private_key results from the CPAN

Solstice

package Solstice::Controller::Application::REST;

=head1 NAME

Solstice::Controller::Application::REST - The Application controller for the REST 'cgi'. 

=head1 SYNOPSIS

  my $rest = Solstice::Controller::Application::REST->new();
  my $is_valid = $rest->isValidServiceRequest($service_name);
  my $has_access = $rest->hasServiceAccess($service_name, $consumer_private_key);

  my $requires_user_auth = $rest->requiresUserAuth($service_name);
  my $has_user_auth = $rest->hasUserAuth($service_name, $consumer_private_key, $person_id);
  my $response = $rest->getResponseData();

=head1 DESCRIPTION

This process all requests to Solstice REST web services.

=cut

use strict;
use warnings;
use 5.006_000;

use base qw(Solstice::Controller::Application);

use Solstice::Application;
use Solstice::Model::X509;
use Solstice::NamespaceService;
use Solstice::Model::WebserviceConsumer;
use Solstice::Session;
use Digest::SHA1 qw(sha1_hex);


use constant TRUE  => 1;
use constant FALSE => 0;

our $evaled_controllers;

=head2 Export

None by default.

=head2 Methods

=over 4

=item new

=cut

sub handleAuth {
    my $obj = shift;
    my $self = $obj->SUPER::new();
    my $server = Solstice::Server->new();

    #look for the header auth key
    my $auth_key = $server->getHeaderIn('Authorization');
    my $public_id;
    my $signature;
    if($auth_key && $auth_key =~ /^\s*SolAuth\s+(\w+):(\w+)/){
        ($public_id, $signature) = ($1, $2);
    }


    #look for the ssl cert auth
    my $cert        = Solstice::Model::X509->new();


    #pick an auth type to use
    my $consumer;
    if($public_id && $signature){

lib/Solstice/Controller/Application/REST.pm view on Meta::CPAN

    my $server = Solstice::Server->new();
    $server->setContentType('text/xml'); #this can be overridden in the controller's method

    my $output = '';
    if($controller){
        my $method = $server->getMethod();

        if( grep(/^$method$/, qw(GET POST PUT DELETE HEAD OPTIONS)) ){

            if($controller->can($method)){

                my $view = $controller->$method();
                #it's okay to not return a view, no entity body in response
                if($view){
                    $view->paint(\$output);
                }
                $$screen = $output;
                return TRUE;

            }else{

                $self->setErrorString("HTTP method $method not supported by this resource.");
                $server->setStatus(405);
                return FALSE;
            }

        }else{
            $self->setErrorString('HTTP method not present or invalid in request. Must be one of GET, PUT, DELETE, POST, HEAD, OPTIONS');
            $server->setStatus(400);
            return FALSE;
        }

    }else{
        #TODO what situation could cause no controller? Could we be more informative?
        $self->setErrorString('The server could not process your request.');
        $server->setStatus(500);
        return FALSE;
    }
}

sub showError {
    my $self = shift;
    my $screen = shift;

    my $server = Solstice::Server->new();

    #load default error indicatores if needed
    $server->setStatus(500) if ($server->getStatus() == 200);
    my $error_string = $self->getErrorString()|| 'The server could not process your request';

    $$screen = "<error>\n".
    "    <error_status>".$server->getStatus()."</error_status>\n".
    "    <error_string>$error_string</error_string>\n".
    "</error>\n";

}

sub checkSignature {
    my $self = shift;
    my $signature = shift;
    my $private_key = shift;

    my $server = Solstice::Server->new();

    my $method      = $ENV{'REQUEST_METHOD'}             || '';
    my $url         = $ENV{'REQUEST_URI'}                || '';
    my $date        = $server->getHeaderIn('Date')             || '';
    my $content_sha1= $server->getHeaderIn('Content-SHA1')     || '';

    my $body = $server->getRequestBody();

    if($body){
        return FALSE unless sha1_hex($body) eq $content_sha1;
    }

    my $message = "$private_key\n$method\n$url\n$date\n$content_sha1";

    return sha1_hex($message) eq $signature;
}

sub setErrorString {
    my $self = shift;
    $self->{'_error_string'} = shift;
}

sub getErrorString {
    my $self = shift;
    return $self->{'_error_string'};
}


1;

=back


=head1 COPYRIGHT

Copyright 1998-2007 Office of Learning Technologies, University of Washington

Licensed under the Educational Community License, Version 1.0 (the "License");
you may not use this file except in compliance with the License. You may obtain
a copy of the License at: http://www.opensource.org/licenses/ecl1.php

Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.  See the License for the
specific language governing permissions and limitations under the License.

=cut

( run in 0.958 second using v1.01-cache-2.11-cpan-39bf76dae61 )