AwsRestClient.qm.dox.h

// -*- mode: c++; indent-tabs-mode: nil -*-
 
/*  AwsRestClient.qm Copyright (C) 2019 - 2022 Qore Technologies, s.r.o.
 
    Permission is hereby granted, free of charge, to any person obtaining a
    copy of this software and associated documentation files (the "Software"),
    to deal in the Software without restriction, including without limitation
    the rights to use, copy, modify, merge, publish, distribute, sublicense,
    and/or sell copies of the Software, and to permit persons to whom the
    Software is furnished to do so, subject to the following conditions:
 
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
 
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    DEALINGS IN THE SOFTWARE.
*/
 
// minimum qore version
 
// require type definitions everywhere
 
// enable all warnings
 
// don't use "$" for vars, members, and methods, assume local variable scope
 
// do not ignore argument errors
 
 
}
 
namespace AwsRestClient {
 
class AwsRestClient : public RestClient::RestClient {
 
public:
        const DefaultSendEncoding = "gzip";
 
        const RequiredOptions = ...;
 
 
        const QoreDigest = CRYPTO_DIGEST_SHA256;
 
        const AwsSignatureAlgorithm = "AWS4-HMAC-SHA256";
 
        const AwsTermination = "aws4_request";
 
private:
        // the AWS access key ID
        string aws_keyid;
        // the AWS secret access key
        string aws_secret;
        // the AWS region
        string aws_region;
        // the AWS service
        string aws_service;
        // is this request for AWS S3?
        bool aws_s3 = False;
        // temporary session token
        string aws_token;
        // credential scope suffix
        string credential_scope_suffix;
 
public:
 
 
    constructor(hash<auto> opts, *softbool do_not_connect) ;
 
 
    hash<auto> sendAndDecodeResponse(*data body, string m, string path, hash<auto> hdr, *reference<hash<auto>> info, *softbool decode_errors);
 
 
    string getSignature(string http_method, string path, reference<hash<auto>> hdr, *data body, date gmtime,
        string scope, reference<string> signed_headers) {
        string req_string = getRequestString(http_method, path, \hdr, body, gmtime, scope, \signed_headers);
 
        // calculate a signature
        string gmdate = gmtime.format("YYYYMMDD");
        // 1: key, date
        binary signing_key = hmac(QoreDigest, gmdate, "AWS4" + aws_secret);
        // 2: hash, region
        signing_key = hmac(QoreDigest, aws_region, signing_key);
        // 3: hash, service
        signing_key = hmac(QoreDigest, aws_service, signing_key);
        // 4: hash, termination
        signing_key = hmac(QoreDigest, AwsTermination, signing_key);
 
        string sig = hmac(QoreDigest, req_string, signing_key).toHex();
 
        return sig;
    }
 
    private string getRequestString(string http_method, string path, reference<hash<auto>> hdr, *data body, date gmtime,
        string scope, reference<string> signed_headers) {
        // get AWS date value
        string aws_date = gmtime.format("YYYYMMDDTHHmmSS") + "Z";
        hdr."X-Amz-Date" = aws_date;
        string csig = getCanonicalSignature(http_method, path, hdr, body, \signed_headers);
 
        string msg = AwsSignatureAlgorithm + "\n"
            + aws_date + "\n"
            + scope + "\n"
            + csig;
 
        return msg;
    }
 
    private string getCanonicalSignature(string http_method, string path, hash<auto> hdr, *data body,
        reference<string> signed_headers) {
        // create the canonical string
        // 1: HTTP request method
        string cstr = http_method + "\n";
 
        // make canonical URI
        hash<UriQueryInfo> uri_info = parse_uri_query(path);
 
        // 2: canonical URI parameter
        string uri = uri_info.method ?? "/";
 
        // normalize the path if not an S3 request
        if (!aws_s3);
 
 
        // URI-encode the path
        uri = encode_url(uri, False);
        // non-AWS-S3 requests must be URI-encoded twice
        // https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
        if (!aws_s3);
 
        // add to canonical string
        cstr += uri + "\n";
 
        // 3: canonical query string
        if (uri_info.params);
 
        cstr += "\n";
 
        // 4: canonical headers
        // convert header keys to lowercase
        hdr = map {$1.key.lwr(): $1.value}, hdr.pairIterator();
        // add host header
        hdr += {"host": getHostHeaderValue()};
 
        // sort headers
        hdr = map {$1: hdr{$1}}, sort(keys hdr);
 
        cstr += (
            foldl $1 + $2, (
                map
private:
      static string trimall(string str) {            "cls": Class::forName("AwsRestConnection"),
            "options": RestConnection::ConnectionScheme.options + {
                "data": <ConnectionOptionInfo>{
                    "type": "string",
                    "desc": "data serialization options are limited to `json` with this object",
                    "allowed_values": (
                        <AllowedValueInfo>{
                            "value": "json",
                            "desc": "use JSON serialization",
                        },
                    ),
                    "default_value": "json",
                },
                "aws_keyid": <ConnectionOptionInfo>{
                    "type": "string",
                    "desc": "AWS key ID",
                },
                "aws_secret": <ConnectionOptionInfo>{
                    "type": "string",
                    "desc": "the AWS secret access key value",
                    "sensitive": True,
                },
                "aws_region": <ConnectionOptionInfo>{
                    "type": "string",
                    "desc": "the AWS region to use (ex: `us-east-1`)",
                },
                "aws_service": <ConnectionOptionInfo>{
                    "type": "string",
                    "desc": "the AWS service to use (ex: `iam`)",
                },
                "aws_s3": <ConnectionOptionInfo>{
                    "type": "bool",
                    "desc": "set to `True` to flag this object for use with AWS S3, which requires special "
                        "message encoding",
                    "default_value": False,
                },
                "aws_token": <ConnectionOptionInfo>{
                    "type": "string",
                    "desc": "a temporary session token from AWS Security Token Service for this HTTP session",
                },
            },
            "required_options": foldl $1 + "," + $2, AwsRestClient::RequiredOptions,
        };
    }
 
 
    constructor(string name, string description, string url, hash<auto> attributes = {}, hash<auto> options = {})
 ;
 
 
    string getType();
 
 
 
    DataProvider::AbstractDataProvider getDataProvider();
 
 
 
    bool hasDataProvider();
 
 
 
     AwsRestClient getImpl(bool connect = True, *hash<auto> rtopts);
 
     hash<ConnectionSchemeInfo> getConnectionSchemeInfoImpl();
};
};