forked from aws/aws-sdk-java
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathS3QueryStringSigner.java
More file actions
86 lines (71 loc) · 3.28 KB
/
S3QueryStringSigner.java
File metadata and controls
86 lines (71 loc) · 3.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/*
* Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.s3.internal;
import java.util.Date;
import com.amazonaws.AmazonClientException;
import com.amazonaws.Request;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.AbstractAWSSigner;
import com.amazonaws.auth.SigningAlgorithm;
public class S3QueryStringSigner<T> extends AbstractAWSSigner {
/**
* The HTTP verb (GET, PUT, HEAD, DELETE) the request to sign
* is using.
*
* TODO: We need to know the HTTP verb in order to
* create the authentication signature, but we don't
* have easy access to it through the request object.
*
* Maybe it'd be better for the S3 signer (or all signers?)
* to work directly off of the HttpRequest instead of
* the Request object?
*/
private final String httpVerb;
/**
* The canonical resource path portion of the S3 string to sign.
* Examples: "/", "/<bucket name>/", or "/<bucket name>/<key>"
*
* TODO: We don't want to hold the resource path as member data in the S3
* signer, but we need access to it and can't get it through the
* request yet.
*/
private final String resourcePath;
private final Date expiration;
public S3QueryStringSigner(String httpVerb, String resourcePath, Date expiration) {
this.httpVerb = httpVerb;
this.resourcePath = resourcePath;
this.expiration = expiration;
if (resourcePath == null)
throw new IllegalArgumentException("Parameter resourcePath is empty");
}
public void sign(Request<?> request, AWSCredentials credentials) throws AmazonClientException {
AWSCredentials sanitizedCredentials = sanitizeCredentials(credentials);
if ( sanitizedCredentials instanceof AWSSessionCredentials ) {
addSessionCredentials(request, (AWSSessionCredentials) sanitizedCredentials);
}
String expirationInSeconds = Long.toString(expiration.getTime() / 1000L);
String canonicalString = RestUtils.makeS3CanonicalString(
httpVerb, resourcePath, request, expirationInSeconds);
String signature = super.signAndBase64Encode(canonicalString, sanitizedCredentials.getAWSSecretKey(), SigningAlgorithm.HmacSHA1);
request.addParameter("AWSAccessKeyId", sanitizedCredentials.getAWSAccessKeyId());
request.addParameter("Expires", expirationInSeconds);
request.addParameter("Signature", signature);
}
@Override
protected void addSessionCredentials(Request<?> request, AWSSessionCredentials credentials) {
request.addParameter("x-amz-security-token", credentials.getSessionToken());
}
}