|
|
1 | NAME |
|
|
2 | CBOR::XS - Concise Binary Object Representation (CBOR, RFC7049) |
|
|
3 | |
|
|
4 | SYNOPSIS |
|
|
5 | use CBOR::XS; |
|
|
6 | |
|
|
7 | $binary_cbor_data = encode_cbor $perl_value; |
|
|
8 | $perl_value = decode_cbor $binary_cbor_data; |
|
|
9 | |
|
|
10 | # OO-interface |
|
|
11 | |
|
|
12 | $coder = CBOR::XS->new; |
|
|
13 | $binary_cbor_data = $coder->encode ($perl_value); |
|
|
14 | $perl_value = $coder->decode ($binary_cbor_data); |
|
|
15 | |
|
|
16 | # prefix decoding |
|
|
17 | |
|
|
18 | my $many_cbor_strings = ...; |
|
|
19 | while (length $many_cbor_strings) { |
|
|
20 | my ($data, $length) = $cbor->decode_prefix ($many_cbor_strings); |
|
|
21 | # data was decoded |
|
|
22 | substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string |
|
|
23 | } |
|
|
24 | |
|
|
25 | DESCRIPTION |
|
|
26 | This module converts Perl data structures to the Concise Binary Object |
|
|
27 | Representation (CBOR) and vice versa. CBOR is a fast binary |
|
|
28 | serialisation format that aims to use an (almost) superset of the JSON |
|
|
29 | data model, i.e. when you can represent something useful in JSON, you |
|
|
30 | should be able to represent it in CBOR. |
|
|
31 | |
|
|
32 | In short, CBOR is a faster and quite compact binary alternative to JSON, |
|
|
33 | with the added ability of supporting serialisation of Perl objects. |
|
|
34 | (JSON often compresses better than CBOR though, so if you plan to |
|
|
35 | compress the data later and speed is less important you might want to |
|
|
36 | compare both formats first). |
|
|
37 | |
|
|
38 | To give you a general idea about speed, with texts in the megabyte |
|
|
39 | range, "CBOR::XS" usually encodes roughly twice as fast as Storable or |
|
|
40 | JSON::XS and decodes about 15%-30% faster than those. The shorter the |
|
|
41 | data, the worse Storable performs in comparison. |
|
|
42 | |
|
|
43 | Regarding compactness, "CBOR::XS"-encoded data structures are usually |
|
|
44 | about 20% smaller than the same data encoded as (compact) JSON or |
|
|
45 | Storable. |
|
|
46 | |
|
|
47 | In addition to the core CBOR data format, this module implements a |
|
|
48 | number of extensions, to support cyclic and shared data structures (see |
|
|
49 | "allow_sharing"), string deduplication (see "pack_strings") and scalar |
|
|
50 | references (always enabled). |
|
|
51 | |
|
|
52 | The primary goal of this module is to be *correct* and the secondary |
|
|
53 | goal is to be *fast*. To reach the latter goal it was written in C. |
|
|
54 | |
|
|
55 | See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and |
|
|
56 | vice versa. |
|
|
57 | |
|
|
58 | FUNCTIONAL INTERFACE |
|
|
59 | The following convenience methods are provided by this module. They are |
|
|
60 | exported by default: |
|
|
61 | |
|
|
62 | $cbor_data = encode_cbor $perl_scalar |
|
|
63 | Converts the given Perl data structure to CBOR representation. |
|
|
64 | Croaks on error. |
|
|
65 | |
|
|
66 | $perl_scalar = decode_cbor $cbor_data |
|
|
67 | The opposite of "encode_cbor": expects a valid CBOR string to parse, |
|
|
68 | returning the resulting perl scalar. Croaks on error. |
|
|
69 | |
|
|
70 | OBJECT-ORIENTED INTERFACE |
|
|
71 | The object oriented interface lets you configure your own encoding or |
|
|
72 | decoding style, within the limits of supported formats. |
|
|
73 | |
|
|
74 | $cbor = new CBOR::XS |
|
|
75 | Creates a new CBOR::XS object that can be used to de/encode CBOR |
|
|
76 | strings. All boolean flags described below are by default |
|
|
77 | *disabled*. |
|
|
78 | |
|
|
79 | The mutators for flags all return the CBOR object again and thus |
|
|
80 | calls can be chained: |
|
|
81 | |
|
|
82 | my $cbor = CBOR::XS->new->encode ({a => [1,2]}); |
|
|
83 | |
|
|
84 | $cbor = $cbor->max_depth ([$maximum_nesting_depth]) |
|
|
85 | $max_depth = $cbor->get_max_depth |
|
|
86 | Sets the maximum nesting level (default 512) accepted while encoding |
|
|
87 | or decoding. If a higher nesting level is detected in CBOR data or a |
|
|
88 | Perl data structure, then the encoder and decoder will stop and |
|
|
89 | croak at that point. |
|
|
90 | |
|
|
91 | Nesting level is defined by number of hash- or arrayrefs that the |
|
|
92 | encoder needs to traverse to reach a given point or the number of |
|
|
93 | "{" or "[" characters without their matching closing parenthesis |
|
|
94 | crossed to reach a given character in a string. |
|
|
95 | |
|
|
96 | Setting the maximum depth to one disallows any nesting, so that |
|
|
97 | ensures that the object is only a single hash/object or array. |
|
|
98 | |
|
|
99 | If no argument is given, the highest possible setting will be used, |
|
|
100 | which is rarely useful. |
|
|
101 | |
|
|
102 | Note that nesting is implemented by recursion in C. The default |
|
|
103 | value has been chosen to be as large as typical operating systems |
|
|
104 | allow without crashing. |
|
|
105 | |
|
|
106 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
|
|
107 | useful. |
|
|
108 | |
|
|
109 | $cbor = $cbor->max_size ([$maximum_string_size]) |
|
|
110 | $max_size = $cbor->get_max_size |
|
|
111 | Set the maximum length a CBOR string may have (in bytes) where |
|
|
112 | decoding is being attempted. The default is 0, meaning no limit. |
|
|
113 | When "decode" is called on a string that is longer then this many |
|
|
114 | bytes, it will not attempt to decode the string but throw an |
|
|
115 | exception. This setting has no effect on "encode" (yet). |
|
|
116 | |
|
|
117 | If no argument is given, the limit check will be deactivated (same |
|
|
118 | as when 0 is specified). |
|
|
119 | |
|
|
120 | See SECURITY CONSIDERATIONS, below, for more info on why this is |
|
|
121 | useful. |
|
|
122 | |
|
|
123 | $cbor = $cbor->allow_unknown ([$enable]) |
|
|
124 | $enabled = $cbor->get_allow_unknown |
|
|
125 | If $enable is true (or missing), then "encode" will *not* throw an |
|
|
126 | exception when it encounters values it cannot represent in CBOR (for |
|
|
127 | example, filehandles) but instead will encode a CBOR "error" value. |
|
|
128 | |
|
|
129 | If $enable is false (the default), then "encode" will throw an |
|
|
130 | exception when it encounters anything it cannot encode as CBOR. |
|
|
131 | |
|
|
132 | This option does not affect "decode" in any way, and it is |
|
|
133 | recommended to leave it off unless you know your communications |
|
|
134 | partner. |
|
|
135 | |
|
|
136 | $cbor = $cbor->allow_sharing ([$enable]) |
|
|
137 | $enabled = $cbor->get_allow_sharing |
|
|
138 | If $enable is true (or missing), then "encode" will not |
|
|
139 | double-encode values that have been referenced before (e.g. when the |
|
|
140 | same object, such as an array, is referenced multiple times), but |
|
|
141 | instead will emit a reference to the earlier value. |
|
|
142 | |
|
|
143 | This means that such values will only be encoded once, and will not |
|
|
144 | result in a deep cloning of the value on decode, in decoders |
|
|
145 | supporting the value sharing extension. This also makes it possible |
|
|
146 | to encode cyclic data structures. |
|
|
147 | |
|
|
148 | It is recommended to leave it off unless you know your communication |
|
|
149 | partner supports the value sharing extensions to CBOR |
|
|
150 | (<http://cbor.schmorp.de/value-sharing>), as without decoder |
|
|
151 | support, the resulting data structure might be unusable. |
|
|
152 | |
|
|
153 | Detecting shared values incurs a runtime overhead when values are |
|
|
154 | encoded that have a reference counter large than one, and might |
|
|
155 | unnecessarily increase the encoded size, as potentially shared |
|
|
156 | values are encode as sharable whether or not they are actually |
|
|
157 | shared. |
|
|
158 | |
|
|
159 | At the moment, only targets of references can be shared (e.g. |
|
|
160 | scalars, arrays or hashes pointed to by a reference). Weirder |
|
|
161 | constructs, such as an array with multiple "copies" of the *same* |
|
|
162 | string, which are hard but not impossible to create in Perl, are not |
|
|
163 | supported (this is the same as with Storable). |
|
|
164 | |
|
|
165 | If $enable is false (the default), then "encode" will encode shared |
|
|
166 | data structures repeatedly, unsharing them in the process. Cyclic |
|
|
167 | data structures cannot be encoded in this mode. |
|
|
168 | |
|
|
169 | This option does not affect "decode" in any way - shared values and |
|
|
170 | references will always be decoded properly if present. |
|
|
171 | |
|
|
172 | $cbor = $cbor->pack_strings ([$enable]) |
|
|
173 | $enabled = $cbor->get_pack_strings |
|
|
174 | If $enable is true (or missing), then "encode" will try not to |
|
|
175 | encode the same string twice, but will instead encode a reference to |
|
|
176 | the string instead. Depending on your data format, this can save a |
|
|
177 | lot of space, but also results in a very large runtime overhead |
|
|
178 | (expect encoding times to be 2-4 times as high as without). |
|
|
179 | |
|
|
180 | It is recommended to leave it off unless you know your |
|
|
181 | communications partner supports the stringref extension to CBOR |
|
|
182 | (<http://cbor.schmorp.de/stringref>), as without decoder support, |
|
|
183 | the resulting data structure might not be usable. |
|
|
184 | |
|
|
185 | If $enable is false (the default), then "encode" will encode strings |
|
|
186 | the standard CBOR way. |
|
|
187 | |
|
|
188 | This option does not affect "decode" in any way - string references |
|
|
189 | will always be decoded properly if present. |
|
|
190 | |
|
|
191 | $cbor = $cbor->filter ([$cb->($tag, $value)]) |
|
|
192 | $cb_or_undef = $cbor->get_filter |
|
|
193 | Sets or replaces the tagged value decoding filter (when $cb is |
|
|
194 | specified) or clears the filter (if no argument or "undef" is |
|
|
195 | provided). |
|
|
196 | |
|
|
197 | The filter callback is called only during decoding, when a |
|
|
198 | non-enforced tagged value has been decoded (see "TAG HANDLING AND |
|
|
199 | EXTENSIONS" for a list of enforced tags). For specific tags, it's |
|
|
200 | often better to provide a default converter using the |
|
|
201 | %CBOR::XS::FILTER hash (see below). |
|
|
202 | |
|
|
203 | The first argument is the numerical tag, the second is the (decoded) |
|
|
204 | value that has been tagged. |
|
|
205 | |
|
|
206 | The filter function should return either exactly one value, which |
|
|
207 | will replace the tagged value in the decoded data structure, or no |
|
|
208 | values, which will result in default handling, which currently means |
|
|
209 | the decoder creates a "CBOR::XS::Tagged" object to hold the tag and |
|
|
210 | the value. |
|
|
211 | |
|
|
212 | When the filter is cleared (the default state), the default filter |
|
|
213 | function, "CBOR::XS::default_filter", is used. This function simply |
|
|
214 | looks up the tag in the %CBOR::XS::FILTER hash. If an entry exists |
|
|
215 | it must be a code reference that is called with tag and value, and |
|
|
216 | is responsible for decoding the value. If no entry exists, it |
|
|
217 | returns no values. |
|
|
218 | |
|
|
219 | Example: decode all tags not handled internally into |
|
|
220 | "CBOR::XS::Tagged" objects, with no other special handling (useful |
|
|
221 | when working with potentially "unsafe" CBOR data). |
|
|
222 | |
|
|
223 | CBOR::XS->new->filter (sub { })->decode ($cbor_data); |
|
|
224 | |
|
|
225 | Example: provide a global filter for tag 1347375694, converting the |
|
|
226 | value into some string form. |
|
|
227 | |
|
|
228 | $CBOR::XS::FILTER{1347375694} = sub { |
|
|
229 | my ($tag, $value); |
|
|
230 | |
|
|
231 | "tag 1347375694 value $value" |
|
|
232 | }; |
|
|
233 | |
|
|
234 | $cbor_data = $cbor->encode ($perl_scalar) |
|
|
235 | Converts the given Perl data structure (a scalar value) to its CBOR |
|
|
236 | representation. |
|
|
237 | |
|
|
238 | $perl_scalar = $cbor->decode ($cbor_data) |
|
|
239 | The opposite of "encode": expects CBOR data and tries to parse it, |
|
|
240 | returning the resulting simple scalar or reference. Croaks on error. |
|
|
241 | |
|
|
242 | ($perl_scalar, $octets) = $cbor->decode_prefix ($cbor_data) |
|
|
243 | This works like the "decode" method, but instead of raising an |
|
|
244 | exception when there is trailing garbage after the CBOR string, it |
|
|
245 | will silently stop parsing there and return the number of characters |
|
|
246 | consumed so far. |
|
|
247 | |
|
|
248 | This is useful if your CBOR texts are not delimited by an outer |
|
|
249 | protocol and you need to know where the first CBOR string ends amd |
|
|
250 | the next one starts. |
|
|
251 | |
|
|
252 | CBOR::XS->new->decode_prefix ("......") |
|
|
253 | => ("...", 3) |
|
|
254 | |
|
|
255 | MAPPING |
|
|
256 | This section describes how CBOR::XS maps Perl values to CBOR values and |
|
|
257 | vice versa. These mappings are designed to "do the right thing" in most |
|
|
258 | circumstances automatically, preserving round-tripping characteristics |
|
|
259 | (what you put in comes out as something equivalent). |
|
|
260 | |
|
|
261 | For the more enlightened: note that in the following descriptions, |
|
|
262 | lowercase *perl* refers to the Perl interpreter, while uppercase *Perl* |
|
|
263 | refers to the abstract Perl language itself. |
|
|
264 | |
|
|
265 | CBOR -> PERL |
|
|
266 | integers |
|
|
267 | CBOR integers become (numeric) perl scalars. On perls without 64 bit |
|
|
268 | support, 64 bit integers will be truncated or otherwise corrupted. |
|
|
269 | |
|
|
270 | byte strings |
|
|
271 | Byte strings will become octet strings in Perl (the Byte values |
|
|
272 | 0..255 will simply become characters of the same value in Perl). |
|
|
273 | |
|
|
274 | UTF-8 strings |
|
|
275 | UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be |
|
|
276 | decoded into proper Unicode code points. At the moment, the validity |
|
|
277 | of the UTF-8 octets will not be validated - corrupt input will |
|
|
278 | result in corrupted Perl strings. |
|
|
279 | |
|
|
280 | arrays, maps |
|
|
281 | CBOR arrays and CBOR maps will be converted into references to a |
|
|
282 | Perl array or hash, respectively. The keys of the map will be |
|
|
283 | stringified during this process. |
|
|
284 | |
|
|
285 | null |
|
|
286 | CBOR null becomes "undef" in Perl. |
|
|
287 | |
|
|
288 | true, false, undefined |
|
|
289 | These CBOR values become "Types:Serialiser::true", |
|
|
290 | "Types:Serialiser::false" and "Types::Serialiser::error", |
|
|
291 | respectively. They are overloaded to act almost exactly like the |
|
|
292 | numbers 1 and 0 (for true and false) or to throw an exception on |
|
|
293 | access (for error). See the Types::Serialiser manpage for details. |
|
|
294 | |
|
|
295 | tagged values |
|
|
296 | Tagged items consists of a numeric tag and another CBOR value. |
|
|
297 | |
|
|
298 | See "TAG HANDLING AND EXTENSIONS" and the description of "->filter" |
|
|
299 | for details on which tags are handled how. |
|
|
300 | |
|
|
301 | anything else |
|
|
302 | Anything else (e.g. unsupported simple values) will raise a decoding |
|
|
303 | error. |
|
|
304 | |
|
|
305 | PERL -> CBOR |
|
|
306 | The mapping from Perl to CBOR is slightly more difficult, as Perl is a |
|
|
307 | typeless language. That means this module can only guess which CBOR type |
|
|
308 | is meant by a perl value. |
|
|
309 | |
|
|
310 | hash references |
|
|
311 | Perl hash references become CBOR maps. As there is no inherent |
|
|
312 | ordering in hash keys (or CBOR maps), they will usually be encoded |
|
|
313 | in a pseudo-random order. This order can be different each time a |
|
|
314 | hahs is encoded. |
|
|
315 | |
|
|
316 | Currently, tied hashes will use the indefinite-length format, while |
|
|
317 | normal hashes will use the fixed-length format. |
|
|
318 | |
|
|
319 | array references |
|
|
320 | Perl array references become fixed-length CBOR arrays. |
|
|
321 | |
|
|
322 | other references |
|
|
323 | Other unblessed references will be represented using the indirection |
|
|
324 | tag extension (tag value 22098, |
|
|
325 | <http://cbor.schmorp.de/indirection>). CBOR decoders are guaranteed |
|
|
326 | to be able to decode these values somehow, by either "doing the |
|
|
327 | right thing", decoding into a generic tagged object, simply ignoring |
|
|
328 | the tag, or something else. |
|
|
329 | |
|
|
330 | CBOR::XS::Tagged objects |
|
|
331 | Objects of this type must be arrays consisting of a single "[tag, |
|
|
332 | value]" pair. The (numerical) tag will be encoded as a CBOR tag, the |
|
|
333 | value will be encoded as appropriate for the value. You must use |
|
|
334 | "CBOR::XS::tag" to create such objects. |
|
|
335 | |
|
|
336 | Types::Serialiser::true, Types::Serialiser::false, |
|
|
337 | Types::Serialiser::error |
|
|
338 | These special values become CBOR true, CBOR false and CBOR undefined |
|
|
339 | values, respectively. You can also use "\1", "\0" and "\undef" |
|
|
340 | directly if you want. |
|
|
341 | |
|
|
342 | other blessed objects |
|
|
343 | Other blessed objects are serialised via "TO_CBOR" or "FREEZE". See |
|
|
344 | "TAG HANDLING AND EXTENSIONS" for specific classes handled by this |
|
|
345 | module, and "OBJECT SERIALISATION" for generic object serialisation. |
|
|
346 | |
|
|
347 | simple scalars |
|
|
348 | Simple Perl scalars (any scalar that is not a reference) are the |
|
|
349 | most difficult objects to encode: CBOR::XS will encode undefined |
|
|
350 | scalars as CBOR null values, scalars that have last been used in a |
|
|
351 | string context before encoding as CBOR strings, and anything else as |
|
|
352 | number value: |
|
|
353 | |
|
|
354 | # dump as number |
|
|
355 | encode_cbor [2] # yields [2] |
|
|
356 | encode_cbor [-3.0e17] # yields [-3e+17] |
|
|
357 | my $value = 5; encode_cbor [$value] # yields [5] |
|
|
358 | |
|
|
359 | # used as string, so dump as string (either byte or text) |
|
|
360 | print $value; |
|
|
361 | encode_cbor [$value] # yields ["5"] |
|
|
362 | |
|
|
363 | # undef becomes null |
|
|
364 | encode_cbor [undef] # yields [null] |
|
|
365 | |
|
|
366 | You can force the type to be a CBOR string by stringifying it: |
|
|
367 | |
|
|
368 | my $x = 3.1; # some variable containing a number |
|
|
369 | "$x"; # stringified |
|
|
370 | $x .= ""; # another, more awkward way to stringify |
|
|
371 | print $x; # perl does it for you, too, quite often |
|
|
372 | |
|
|
373 | You can force whether a string ie encoded as byte or text string by |
|
|
374 | using "utf8::upgrade" and "utf8::downgrade"): |
|
|
375 | |
|
|
376 | utf8::upgrade $x; # encode $x as text string |
|
|
377 | utf8::downgrade $x; # encode $x as byte string |
|
|
378 | |
|
|
379 | Perl doesn't define what operations up- and downgrade strings, so if |
|
|
380 | the difference between byte and text is important, you should up- or |
|
|
381 | downgrade your string as late as possible before encoding. |
|
|
382 | |
|
|
383 | You can force the type to be a CBOR number by numifying it: |
|
|
384 | |
|
|
385 | my $x = "3"; # some variable containing a string |
|
|
386 | $x += 0; # numify it, ensuring it will be dumped as a number |
|
|
387 | $x *= 1; # same thing, the choice is yours. |
|
|
388 | |
|
|
389 | You can not currently force the type in other, less obscure, ways. |
|
|
390 | Tell me if you need this capability (but don't forget to explain why |
|
|
391 | it's needed :). |
|
|
392 | |
|
|
393 | Perl values that seem to be integers generally use the shortest |
|
|
394 | possible representation. Floating-point values will use either the |
|
|
395 | IEEE single format if possible without loss of precision, otherwise |
|
|
396 | the IEEE double format will be used. Perls that use formats other |
|
|
397 | than IEEE double to represent numerical values are supported, but |
|
|
398 | might suffer loss of precision. |
|
|
399 | |
|
|
400 | OBJECT SERIALISATION |
|
|
401 | This module knows two way to serialise a Perl object: The CBOR-specific |
|
|
402 | way, and the generic way. |
|
|
403 | |
|
|
404 | Whenever the encoder encounters a Perl object that it cnanot serialise |
|
|
405 | directly (most of them), it will first look up the "TO_CBOR" method on |
|
|
406 | it. |
|
|
407 | |
|
|
408 | If it has a "TO_CBOR" method, it will call it with the object as only |
|
|
409 | argument, and expects exactly one return value, which it will then |
|
|
410 | substitute and encode it in the place of the object. |
|
|
411 | |
|
|
412 | Otherwise, it will look up the "FREEZE" method. If it exists, it will |
|
|
413 | call it with the object as first argument, and the constant string |
|
|
414 | "CBOR" as the second argument, to distinguish it from other serialisers. |
|
|
415 | |
|
|
416 | The "FREEZE" method can return any number of values (i.e. zero or more). |
|
|
417 | These will be encoded as CBOR perl object, together with the classname. |
|
|
418 | |
|
|
419 | If an object supports neither "TO_CBOR" nor "FREEZE", encoding will fail |
|
|
420 | with an error. |
|
|
421 | |
|
|
422 | Objects encoded via "TO_CBOR" cannot be automatically decoded, but |
|
|
423 | objects encoded via "FREEZE" can be decoded using the following |
|
|
424 | protocol: |
|
|
425 | |
|
|
426 | When an encoded CBOR perl object is encountered by the decoder, it will |
|
|
427 | look up the "THAW" method, by using the stored classname, and will fail |
|
|
428 | if the method cannot be found. |
|
|
429 | |
|
|
430 | After the lookup it will call the "THAW" method with the stored |
|
|
431 | classname as first argument, the constant string "CBOR" as second |
|
|
432 | argument, and all values returned by "FREEZE" as remaining arguments. |
|
|
433 | |
|
|
434 | EXAMPLES |
|
|
435 | Here is an example "TO_CBOR" method: |
|
|
436 | |
|
|
437 | sub My::Object::TO_CBOR { |
|
|
438 | my ($obj) = @_; |
|
|
439 | |
|
|
440 | ["this is a serialised My::Object object", $obj->{id}] |
|
|
441 | } |
|
|
442 | |
|
|
443 | When a "My::Object" is encoded to CBOR, it will instead encode a simple |
|
|
444 | array with two members: a string, and the "object id". Decoding this |
|
|
445 | CBOR string will yield a normal perl array reference in place of the |
|
|
446 | object. |
|
|
447 | |
|
|
448 | A more useful and practical example would be a serialisation method for |
|
|
449 | the URI module. CBOR has a custom tag value for URIs, namely 32: |
|
|
450 | |
|
|
451 | sub URI::TO_CBOR { |
|
|
452 | my ($self) = @_; |
|
|
453 | my $uri = "$self"; # stringify uri |
|
|
454 | utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string |
|
|
455 | CBOR::XS::tag 32, "$_[0]" |
|
|
456 | } |
|
|
457 | |
|
|
458 | This will encode URIs as a UTF-8 string with tag 32, which indicates an |
|
|
459 | URI. |
|
|
460 | |
|
|
461 | Decoding such an URI will not (currently) give you an URI object, but |
|
|
462 | instead a CBOR::XS::Tagged object with tag number 32 and the string - |
|
|
463 | exactly what was returned by "TO_CBOR". |
|
|
464 | |
|
|
465 | To serialise an object so it can automatically be deserialised, you need |
|
|
466 | to use "FREEZE" and "THAW". To take the URI module as example, this |
|
|
467 | would be a possible implementation: |
|
|
468 | |
|
|
469 | sub URI::FREEZE { |
|
|
470 | my ($self, $serialiser) = @_; |
|
|
471 | "$self" # encode url string |
|
|
472 | } |
|
|
473 | |
|
|
474 | sub URI::THAW { |
|
|
475 | my ($class, $serialiser, $uri) = @_; |
|
|
476 | |
|
|
477 | $class->new ($uri) |
|
|
478 | } |
|
|
479 | |
|
|
480 | Unlike "TO_CBOR", multiple values can be returned by "FREEZE". For |
|
|
481 | example, a "FREEZE" method that returns "type", "id" and "variant" |
|
|
482 | values would cause an invocation of "THAW" with 5 arguments: |
|
|
483 | |
|
|
484 | sub My::Object::FREEZE { |
|
|
485 | my ($self, $serialiser) = @_; |
|
|
486 | |
|
|
487 | ($self->{type}, $self->{id}, $self->{variant}) |
|
|
488 | } |
|
|
489 | |
|
|
490 | sub My::Object::THAW { |
|
|
491 | my ($class, $serialiser, $type, $id, $variant) = @_; |
|
|
492 | |
|
|
493 | $class-<new (type => $type, id => $id, variant => $variant) |
|
|
494 | } |
|
|
495 | |
|
|
496 | MAGIC HEADER |
|
|
497 | There is no way to distinguish CBOR from other formats programmatically. |
|
|
498 | To make it easier to distinguish CBOR from other formats, the CBOR |
|
|
499 | specification has a special "magic string" that can be prepended to any |
|
|
500 | CBOR string without changing its meaning. |
|
|
501 | |
|
|
502 | This string is available as $CBOR::XS::MAGIC. This module does not |
|
|
503 | prepend this string to the CBOR data it generates, but it will ignore it |
|
|
504 | if present, so users can prepend this string as a "file type" indicator |
|
|
505 | as required. |
|
|
506 | |
|
|
507 | THE CBOR::XS::Tagged CLASS |
|
|
508 | CBOR has the concept of tagged values - any CBOR value can be tagged |
|
|
509 | with a numeric 64 bit number, which are centrally administered. |
|
|
510 | |
|
|
511 | "CBOR::XS" handles a few tags internally when en- or decoding. You can |
|
|
512 | also create tags yourself by encoding "CBOR::XS::Tagged" objects, and |
|
|
513 | the decoder will create "CBOR::XS::Tagged" objects itself when it hits |
|
|
514 | an unknown tag. |
|
|
515 | |
|
|
516 | These objects are simply blessed array references - the first member of |
|
|
517 | the array being the numerical tag, the second being the value. |
|
|
518 | |
|
|
519 | You can interact with "CBOR::XS::Tagged" objects in the following ways: |
|
|
520 | |
|
|
521 | $tagged = CBOR::XS::tag $tag, $value |
|
|
522 | This function(!) creates a new "CBOR::XS::Tagged" object using the |
|
|
523 | given $tag (0..2**64-1) to tag the given $value (which can be any |
|
|
524 | Perl value that can be encoded in CBOR, including serialisable Perl |
|
|
525 | objects and "CBOR::XS::Tagged" objects). |
|
|
526 | |
|
|
527 | $tagged->[0] |
|
|
528 | $tagged->[0] = $new_tag |
|
|
529 | $tag = $tagged->tag |
|
|
530 | $new_tag = $tagged->tag ($new_tag) |
|
|
531 | Access/mutate the tag. |
|
|
532 | |
|
|
533 | $tagged->[1] |
|
|
534 | $tagged->[1] = $new_value |
|
|
535 | $value = $tagged->value |
|
|
536 | $new_value = $tagged->value ($new_value) |
|
|
537 | Access/mutate the tagged value. |
|
|
538 | |
|
|
539 | EXAMPLES |
|
|
540 | Here are some examples of "CBOR::XS::Tagged" uses to tag objects. |
|
|
541 | |
|
|
542 | You can look up CBOR tag value and emanings in the IANA registry at |
|
|
543 | <http://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml>. |
|
|
544 | |
|
|
545 | Prepend a magic header ($CBOR::XS::MAGIC): |
|
|
546 | |
|
|
547 | my $cbor = encode_cbor CBOR::XS::tag 55799, $value; |
|
|
548 | # same as: |
|
|
549 | my $cbor = $CBOR::XS::MAGIC . encode_cbor $value; |
|
|
550 | |
|
|
551 | Serialise some URIs and a regex in an array: |
|
|
552 | |
|
|
553 | my $cbor = encode_cbor [ |
|
|
554 | (CBOR::XS::tag 32, "http://www.nethype.de/"), |
|
|
555 | (CBOR::XS::tag 32, "http://software.schmorp.de/"), |
|
|
556 | (CBOR::XS::tag 35, "^[Pp][Ee][Rr][lL]\$"), |
|
|
557 | ]; |
|
|
558 | |
|
|
559 | Wrap CBOR data in CBOR: |
|
|
560 | |
|
|
561 | my $cbor_cbor = encode_cbor |
|
|
562 | CBOR::XS::tag 24, |
|
|
563 | encode_cbor [1, 2, 3]; |
|
|
564 | |
|
|
565 | TAG HANDLING AND EXTENSIONS |
|
|
566 | This section describes how this module handles specific tagged values |
|
|
567 | and extensions. If a tag is not mentioned here and no additional filters |
|
|
568 | are provided for it, then the default handling applies (creating a |
|
|
569 | CBOR::XS::Tagged object on decoding, and only encoding the tag when |
|
|
570 | explicitly requested). |
|
|
571 | |
|
|
572 | Tags not handled specifically are currently converted into a |
|
|
573 | CBOR::XS::Tagged object, which is simply a blessed array reference |
|
|
574 | consisting of the numeric tag value followed by the (decoded) CBOR |
|
|
575 | value. |
|
|
576 | |
|
|
577 | Future versions of this module reserve the right to special case |
|
|
578 | additional tags (such as base64url). |
|
|
579 | |
|
|
580 | ENFORCED TAGS |
|
|
581 | These tags are always handled when decoding, and their handling cannot |
|
|
582 | be overriden by the user. |
|
|
583 | |
|
|
584 | 26 (perl-object, <http://cbor.schmorp.de/perl-object>) |
|
|
585 | These tags are automatically created (and decoded) for serialisable |
|
|
586 | objects using the "FREEZE/THAW" methods (the Types::Serialier object |
|
|
587 | serialisation protocol). See "OBJECT SERIALISATION" for details. |
|
|
588 | |
|
|
589 | 28, 29 (sharable, sharedref, L <http://cbor.schmorp.de/value-sharing>) |
|
|
590 | These tags are automatically decoded when encountered, resulting in |
|
|
591 | shared values in the decoded object. They are only encoded, however, |
|
|
592 | when "allow_sharable" is enabled. |
|
|
593 | |
|
|
594 | 256, 25 (stringref-namespace, stringref, L |
|
|
595 | <http://cbor.schmorp.de/stringref>) |
|
|
596 | These tags are automatically decoded when encountered. They are only |
|
|
597 | encoded, however, when "pack_strings" is enabled. |
|
|
598 | |
|
|
599 | 22098 (indirection, <http://cbor.schmorp.de/indirection>) |
|
|
600 | This tag is automatically generated when a reference are encountered |
|
|
601 | (with the exception of hash and array refernces). It is converted to |
|
|
602 | a reference when decoding. |
|
|
603 | |
|
|
604 | 55799 (self-describe CBOR, RFC 7049) |
|
|
605 | This value is not generated on encoding (unless explicitly requested |
|
|
606 | by the user), and is simply ignored when decoding. |
|
|
607 | |
|
|
608 | NON-ENFORCED TAGS |
|
|
609 | These tags have default filters provided when decoding. Their handling |
|
|
610 | can be overriden by changing the %CBOR::XS::FILTER entry for the tag, or |
|
|
611 | by providing a custom "filter" callback when decoding. |
|
|
612 | |
|
|
613 | When they result in decoding into a specific Perl class, the module |
|
|
614 | usually provides a corresponding "TO_CBOR" method as well. |
|
|
615 | |
|
|
616 | When any of these need to load additional modules that are not part of |
|
|
617 | the perl core distribution (e.g. URI), it is (currently) up to the user |
|
|
618 | to provide these modules. The decoding usually fails with an exception |
|
|
619 | if the required module cannot be loaded. |
|
|
620 | |
|
|
621 | 2, 3 (positive/negative bignum) |
|
|
622 | These tags are decoded into Math::BigInt objects. The corresponding |
|
|
623 | "Math::BigInt::TO_CBOR" method encodes "small" bigints into normal |
|
|
624 | CBOR integers, and others into positive/negative CBOR bignums. |
|
|
625 | |
|
|
626 | 4, 5 (decimal fraction/bigfloat) |
|
|
627 | Both decimal fractions and bigfloats are decoded into Math::BigFloat |
|
|
628 | objects. The corresponding "Math::BigFloat::TO_CBOR" method *always* |
|
|
629 | encodes into a decimal fraction. |
|
|
630 | |
|
|
631 | CBOR cannot represent bigfloats with *very* large exponents - |
|
|
632 | conversion of such big float objects is undefined. |
|
|
633 | |
|
|
634 | Also, NaN and infinities are not encoded properly. |
|
|
635 | |
|
|
636 | 21, 22, 23 (expected later JSON conversion) |
|
|
637 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore |
|
|
638 | these tags. |
|
|
639 | |
|
|
640 | 32 (URI) |
|
|
641 | These objects decode into URI objects. The corresponding |
|
|
642 | "URI::TO_CBOR" method again results in a CBOR URI value. |
|
|
643 | |
|
|
644 | CBOR and JSON |
|
|
645 | CBOR is supposed to implement a superset of the JSON data model, and is, |
|
|
646 | with some coercion, able to represent all JSON texts (something that |
|
|
647 | other "binary JSON" formats such as BSON generally do not support). |
|
|
648 | |
|
|
649 | CBOR implements some extra hints and support for JSON interoperability, |
|
|
650 | and the spec offers further guidance for conversion between CBOR and |
|
|
651 | JSON. None of this is currently implemented in CBOR, and the guidelines |
|
|
652 | in the spec do not result in correct round-tripping of data. If JSON |
|
|
653 | interoperability is improved in the future, then the goal will be to |
|
|
654 | ensure that decoded JSON data will round-trip encoding and decoding to |
|
|
655 | CBOR intact. |
|
|
656 | |
|
|
657 | SECURITY CONSIDERATIONS |
|
|
658 | When you are using CBOR in a protocol, talking to untrusted potentially |
|
|
659 | hostile creatures requires relatively few measures. |
|
|
660 | |
|
|
661 | First of all, your CBOR decoder should be secure, that is, should not |
|
|
662 | have any buffer overflows. Obviously, this module should ensure that and |
|
|
663 | I am trying hard on making that true, but you never know. |
|
|
664 | |
|
|
665 | Second, you need to avoid resource-starving attacks. That means you |
|
|
666 | should limit the size of CBOR data you accept, or make sure then when |
|
|
667 | your resources run out, that's just fine (e.g. by using a separate |
|
|
668 | process that can crash safely). The size of a CBOR string in octets is |
|
|
669 | usually a good indication of the size of the resources required to |
|
|
670 | decode it into a Perl structure. While CBOR::XS can check the size of |
|
|
671 | the CBOR text, it might be too late when you already have it in memory, |
|
|
672 | so you might want to check the size before you accept the string. |
|
|
673 | |
|
|
674 | Third, CBOR::XS recurses using the C stack when decoding objects and |
|
|
675 | arrays. The C stack is a limited resource: for instance, on my amd64 |
|
|
676 | machine with 8MB of stack size I can decode around 180k nested arrays |
|
|
677 | but only 14k nested CBOR objects (due to perl itself recursing deeply on |
|
|
678 | croak to free the temporary). If that is exceeded, the program crashes. |
|
|
679 | To be conservative, the default nesting limit is set to 512. If your |
|
|
680 | process has a smaller stack, you should adjust this setting accordingly |
|
|
681 | with the "max_depth" method. |
|
|
682 | |
|
|
683 | Something else could bomb you, too, that I forgot to think of. In that |
|
|
684 | case, you get to keep the pieces. I am always open for hints, though... |
|
|
685 | |
|
|
686 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
|
|
687 | structures in its error messages, so when you serialise sensitive |
|
|
688 | information you might want to make sure that exceptions thrown by |
|
|
689 | CBOR::XS will not end up in front of untrusted eyes. |
|
|
690 | |
|
|
691 | CBOR IMPLEMENTATION NOTES |
|
|
692 | This section contains some random implementation notes. They do not |
|
|
693 | describe guaranteed behaviour, but merely behaviour as-is implemented |
|
|
694 | right now. |
|
|
695 | |
|
|
696 | 64 bit integers are only properly decoded when Perl was built with 64 |
|
|
697 | bit support. |
|
|
698 | |
|
|
699 | Strings and arrays are encoded with a definite length. Hashes as well, |
|
|
700 | unless they are tied (or otherwise magical). |
|
|
701 | |
|
|
702 | Only the double data type is supported for NV data types - when Perl |
|
|
703 | uses long double to represent floating point values, they might not be |
|
|
704 | encoded properly. Half precision types are accepted, but not encoded. |
|
|
705 | |
|
|
706 | Strict mode and canonical mode are not implemented. |
|
|
707 | |
|
|
708 | THREADS |
|
|
709 | This module is *not* guaranteed to be thread safe and there are no plans |
|
|
710 | to change this until Perl gets thread support (as opposed to the |
|
|
711 | horribly slow so-called "threads" which are simply slow and bloated |
|
|
712 | process simulations - use fork, it's *much* faster, cheaper, better). |
|
|
713 | |
|
|
714 | (It might actually work, but you have been warned). |
|
|
715 | |
|
|
716 | BUGS |
|
|
717 | While the goal of this module is to be correct, that unfortunately does |
|
|
718 | not mean it's bug-free, only that I think its design is bug-free. If you |
|
|
719 | keep reporting bugs they will be fixed swiftly, though. |
|
|
720 | |
|
|
721 | Please refrain from using rt.cpan.org or any other bug reporting |
|
|
722 | service. I put the contact address into my modules for a reason. |
|
|
723 | |
|
|
724 | SEE ALSO |
|
|
725 | The JSON and JSON::XS modules that do similar, but human-readable, |
|
|
726 | serialisation. |
|
|
727 | |
|
|
728 | The Types::Serialiser module provides the data model for true, false and |
|
|
729 | error values. |
|
|
730 | |
|
|
731 | AUTHOR |
|
|
732 | Marc Lehmann <schmorp@schmorp.de> |
|
|
733 | http://home.schmorp.de/ |
|
|
734 | |