Apache
/
jclouds
mirror of https://github.com/apache/jclouds.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed bug in STS query signing

This commit is contained in:
adriancole 2013-01-21 14:07:02 -08:00
parent 6ab1e06388
commit c6bab1e2df
4 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/aws/src/main/java/org/jclouds/aws/domain/TemporaryCredentials.java
View File

@ -25,6 +25,7 @@ import java.util.Date;
import org.jclouds.domain.Credentials; import org.jclouds.domain.Credentials;
import com.google.common.base.Objects; import com.google.common.base.Objects;
import com.google.common.base.Supplier;
/** /**
* AWS credentials for API authentication. * AWS credentials for API authentication.
@ -173,5 +174,4 @@ public final class TemporaryCredentials extends Credentials {
return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken) return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken)
.add("expiration", expiration).toString(); .add("expiration", expiration).toString();
} }
} }

17
common/aws/src/main/java/org/jclouds/aws/filters/FormSigner.java
View File

@ -26,7 +26,7 @@ import static com.google.common.io.BaseEncoding.base64;
import static com.google.common.io.ByteStreams.readBytes; import static com.google.common.io.ByteStreams.readBytes;
import static org.jclouds.aws.reference.FormParameters.ACTION; import static org.jclouds.aws.reference.FormParameters.ACTION;
import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID; import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE; import static org.jclouds.aws.reference.FormParameters.*;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD; import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION; import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION;
import static org.jclouds.aws.reference.FormParameters.TIMESTAMP; import static org.jclouds.aws.reference.FormParameters.TIMESTAMP;
@ -115,18 +115,10 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
String signature = sign(stringToSign); String signature = sign(stringToSign);
addSignature(decodedParams, signature); addSignature(decodedParams, signature);
request = setPayload(request, decodedParams); request = setPayload(request, decodedParams);
Credentials current = creds.get();
if (current instanceof TemporaryCredentials) {
request = replaceSecurityTokenHeader(request, TemporaryCredentials.class.cast(current));
}
utils.logRequest(signatureLog, request, "<<"); utils.logRequest(signatureLog, request, "<<");
return request; return request;
} }
HttpRequest replaceSecurityTokenHeader(HttpRequest request, TemporaryCredentials current) {
return request.toBuilder().replaceHeader("SecurityToken", current.getSessionToken()).build();
}
HttpRequest setPayload(HttpRequest request, Multimap<String, String> decodedParams) { HttpRequest setPayload(HttpRequest request, Multimap<String, String> decodedParams) {
String queryLine = buildQueryLine(decodedParams); String queryLine = buildQueryLine(decodedParams);
request.setPayload(queryLine); request.setPayload(queryLine);
@ -211,11 +203,16 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
@VisibleForTesting @VisibleForTesting
void addSigningParams(Multimap<String, String> params) { void addSigningParams(Multimap<String, String> params) {
params.removeAll(SIGNATURE);
params.removeAll(SECURITY_TOKEN);
Credentials current = creds.get();
if (current instanceof TemporaryCredentials) {
params.put(SECURITY_TOKEN, TemporaryCredentials.class.cast(current).getSessionToken());
}
params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256")); params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256"));
params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2")); params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2"));
params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get())); params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get()));
params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity)); params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity));
params.removeAll(SIGNATURE);
} }
public String createStringToSign(HttpRequest input) { public String createStringToSign(HttpRequest input) {

4
common/aws/src/main/java/org/jclouds/aws/reference/FormParameters.java
View File

@ -59,6 +59,10 @@ public interface FormParameters {
* Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA= * Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA=
*/ */
public static final String SIGNATURE = "Signature"; public static final String SIGNATURE = "Signature";
/**
* Temporary access token.
*/
public static final String SECURITY_TOKEN = "SecurityToken";
/** /**
* The hash algorithm you use to create the request signature. Valid values: HmacSHA256 | * The hash algorithm you use to create the request signature. Valid values: HmacSHA256 |
* HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide. * HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide.

3
common/aws/src/test/java/org/jclouds/aws/filters/FormSignerTest.java
View File

@ -87,8 +87,7 @@ public class FormSignerTest {
HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request); HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request);
assertEquals( assertEquals(
filtered.getPayload().getRawContent(), filtered.getPayload().getRawContent(),
"Action=DescribeImages&ImageId.1=ami-2bb65342&Signature=waV%2B%2BIdRwHRlnK2126CqgHHd4FZb%2B5wAeRueidjFc/M%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE"); "Action=DescribeImages&ImageId.1=ami-2bb65342&SecurityToken=AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT&Signature=/8ReFVH1tvyNORsJb%2BSBieT9zvdqREQQr/olwmxC7VY%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE");
assertEquals(filtered.getFirstHeaderOrNull("SecurityToken"), "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT");
} }
@Test @Test