private HttpRequest signForTemporaryAccess(HttpRequest request, long timeInSeconds) {
// Update the 'DATE' header
String dateString = request.getFirstHeaderOrNull(HttpHeaders.DATE);
if (dateString == null) {
dateString = timeStampProvider.get();
}
Date date = dateService.rfc1123DateParse(dateString);
String expiration =
String.valueOf(TimeUnit.MILLISECONDS.toSeconds(date.getTime()) + timeInSeconds);
HttpRequest.Builder<?> builder =
request.toBuilder().replaceHeader(HttpHeaders.DATE, expiration);
String stringToSign = authSigner.createStringToSign(builder.build());
// We MUST encode the signature because addQueryParam internally _always_ decodes values
// and if we don't encode the signature here, the decoding may change the signature. For e.g.
// any '+' characters in the signature will be converted to space ' ' on decoding.
String signature = authSigner.sign(stringToSign);
try {
signature = URLEncoder.encode(signature, Charsets.UTF_8.name());
} catch (UnsupportedEncodingException e) {
throw new IllegalStateException("Bad encoding on input: " + signature, e);
}
HttpRequest ret =
builder
.addQueryParam(HttpHeaders.EXPIRES, expiration)
.addQueryParam("AWSAccessKeyId", identity)
// Signature MUST be the last parameter because if it isn't, even encoded '+' values in
// the
// signature will be converted to a space by a subsequent addQueryParameter.
// See HttpRequestTest.testAddBase64AndUrlEncodedQueryParams for more details.
.addQueryParam(TEMPORARY_SIGNATURE_PARAM, signature)
.build();
return ret;
}
