AwsRestClient/html/_aws_rest_client_8qm_8dox_8h_source.html

// -*- mode: c++; indent-tabs-mode: nil -*-


/*  AwsRestClient.qm Copyright (C) 2019 - 2023 Qore Technologies, s.r.o.


    Permission is hereby granted, free of charge, to any person obtaining a

    copy of this software and associated documentation files (the "Software"),

    to deal in the Software without restriction, including without limitation

    the rights to use, copy, modify, merge, publish, distribute, sublicense,

    and/or sell copies of the Software, and to permit persons to whom the

    Software is furnished to do so, subject to the following conditions:


    The above copyright notice and this permission notice shall be included in

    all copies or substantial portions of the Software.


    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING

    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER

    DEALINGS IN THE SOFTWARE.

*/


// minimum qore version


// require type definitions everywhere


// enable all warnings


// don't use "$" for vars, members, and methods, assume local variable scope


// do not ignore argument errors


}


namespace AwsRestClient {


class AwsRestClient : public RestClient::RestClient {


public:

        const DefaultSendEncoding = "gzip";


        const RequiredOptions = ...;


        const QoreDigest = CRYPTO_DIGEST_SHA256;


        const AwsSignatureAlgorithm = "AWS4-HMAC-SHA256";


        const AwsTermination = "aws4_request";


private:

        // the AWS access key ID

        string aws_keyid;

        // the AWS secret access key

        string aws_secret;

        // the AWS region

        string aws_region;

        // the AWS service

        string aws_service;

        // is this request for AWS S3?

        bool aws_s3 = False;

        // temporary session token

        string aws_token;

        // credential scope suffix

        string credential_scope_suffix;


public:


    constructor(hash<auto> opts, *softbool do_not_connect) ;


    hash<auto> sendAndDecodeResponse(*data body, string m, string path, hash<auto> hdr, *reference<hash<auto>> info,

            *softbool decode_errors) {

        // get request time

        date gmtime = Qore::gmtime();

        // get credential scope

        string scope = sprintf("%s/%s", gmtime.format("YYYYMMDD"), credential_scope_suffix);


        // get signature and signed header string

        string signed_headers;


        // add configured headers without overriding

        hdr = headers + hdr;


        // get signature

        string sig = getSignature(m, path, \hdr, body, gmtime, scope, \signed_headers);


        // add authorization header

        hdr.Authorization = sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s",

            AwsSignatureAlgorithm, aws_keyid, scope, signed_headers, sig);


        return RestClient::sendAndDecodeResponse(body, m, path, hdr, \info, decode_errors);

    }


    string getSignature(string http_method, string path, reference<hash<auto>> hdr, *data body, date gmtime,

        string scope, reference<string> signed_headers) {

        string req_string = getRequestString(http_method, path, \hdr, body, gmtime, scope, \signed_headers);


        // calculate a signature

        string gmdate = gmtime.format("YYYYMMDD");

        // 1: key, date

        binary signing_key = hmac(QoreDigest, gmdate, "AWS4" + aws_secret);

        // 2: hash, region

        signing_key = hmac(QoreDigest, aws_region, signing_key);

        // 3: hash, service

        signing_key = hmac(QoreDigest, aws_service, signing_key);

        // 4: hash, termination

        signing_key = hmac(QoreDigest, AwsTermination, signing_key);


        string sig = hmac(QoreDigest, req_string, signing_key).toHex();


        return sig;

    }


    private string getRequestString(string http_method, string path, reference<hash<auto>> hdr, *data body,

            date gmtime, string scope, reference<string> signed_headers) {

        // get AWS date value

        string aws_date = gmtime.format("YYYYMMDDTHHmmSS") + "Z";

        hdr."X-Amz-Date" = aws_date;

        string csig = getCanonicalSignature(http_method, path, hdr, body, \signed_headers);


        string msg = AwsSignatureAlgorithm + "\n"

            + aws_date + "\n"

            + scope + "\n"

            + csig;


        return msg;

    }


    private string getCanonicalSignature(string http_method, string path, hash<auto> hdr, *data body,

        reference<string> signed_headers) {

        // create the canonical string

        // 1: HTTP request method

        string cstr = http_method + "\n";


        // make canonical URI

        hash<UriQueryInfo> uri_info = parse_uri_query(path);


        // 2: canonical URI parameter

        string uri = uri_info.method ?? "/";


        // normalize the path if not an S3 request

        if (!aws_s3);


        // URI-encode the path

        uri = encode_url(uri, False);

        // non-AWS-S3 requests must be URI-encoded twice

        // https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

        if (!aws_s3);


        // add to canonical string

        cstr += uri + "\n";


        // 3: canonical query string

        if (uri_info.params);


        cstr += "\n";


        // 4: canonical headers

        // convert header keys to lowercase

        hdr = map {$1.key.lwr(): $1.value}, hdr.pairIterator();

        // add host header

        hdr += {"host": getHostHeaderValue()};


        // sort headers

        hdr = map {$1: hdr{$1}}, sort(keys hdr);


        cstr += (

            foldl $1 + $2, (

                map

private:

      static string trimall(string str) {            "cls": Class::forName("AwsRestConnection"),

            "options": RestConnection::ConnectionScheme.options + {

                "data": <ConnectionOptionInfo>{

                    "type": "string",

                    "desc": "data serialization options are limited to `json` with this object",

                    "allowed_values": (

                        <AllowedValueInfo>{

                            "value": "json",

                            "desc": "use JSON serialization",

                        },

                    ),

                    "default_value": "json",

                },

                "aws_keyid": <ConnectionOptionInfo>{

                    "type": "string",

                    "desc": "AWS key ID",

                },

                "aws_secret": <ConnectionOptionInfo>{

                    "type": "string",

                    "desc": "the AWS secret access key value",

                    "sensitive": True,

                },

                "aws_region": <ConnectionOptionInfo>{

                    "type": "string",

                    "desc": "the AWS region to use (ex: `us-east-1`)",

                },

                "aws_service": <ConnectionOptionInfo>{

                    "type": "string",

                    "desc": "the AWS service to use (ex: `iam`)",

                },

                "aws_s3": <ConnectionOptionInfo>{

                    "type": "bool",

                    "desc": "set to `True` to flag this object for use with AWS S3, which requires special "

                        "message encoding",

                    "default_value": False,

                },

                "aws_token": <ConnectionOptionInfo>{

                    "type": "string",

                    "desc": "a temporary session token from AWS Security Token Service for this HTTP session",

                },

            },

            "required_options": foldl $1 + "," + $2, AwsRestClient::RequiredOptions,

        };

    }


    constructor(string name, string description, string url, hash<auto> attributes = {}, hash<auto> options = {})

 ;


    string getType();


    DataProvider::AbstractDataProvider getDataProvider();


    bool hasDataProvider();


     AwsRestClient getImpl(bool connect = True, *hash<auto> rtopts);


     hash<ConnectionSchemeInfo> getConnectionSchemeInfoImpl();

};

};

AwsRestClient::AwsRestClient::constructor
constructor(hash< auto > opts, *softbool do_not_connect)
creates the object with the given options

AwsRestClient::AwsRestClient::hasDataProvider
bool hasDataProvider()
returns True, as this connection always returns a data provider with the getDataProvider() method

AwsRestClient::AwsRestClient::constructor
constructor(string name, string description, string url, hash< auto > attributes={}, hash< auto > options={})
creates the AwsRestConnection object

AwsRestClient::AwsRestClient::getImpl
AwsRestClient getImpl(bool connect=True, *hash< auto > rtopts)
returns a AwsRestClient::AwsRestClient object

AwsRestClient::AwsRestClient::getDataProvider
DataProvider::AbstractDataProvider getDataProvider()
returns a data provider object for this connection

AwsRestClient::AwsRestClient::getType
string getType()
returns "awsrest"

AwsRestClient::AwsRestClient::RequiredOptions
const RequiredOptions
required options
Definition: AwsRestClient.qm.dox.h:110

AwsRestClient::AwsRestClient::getConnectionSchemeInfoImpl
hash< ConnectionSchemeInfo > getConnectionSchemeInfoImpl()
Returns the ConnectionSchemeInfo hash for this object.

RestClient::RestClient

Qore::True
const True

Qore::False
const False

Qore::gmtime
date gmtime()

Qore::sort
auto sort(auto arg)

Qore::encode_url
string encode_url(string url, softbool encode_all=False)

AwsRestClient
the AwsRestClient namespace contains all the objects in the AwsRestClient module
Definition: AwsRestClient.qm.dox.h:95