mirror of https://github.com/apache/jclouds.git
JCLOUDS-902: Google Cloud Storage signed URLs
This commit is contained in:
parent
a1af4f7fec
commit
b671d2c0d2
|
@ -0,0 +1,153 @@
|
||||||
|
/*
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
* contributor license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright ownership.
|
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
* (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.jclouds.googlecloudstorage.blobstore;
|
||||||
|
|
||||||
|
import static com.google.common.base.Preconditions.checkNotNull;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.security.InvalidKeyException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.Signature;
|
||||||
|
import java.security.SignatureException;
|
||||||
|
|
||||||
|
import javax.annotation.Resource;
|
||||||
|
import javax.inject.Provider;
|
||||||
|
|
||||||
|
import org.jclouds.Constants;
|
||||||
|
import org.jclouds.blobstore.BlobRequestSigner;
|
||||||
|
import org.jclouds.blobstore.domain.Blob;
|
||||||
|
import org.jclouds.blobstore.functions.BlobToHttpGetOptions;
|
||||||
|
import org.jclouds.date.TimeStamp;
|
||||||
|
import org.jclouds.domain.Credentials;
|
||||||
|
import org.jclouds.http.HttpRequest;
|
||||||
|
import org.jclouds.http.HttpUtils;
|
||||||
|
import org.jclouds.http.Uris;
|
||||||
|
import org.jclouds.http.options.GetOptions;
|
||||||
|
import org.jclouds.logging.Logger;
|
||||||
|
import org.jclouds.oauth.v2.config.Authorization;
|
||||||
|
|
||||||
|
import com.google.common.base.Charsets;
|
||||||
|
import com.google.common.base.Strings;
|
||||||
|
import com.google.common.base.Supplier;
|
||||||
|
import com.google.common.io.BaseEncoding;
|
||||||
|
import com.google.common.net.HttpHeaders;
|
||||||
|
import com.google.inject.Inject;
|
||||||
|
import com.google.inject.name.Named;
|
||||||
|
|
||||||
|
public final class GoogleCloudStorageBlobRequestSigner implements BlobRequestSigner {
|
||||||
|
private static final int DEFAULT_EXPIRY_SECONDS = 15 * 60;
|
||||||
|
private static final URI STORAGE_URL = URI.create("http://storage.googleapis.com/");
|
||||||
|
|
||||||
|
private final Supplier<Credentials> creds;
|
||||||
|
private final Supplier<PrivateKey> privateKey;
|
||||||
|
private final Provider<Long> timestamp;
|
||||||
|
private final HttpUtils utils;
|
||||||
|
|
||||||
|
private final BlobToHttpGetOptions toGetOptions = new BlobToHttpGetOptions();
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
@Named(Constants.LOGGER_SIGNATURE)
|
||||||
|
protected Logger signatureLog = Logger.NULL;
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
protected GoogleCloudStorageBlobRequestSigner(@org.jclouds.location.Provider Supplier<Credentials> creds,
|
||||||
|
@Authorization Supplier<PrivateKey> privateKey, @TimeStamp Provider<Long> timestamp, HttpUtils utils) {
|
||||||
|
this.creds = creds;
|
||||||
|
this.privateKey = privateKey;
|
||||||
|
this.timestamp = timestamp;
|
||||||
|
this.utils = utils;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public HttpRequest signGetBlob(String container, String name) {
|
||||||
|
return signGetBlob(container, name, DEFAULT_EXPIRY_SECONDS);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public HttpRequest signGetBlob(String container, String name, long timeInSeconds) {
|
||||||
|
return sign("GET", container, name, GetOptions.NONE, timestamp.get() + timeInSeconds, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public HttpRequest signGetBlob(String container, String name, org.jclouds.blobstore.options.GetOptions options) {
|
||||||
|
return sign("GET", container, name, toGetOptions.apply(options), timestamp.get() + DEFAULT_EXPIRY_SECONDS, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public HttpRequest signPutBlob(String container, Blob blob) {
|
||||||
|
return signPutBlob(container, blob, DEFAULT_EXPIRY_SECONDS);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public HttpRequest signPutBlob(String container, Blob blob, long timeInSeconds) {
|
||||||
|
return sign("PUT", container, blob.getMetadata().getName(), GetOptions.NONE, timestamp.get() + timeInSeconds, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Deprecated
|
||||||
|
@Override
|
||||||
|
public HttpRequest signRemoveBlob(String container, String name) {
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
private HttpRequest sign(String method, String container, String name, GetOptions options, long expires, String contentType) {
|
||||||
|
checkNotNull(container, "container");
|
||||||
|
checkNotNull(name, "name");
|
||||||
|
|
||||||
|
HttpRequest.Builder request = HttpRequest.builder()
|
||||||
|
.method(method)
|
||||||
|
.endpoint(Uris.uriBuilder(STORAGE_URL).appendPath(container).appendPath(name).build());
|
||||||
|
if (contentType != null) {
|
||||||
|
request.replaceHeader(HttpHeaders.CONTENT_TYPE, contentType);
|
||||||
|
}
|
||||||
|
|
||||||
|
String stringToSign = createStringToSign(request.build(), expires);
|
||||||
|
byte[] rawSignature;
|
||||||
|
try {
|
||||||
|
Signature signer = Signature.getInstance("SHA256withRSA");
|
||||||
|
signer.initSign(privateKey.get());
|
||||||
|
signer.update(stringToSign.getBytes(Charsets.UTF_8));
|
||||||
|
rawSignature = signer.sign();
|
||||||
|
} catch (InvalidKeyException ike) {
|
||||||
|
throw new RuntimeException(ike);
|
||||||
|
} catch (NoSuchAlgorithmException nsae) {
|
||||||
|
throw new RuntimeException(nsae);
|
||||||
|
} catch (SignatureException se) {
|
||||||
|
throw new RuntimeException(se);
|
||||||
|
}
|
||||||
|
String signature = BaseEncoding.base64().encode(rawSignature);
|
||||||
|
|
||||||
|
return (HttpRequest) request
|
||||||
|
.addQueryParam("Expires", String.valueOf(expires))
|
||||||
|
.addQueryParam("GoogleAccessId", creds.get().identity)
|
||||||
|
.addQueryParam("Signature", signature)
|
||||||
|
.headers(options.buildRequestHeaders())
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
private String createStringToSign(HttpRequest request, long expires) {
|
||||||
|
utils.logRequest(signatureLog, request, ">>");
|
||||||
|
StringBuilder buffer = new StringBuilder();
|
||||||
|
buffer.append(request.getMethod()).append("\n");
|
||||||
|
buffer.append(Strings.nullToEmpty(request.getFirstHeaderOrNull(HttpHeaders.CONTENT_MD5))).append("\n");
|
||||||
|
buffer.append(Strings.nullToEmpty(request.getFirstHeaderOrNull(HttpHeaders.CONTENT_TYPE))).append("\n");
|
||||||
|
buffer.append(String.valueOf(expires)).append("\n");
|
||||||
|
// TODO: extension headers
|
||||||
|
buffer.append(request.getEndpoint().getPath());
|
||||||
|
return buffer.toString();
|
||||||
|
}
|
||||||
|
}
|
|
@ -16,11 +16,15 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.googlecloudstorage.blobstore.config;
|
package org.jclouds.googlecloudstorage.blobstore.config;
|
||||||
|
|
||||||
|
import org.jclouds.blobstore.BlobRequestSigner;
|
||||||
import org.jclouds.blobstore.BlobStore;
|
import org.jclouds.blobstore.BlobStore;
|
||||||
import org.jclouds.blobstore.attr.ConsistencyModel;
|
import org.jclouds.blobstore.attr.ConsistencyModel;
|
||||||
|
import org.jclouds.date.TimeStamp;
|
||||||
|
import org.jclouds.googlecloudstorage.blobstore.GoogleCloudStorageBlobRequestSigner;
|
||||||
import org.jclouds.googlecloudstorage.blobstore.GoogleCloudStorageBlobStore;
|
import org.jclouds.googlecloudstorage.blobstore.GoogleCloudStorageBlobStore;
|
||||||
|
|
||||||
import com.google.inject.AbstractModule;
|
import com.google.inject.AbstractModule;
|
||||||
|
import com.google.inject.Provides;
|
||||||
import com.google.inject.Scopes;
|
import com.google.inject.Scopes;
|
||||||
|
|
||||||
public class GoogleCloudStorageBlobStoreContextModule extends AbstractModule {
|
public class GoogleCloudStorageBlobStoreContextModule extends AbstractModule {
|
||||||
|
@ -29,5 +33,12 @@ public class GoogleCloudStorageBlobStoreContextModule extends AbstractModule {
|
||||||
protected void configure() {
|
protected void configure() {
|
||||||
bind(ConsistencyModel.class).toInstance(ConsistencyModel.EVENTUAL);
|
bind(ConsistencyModel.class).toInstance(ConsistencyModel.EVENTUAL);
|
||||||
bind(BlobStore.class).to(GoogleCloudStorageBlobStore.class).in(Scopes.SINGLETON);
|
bind(BlobStore.class).to(GoogleCloudStorageBlobStore.class).in(Scopes.SINGLETON);
|
||||||
|
bind(BlobRequestSigner.class).to(GoogleCloudStorageBlobRequestSigner.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Provides
|
||||||
|
@TimeStamp
|
||||||
|
protected final Long unixEpochTimestamp() {
|
||||||
|
return System.currentTimeMillis() / 1000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ public abstract class GoogleCloudStorageObject {
|
||||||
public abstract String bucket();
|
public abstract String bucket();
|
||||||
public abstract long generation();
|
public abstract long generation();
|
||||||
public abstract long metageneration();
|
public abstract long metageneration();
|
||||||
public abstract String contentType();
|
@Nullable public abstract String contentType();
|
||||||
public abstract Date updated();
|
public abstract Date updated();
|
||||||
@Nullable public abstract Date timeDeleted();
|
@Nullable public abstract Date timeDeleted();
|
||||||
public abstract StorageClass storageClass();
|
public abstract StorageClass storageClass();
|
||||||
|
|
|
@ -48,6 +48,11 @@ public class GoogleCloudStorageErrorHandler implements HttpErrorHandler {
|
||||||
switch (response.getStatusCode()) {
|
switch (response.getStatusCode()) {
|
||||||
case 308:
|
case 308:
|
||||||
return;
|
return;
|
||||||
|
case 400:
|
||||||
|
if (message.indexOf("<Code>ExpiredToken</Code>") != -1) {
|
||||||
|
exception = new AuthorizationException(message, exception);
|
||||||
|
}
|
||||||
|
break;
|
||||||
case 401:
|
case 401:
|
||||||
case 403:
|
case 403:
|
||||||
exception = new AuthorizationException(message, exception);
|
exception = new AuthorizationException(message, exception);
|
||||||
|
|
|
@ -16,8 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.googlecloudstorage.blobstore.integration;
|
package org.jclouds.googlecloudstorage.blobstore.integration;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
import org.jclouds.blobstore.integration.internal.BaseBlobSignerLiveTest;
|
import org.jclouds.blobstore.integration.internal.BaseBlobSignerLiveTest;
|
||||||
import org.testng.SkipException;
|
import org.testng.SkipException;
|
||||||
import org.testng.annotations.Test;
|
import org.testng.annotations.Test;
|
||||||
|
@ -28,70 +26,6 @@ public class GoogleCloudStorageBlobSignerLiveTest extends BaseBlobSignerLiveTest
|
||||||
provider = "google-cloud-storage";
|
provider = "google-cloud-storage";
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignGetUrl() throws Exception {
|
|
||||||
try {
|
|
||||||
super.testSignGetUrl();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignGetUrlOptions() throws Exception {
|
|
||||||
try {
|
|
||||||
super.testSignGetUrlOptions();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignGetUrlWithTime() throws InterruptedException, IOException {
|
|
||||||
try {
|
|
||||||
super.testSignGetUrlWithTime();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignGetUrlWithTimeExpired() throws InterruptedException, IOException {
|
|
||||||
try {
|
|
||||||
super.testSignGetUrlWithTimeExpired();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignPutUrl() throws Exception {
|
|
||||||
try {
|
|
||||||
super.testSignPutUrl();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignPutUrlWithTime() throws Exception {
|
|
||||||
try {
|
|
||||||
super.testSignPutUrlWithTime();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignPutUrlWithTimeExpired() throws Exception {
|
|
||||||
try {
|
|
||||||
super.testSignPutUrlWithTimeExpired();
|
|
||||||
} catch (UnsupportedOperationException uoe) {
|
|
||||||
throw new SkipException("not yet implemented in GCS", uoe);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSignRemoveUrl() throws Exception {
|
public void testSignRemoveUrl() throws Exception {
|
||||||
try {
|
try {
|
||||||
super.testSignRemoveUrl();
|
super.testSignRemoveUrl();
|
||||||
|
|
Loading…
Reference in New Issue