VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/rest/RTCRestClientApiBaseOci.cpp@ 88485

Last change on this file since 88485 was 87303, checked in by vboxsync, 4 years ago

IPRT/rest: for POST and PUT OCI wants even an empty body signed. May
be the caller should use kDoCall_RequireBody, but it's not immediately
obvious that's the right thing to do and doing it right requires some
rearrangements. (This should logically be in the request, but the
flag comes from the doCall in the api template, so the same logic
would end up duplicated in different files). For now just tweak the
local logic in a well isolated fix. bugref:9167.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.0 KB
Line 
1/* $Id: RTCRestClientApiBaseOci.cpp 87303 2021-01-18 18:39:18Z vboxsync $ */
2/** @file
3 * IPRT - C++ REST, RTCRestClientApiBase implementation, OCI specific bits.
4 */
5
6/*
7 * Copyright (C) 2018-2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#define LOG_GROUP RTLOGGROUP_REST
32#include <iprt/cpp/restclient.h>
33
34#include <iprt/assert.h>
35#include <iprt/base64.h>
36#include <iprt/errcore.h>
37#include <iprt/http.h>
38#include <iprt/log.h>
39#include <iprt/sha.h>
40#include <iprt/time.h>
41#include <iprt/uri.h>
42
43
44
45/**
46 * Ensures that we've got an 'X-Date' or 'Date' header.
47 *
48 * @returns IPRT status code.
49 * @param hHttp The HTTP client handle.
50 * @param pvContent
51 */
52static int ociSignRequestEnsureDateOrXDate(RTHTTP hHttp) RT_NOEXCEPT
53{
54 if (RTHttpGetHeader(hHttp, RT_STR_TUPLE("x-date")))
55 return VINF_SUCCESS;
56 if (RTHttpGetHeader(hHttp, RT_STR_TUPLE("date")))
57 return VINF_SUCCESS;
58
59 RTTIMESPEC NowSpec;
60 RTTIME Now;
61 char szDate[RTTIME_RFC2822_LEN];
62 ssize_t cch = RTTimeToRfc2822(RTTimeExplode(&Now, RTTimeNow(&NowSpec)), szDate, sizeof(szDate), RTTIME_RFC2822_F_GMT);
63 AssertRCReturn((int)cch, (int)cch);
64
65 return RTHttpAddHeader(hHttp, "x-date", szDate, cch, RTHTTPADDHDR_F_BACK);
66}
67
68
69/**
70 * Ensures that we've got a 'x-content-sha256' header.
71 *
72 * @returns IPRT status code.
73 * @param hHttp The HTTP client handle.
74 * @param pvContent
75 */
76static int ociSignRequestEnsureXContentSha256(RTHTTP hHttp, void const *pvContent, size_t cbContent) RT_NOEXCEPT
77{
78 if (RTHttpGetHeader(hHttp, RT_STR_TUPLE("x-content-sha256")))
79 return VINF_SUCCESS;
80
81#ifdef RT_STRICT
82 const char *pszContentLength = RTHttpGetHeader(hHttp, RT_STR_TUPLE("Content-Length"));
83 Assert(pszContentLength);
84 AssertMsg(!pszContentLength || RTStrToUInt64(pszContentLength) == cbContent, ("'%s' vs %RU64\n", pszContentLength, cbContent));
85#endif
86
87 uint8_t abHash[RTSHA256_HASH_SIZE];
88 RTSha256(pvContent, cbContent, abHash);
89
90 char szBase64[RTSHA256_DIGEST_LEN + 1]; /* (base64 should be shorter) */
91 int rc = RTBase64EncodeEx(abHash, sizeof(abHash), RTBASE64_FLAGS_NO_LINE_BREAKS, szBase64, sizeof(szBase64), NULL);
92 AssertRCReturn(rc, rc);
93
94 return RTHttpAddHeader(hHttp, "x-content-sha256", szBase64, RTSTR_MAX, RTHTTPADDHDR_F_BACK);
95}
96
97
98/**
99 * Ensures that we've got a 'Content-Length' header.
100 *
101 * @returns IPRT status code.
102 * @param hHttp The HTTP client handle.
103 * @param cbContent The content length.
104 */
105static int ociSignRequestEnsureContentLength(RTHTTP hHttp, uint64_t cbContent) RT_NOEXCEPT
106{
107 if (RTHttpGetHeader(hHttp, RT_STR_TUPLE("Content-Length")))
108 return VINF_SUCCESS;
109 char szValue[64];
110 ssize_t cchValue = RTStrFormatU64(szValue, sizeof(szValue), cbContent, 10, 0, 0, 0);
111 AssertRCReturn((int)cchValue, (int)cchValue);
112 return RTHttpAddHeader(hHttp, "Content-Length", szValue, cchValue, RTHTTPADDHDR_F_BACK);
113}
114
115
116/**
117 * Ensures that we've got a host header.
118 *
119 * @returns IPRT status code.
120 * @param hHttp The HTTP client handle.
121 * @param pszUrl The URL.
122 */
123static int ociSignRequestEnsureHost(RTHTTP hHttp, const char *pszUrl) RT_NOEXCEPT
124{
125 if (RTHttpGetHeader(hHttp, RT_STR_TUPLE("host")))
126 return VINF_SUCCESS;
127
128 RTURIPARSED ParsedUrl;
129 int rc = RTUriParse(pszUrl, &ParsedUrl);
130 AssertRCReturn(rc, rc);
131
132 return RTHttpAddHeader(hHttp, "host", &pszUrl[ParsedUrl.offAuthorityHost], ParsedUrl.cchAuthorityHost, RTHTTPADDHDR_F_BACK);
133}
134
135
136int RTCRestClientApiBase::ociSignRequest(RTHTTP a_hHttp, RTCString const &a_rStrFullUrl, RTHTTPMETHOD a_enmHttpMethod,
137 RTCString const &a_rStrXmitBody, uint32_t a_fFlags,
138 RTCRKEY a_hKey, RTCString const &a_rStrKeyId) RT_NOEXCEPT
139{
140 /*
141 * First make sure required headers are present, adding them as needed.
142 */
143 int rc = ociSignRequestEnsureHost(a_hHttp, a_rStrFullUrl.c_str());
144 if (RT_SUCCESS(rc))
145 {
146 bool fHasBody
147 = a_rStrXmitBody.isNotEmpty()
148 /* but sometimes we need an empty body signed too */
149 || (a_fFlags & kDoCall_RequireBody)
150 || a_enmHttpMethod == RTHTTPMETHOD_POST
151 || a_enmHttpMethod == RTHTTPMETHOD_PUT;
152
153 if (fHasBody)
154 {
155 rc = ociSignRequestEnsureContentLength(a_hHttp, a_rStrXmitBody.length());
156 if (RT_SUCCESS(rc))
157 rc = ociSignRequestEnsureXContentSha256(a_hHttp, a_rStrXmitBody.c_str(), a_rStrXmitBody.length());
158 }
159 if (RT_SUCCESS(rc))
160 rc = ociSignRequestEnsureDateOrXDate(a_hHttp);
161 if (RT_SUCCESS(rc))
162 {
163 /*
164 * Do the signing.
165 */
166 rc = RTHttpSignHeaders(a_hHttp, a_enmHttpMethod, a_rStrFullUrl.c_str(), a_hKey, a_rStrKeyId.c_str(), 0 /*fFlags*/);
167 }
168 }
169 return rc;
170}
171
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette