AWS-Signature4-1.02000755001751001751 012461507617 14103 5ustar00lsteinlstein000000000000AWS-Signature4-1.02/META.json000444001751001751 201212461507617 15654 0ustar00lsteinlstein000000000000{ "abstract" : "Create a version4 signature for Amazon Web Services", "author" : [ "Lincoln Stein " ], "dynamic_config" : 1, "generated_by" : "Module::Build version 0.4211", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : "2" }, "name" : "AWS-Signature4", "prereqs" : { "configure" : { "requires" : { "Module::Build" : "0.4205" } }, "runtime" : { "requires" : { "Date::Parse" : "0", "Digest::SHA" : "5.47", "LWP" : "5.835", "URI" : "1.59", "URI::QueryParam" : "0" } } }, "provides" : { "AWS::Signature4" : { "file" : "lib/AWS/Signature4.pm", "version" : "1.02" } }, "release_status" : "stable", "resources" : { "license" : [ "http://dev.perl.org/licenses/" ] }, "version" : "1.02" } AWS-Signature4-1.02/META.yml000444001751001751 123412461507617 15511 0ustar00lsteinlstein000000000000--- abstract: 'Create a version4 signature for Amazon Web Services' author: - 'Lincoln Stein ' build_requires: {} configure_requires: Module::Build: '0.4205' dynamic_config: 1 generated_by: 'Module::Build version 0.4211, CPAN::Meta::Converter version 2.143240' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: AWS-Signature4 provides: AWS::Signature4: file: lib/AWS/Signature4.pm version: '1.02' requires: Date::Parse: '0' Digest::SHA: '5.47' LWP: '5.835' URI: '1.59' URI::QueryParam: '0' resources: license: http://dev.perl.org/licenses/ version: '1.02' AWS-Signature4-1.02/LICENSE000444001751001751 2130512461507617 15266 0ustar00lsteinlstein000000000000The Artistic License 2.0 Copyright (c) 2014 Lincoln Stein Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble This license establishes the terms under which a given free software Package may be copied, modified, distributed, and/or redistributed. The intent is that the Copyright Holder maintains some artistic control over the development of that Package while still keeping the Package available as open source and free software. You are always permitted to make arrangements wholly outside of this license directly with the Copyright Holder of a given Package. If the terms of this license do not permit the full use that you propose to make of the Package, you should contact the Copyright Holder and seek a different licensing arrangement. Definitions "Copyright Holder" means the individual(s) or organization(s) named in the copyright notice for the entire Package. "Contributor" means any party that has contributed code or other material to the Package, in accordance with the Copyright Holder's procedures. "You" and "your" means any person who would like to copy, distribute, or modify the Package. "Package" means the collection of files distributed by the Copyright Holder, and derivatives of that collection and/or of those files. A given Package may consist of either the Standard Version, or a Modified Version. "Distribute" means providing a copy of the Package or making it accessible to anyone else, or in the case of a company or organization, to others outside of your company or organization. "Distributor Fee" means any fee that you charge for Distributing this Package or providing support for this Package to another party. It does not mean licensing fees. "Standard Version" refers to the Package if it has not been modified, or has been modified only in ways explicitly requested by the Copyright Holder. "Modified Version" means the Package, if it has been changed, and such changes were not explicitly requested by the Copyright Holder. "Original License" means this Artistic License as Distributed with the Standard Version of the Package, in its current version or as it may be modified by The Perl Foundation in the future. "Source" form means the source code, documentation source, and configuration files for the Package. "Compiled" form means the compiled bytecode, object code, binary, or any other form resulting from mechanical transformation or translation of the Source form. Permission for Use and Modification Without Distribution (1) You are permitted to use the Standard Version and create and use Modified Versions for any purpose without restriction, provided that you do not Distribute the Modified Version. Permissions for Redistribution of the Standard Version (2) You may Distribute verbatim copies of the Source form of the Standard Version of this Package in any medium without restriction, either gratis or for a Distributor Fee, provided that you duplicate all of the original copyright notices and associated disclaimers. At your discretion, such verbatim copies may or may not include a Compiled form of the Package. (3) You may apply any bug fixes, portability changes, and other modifications made available from the Copyright Holder. The resulting Package will still be considered the Standard Version, and as such will be subject to the Original License. Distribution of Modified Versions of the Package as Source (4) You may Distribute your Modified Version as Source (either gratis or for a Distributor Fee, and with or without a Compiled form of the Modified Version) provided that you clearly document how it differs from the Standard Version, including, but not limited to, documenting any non-standard features, executables, or modules, and provided that you do at least ONE of the following: (a) make the Modified Version available to the Copyright Holder of the Standard Version, under the Original License, so that the Copyright Holder may include your modifications in the Standard Version. (b) ensure that installation of your Modified Version does not prevent the user installing or running the Standard Version. In addition, the Modified Version must bear a name that is different from the name of the Standard Version. (c) allow anyone who receives a copy of the Modified Version to make the Source form of the Modified Version available to others under (i) the Original License or (ii) a license that permits the licensee to freely copy, modify and redistribute the Modified Version using the same licensing terms that apply to the copy that the licensee received, and requires that the Source form of the Modified Version, and of any works derived from it, be made freely available in that license fees are prohibited but Distributor Fees are allowed. Distribution of Compiled Forms of the Standard Version or Modified Versions without the Source (5) You may Distribute Compiled forms of the Standard Version without the Source, provided that you include complete instructions on how to get the Source of the Standard Version. Such instructions must be valid at the time of your distribution. If these instructions, at any time while you are carrying out such distribution, become invalid, you must provide new instructions on demand or cease further distribution. If you provide valid instructions or cease distribution within thirty days after you become aware that the instructions are invalid, then you do not forfeit any of your rights under this license. (6) You may Distribute a Modified Version in Compiled form without the Source, provided that you comply with Section 4 with respect to the Source of the Modified Version. Aggregating or Linking the Package (7) You may aggregate the Package (either the Standard Version or Modified Version) with other packages and Distribute the resulting aggregation provided that you do not charge a licensing fee for the Package. Distributor Fees are permitted, and licensing fees for other components in the aggregation are permitted. The terms of this license apply to the use and Distribution of the Standard or Modified Versions as included in the aggregation. (8) You are permitted to link Modified and Standard Versions with other works, to embed the Package in a larger work of your own, or to build stand-alone binary or bytecode versions of applications that include the Package, and Distribute the result without restriction, provided the result does not expose a direct interface to the Package. Items That are Not Considered Part of a Modified Version (9) Works (including, but not limited to, modules and scripts) that merely extend or make use of the Package, do not, by themselves, cause the Package to be a Modified Version. In addition, such works are not considered parts of the Package itself, and are not subject to the terms of this license. General Provisions (10) Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license. (11) If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license. (12) This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder. (13) This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed. (14) Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.AWS-Signature4-1.02/Changes000444001751001751 36312461507617 15515 0ustar00lsteinlstein0000000000001.02 -Syntax error fixes (pull request from unixtastic) -Added Date::Parse dependency (pull request from MartinMcGrath) 1.01 -Improvements to the region guessing algorithm to support s3 virtual hosts 1.00 -Basic module written. AWS-Signature4-1.02/MANIFEST000444001751001751 16712461507617 15355 0ustar00lsteinlstein000000000000Build.PL Changes lib/AWS/Signature4.pm LICENSE MANIFEST This list of files README.md t/01.basic.t META.yml META.json AWS-Signature4-1.02/Build.PL000444001751001751 115312461507617 15534 0ustar00lsteinlstein000000000000#!/usr/bin/perl use strict; use warnings; use Module::Build; my $build = Module::Build->new( module_name => 'AWS-Signature4', license => 'perl', dist_version_from => 'lib/AWS/Signature4.pm', dist_author => 'Lincoln Stein ', configure_requires => { 'Module::Build' => 0.4205 }, requires => { 'LWP' => 5.835, 'Digest::SHA' => '5.47', 'URI' => 1.59, 'URI::QueryParam' => 0, 'Date::Parse' => 0, }, build_class => 'Module::Build', ); $build->create_build_script; exit 0; AWS-Signature4-1.02/README.md000444001751001751 527112461507617 15524 0ustar00lsteinlstein000000000000AWS-Signature4 ============== This is a Perl module for generating Version 4 signatures for use with Amazon Web Services. It can be used to add authentication information to the headers of GET, POST, PUT and DELETE. The module can be also used to generate "signed" URLs. These are preauthorized URLs that contain all the authentication and header information in the URL query parameters. They can be sent to another user to, for example, grant time-limited access to a private S3 bucket. Relationship to Other Signature Modules ======================================= This module has overlapping functionality with Net::Amazon::Signature::V4, WebService::Amazon::Signature::v4, and Net::Amazon::SignatureVersion4. None of these modules offers the option of generating a signed URL, so you will want to use AWS::Signature4 if you need this functionality. Other than that, the current module is pretty simple to use and hides all of the details of generating signed requests while remaining generic. SYNOPSIS ======== 
 use AWS::Signature4;
 use HTTP::Request::Common;
 use LWP;

 my $signer = AWS::Signature4->new(-access_key => 'AKIDEXAMPLE',
                                   -secret_key => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY');
 my $ua     = LWP::UserAgent->new();

 # Example GET request on a URI
 my $uri     = URI->new('https://iam.amazonaws.com');
 $uri->query_form(Action=>'ListUsers',
		  Version=>'2010-05-08');

 my $url      = $signer->signed_url($uri); # This gives a signed URL that can be fetched by a browser
 my $response = $ua->get($url);            # Fetch it

 $time_limited_url = $signer->signed_url($uri,60*60); # This gives a signed URL valid for one hour

 # Example POST request
 my $request = POST('https://iam.amazonaws.com',
		    [Action=>'ListUsers',
		     Version=>'2010-05-08']
                    );
 $signer->sign($request);                 # This signs the request
 my $response = $ua->request($request);  #  Fetch it
INSTALLATION ============ 
 perl Build.PL
 ./Build test
 sudo ./Build install
DEVELOPMENT SITE ================ This source code for this module is hosted at https://github.com/lstein/AWS-Signature4, where you can also file bug reports and feature requests. AUTHOR & LICENSE INFORMATION ============================ Lincoln D. Stein Copyright (c) 2014 Ontario Institute for Cancer Research This package and its accompanying libraries is free software; you can redistribute it and/or modify it under the terms of the GPL (either version 1, or at your option, any later version) or the Artistic License 2.0. Refer to LICENSE for the full license text. In addition, please see DISCLAIMER.txt for disclaimers of warranty. AWS-Signature4-1.02/t000755001751001751 012461507617 14346 5ustar00lsteinlstein000000000000AWS-Signature4-1.02/t/01.basic.t000555001751001751 424712461507617 16202 0ustar00lsteinlstein000000000000#-*-Perl-*- # Before `make install' is performed this script should be runnable with # `make test'. After `make install' it should work as `perl test.t' use strict; use ExtUtils::MakeMaker; use FindBin '$Bin'; use constant TEST_COUNT => 11; use lib "$Bin/lib","$Bin/../lib","$Bin/../blib/lib","$Bin/../blib/arch"; use Test::More tests => TEST_COUNT; use_ok('AWS::Signature4'); use_ok('HTTP::Request::Common'); my $signer = AWS::Signature4->new(-access_key => 'AKIDEXAMPLE', -secret_key => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'); ok($signer,'AWS::Signature4->new'); my $request = POST('https://iam.amazonaws.com', [Action=>'ListUsers', Version=>'2010-05-08'], Date => '1 January 2014 01:00:00 -0500', ); $signer->sign($request); is($request->method,'POST','request method correct'); is($request->header('Host'),'iam.amazonaws.com','host correct'); is($request->header('X-Amz-Date'),'20140101T060000Z','timestamp correct'); is($request->content,'Action=ListUsers&Version=2010-05-08','payload correct'); is($request->header('Authorization'),'AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20140101/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=0233049369ae675cea7616efa5d2e5216c37a4b1496a36595f32181f078e3549','signature correct'); $request = GET('https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08', Date => '1 January 2014 01:00:00 -0500'); my $expected = 'https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20140101%2Fus-east-1%2Fiam%2Faws4_request&X-Amz-Date=20140101T060000Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9d0b832ec5c5ebba65a462951e29dcc2eff53b000105a727dd0f233f328e92b2'; is($signer->signed_url($request),$expected,'signed url from request correct'); my $url = 'https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08&Date=1%20January%202014%2001:00:00%20-0500'; is($signer->signed_url($url),$expected,'signed url from url correct (1)'); $url = 'https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08&Date=20140101T060000Z'; is($signer->signed_url($url),$expected,'signed url from url correct (2)'); exit 0; AWS-Signature4-1.02/lib000755001751001751 012461507617 14651 5ustar00lsteinlstein000000000000AWS-Signature4-1.02/lib/AWS000755001751001751 012461507617 15303 5ustar00lsteinlstein000000000000AWS-Signature4-1.02/lib/AWS/Signature4.pm000444001751001751 3063212461507617 20047 0ustar00lsteinlstein000000000000package AWS::Signature4; use strict; use POSIX 'strftime'; use URI; use URI::QueryParam; use URI::Escape; use Digest::SHA 'sha256_hex','hmac_sha256','hmac_sha256_hex'; use Date::Parse; use Carp 'croak'; our $VERSION = '1.02'; =head1 NAME AWS::Signature4 - Create a version4 signature for Amazon Web Services =head1 SYNOPSIS use AWS::Signature4; use HTTP::Request::Common; use LWP; my $signer = AWS::Signature4->new(-access_key => 'AKIDEXAMPLE', -secret_key => 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'); my $ua = LWP::UserAgent->new(); # Example POST request my $request = POST('https://iam.amazonaws.com', [Action=>'ListUsers', Version=>'2010-05-08']); $signer->sign($request); my $response = $ua->request($request); # Example GET request my $uri = URI->new('https://iam.amazonaws.com'); $uri->query_form(Action=>'ListUsers', Version=>'2010-05-08'); my $url = $signer->signed_url($uri); # This gives a signed URL that can be fetched by a browser my $response = $ua->get($url); =head1 DESCRIPTION This module implement's Amazon Web Service's Signature version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). =head1 METHODS =over 4 =item $signer = AWS::Signature4->new(-access_key => $account_id,-secret_key => $private_key); Create a signing object using your AWS account ID and secret key. You may also use the temporary security tokens received from Amazon's STS service, either by passing the access and secret keys derived from the token, or by passing a VM::EC2::Security::Token produced by the VM::EC2 module. Arguments: Argument name Argument Value ------------- -------------- -access_key An AWS acccess key (account ID) -secret_key An AWS secret key -security_token A VM::EC2::Security::Token object If a security token is provided, it overrides any values given for -access_key or -secret_key. If the environment variables EC2_ACCESS_KEY and/or EC2_SECRET_KEY are set, their contents are used as defaults for -acccess_key and -secret_key. =cut sub new { my $self = shift; my %args = @_; my ($id,$secret,$token); if (ref $args{-security_token} && $args{-security_token}->can('access_key_id')) { $id = $args{-security_token}->accessKeyId; $secret = $args{-security_token}->secretAccessKey; } $id ||= $args{-access_key} || $ENV{EC2_ACCESS_KEY} or croak "Please provide -access_key parameter or define environment variable EC2_ACCESS_KEY"; $secret ||= $args{-secret_key} || $ENV{EC2_SECRET_KEY} or croak "Please provide -secret_key or define environment variable EC2_SECRET_KEY"; return bless { access_key => $id, secret_key => $secret, (defined($args{-security_token}) ? (security_token => $args{-security_token}) : ()), },ref $self || $self; } sub access_key { shift->{access_key } } sub secret_key { shift->{secret_key } } =item $signer->sign($request [,$region] [,$payload_sha256_hex]) Given an HTTP::Request object, add the headers required by AWS and then sign it with a version 4 signature by adding an "Authorization" header. The request must include a URL from which the AWS endpoint and service can be derived, such as "ec2.us-east-1.amazonaws.com." In some cases (e.g. S3 bucket operations) the endpoint does not indicate the region. In this case, the region can be forced by passing a defined value for $region. The current date and time will be added to the request using an "X-Amz-Date header." To force the date and time to a fixed value, include the "Date" header in the request. The request content, or "payload" is retrieved from the HTTP::Request object by calling its content() method.. Under some circumstances the payload is not included directly in the request, but is in an external file that will be uploaded as the request is executed. In this case, you must pass a second argument containing the results of running sha256_hex() (from the Digest::SHA module) on the content. The method returns a true value if successful. On errors, it will throw an exception. =item $url = $signer->signed_url($request) This method will generate a signed GET URL for the request. The URL will include everything needed to perform the request. =back =cut sub sign { my $self = shift; my ($request,$region,$payload_sha256_hex) = @_; $self->_add_date_header($request); $self->_sign($request,$region,$payload_sha256_hex); } =item my $url $signer->signed_url($request_or_uri [,$expires]) Pass an HTTP::Request, a URI object, or just a plain URL string containing the proper endpoint and parameters needed for an AWS REST API Call. This method will return an appropriately signed request as a URI object, which can be shared with non-AWS users for the purpose of, e.g., accessing an object in a private S3 bucket. Pass an optional $expires argument to indicate that the URL will only be valid for a finite period of time. The value of the argument is in seconds. =cut sub signed_url { my $self = shift; my ($arg1,$expires) = @_; my ($request,$uri); if (ref $arg1 && UNIVERSAL::isa($arg1,'HTTP::Request')) { $request = $arg1; $uri = $request->uri; my $content = $request->content; $uri->query($content) if $content; if (my $date = $request->header('X-Amz-Date') || $request->header('Date')) { $uri->query_param('Date'=>$date); } } $uri ||= URI->new($arg1); my $date = $uri->query_param_delete('Date') || $uri->query_param_delete('X-Amz-Date'); $request = HTTP::Request->new(GET=>$uri); $request->header('Date'=> $date); $uri = $request->uri; # because HTTP::Request->new() copies the uri! return $uri if $uri->query_param('X-Amz-Signature'); my $scope = $self->_scope($request); $uri->query_param('X-Amz-Algorithm' => $self->_algorithm); $uri->query_param('X-Amz-Credential' => $self->access_key . '/' . $scope); $uri->query_param('X-Amz-Date' => $self->_datetime($request)); $uri->query_param('X-Amz-Expires' => $expires) if $expires; $uri->query_param('X-Amz-SignedHeaders' => 'host'); # If there was a security token passed, we need to supply it as part of the authorization # because AWS requires it to validate IAM Role temporary credentials. if (defined($self->{security_token})) { $uri->query_param('X-Amz-Security-Token' => $self->{security_token}); } # Since we're providing auth via query parameters, we need to include UNSIGNED-PAYLOAD # http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html # it seems to only be needed for S3. if ($scope =~ /\/s3\/aws4_request$/) { $self->_sign($request, undef, 'UNSIGNED-PAYLOAD'); } else { $self->_sign($request); } my ($algorithm,$credential,$signedheaders,$signature) = $request->header('Authorization') =~ /^(\S+) Credential=(\S+), SignedHeaders=(\S+), Signature=(\S+)/; $uri->query_param_append('X-Amz-Signature' => $signature); return $uri; } sub _add_date_header { my $self = shift; my $request = shift; my $datetime; unless ($datetime = $request->header('x-amz-date')) { $datetime = $self->_zulu_time($request); $request->header('x-amz-date'=>$datetime); } } sub _scope { my $self = shift; my ($request,$region) = @_; my $host = $request->uri->host; my $datetime = $self->_datetime($request); my ($date) = $datetime =~ /^(\d+)T/; my $service; if ($host =~ /^([\w.-]+)\.s3\.amazonaws.com/) { # S3 bucket virtual host $service = 's3'; $region ||= 'us-east-1'; } elsif ($host =~ /^[\w-]+\.s3-([\w-]+)\.amazonaws\.com/) { $service = 's3'; $region ||= $2; } elsif ($host =~ /^(\w+)[-.]([\w-]+)\.amazonaws\.com/) { $service = $1; $region ||= $2; } elsif ($host =~ /^([\w-]+)\.amazonaws\.com/) { $service = $1; $region = 'us-east-1'; } $service ||= 's3'; $region ||= 'us-east-1'; # default return "$date/$region/$service/aws4_request"; } sub _parse_scope { my $self = shift; my $scope = shift; return split '/',$scope; } sub _datetime { my $self = shift; my $request = shift; return $request->header('x-amz-date') || $self->_zulu_time($request); } sub _algorithm { return 'AWS4-HMAC-SHA256' } sub _sign { my $self = shift; my ($request,$region,$payload_sha256_hex) = @_; return if $request->header('Authorization'); # don't overwrite my $datetime = $self->_datetime($request); unless ($request->header('host')) { my $host = $request->uri->host; $request->header(host=>$host); } my $scope = $self->_scope($request,$region); my ($date,$service); ($date,$region,$service) = $self->_parse_scope($scope); my $secret_key = $self->secret_key; my $access_key = $self->access_key; my $algorithm = $self->_algorithm; my ($hashed_request,$signed_headers) = $self->_hash_canonical_request($request,$payload_sha256_hex); my $string_to_sign = $self->_string_to_sign($datetime,$scope,$hashed_request); my $signature = $self->_calculate_signature($secret_key,$service,$region,$date,$string_to_sign); $request->header(Authorization => "$algorithm Credential=$access_key/$scope, SignedHeaders=$signed_headers, Signature=$signature"); } sub _zulu_time { my $self = shift; my $request = shift; my $date = $request->header('Date'); my @datetime = $date ? gmtime(str2time($date)) : gmtime(); return strftime('%Y%m%dT%H%M%SZ',@datetime); } sub _hash_canonical_request { my $self = shift; my ($request,$hashed_payload) = @_; # (HTTP::Request,sha256_hex($content)) my $method = $request->method; my $uri = $request->uri; my $path = $uri->path || '/'; my @params = $uri->query_form; my $headers = $request->headers; $hashed_payload ||= sha256_hex($request->content); # canonicalize query string my %canonical; while (my ($key,$value) = splice(@params,0,2)) { $key = uri_escape($key); $value = uri_escape($value); push @{$canonical{$key}},$value; } my $canonical_query_string = join '&',map {my $key = $_; map {"$key=$_"} sort @{$canonical{$key}}} sort keys %canonical; # canonicalize the request headers my (@canonical,%signed_fields); for my $header (sort map {lc} $headers->header_field_names) { next if $header =~ /^date$/i; my @values = $headers->header($header); # remove redundant whitespace foreach (@values ) { next if /^".+"$/; s/^\s+//; s/\s+$//; s/(\s)\s+/$1/g; } push @canonical,"$header:".join(',',@values); $signed_fields{$header}++; } my $canonical_headers = join "\n",@canonical; $canonical_headers .= "\n"; my $signed_headers = join ';',sort map {lc} keys %signed_fields; my $canonical_request = join("\n",$method,$path,$canonical_query_string, $canonical_headers,$signed_headers,$hashed_payload); my $request_digest = sha256_hex($canonical_request); return ($request_digest,$signed_headers); } sub _string_to_sign { my $self = shift; my ($datetime,$credential_scope,$hashed_request) = @_; return join("\n",'AWS4-HMAC-SHA256',$datetime,$credential_scope,$hashed_request); } =item $signing_key = AWS::Signature4->signing_key($secret_access_key,$service_name,$region,$date) Return just the signing key in the event you wish to roll your own signature. =cut sub signing_key { my $self = shift; my ($kSecret,$service,$region,$date) = @_; my $kDate = hmac_sha256($date,'AWS4'.$kSecret); my $kRegion = hmac_sha256($region,$kDate); my $kService = hmac_sha256($service,$kRegion); my $kSigning = hmac_sha256('aws4_request',$kService); return $kSigning; } sub _calculate_signature { my $self = shift; my ($kSecret,$service,$region,$date,$string_to_sign) = @_; my $kSigning = $self->signing_key($kSecret,$service,$region,$date); return hmac_sha256_hex($string_to_sign,$kSigning); } 1; =head1 SEE ALSO L =head1 AUTHOR Lincoln Stein Elincoln.stein@gmail.comE. Copyright (c) 2014 Ontario Institute for Cancer Research This package and its accompanying libraries is free software; you can redistribute it and/or modify it under the terms of the GPL (either version 1, or at your option, any later version) or the Artistic License 2.0. Refer to LICENSE for the full license text. In addition, please see DISCLAIMER.txt for disclaimers of warranty. =cut