From: Radoslaw Zarzynski Date: Fri, 14 Apr 2017 16:14:05 +0000 (+0200) Subject: rgw: minimise the number of parameters of rgw::auth::s3::get_v4_signature. X-Git-Tag: v12.1.0~155^2~58 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4b78946f45057ee1ac2a095f8857fd3d74cbd16b;p=ceph.git rgw: minimise the number of parameters of rgw::auth::s3::get_v4_signature. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc index c6b922563292..4c78c3919042 100644 --- a/src/rgw/rgw_auth_s3.cc +++ b/src/rgw/rgw_auth_s3.cc @@ -677,14 +677,38 @@ std::string get_v4_string_to_sign(CephContext* const cct, return string_to_sign; } + +/* TODO(rzarzynski): switch to boost::string_ref. */ +static inline std::tuple +parse_cred_scope(std::string credential_scope) +{ + std::string cs_aux = credential_scope; + + /* date cred */ + string date_cs = cs_aux; + size_t pos = date_cs.find("/"); + date_cs = date_cs.substr(0, pos); + cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); + + /* region cred */ + string region_cs = cs_aux; + pos = region_cs.find("/"); + region_cs = region_cs.substr(0, pos); + cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); + + /* service cred */ + string service_cs = cs_aux; + pos = service_cs.find("/"); + service_cs = service_cs.substr(0, pos); + + return std::make_tuple(date_cs, region_cs, service_cs); +} + /* * calculate the AWS signature version 4 */ std::string get_v4_signature(CephContext* const cct, - const std::string& access_key_id, - const std::string& date, - const std::string& region, - const std::string& service, + const std::string& credential_scope, const std::string& string_to_sign, const std::string& access_key_secret, char (&signing_key)[CEPH_CRYPTO_HMACSHA256_DIGESTSIZE]) @@ -700,6 +724,9 @@ std::string get_v4_signature(CephContext* const cct, string secret_key_utf8_k(secret_k, n); + std::string date, region, service; + std::tie(date, region, service) = parse_cred_scope(credential_scope); + /* date */ char date_k[CEPH_CRYPTO_HMACSHA256_DIGESTSIZE]; diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h index 70e65bcae664..a440628afb2a 100644 --- a/src/rgw/rgw_auth_s3.h +++ b/src/rgw/rgw_auth_s3.h @@ -208,10 +208,7 @@ std::string get_v4_string_to_sign(CephContext* cct, /* TODO(rzarzynski): split the SigningKey calculation into a separated func. */ std::string get_v4_signature(CephContext* cct, - const std::string& access_key_id, - const std::string& date, - const std::string& region, - const std::string& service, + const std::string& credential_scope, const std::string& string_to_sign, const std::string& access_key_secret, /* This is a makeshift-only parameter. It'll be killed soon. */ diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index bc65e924a17e..3f0b00c272fd 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -1703,20 +1703,7 @@ int RGWPostObj_ObjStore_S3::get_policy() pos = s3_access_key.find("/"); s3_access_key = s3_access_key.substr(0, pos); cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); - /* date cred */ - date_cs = cs_aux; - pos = date_cs.find("/"); - date_cs = date_cs.substr(0, pos); - cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); - /* region cred */ - region_cs = cs_aux; - pos = region_cs.find("/"); - region_cs = region_cs.substr(0, pos); - cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); - /* service cred */ - service_cs = cs_aux; - pos = service_cs.find("/"); - service_cs = service_cs.substr(0, pos); + /* x-amz-signature handling */ if (!part_str(parts, "x-amz-signature", &received_signature_str)) { ldout(s->cct, 0) << "No aws4 signature found!" << dendl; @@ -1757,8 +1744,8 @@ int RGWPostObj_ObjStore_S3::get_policy() std::string encoded_policy_str(s->auth.s3_postobj_creds.encoded_policy.c_str(), s->auth.s3_postobj_creds.encoded_policy.length()); std::string new_signature_str = \ - rgw::auth::s3::get_v4_signature(s->cct, s3_access_key, date_cs, - region_cs, service_cs, + rgw::auth::s3::get_v4_signature(s->cct, + cs_aux, encoded_policy_str, s3_secret_key, s->aws4_auth->signing_key); @@ -3499,22 +3486,6 @@ int RGW_Auth_S3::authorize_v4_complete(RGWRados *store, struct req_state *s, con * http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html */ - string cs_aux = s->aws4_auth->credential_scope; - - string date_cs = cs_aux; - size_t pos = date_cs.find("/"); - date_cs = date_cs.substr(0, pos); - cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); - - string region_cs = cs_aux; - pos = region_cs.find("/"); - region_cs = region_cs.substr(0, pos); - cs_aux = cs_aux.substr(pos + 1, cs_aux.length()); - - string service_cs = cs_aux; - pos = service_cs.find("/"); - service_cs = service_cs.substr(0, pos); - const auto iter = s->user->access_keys.find(s->aws4_auth->access_key_id); if (iter == std::end(s->user->access_keys)) { ldout(s->cct, 10) << "ERROR: access key not encoded in user info" << dendl; @@ -3523,8 +3494,9 @@ int RGW_Auth_S3::authorize_v4_complete(RGWRados *store, struct req_state *s, con const RGWAccessKey& k = iter->second; s->aws4_auth->new_signature = \ - rgw::auth::s3::get_v4_signature(s->cct, s->aws4_auth->access_key_id, date_cs, - region_cs, service_cs, string_to_sign, + rgw::auth::s3::get_v4_signature(s->cct, + s->aws4_auth->credential_scope, + string_to_sign, k.key /* in */, s->aws4_auth->signing_key /* out */);