public HttpRequest sign(HttpRequest request) {
    // Grab the needed data to build the signature
    Multimap<String, String> canonicalizedHeadersMap = buildCanonicalizedHeadersMap(request);
    String canonicalizedHeadersString = buildCanonicalizedHeadersString(canonicalizedHeadersMap);
    String signedHeaders = buildSignedHeaders(canonicalizedHeadersMap);
    String date = request.getFirstHeaderOrNull(GlacierHeaders.ALTERNATE_DATE);
    String dateWithoutTimestamp = formatDateWithoutTimestamp(date);
    String method = request.getMethod();
    String endpoint = request.getEndpoint().getRawPath();
    String credentialScope = buildCredentialScope(dateWithoutTimestamp);
    HashCode hashedPayload = buildHashedPayload(request);

    // Task 1: Create a Canonical Request For Signature Version 4.
    HashCode hashedCanonicalRequest =
        buildHashedCanonicalRequest(
            method, endpoint, hashedPayload, canonicalizedHeadersString, signedHeaders);

    // Task 2: Create a String to Sign for Signature Version 4.
    String stringToSign = createStringToSign(date, credentialScope, hashedCanonicalRequest);

    // Task 3: Calculate the AWS Signature Version 4.
    String signature = buildSignature(dateWithoutTimestamp, stringToSign);

    // Sign the request
    String authHeader = buildAuthHeader(identity, credentialScope, signedHeaders, signature);
    request = request.toBuilder().replaceHeader(HttpHeaders.AUTHORIZATION, authHeader).build();
    return request;
  }
Ejemplo n.º 2
0
 @Override
 public HttpRequest filter(HttpRequest request) throws HttpException {
   return request
       .toBuilder()
       .replaceHeader(AuthHeaders.AUTH_TOKEN, authTokenProvider.get())
       .build();
 }
 private HttpRequest signForTemporaryAccess(HttpRequest request, long timeInSeconds) {
   // Update the 'DATE' header
   String dateString = request.getFirstHeaderOrNull(HttpHeaders.DATE);
   if (dateString == null) {
     dateString = timeStampProvider.get();
   }
   Date date = dateService.rfc1123DateParse(dateString);
   String expiration =
       String.valueOf(TimeUnit.MILLISECONDS.toSeconds(date.getTime()) + timeInSeconds);
   HttpRequest.Builder<?> builder =
       request.toBuilder().replaceHeader(HttpHeaders.DATE, expiration);
   String stringToSign = authSigner.createStringToSign(builder.build());
   // We MUST encode the signature because addQueryParam internally _always_ decodes values
   // and if we don't encode the signature here, the decoding may change the signature. For e.g.
   // any '+' characters in the signature will be converted to space ' ' on decoding.
   String signature = authSigner.sign(stringToSign);
   try {
     signature = URLEncoder.encode(signature, Charsets.UTF_8.name());
   } catch (UnsupportedEncodingException e) {
     throw new IllegalStateException("Bad encoding on input: " + signature, e);
   }
   HttpRequest ret =
       builder
           .addQueryParam(HttpHeaders.EXPIRES, expiration)
           .addQueryParam("AWSAccessKeyId", identity)
           // Signature MUST be the last parameter because if it isn't, even encoded '+' values in
           // the
           // signature will be converted to a space by a subsequent addQueryParameter.
           // See HttpRequestTest.testAddBase64AndUrlEncodedQueryParams for more details.
           .addQueryParam(TEMPORARY_SIGNATURE_PARAM, signature)
           .build();
   return ret;
 }
  public HttpRequest filter(HttpRequest input) throws HttpException {
    HttpRequest request =
        input.toBuilder().endpoint(input.getEndpoint().toString().replace("%3F", "?")).build();
    String contentHash = hashBody(request.getPayload());
    Multimap<String, String> headers = ArrayListMultimap.create();
    headers.put("X-Ops-Content-Hash", contentHash);
    String timestamp = timeStampProvider.get();
    String toSign =
        createStringToSign(
            request.getMethod(), hashPath(request.getEndpoint().getPath()), contentHash, timestamp);
    headers.put("X-Ops-Userid", creds.get().identity);
    headers.put("X-Ops-Sign", SIGNING_DESCRIPTION);
    request = calculateAndReplaceAuthorizationHeaders(request, toSign);
    headers.put("X-Ops-Timestamp", timestamp);
    utils.logRequest(signatureLog, request, "<<");

    return request.toBuilder().replaceHeaders(headers).build();
  }
  @VisibleForTesting
  HttpRequest calculateAndReplaceAuthorizationHeaders(HttpRequest request, String toSign)
      throws HttpException {
    String signature = sign(toSign);
    if (signatureWire.enabled()) signatureWire.input(Strings2.toInputStream(signature));
    String[] signatureLines =
        Iterables.toArray(Splitter.fixedLength(60).split(signature), String.class);

    Multimap<String, String> headers = ArrayListMultimap.create();
    for (int i = 0; i < signatureLines.length; i++) {
      headers.put("X-Ops-Authorization-" + (i + 1), signatureLines[i]);
    }
    return request.toBuilder().replaceHeaders(headers).build();
  }
 @Override
 public HttpRequest filter(HttpRequest request) throws HttpException {
   checkState(
       request instanceof GeneratedHttpRequest,
       "request must be an instance of GeneratedHttpRequest");
   GeneratedHttpRequest generatedHttpRequest = GeneratedHttpRequest.class.cast(request);
   TokenRequest tokenRequest = tokenRequestBuilder.apply(generatedHttpRequest);
   Token token = tokenFetcher.apply(tokenRequest);
   return request
       .toBuilder()
       .addHeader(
           "Authorization", String.format("%s %s", token.getTokenType(), token.getAccessToken()))
       .build();
 }
Ejemplo n.º 7
0
  @Override
  public HttpRequest filter(HttpRequest request) throws HttpException {
    checkArgument(
        request.getHeaders().containsKey(HOST), "request is not ready to sign; host not present");
    String host = request.getFirstHeaderOrNull(HOST);
    String form = request.getPayload().getRawContent().toString();
    checkArgument(
        form.indexOf(ACTION) != -1, "request is not ready to sign; Action not present %s", form);

    String timestamp = iso8601Timestamp.get();
    String datestamp = timestamp.substring(0, 8);

    String service = serviceAndRegion.service();
    String region = serviceAndRegion.region(host);
    String credentialScope = Joiner.on('/').join(datestamp, region, service, "aws4_request");

    // content-type is not a required signing param. However, examples use this, so we include it to
    // ease testing.
    ImmutableMap.Builder<String, String> signedHeadersBuilder =
        ImmutableMap.<String, String>builder() //
            .put("content-type", request.getPayload().getContentMetadata().getContentType()) //
            .put("host", host) //
            .put("x-amz-date", timestamp);

    HttpRequest.Builder<?> requestBuilder =
        request
            .toBuilder() //
            .removeHeader(AUTHORIZATION) //
            .replaceHeader("X-Amz-Date", timestamp);

    if (form.indexOf(VERSION) == -1) {
      requestBuilder.addFormParam("Version", apiVersion);
    }

    Credentials credentials = creds.get();

    if (credentials instanceof SessionCredentials) {
      String token = SessionCredentials.class.cast(credentials).getSessionToken();
      requestBuilder.replaceHeader("X-Amz-Security-Token", token);
      signedHeadersBuilder.put("x-amz-security-token", token);
    }

    ImmutableMap<String, String> signedHeaders = signedHeadersBuilder.build();

    String stringToSign =
        createStringToSign(requestBuilder.build(), signedHeaders, credentialScope);
    byte[] signatureKey = signatureKey(credentials.credential, datestamp, region, service);
    String signature = base16().lowerCase().encode(hmacSHA256(stringToSign, signatureKey));

    StringBuilder authorization = new StringBuilder("AWS4-HMAC-SHA256 ");
    authorization
        .append("Credential=")
        .append(credentials.identity)
        .append('/')
        .append(credentialScope)
        .append(", ");
    authorization
        .append("SignedHeaders=")
        .append(Joiner.on(';').join(signedHeaders.keySet()))
        .append(", ");
    authorization.append("Signature=").append(signature);

    return requestBuilder.addHeader(AUTHORIZATION, authorization.toString()).build();
  }