diff --git a/common/aws/src/main/java/org/jclouds/aws/domain/TemporaryCredentials.java b/common/aws/src/main/java/org/jclouds/aws/domain/TemporaryCredentials.java index 73ff43b149..57f8d58f36 100644 --- a/common/aws/src/main/java/org/jclouds/aws/domain/TemporaryCredentials.java +++ b/common/aws/src/main/java/org/jclouds/aws/domain/TemporaryCredentials.java @@ -25,6 +25,7 @@ import java.util.Date; import org.jclouds.domain.Credentials; import com.google.common.base.Objects; +import com.google.common.base.Supplier; /** * AWS credentials for API authentication. @@ -173,5 +174,4 @@ public final class TemporaryCredentials extends Credentials { return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken) .add("expiration", expiration).toString(); } - } diff --git a/common/aws/src/main/java/org/jclouds/aws/filters/FormSigner.java b/common/aws/src/main/java/org/jclouds/aws/filters/FormSigner.java index 76e9b716ce..c1f45b590d 100644 --- a/common/aws/src/main/java/org/jclouds/aws/filters/FormSigner.java +++ b/common/aws/src/main/java/org/jclouds/aws/filters/FormSigner.java @@ -26,7 +26,7 @@ import static com.google.common.io.BaseEncoding.base64; import static com.google.common.io.ByteStreams.readBytes; import static org.jclouds.aws.reference.FormParameters.ACTION; import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID; -import static org.jclouds.aws.reference.FormParameters.SIGNATURE; +import static org.jclouds.aws.reference.FormParameters.*; import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD; import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION; import static org.jclouds.aws.reference.FormParameters.TIMESTAMP; @@ -115,17 +115,9 @@ public class FormSigner implements HttpRequestFilter, RequestSigner { String signature = sign(stringToSign); addSignature(decodedParams, signature); request = setPayload(request, decodedParams); - Credentials current = creds.get(); - if (current instanceof TemporaryCredentials) { - request = replaceSecurityTokenHeader(request, TemporaryCredentials.class.cast(current)); - } utils.logRequest(signatureLog, request, "<<"); return request; } - - HttpRequest replaceSecurityTokenHeader(HttpRequest request, TemporaryCredentials current) { - return request.toBuilder().replaceHeader("SecurityToken", current.getSessionToken()).build(); - } HttpRequest setPayload(HttpRequest request, Multimap decodedParams) { String queryLine = buildQueryLine(decodedParams); @@ -211,11 +203,16 @@ public class FormSigner implements HttpRequestFilter, RequestSigner { @VisibleForTesting void addSigningParams(Multimap params) { + params.removeAll(SIGNATURE); + params.removeAll(SECURITY_TOKEN); + Credentials current = creds.get(); + if (current instanceof TemporaryCredentials) { + params.put(SECURITY_TOKEN, TemporaryCredentials.class.cast(current).getSessionToken()); + } params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256")); params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2")); params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get())); params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity)); - params.removeAll(SIGNATURE); } public String createStringToSign(HttpRequest input) { diff --git a/common/aws/src/main/java/org/jclouds/aws/reference/FormParameters.java b/common/aws/src/main/java/org/jclouds/aws/reference/FormParameters.java index 7139f1f63d..b87b8094eb 100644 --- a/common/aws/src/main/java/org/jclouds/aws/reference/FormParameters.java +++ b/common/aws/src/main/java/org/jclouds/aws/reference/FormParameters.java @@ -59,6 +59,10 @@ public interface FormParameters { * Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA= */ public static final String SIGNATURE = "Signature"; + /** + * Temporary access token. + */ + public static final String SECURITY_TOKEN = "SecurityToken"; /** * The hash algorithm you use to create the request signature. Valid values: HmacSHA256 | * HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide. diff --git a/common/aws/src/test/java/org/jclouds/aws/filters/FormSignerTest.java b/common/aws/src/test/java/org/jclouds/aws/filters/FormSignerTest.java index 75a620e694..c91fe0b1b4 100644 --- a/common/aws/src/test/java/org/jclouds/aws/filters/FormSignerTest.java +++ b/common/aws/src/test/java/org/jclouds/aws/filters/FormSignerTest.java @@ -87,8 +87,7 @@ public class FormSignerTest { HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request); assertEquals( filtered.getPayload().getRawContent(), - "Action=DescribeImages&ImageId.1=ami-2bb65342&Signature=waV%2B%2BIdRwHRlnK2126CqgHHd4FZb%2B5wAeRueidjFc/M%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE"); - assertEquals(filtered.getFirstHeaderOrNull("SecurityToken"), "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT"); + "Action=DescribeImages&ImageId.1=ami-2bb65342&SecurityToken=AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT&Signature=/8ReFVH1tvyNORsJb%2BSBieT9zvdqREQQr/olwmxC7VY%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE"); } @Test