mirror of https://github.com/apache/jclouds.git
integrated s3 request signing with temporary credentials
This commit is contained in:
parent
25ce398a44
commit
be12dc3293
|
@ -43,6 +43,7 @@ import javax.inject.Singleton;
|
|||
import javax.ws.rs.core.HttpHeaders;
|
||||
|
||||
import org.jclouds.Constants;
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
import org.jclouds.crypto.Crypto;
|
||||
import org.jclouds.date.TimeStamp;
|
||||
import org.jclouds.domain.Credentials;
|
||||
|
@ -119,12 +120,20 @@ public class RequestAuthorizeSignature implements HttpRequestFilter, RequestSign
|
|||
|
||||
public HttpRequest filter(HttpRequest request) throws HttpException {
|
||||
request = replaceDateHeader(request);
|
||||
Credentials current = creds.get();
|
||||
if (current instanceof TemporaryCredentials) {
|
||||
request = replaceSecurityTokenHeader(request, TemporaryCredentials.class.cast(current));
|
||||
}
|
||||
String signature = calculateSignature(createStringToSign(request));
|
||||
request = replaceAuthorizationHeader(request, signature);
|
||||
utils.logRequest(signatureLog, request, "<<");
|
||||
return request;
|
||||
}
|
||||
|
||||
HttpRequest replaceSecurityTokenHeader(HttpRequest request, TemporaryCredentials current) {
|
||||
return request.toBuilder().replaceHeader("x-amz-security-token", current.getSessionToken()).build();
|
||||
}
|
||||
|
||||
HttpRequest replaceAuthorizationHeader(HttpRequest request, String signature) {
|
||||
request = request.toBuilder()
|
||||
.replaceHeader(HttpHeaders.AUTHORIZATION, authTag + " " + creds.get().identity + ":" + signature).build();
|
||||
|
|
|
@ -0,0 +1,94 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.s3.filters;
|
||||
|
||||
import static org.jclouds.reflect.Reflection2.method;
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import org.jclouds.ContextBuilder;
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
import org.jclouds.date.TimeStamp;
|
||||
import org.jclouds.date.internal.SimpleDateFormatDateService;
|
||||
import org.jclouds.domain.Credentials;
|
||||
import org.jclouds.http.HttpRequest;
|
||||
import org.jclouds.logging.config.NullLoggingModule;
|
||||
import org.jclouds.reflect.Invocation;
|
||||
import org.jclouds.rest.ConfiguresRestClient;
|
||||
import org.jclouds.rest.internal.BaseRestApiTest.MockModule;
|
||||
import org.jclouds.rest.internal.GeneratedHttpRequest;
|
||||
import org.jclouds.s3.S3AsyncClient;
|
||||
import org.jclouds.s3.S3Client;
|
||||
import org.jclouds.s3.config.S3RestClientModule;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import com.google.common.base.Supplier;
|
||||
import com.google.common.base.Suppliers;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.inject.Injector;
|
||||
import com.google.inject.Module;
|
||||
|
||||
/**
|
||||
* Tests behavior of {@code RequestAuthorizeSignature}
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
|
||||
@Test(groups = "unit", testName = "RequestAuthorizeSignatureWithTemporaryCredentialsTest")
|
||||
public class RequestAuthorizeSignatureWithTemporaryCredentialsTest {
|
||||
public static Injector injector(Credentials creds) {
|
||||
return ContextBuilder.newBuilder("s3")
|
||||
.credentialsSupplier(Suppliers.<Credentials> ofInstance(creds))
|
||||
.modules(ImmutableList.<Module> of(new MockModule(), new NullLoggingModule(), new TestS3RestClientModule())).buildInjector();
|
||||
}
|
||||
|
||||
@ConfiguresRestClient
|
||||
private static final class TestS3RestClientModule extends S3RestClientModule<S3Client, S3AsyncClient> {
|
||||
|
||||
@Override
|
||||
protected String provideTimeStamp(@TimeStamp Supplier<String> cache) {
|
||||
return "2009-11-08T15:54:08.897Z";
|
||||
}
|
||||
}
|
||||
|
||||
public static RequestAuthorizeSignature filter(Credentials creds) {
|
||||
return injector(creds).getInstance(RequestAuthorizeSignature.class);
|
||||
}
|
||||
|
||||
TemporaryCredentials temporaryCredentials = TemporaryCredentials.builder()
|
||||
.accessKeyId("AKIAIOSFODNN7EXAMPLE")
|
||||
.secretAccessKey("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
|
||||
.sessionToken("AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT")
|
||||
.expiration(new SimpleDateFormatDateService().iso8601DateParse("2011-07-11T19:55:29.611Z")).build();
|
||||
|
||||
Invocation invocation = Invocation.create(method(S3AsyncClient.class, "bucketExists", String.class),
|
||||
ImmutableList.<Object> of("foo"));
|
||||
|
||||
HttpRequest bucketFooExists = GeneratedHttpRequest.builder().method("GET")
|
||||
.invocation(invocation)
|
||||
.endpoint("https://foo.s3.amazonaws.com/?max-keys=0")
|
||||
.addHeader("Host", "foo.s3.amazonaws.com").build();
|
||||
|
||||
@Test
|
||||
void testAddsSecurityToken() {
|
||||
HttpRequest filtered = filter(temporaryCredentials).filter(bucketFooExists);
|
||||
assertEquals(filtered.getFirstHeaderOrNull("Authorization"),
|
||||
"AWS AKIAIOSFODNN7EXAMPLE:0fUhWTaRBcIvIAndg2C+5eLfE24=");
|
||||
assertEquals(filtered.getFirstHeaderOrNull("x-amz-security-token"), temporaryCredentials.getSessionToken());
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue