mirror of https://github.com/apache/jclouds.git
JCLOUDS-902: Google Cloud Storage signed URLs
This commit is contained in:
Andrew Gaul
parent
a1af4f7fec
commit
b671d2c0d2
|
|
@ -0,0 +1,153 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jclouds.googlecloudstorage.blobstore;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import java.net.URI;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.Signature;
|
||||
import java.security.SignatureException;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import javax.inject.Provider;
|
||||
|
||||
import org.jclouds.Constants;
|
||||
import org.jclouds.blobstore.BlobRequestSigner;
|
||||
import org.jclouds.blobstore.domain.Blob;
|
||||
import org.jclouds.blobstore.functions.BlobToHttpGetOptions;
|
||||
import org.jclouds.date.TimeStamp;
|
||||
import org.jclouds.domain.Credentials;
|
||||
import org.jclouds.http.HttpRequest;
|
||||
import org.jclouds.http.HttpUtils;
|
||||
import org.jclouds.http.Uris;
|
||||
import org.jclouds.http.options.GetOptions;
|
||||
import org.jclouds.logging.Logger;
|
||||
import org.jclouds.oauth.v2.config.Authorization;
|
||||
|
||||
import com.google.common.base.Charsets;
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.base.Supplier;
|
||||
import com.google.common.io.BaseEncoding;
|
||||
import com.google.common.net.HttpHeaders;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.name.Named;
|
||||
|
||||
public final class GoogleCloudStorageBlobRequestSigner implements BlobRequestSigner {
|
||||
private static final int DEFAULT_EXPIRY_SECONDS = 15 * 60;
|
||||
private static final URI STORAGE_URL = URI.create("http://storage.googleapis.com/");
|
||||
|
||||
private final Supplier<Credentials> creds;
|
||||
private final Supplier<PrivateKey> privateKey;
|
||||
private final Provider<Long> timestamp;
|
||||
private final HttpUtils utils;
|
||||
|
||||
private final BlobToHttpGetOptions toGetOptions = new BlobToHttpGetOptions();
|
||||
|
||||
@Resource
|
||||
@Named(Constants.LOGGER_SIGNATURE)
|
||||
protected Logger signatureLog = Logger.NULL;
|
||||
|
||||
@Inject
|
||||
protected GoogleCloudStorageBlobRequestSigner(@org.jclouds.location.Provider Supplier<Credentials> creds,
|
||||
@Authorization Supplier<PrivateKey> privateKey, @TimeStamp Provider<Long> timestamp, HttpUtils utils) {
|
||||
this.creds = creds;
|
||||
this.privateKey = privateKey;
|
||||
this.timestamp = timestamp;
|
||||
this.utils = utils;
|
||||
}
|
||||
|
||||
@Override
|
||||
public HttpRequest signGetBlob(String container, String name) {
|
||||
return signGetBlob(container, name, DEFAULT_EXPIRY_SECONDS);
|
||||
}
|
||||
|
||||
@Override
|
||||
public HttpRequest signGetBlob(String container, String name, long timeInSeconds) {
|
||||
return sign("GET", container, name, GetOptions.NONE, timestamp.get() + timeInSeconds, null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public HttpRequest signGetBlob(String container, String name, org.jclouds.blobstore.options.GetOptions options) {
|
||||
return sign("GET", container, name, toGetOptions.apply(options), timestamp.get() + DEFAULT_EXPIRY_SECONDS, null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public HttpRequest signPutBlob(String container, Blob blob) {
|
||||
return signPutBlob(container, blob, DEFAULT_EXPIRY_SECONDS);
|
||||
}
|
||||
|
||||
@Override
|
||||
public HttpRequest signPutBlob(String container, Blob blob, long timeInSeconds) {
|
||||
return sign("PUT", container, blob.getMetadata().getName(), GetOptions.NONE, timestamp.get() + timeInSeconds, null);
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
@Override
|
||||
public HttpRequest signRemoveBlob(String container, String name) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
private HttpRequest sign(String method, String container, String name, GetOptions options, long expires, String contentType) {
|
||||
checkNotNull(container, "container");
|
||||
checkNotNull(name, "name");
|
||||
|
||||
HttpRequest.Builder request = HttpRequest.builder()
|
||||
.method(method)
|
||||
.endpoint(Uris.uriBuilder(STORAGE_URL).appendPath(container).appendPath(name).build());
|
||||
if (contentType != null) {
|
||||
request.replaceHeader(HttpHeaders.CONTENT_TYPE, contentType);
|
||||
}
|
||||
|
||||
String stringToSign = createStringToSign(request.build(), expires);
|
||||
byte[] rawSignature;
|
||||
try {
|
||||
Signature signer = Signature.getInstance("SHA256withRSA");
|
||||
signer.initSign(privateKey.get());
|
||||
signer.update(stringToSign.getBytes(Charsets.UTF_8));
|
||||
rawSignature = signer.sign();
|
||||
} catch (InvalidKeyException ike) {
|
||||
throw new RuntimeException(ike);
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
throw new RuntimeException(nsae);
|
||||
} catch (SignatureException se) {
|
||||
throw new RuntimeException(se);
|
||||
}
|
||||
String signature = BaseEncoding.base64().encode(rawSignature);
|
||||
|
||||
return (HttpRequest) request
|
||||
.addQueryParam("Expires", String.valueOf(expires))
|
||||
.addQueryParam("GoogleAccessId", creds.get().identity)
|
||||
.addQueryParam("Signature", signature)
|
||||
.headers(options.buildRequestHeaders())
|
||||
.build();
|
||||
}
|
||||
|
||||
private String createStringToSign(HttpRequest request, long expires) {
|
||||
utils.logRequest(signatureLog, request, ">>");
|
||||
StringBuilder buffer = new StringBuilder();
|
||||
buffer.append(request.getMethod()).append("\n");
|
||||
buffer.append(Strings.nullToEmpty(request.getFirstHeaderOrNull(HttpHeaders.CONTENT_MD5))).append("\n");
|
||||
buffer.append(Strings.nullToEmpty(request.getFirstHeaderOrNull(HttpHeaders.CONTENT_TYPE))).append("\n");
|
||||
buffer.append(String.valueOf(expires)).append("\n");
|
||||
// TODO: extension headers
|
||||
buffer.append(request.getEndpoint().getPath());
|
||||
return buffer.toString();
|
||||
}
|
||||
}
|
||||
|
|
@ -16,11 +16,15 @@
|
|||
*/
|
||||
package org.jclouds.googlecloudstorage.blobstore.config;
|
||||
|
||||
import org.jclouds.blobstore.BlobRequestSigner;
|
||||
import org.jclouds.blobstore.BlobStore;
|
||||
import org.jclouds.blobstore.attr.ConsistencyModel;
|
||||
import org.jclouds.date.TimeStamp;
|
||||
import org.jclouds.googlecloudstorage.blobstore.GoogleCloudStorageBlobRequestSigner;
|
||||
import org.jclouds.googlecloudstorage.blobstore.GoogleCloudStorageBlobStore;
|
||||
|
||||
import com.google.inject.AbstractModule;
|
||||
import com.google.inject.Provides;
|
||||
import com.google.inject.Scopes;
|
||||
|
||||
public class GoogleCloudStorageBlobStoreContextModule extends AbstractModule {
|
||||
|
|
@ -29,5 +33,12 @@ public class GoogleCloudStorageBlobStoreContextModule extends AbstractModule {
|
|||
protected void configure() {
|
||||
bind(ConsistencyModel.class).toInstance(ConsistencyModel.EVENTUAL);
|
||||
bind(BlobStore.class).to(GoogleCloudStorageBlobStore.class).in(Scopes.SINGLETON);
|
||||
bind(BlobRequestSigner.class).to(GoogleCloudStorageBlobRequestSigner.class);
|
||||
}
|
||||
|
||||
@Provides
|
||||
@TimeStamp
|
||||
protected final Long unixEpochTimestamp() {
|
||||
return System.currentTimeMillis() / 1000;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ public abstract class GoogleCloudStorageObject {
|
|||
public abstract String bucket();
|
||||
public abstract long generation();
|
||||
public abstract long metageneration();
|
||||
public abstract String contentType();
|
||||
@Nullable public abstract String contentType();
|
||||
public abstract Date updated();
|
||||
@Nullable public abstract Date timeDeleted();
|
||||
public abstract StorageClass storageClass();
|
||||
|
|
|
|||
|
|
@ -48,6 +48,11 @@ public class GoogleCloudStorageErrorHandler implements HttpErrorHandler {
|
|||
switch (response.getStatusCode()) {
|
||||
case 308:
|
||||
return;
|
||||
case 400:
|
||||
if (message.indexOf("<Code>ExpiredToken</Code>") != -1) {
|
||||
exception = new AuthorizationException(message, exception);
|
||||
}
|
||||
break;
|
||||
case 401:
|
||||
case 403:
|
||||
exception = new AuthorizationException(message, exception);
|
||||
|
|
|
|||
|
|
@ -16,8 +16,6 @@
|
|||
*/
|
||||
package org.jclouds.googlecloudstorage.blobstore.integration;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.jclouds.blobstore.integration.internal.BaseBlobSignerLiveTest;
|
||||
import org.testng.SkipException;
|
||||
import org.testng.annotations.Test;
|
||||
|
|
@ -28,70 +26,6 @@ public class GoogleCloudStorageBlobSignerLiveTest extends BaseBlobSignerLiveTest
|
|||
provider = "google-cloud-storage";
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignGetUrl() throws Exception {
|
||||
try {
|
||||
super.testSignGetUrl();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignGetUrlOptions() throws Exception {
|
||||
try {
|
||||
super.testSignGetUrlOptions();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignGetUrlWithTime() throws InterruptedException, IOException {
|
||||
try {
|
||||
super.testSignGetUrlWithTime();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignGetUrlWithTimeExpired() throws InterruptedException, IOException {
|
||||
try {
|
||||
super.testSignGetUrlWithTimeExpired();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignPutUrl() throws Exception {
|
||||
try {
|
||||
super.testSignPutUrl();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignPutUrlWithTime() throws Exception {
|
||||
try {
|
||||
super.testSignPutUrlWithTime();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignPutUrlWithTimeExpired() throws Exception {
|
||||
try {
|
||||
super.testSignPutUrlWithTimeExpired();
|
||||
} catch (UnsupportedOperationException uoe) {
|
||||
throw new SkipException("not yet implemented in GCS", uoe);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignRemoveUrl() throws Exception {
|
||||
try {
|
||||
super.testSignRemoveUrl();
|
||||
|
|
|
|||
Loading…
Reference in New Issue