下面列出了com.amazonaws.services.s3.model.CryptoConfiguration#com.amazonaws.internal.StaticCredentialsProvider 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public AWSCredentialsProvider buildAWSCredentialsProvider(HiveConf hiveConf) {
checkArgument(hiveConf != null, "hiveConf cannot be null.");
String accessKey = hiveConf.get(AWS_ACCESS_KEY_CONF_VAR);
String secretKey = hiveConf.get(AWS_SECRET_KEY_CONF_VAR);
String sessionToken = hiveConf.get(AWS_SESSION_TOKEN_CONF_VAR);
checkArgument(accessKey != null, AWS_ACCESS_KEY_CONF_VAR + " must be set.");
checkArgument(secretKey != null, AWS_SECRET_KEY_CONF_VAR + " must be set.");
checkArgument(sessionToken != null, AWS_SESSION_TOKEN_CONF_VAR + " must be set.");
AWSSessionCredentials credentials = new BasicSessionCredentials(accessKey, secretKey, sessionToken);
return new StaticCredentialsProvider(credentials);
}
@Test
public void testKeysCredentialsProvider() throws Throwable {
final TestRunner runner = TestRunners.newTestRunner(FetchS3Object.class);
final AWSCredentialsProviderControllerService serviceImpl = new AWSCredentialsProviderControllerService();
runner.addControllerService("awsCredentialsProvider", serviceImpl);
runner.setProperty(serviceImpl, AbstractAWSProcessor.ACCESS_KEY, "awsAccessKey");
runner.setProperty(serviceImpl, AbstractAWSProcessor.SECRET_KEY, "awsSecretKey");
runner.enableControllerService(serviceImpl);
runner.assertValid(serviceImpl);
final AWSCredentialsProviderService service = (AWSCredentialsProviderService) runner.getProcessContext()
.getControllerServiceLookup().getControllerService("awsCredentialsProvider");
Assert.assertNotNull(service);
final AWSCredentialsProvider credentialsProvider = service.getCredentialsProvider();
Assert.assertNotNull(credentialsProvider);
assertEquals("credentials provider should be equal", StaticCredentialsProvider.class,
credentialsProvider.getClass());
}
/**
* <p> Gets the {@link AWSCredentialsProvider} based on the credentials in the given parameters. </p> <p> Returns {@link DefaultAWSCredentialsProviderChain}
* if either access or secret key is {@code null}. Otherwise returns a {@link StaticCredentialsProvider} with the credentials. </p>
*
* @param params - Access parameters
*
* @return AWS credentials provider implementation
*/
private AWSCredentialsProvider getAWSCredentialsProvider(S3FileTransferRequestParamsDto params)
{
List<AWSCredentialsProvider> providers = new ArrayList<>();
String accessKey = params.getAwsAccessKeyId();
String secretKey = params.getAwsSecretKey();
if (accessKey != null && secretKey != null)
{
providers.add(new StaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)));
}
for (HerdAWSCredentialsProvider herdAWSCredentialsProvider : params.getAdditionalAwsCredentialsProviders())
{
providers.add(new HerdAwsCredentialsProviderWrapper(herdAWSCredentialsProvider));
}
providers.add(new DefaultAWSCredentialsProviderChain());
return new AWSCredentialsProviderChain(providers.toArray(new AWSCredentialsProvider[providers.size()]));
}
@Test
public void testCredentialsProviderControllerService() throws InitializationException {
final AWSCredentialsProviderControllerService credsService = new AWSCredentialsProviderControllerService();
runner.addControllerService("awsCredentialsProvider", credsService);
runner.setProperty(credsService, AbstractAWSProcessor.ACCESS_KEY, "awsAccessKey");
runner.setProperty(credsService, AbstractAWSProcessor.SECRET_KEY, "awsSecretKey");
runner.enableControllerService(credsService);
runner.setProperty(AbstractAWSCredentialsProviderProcessor.AWS_CREDENTIALS_PROVIDER_SERVICE, "awsCredentialsProvider");
runner.assertValid();
runner.run(1);
assertEquals(StaticCredentialsProvider.class, awsCredentialsProvider.getClass());
assertNull(awsCredentials);
}
@Test
public void testKeysCredentialsProvider() throws Throwable {
final TestRunner runner = TestRunners.newTestRunner(FetchS3Object.class);
final AWSCredentialsProviderControllerService serviceImpl = new AWSCredentialsProviderControllerService();
runner.addControllerService("awsCredentialsProvider", serviceImpl);
runner.setProperty(serviceImpl, AbstractAWSProcessor.ACCESS_KEY, "awsAccessKey");
runner.setProperty(serviceImpl, AbstractAWSProcessor.SECRET_KEY, "awsSecretKey");
runner.enableControllerService(serviceImpl);
runner.assertValid(serviceImpl);
final AWSCredentialsProviderService service = (AWSCredentialsProviderService) runner.getProcessContext()
.getControllerServiceLookup().getControllerService("awsCredentialsProvider");
Assert.assertNotNull(service);
final AWSCredentialsProvider credentialsProvider = service.getCredentialsProvider();
Assert.assertNotNull(credentialsProvider);
assertEquals("credentials provider should be equal", StaticCredentialsProvider.class,
credentialsProvider.getClass());
}
@Override
public AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor, String> properties) {
String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY);
BasicAWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
return new StaticCredentialsProvider(creds);
}
@Test
public void testAccessKeyPairCredentials() throws Throwable {
final TestRunner runner = TestRunners.newTestRunner(MockAWSProcessor.class);
runner.setProperty(CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS, "false");
runner.setProperty(CredentialPropertyDescriptors.ACCESS_KEY, "BogusAccessKey");
runner.setProperty(CredentialPropertyDescriptors.SECRET_KEY, "BogusSecretKey");
runner.assertValid();
Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
Assert.assertNotNull(credentialsProvider);
assertEquals("credentials provider should be equal", StaticCredentialsProvider.class,
credentialsProvider.getClass());
}
@Deprecated
public Map<String, Profile> getAllProfiles() {
Map<String, Profile> legacyProfiles = new HashMap<String, Profile>();
for (Map.Entry<String, BasicProfile> entry : getAllBasicProfiles().entrySet()) {
final String profileName = entry.getKey();
legacyProfiles.put(profileName,
new Profile(profileName, entry.getValue().getProperties(),
new StaticCredentialsProvider(
getCredentials(profileName))));
}
return legacyProfiles;
}
public Profile(String profileName, AWSCredentials awsCredentials) {
Map<String, String> properties = new LinkedHashMap<String, String>();
properties.put(ProfileKeyConstants.AWS_ACCESS_KEY_ID, awsCredentials.getAWSAccessKeyId());
properties.put(ProfileKeyConstants.AWS_SECRET_ACCESS_KEY, awsCredentials.getAWSSecretKey());
if (awsCredentials instanceof AWSSessionCredentials) {
AWSSessionCredentials sessionCred = (AWSSessionCredentials)awsCredentials;
properties.put(ProfileKeyConstants.AWS_SESSION_TOKEN, sessionCred.getSessionToken());
}
this.profileName = profileName;
this.properties = properties;
this.awsCredentials = new StaticCredentialsProvider(awsCredentials);
}
@Override
public AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor, String> properties) {
String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY);
BasicAWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
return new StaticCredentialsProvider(creds);
}
@Test
public void testAccessKeyPairCredentials() throws Throwable {
final TestRunner runner = TestRunners.newTestRunner(MockAWSProcessor.class);
runner.setProperty(CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS, "false");
runner.setProperty(CredentialPropertyDescriptors.ACCESS_KEY, "BogusAccessKey");
runner.setProperty(CredentialPropertyDescriptors.SECRET_KEY, "BogusSecretKey");
runner.assertValid();
Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
Assert.assertNotNull(credentialsProvider);
assertEquals("credentials provider should be equal", StaticCredentialsProvider.class,
credentialsProvider.getClass());
}
static AWSCredentialsProvider buildCredentials(Logger logger, Ec2ClientSettings clientSettings) {
final AWSCredentials credentials = clientSettings.credentials;
if (credentials == null) {
logger.debug("Using either environment variables, system properties or instance profile credentials");
return new DefaultAWSCredentialsProviderChain();
} else {
logger.debug("Using basic key/secret credentials");
return new StaticCredentialsProvider(credentials);
}
}
@Override
public AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor, String> properties) {
AnonymousAWSCredentials creds = new AnonymousAWSCredentials();
return new StaticCredentialsProvider(creds);
}
public static FixedStashReader getInstance(URI stashRoot, String accessKey, String secretKey) {
return getInstance(stashRoot, new StaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)));
}
public static StandardStashReader getInstance(URI stashRoot, String accessKey, String secretKey) {
return getInstance(stashRoot, new StaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)), null);
}
public static StandardStashReader getInstance(URI stashRoot, String accessKey, String secretKey,
ClientConfiguration s3Config) {
return getInstance(stashRoot, new StaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)), s3Config);
}
/**
* Test case given in AWS Signing Test Suite (http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html)
* (get-vanilla.*)
* <p>
* GET / http/1.1
* Date:Mon, 09 Sep 2011 23:36:00 GMT
* Host:host.foo.com
*
* @throws Exception
*/
@Test
public void testGetVanilla() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "host";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2011, 9, 9, 23, 36, 0);
// weird date : 09 Sep 2011 is a friday, not a monday
String date = "Mon, 09 Sep 2011 23:36:00 GMT";
// HTTP request
String host = "host.foo.com";
String uri = "/";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Date", date)
.put("Host", host + ":80")
.build();
Optional<byte[]> payload = Optional.absent();
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
String expectedSignature = "b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470";
String expectedAuthorizationHeader = format(
"AWS4-HMAC-SHA256 Credential=%s/20110909/%s/%s/aws4_request, SignedHeaders=date;host, Signature=%s",
awsAccessKey, region, service, expectedSignature
);
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
assertThat(caseInsensitiveSignedHeaders).containsKey("Host");
assertThat(caseInsensitiveSignedHeaders.get("Host")).isEqualTo(host);
assertThat(caseInsensitiveSignedHeaders).containsKey("Date");
assertThat(caseInsensitiveSignedHeaders.get("Date")).isEqualTo(date);
assertThat(caseInsensitiveSignedHeaders).doesNotContainKey("X-Amz-Date");
}
/**
* Test case given in AWS Signing Test Suite (http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html)
* (post-vanilla-query.*)
* <p>
* POST /?foo=bar http/1.1
* Date:Mon, 09 Sep 2011 23:36:00 GMT
* Host:host.foo.com
*
* @throws Exception
*/
@Test
public void testPostVanillaQuery() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "host";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2011, 9, 9, 23, 36, 0);
// weird date : 09 Sep 2011 is a friday, not a monday
String date = "Mon, 09 Sep 2011 23:36:00 GMT";
// HTTP request
String host = "host.foo.com";
String uri = "/";
String method = "POST";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.put("foo", "bar")
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Date", date)
.put("Host", host)
.build();
Optional<byte[]> payload = Optional.absent();
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
String expectedSignature = "b6e3b79003ce0743a491606ba1035a804593b0efb1e20a11cba83f8c25a57a92";
String expectedAuthorizationHeader = format(
"AWS4-HMAC-SHA256 Credential=%s/20110909/%s/%s/aws4_request, SignedHeaders=date;host, Signature=%s",
awsAccessKey, region, service, expectedSignature
);
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
assertThat(caseInsensitiveSignedHeaders).containsKey("Host");
assertThat(caseInsensitiveSignedHeaders.get("Host")).isEqualTo(host);
assertThat(caseInsensitiveSignedHeaders).containsKey("Date");
assertThat(caseInsensitiveSignedHeaders.get("Date")).isEqualTo(date);
assertThat(caseInsensitiveSignedHeaders).doesNotContainKey("X-Amz-Date");
}
/**
* Test case for signing an index request with an encodable id
*
* @throws Exception
*/
@Test
public void testPostEncodeableId() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "service";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2015, 8, 30, 12, 36, 0);
String date = "20150830T123600Z";
// HTTP request
String host = "example.amazonaws.com";
String uri = "/index_name/type_name/[email protected]";
String method = "PUT";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("X-Amz-Date", date)
.put("Host", host)
.build();
String body = "{\n"
+ " \"user\" : \"kimchy\",\n"
+ " \"post_date\" : \"2009-11-15T14:12:12\",\n"
+ " \"message\" : \"trying out Elasticsearch\"\n"
+ "}";
Optional<byte[]> payload = Optional.of(body.getBytes("utf-8"));
String expectedAuthorizationHeader = SkdSignerUtil.getExpectedAuthorizationHeader(
new SkdSignerUtil.Request()
.setServiceName(service)
.setRegion(region)
.setDate( new SimpleDateFormat("yyyyMMdd'T'HHmmssXXX").parse(date))
.setHost(host)
.setUri(uri)
.setHttpMethod(method)
.setHeaders(headers)
.setQueryParams(queryParams)
.setCredentialsProvider(awsCredentialsProvider)
.setBody(body)
);
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
}
/**
* Test case for signing an index request with an encodable id
*
* @throws Exception
*/
@Test
public void testPostEncodedId() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "service";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2015, 8, 30, 12, 36, 0);
String date = "20150830T123600Z";
// HTTP request
String host = "example.amazonaws.com";
String uri = "/index_name/type_name/joe%40example.com";
String method = "PUT";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("X-Amz-Date", date)
.put("Host", host)
.build();
String body = "{\n"
+ " \"user\" : \"kimchy\",\n"
+ " \"post_date\" : \"2009-11-15T14:12:12\",\n"
+ " \"message\" : \"trying out Elasticsearch\"\n"
+ "}";
Optional<byte[]> payload = Optional.of(body.getBytes("utf-8"));
String expectedAuthorizationHeader = SkdSignerUtil.getExpectedAuthorizationHeader(
new SkdSignerUtil.Request()
.setServiceName(service)
.setRegion(region)
.setDate( new SimpleDateFormat("yyyyMMdd'T'HHmmssXXX").parse(date))
.setHost(host)
.setUri(uri)
.setHttpMethod(method)
.setHeaders(headers)
.setQueryParams(queryParams)
.setCredentialsProvider(awsCredentialsProvider)
.setBody(body)
);
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
}
@Test
public void testGetVanillaWithoutDateHeader() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "host";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2011, 9, 9, 23, 36, 0);
// weird date : 09 Sep 2011 is a friday, not a monday
String date = "20110909T233600Z";
// HTTP request
String host = "host.foo.com";
String uri = "/";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Host", host)
.build();
Optional<byte[]> payload = Optional.absent();
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
String expectedSignature = "904f8c568bca8bd2618b9241a7f2a8d90f279e717fd0f6727af189668b040151";
String expectedAuthorizationHeader = format(
"AWS4-HMAC-SHA256 Credential=%s/20110909/%s/%s/aws4_request, SignedHeaders=host;x-amz-date, Signature=%s",
awsAccessKey, region, service, expectedSignature
);
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
assertThat(caseInsensitiveSignedHeaders).containsKey("Host");
assertThat(caseInsensitiveSignedHeaders.get("Host")).isEqualTo(host);
assertThat(caseInsensitiveSignedHeaders).containsKey("X-Amz-Date");
assertThat(caseInsensitiveSignedHeaders.get("X-Amz-Date")).isEqualTo(date);
assertThat(caseInsensitiveSignedHeaders).doesNotContainKey("Date");
}
@Test
public void testGetVanillaWithTempCreds() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
String sessionToken = "AKIDEXAMPLESESSION";
AWSCredentials credentials = new BasicSessionCredentials(awsAccessKey, awsSecretKey, sessionToken);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "host";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2011, 9, 9, 23, 36, 0);
// weird date : 09 Sep 2011 is a friday, not a monday
String date = "Mon, 09 Sep 2011 23:36:00 GMT";
// HTTP request
String host = "host.foo.com";
String uri = "/";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Date", date)
.put("Host", host)
.build();
Optional<byte[]> payload = Optional.absent();
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
String expectedSignature = "43abd9e63c148feb91c43fe2c9734eb44b7eb16078d484d3ff9b6249b62fdc60";
String expectedAuthorizationHeader = format(
"AWS4-HMAC-SHA256 Credential=%s/20110909/%s/%s/aws4_request, SignedHeaders=date;host;x-amz-security-token, Signature=%s",
awsAccessKey, region, service, expectedSignature
);
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
assertThat(caseInsensitiveSignedHeaders).containsKey("Host");
assertThat(caseInsensitiveSignedHeaders.get("Host")).isEqualTo(host);
assertThat(caseInsensitiveSignedHeaders).containsKey("Date");
assertThat(caseInsensitiveSignedHeaders.get("Date")).isEqualTo(date);
assertThat(caseInsensitiveSignedHeaders).doesNotContainKey("X-Amz-Date");
assertThat(caseInsensitiveSignedHeaders).containsKey("X-Amz-Security-Token");
assertThat(caseInsensitiveSignedHeaders.get("X-Amz-Security-Token")).isEqualTo(sessionToken);
}
@Test
public void testGetVanillaBase64QueryParam() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "host";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2011, 9, 9, 23, 36, 0);
// weird date : 09 Sep 2011 is a friday, not a monday
String date = "Mon, 09 Sep 2011 23:36:00 GMT";
// HTTP request
String host = "host.foo.com";
String uri = "/";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.put("scrollId", "dGVzdA===")
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Date", date)
.put("Host", host + ":80")
.build();
Optional<byte[]> payload = Optional.absent();
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
String expectedSignature = "ebec182ae6456633a8fecbd2737e60d6aec6b0da9cfa5731457e71edec83fde3";
String expectedAuthorizationHeader = format(
"AWS4-HMAC-SHA256 Credential=%s/20110909/%s/%s/aws4_request, SignedHeaders=date;host, Signature=%s",
awsAccessKey, region, service, expectedSignature
);
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
assertThat(caseInsensitiveSignedHeaders).containsKey("Host");
assertThat(caseInsensitiveSignedHeaders.get("Host")).isEqualTo(host);
assertThat(caseInsensitiveSignedHeaders).containsKey("Date");
assertThat(caseInsensitiveSignedHeaders.get("Date")).isEqualTo(date);
assertThat(caseInsensitiveSignedHeaders).doesNotContainKey("X-Amz-Date");
}
@Test
public void testGetQueryParamWithAsterisks() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "host";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2011, 9, 9, 23, 36, 0);
// weird date : 09 Sep 2011 is a friday, not a monday
String date = "Mon, 09 Sep 2011 23:36:00 GMT";
// HTTP request
String host = "host.foo.com";
String uri = "/";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.put("_query", "ben*")
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Date", date)
.put("Host", host + ":80")
.build();
Optional<byte[]> payload = Optional.absent();
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
// The signature must match the expected signature
String expectedSignature = "b108a8b23c3a760dc3b197ec480b20d9c9e210f4a389077f5721e458e30350bf";
String expectedAuthorizationHeader = format(
"AWS4-HMAC-SHA256 Credential=%s/20110909/%s/%s/aws4_request, SignedHeaders=date;host, Signature=%s",
awsAccessKey, region, service, expectedSignature
);
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
assertThat(caseInsensitiveSignedHeaders).containsKey("Host");
assertThat(caseInsensitiveSignedHeaders.get("Host")).isEqualTo(host);
assertThat(caseInsensitiveSignedHeaders).containsKey("Date");
assertThat(caseInsensitiveSignedHeaders.get("Date")).isEqualTo(date);
assertThat(caseInsensitiveSignedHeaders).doesNotContainKey("X-Amz-Date");
}
/**
* Test case given in AWS Signing Test Suite (http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html)
* (get-utf8.*)
* <p>
* GET /ሴ HTTP/1.1
* Host:example.amazonaws.com
* X-Amz-Date:20150830T123600Z
*
* @throws Exception
*/
@Test
public void testGetUtf8() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "service";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2015, 8, 30, 12, 36, 0);
String date = "20150830T123600Z";
// HTTP request
String host = "example.amazonaws.com";
String uri = "/ሴ";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Host", host)
.put("X-Amz-Date", date)
.build();
Optional<byte[]> payload = Optional.absent();
String expectedAuthorizationHeader = "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=8318018e0b0f223aa2bbf98705b62bb787dc9c0e678f255a891fd03141be5d85";
// WHEN
// The request is signed
AWSSigner signer = new AWSSigner(awsCredentialsProvider, region, service, clock);
Map<String, Object> signedHeaders = signer.getSignedHeaders(uri, method, queryParams, headers, payload);
// THEN
TreeMap<String, Object> caseInsensitiveSignedHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveSignedHeaders.putAll(signedHeaders);
assertThat(caseInsensitiveSignedHeaders).containsKey("Authorization");
assertThat(caseInsensitiveSignedHeaders.get("Authorization")).isEqualTo(expectedAuthorizationHeader);
}
/**
* Test case given in AWS Signing Test Suite (http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html)
* (get-utf8.*)
* <p>
* GET /ሴ HTTP/1.1
* Host:example.amazonaws.com
* X-Amz-Date:20150830T123600Z
*
* @throws Exception
*/
@Test
public void testGetUtf8() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "service";
// Date
String date = "20150830T123600Z";
// HTTP request
String host = "example.amazonaws.com";
String uri = "/ሴ";
String method = "GET";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("Host", host)
.put("X-Amz-Date", date)
.build();
// expected auth header as per test suite
String expectedAuthorizationHeader = "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=8318018e0b0f223aa2bbf98705b62bb787dc9c0e678f255a891fd03141be5d85";
// WHEN
// The request is signed
String actualAuthorizationHeader = SkdSignerUtil.getExpectedAuthorizationHeader(
new SkdSignerUtil.Request()
.setServiceName(service)
.setRegion(region)
.setDate( new SimpleDateFormat("yyyyMMdd'T'HHmmssXXX").parse(date))
.setHost(host)
.setUri(uri)
.setHttpMethod(method)
.setHeaders(headers)
.setCredentialsProvider(awsCredentialsProvider)
);
// THEN
assertEquals("Header does not match", expectedAuthorizationHeader, actualAuthorizationHeader);
}
/**
* Test case given in AWS Signing Test Suite (http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html)
* (post-vanilla-query.*)
*
* POST /?Param1=value1 HTTP/1.1
* Host:example.amazonaws.com
* X-Amz-Date:20150830T123600Z
*
* @throws Exception
*/
@Test
public void testPostVanillaQuery() throws Exception {
// GIVEN
// Credentials
String awsAccessKey = "AKIDEXAMPLE";
String awsSecretKey = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
AWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey);
AWSCredentialsProvider awsCredentialsProvider = new StaticCredentialsProvider(credentials);
String region = "us-east-1";
String service = "service";
// Date
Supplier<LocalDateTime> clock = () -> LocalDateTime.of(2015, 8, 30, 12, 36, 0);
String date = "20150830T123600Z";
// HTTP request
String host = "example.amazonaws.com";
String uri = "/";
String method = "POST";
Multimap<String, String> queryParams = ImmutableListMultimap.<String, String>builder()
.put("Param1", "value1")
.build();
Map<String, Object> headers = ImmutableMap.<String, Object>builder()
.put("X-Amz-Date", date)
.put("Host", host)
.build();
Optional<byte[]> payload = Optional.absent();
// expected auth header as per test suite
String expectedAuthorizationHeader = "AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;x-amz-date, Signature=28038455d6de14eafc1f9222cf5aa6f1a96197d7deb8263271d420d138af7f11";
// WHEN
// The request is signed
String actualAuthorizationHeader = SkdSignerUtil.getExpectedAuthorizationHeader(
new SkdSignerUtil.Request()
.setServiceName(service)
.setRegion(region)
.setDate( new SimpleDateFormat("yyyyMMdd'T'HHmmssXXX").parse(date))
.setHost(host)
.setUri(uri)
.setHttpMethod(method)
.setHeaders(headers)
.setQueryParams(queryParams)
.setCredentialsProvider(awsCredentialsProvider)
);
// THEN
assertEquals("Header does not match", expectedAuthorizationHeader, actualAuthorizationHeader);
}
@Test
public void testGetAWSCredentialsProviderAssertStaticCredentialsSet()
{
S3Operations originalS3Operations = (S3Operations) ReflectionTestUtils.getField(s3Dao, "s3Operations");
S3Operations mockS3Operations = mock(S3Operations.class);
ReflectionTestUtils.setField(s3Dao, "s3Operations", mockS3Operations);
try
{
String s3BucketName = "s3BucketName";
String s3KeyPrefix = "s3KeyPrefix";
String s3AccessKey = "s3AccessKey";
String s3SecretKey = "s3SecretKey";
S3FileTransferRequestParamsDto s3FileTransferRequestParamsDto = new S3FileTransferRequestParamsDto();
s3FileTransferRequestParamsDto.setS3BucketName(s3BucketName);
s3FileTransferRequestParamsDto.setS3KeyPrefix(s3KeyPrefix);
s3FileTransferRequestParamsDto.setAwsAccessKeyId(s3AccessKey);
s3FileTransferRequestParamsDto.setAwsSecretKey(s3SecretKey);
when(mockS3Operations.putObject(any(), any())).then(new Answer<PutObjectResult>()
{
@SuppressWarnings("unchecked")
@Override
public PutObjectResult answer(InvocationOnMock invocation) throws Throwable
{
AmazonS3Client amazonS3Client = invocation.getArgument(1);
AWSCredentialsProviderChain awsCredentialsProviderChain =
(AWSCredentialsProviderChain) ReflectionTestUtils.getField(amazonS3Client, "awsCredentialsProvider");
List<AWSCredentialsProvider> credentialsProviders =
(List<AWSCredentialsProvider>) ReflectionTestUtils.getField(awsCredentialsProviderChain, "credentialsProviders");
// Expect 2 providers: the static provider, and the default provider
assertEquals(2, credentialsProviders.size());
// Only verify the static value
assertEquals(StaticCredentialsProvider.class, credentialsProviders.get(0).getClass());
StaticCredentialsProvider staticCredentialsProvider = (StaticCredentialsProvider) credentialsProviders.get(0);
assertEquals(s3AccessKey, staticCredentialsProvider.getCredentials().getAWSAccessKeyId());
assertEquals(s3SecretKey, staticCredentialsProvider.getCredentials().getAWSSecretKey());
return new PutObjectResult();
}
});
s3Dao.createDirectory(s3FileTransferRequestParamsDto);
}
finally
{
ReflectionTestUtils.setField(s3Dao, "s3Operations", originalS3Operations);
}
}
public ProfileStaticCredentialsProvider(BasicProfile profile) {
this.profile = profile;
this.credentialsProvider = new StaticCredentialsProvider(fromStaticCredentials());
}
@Override
public AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor, String> properties) {
AnonymousAWSCredentials creds = new AnonymousAWSCredentials();
return new StaticCredentialsProvider(creds);
}