::string_to_sign_t>
+ Version2ndEngine::Extractor::string_to_sign_t,
+ Version2ndEngine::Extractor::signature_factory_t,
+ Version2ndEngine::Extractor::completer_factory_t>
rgw::auth::s3::RGWS3V2Extractor::get_auth_data(const req_state* const s) const
{
std::string access_key_id;
return std::make_tuple(std::move(access_key_id),
std::move(signature),
- std::move(string_to_sign));
+ std::move(string_to_sign),
+ rgw::auth::s3::get_v2_signature,
+ null_completer_factory);
+}
+
+std::tuple<Version2ndEngine::Extractor::access_key_id_t,
+ Version2ndEngine::Extractor::signature_t,
+ Version2ndEngine::Extractor::string_to_sign_t,
+ Version2ndEngine::Extractor::signature_factory_t,
+ Version2ndEngine::Extractor::completer_factory_t>
+RGWGetPolicyV2Extractor::get_auth_data(const req_state* const s) const
+{
+ return std::make_tuple(s->auth.s3_postobj_creds.access_key,
+ s->auth.s3_postobj_creds.signature,
+ to_string(s->auth.s3_postobj_creds.encoded_policy),
+ rgw::auth::s3::get_v2_signature,
+ null_completer_factory);
}
} /* namespace s3 */
using signature_t = std::string;
using string_to_sign_t = std::string;
+ /* Transformation for crafting the AWS signature at server side which is
+ * used later to compare with the user-provided one. The methodology for
+ * doing that depends on AWS auth version. */
+ using signature_factory_t = \
+ std::function<std::string(CephContext* cct,
+ const std::string& secret_key,
+ const std::string& string_to_sign)>;
+
+ /* Return an instance of Completer for verifying the payload's fingerprint
+ * if necessary. Otherwise caller gets nullptr. */
+ using completer_factory_t = \
+ std::function<rgw::auth::Completer::cmplptr_t(void)>;
+
virtual std::tuple<access_key_id_t,
signature_t,
- string_to_sign_t>
+ string_to_sign_t,
+ signature_factory_t,
+ completer_factory_t>
get_auth_data(const req_state* s) const = 0;
};
std::string signature;
std::string string_to_sign;
+ Extractor::signature_factory_t signing_key_factory;
+ Extractor::completer_factory_t completer_factory;
+
/* Small reminder: an extractor is allowed to throw! */
- std::tie(access_key_id, signature, string_to_sign) = \
- extractor.get_auth_data(s);
+ std::tie(access_key_id,
+ signature,
+ string_to_sign,
+ signing_key_factory,
+ completer_factory) = extractor.get_auth_data(s);
if (access_key_id.empty() || signature.empty()) {
return result_t::deny(-EINVAL);
std::tuple<access_key_id_t,
signature_t,
- string_to_sign_t>
+ string_to_sign_t,
+ signature_factory_t,
+ completer_factory_t>
get_auth_data(const req_state* s) const override;
};
std::tuple<access_key_id_t,
signature_t,
- string_to_sign_t>
- get_auth_data(const req_state* s) const override {
- return std::make_tuple(s->auth.s3_postobj_creds.access_key,
- s->auth.s3_postobj_creds.signature,
- to_string(s->auth.s3_postobj_creds.encoded_policy));
- }
+ string_to_sign_t,
+ signature_factory_t,
+ completer_factory_t>
+ get_auth_data(const req_state* s) const override;
};
projects / ceph.git / commitdiff