fixed bug in STS query signing

This commit is contained in:
adriancole 2013-01-21 14:07:02 -08:00
parent 6ab1e06388
commit c6bab1e2df
4 changed files with 13 additions and 13 deletions

View File

@ -25,6 +25,7 @@ import java.util.Date;
import org.jclouds.domain.Credentials;
import com.google.common.base.Objects;
import com.google.common.base.Supplier;
/**
* AWS credentials for API authentication.
@ -173,5 +174,4 @@ public final class TemporaryCredentials extends Credentials {
return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken)
.add("expiration", expiration).toString();
}
}

View File

@ -26,7 +26,7 @@ import static com.google.common.io.BaseEncoding.base64;
import static com.google.common.io.ByteStreams.readBytes;
import static org.jclouds.aws.reference.FormParameters.ACTION;
import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE;
import static org.jclouds.aws.reference.FormParameters.*;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION;
import static org.jclouds.aws.reference.FormParameters.TIMESTAMP;
@ -115,18 +115,10 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
String signature = sign(stringToSign);
addSignature(decodedParams, signature);
request = setPayload(request, decodedParams);
Credentials current = creds.get();
if (current instanceof TemporaryCredentials) {
request = replaceSecurityTokenHeader(request, TemporaryCredentials.class.cast(current));
}
utils.logRequest(signatureLog, request, "<<");
return request;
}
HttpRequest replaceSecurityTokenHeader(HttpRequest request, TemporaryCredentials current) {
return request.toBuilder().replaceHeader("SecurityToken", current.getSessionToken()).build();
}
HttpRequest setPayload(HttpRequest request, Multimap<String, String> decodedParams) {
String queryLine = buildQueryLine(decodedParams);
request.setPayload(queryLine);
@ -211,11 +203,16 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
@VisibleForTesting
void addSigningParams(Multimap<String, String> params) {
params.removeAll(SIGNATURE);
params.removeAll(SECURITY_TOKEN);
Credentials current = creds.get();
if (current instanceof TemporaryCredentials) {
params.put(SECURITY_TOKEN, TemporaryCredentials.class.cast(current).getSessionToken());
}
params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256"));
params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2"));
params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get()));
params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity));
params.removeAll(SIGNATURE);
}
public String createStringToSign(HttpRequest input) {

View File

@ -59,6 +59,10 @@ public interface FormParameters {
* Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA=
*/
public static final String SIGNATURE = "Signature";
/**
* Temporary access token.
*/
public static final String SECURITY_TOKEN = "SecurityToken";
/**
* The hash algorithm you use to create the request signature. Valid values: HmacSHA256 |
* HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide.

View File

@ -87,8 +87,7 @@ public class FormSignerTest {
HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request);
assertEquals(
filtered.getPayload().getRawContent(),
"Action=DescribeImages&ImageId.1=ami-2bb65342&Signature=waV%2B%2BIdRwHRlnK2126CqgHHd4FZb%2B5wAeRueidjFc/M%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE");
assertEquals(filtered.getFirstHeaderOrNull("SecurityToken"), "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT");
"Action=DescribeImages&ImageId.1=ami-2bb65342&SecurityToken=AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT&Signature=/8ReFVH1tvyNORsJb%2BSBieT9zvdqREQQr/olwmxC7VY%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE");
}
@Test