/** Returns the AWS credentials for the specified profile. */ public AWSCredentials getCredentials(String profileName) { final AWSCredentialsProvider provider = credentialProviderCache.get(profileName); if (provider != null) { return provider.getCredentials(); } else { BasicProfile profile = allProfiles.getProfile(profileName); if (profile == null) { throw new IllegalArgumentException("No AWS profile named '" + profileName + "'"); } final AWSCredentialsProvider newProvider = fromProfile(profile); credentialProviderCache.put(profileName, newProvider); return newProvider.getCredentials(); } }
private <X, Y extends AmazonWebServiceRequest> Response<X> invoke( Request<Y> request, HttpResponseHandler<AmazonWebServiceResponse<X>> responseHandler, ExecutionContext executionContext) { request.setEndpoint(endpoint); request.setTimeOffset(timeOffset); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); AWSCredentials credentials; awsRequestMetrics.startEvent(Field.CredentialsRequestTime); try { credentials = awsCredentialsProvider.getCredentials(); } finally { awsRequestMetrics.endEvent(Field.CredentialsRequestTime); } AmazonWebServiceRequest originalRequest = request.getOriginalRequest(); if (originalRequest != null && originalRequest.getRequestCredentials() != null) { credentials = originalRequest.getRequestCredentials(); } executionContext.setCredentials(credentials); DefaultErrorResponseHandler errorResponseHandler = new DefaultErrorResponseHandler(exceptionUnmarshallers); return client.execute(request, responseHandler, errorResponseHandler, executionContext); }
@Override public void signRequest(HttpUriRequest request) { AWSCredentials credentials = awsCredentialsProvider.getCredentials(); if (credentials instanceof AWSSessionCredentials) { request.addHeader( SESSION_TOKEN_HEADER, ((AWSSessionCredentials) credentials).getSessionToken()); } String canonicalRequest = createCanonicalRequest(request); log.debug("canonicalRequest: " + canonicalRequest); String[] requestParts = canonicalRequest.split("\n"); String signedHeaders = requestParts[requestParts.length - 2]; String stringToSign = createStringToSign(canonicalRequest); log.debug("stringToSign: " + stringToSign); String authScope = stringToSign.split("\n")[2]; String signature = createSignature(stringToSign); String authHeader = String.format( AUTH_HEADER_FORMAT, credentials.getAWSAccessKeyId(), authScope, signedHeaders, signature); request.addHeader(AUTH_HEADER_NAME, authHeader); }
byte[] getSignatureKey() { byte[] secret = getBytes("AWS4" + awsCredentialsProvider.getCredentials().getAWSSecretKey()); byte[] date = hmacSHA256(datestamp(), secret); byte[] retion = hmacSHA256(regionName, date); byte[] service = hmacSHA256(serviceName, retion); return hmacSHA256("aws4_request", service); }
/** * The only information needed to create a client are security credentials - your AWS Access Key * ID and Secret Access Key. All other configuration, such as the service endpoints have defaults * provided. * * <p>Additional client parameters, such as proxy configuration, can be specified in an optional * ClientConfiguration object when constructing a client. * * @see com.amazonaws.auth.BasicAWSCredentials * @see com.amazonaws.auth.PropertiesCredentials * @see com.amazonaws.ClientConfiguration */ private static void init() throws Exception { /* * ProfileCredentialsProvider loads AWS security credentials from a * .aws/config file in your home directory. * * These same credentials are used when working with the AWS CLI. * * You can find more information on the AWS profiles config file here: * http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html */ AWSCredentialsProvider credentialsProvider = new ProfileCredentialsProvider(); if (credentialsProvider.getCredentials() == null) { File configFile = new File(System.getProperty("user.home"), ".aws/config"); throw new RuntimeException( "No AWS security credentials found:\n" + "Make sure you've configured your credentials in: " + configFile.getAbsolutePath() + "\n" + "For more information on configuring your credentials, see " + "http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html"); } ec2 = new AmazonEC2Client(credentialsProvider); s3 = new AmazonS3Client(credentialsProvider); }
private <X, Y extends AmazonWebServiceRequest> X invoke( Request<Y> request, Unmarshaller<X, StaxUnmarshallerContext> unmarshaller) { request.setEndpoint(endpoint); request.setTimeOffset(timeOffset); for (Entry<String, String> entry : request.getOriginalRequest().copyPrivateRequestParameters().entrySet()) { request.addParameter(entry.getKey(), entry.getValue()); } AWSCredentials credentials = awsCredentialsProvider.getCredentials(); AmazonWebServiceRequest originalRequest = request.getOriginalRequest(); if (originalRequest != null && originalRequest.getRequestCredentials() != null) { credentials = originalRequest.getRequestCredentials(); } ExecutionContext executionContext = createExecutionContext(); executionContext.setSigner(signer); executionContext.setCredentials(credentials); StaxResponseHandler<X> responseHandler = new StaxResponseHandler<X>(unmarshaller); DefaultErrorResponseHandler errorResponseHandler = new DefaultErrorResponseHandler(exceptionUnmarshallers); return (X) client.execute(request, responseHandler, errorResponseHandler, executionContext); }
/** * Computes the presigned URL for the given S3 resource. * * @param path String like "/bucketName/folder/folder/abc.txt" that represents the resource to * request. */ public URL buildPresignedURL(String path) throws AmazonClientException { AWSCredentials credentials = awsCredentialsProvider.getCredentials(); long expires = System.currentTimeMillis() + 60 * 60 * 1000; GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(path, credentials.getAWSSecretKey()); request.setExpiration(new Date(expires)); AmazonS3 s3 = new AmazonS3Client(credentials); return s3.generatePresignedUrl(request); }
private static void configure(String propertiesFile) throws IOException { if (propertiesFile != null) { loadProperties(propertiesFile); } // ensure the JVM will refresh the cached IP values of AWS resources (e.g. service endpoints). java.security.Security.setProperty("networkaddress.cache.ttl", "60"); String workerId = InetAddress.getLocalHost().getCanonicalHostName() + ":" + UUID.randomUUID(); LOG.info("Using workerId: " + workerId); // Get credentials from IMDS. If unsuccessful, get them from the credential profiles file. AWSCredentialsProvider credentialsProvider = null; try { credentialsProvider = new InstanceProfileCredentialsProvider(); // Verify we can fetch credentials from the provider credentialsProvider.getCredentials(); LOG.info("Obtained credentials from the IMDS."); } catch (AmazonClientException e) { LOG.info("Unable to obtain credentials from the IMDS, trying classpath properties", e); credentialsProvider = new ProfileCredentialsProvider(); // Verify we can fetch credentials from the provider credentialsProvider.getCredentials(); LOG.info("Obtained credentials from the properties file."); } LOG.info( "Using credentials with access key id: " + credentialsProvider.getCredentials().getAWSAccessKeyId()); kinesisClientLibConfiguration = new KinesisClientLibConfiguration( applicationName, streamName, credentialsProvider, workerId) .withInitialPositionInStream(initialPositionInStream) .withRegionName(kinesisEndpoint); }
private <X, Y extends AmazonWebServiceRequest> Response<X> invoke( Request<Y> request, Unmarshaller<X, StaxUnmarshallerContext> unmarshaller, ExecutionContext executionContext) { request.setEndpoint(endpoint); request.setTimeOffset(timeOffset); AmazonWebServiceRequest originalRequest = request.getOriginalRequest(); AWSCredentials credentials = awsCredentialsProvider.getCredentials(); if (originalRequest.getRequestCredentials() != null) { credentials = originalRequest.getRequestCredentials(); } executionContext.setCredentials(credentials); StaxResponseHandler<X> responseHandler = new StaxResponseHandler<X>(unmarshaller); DefaultErrorResponseHandler errorResponseHandler = new DefaultErrorResponseHandler(exceptionUnmarshallers); return client.execute(request, responseHandler, errorResponseHandler, executionContext); }
@Override public AWSCredentials getCredentials() { return credentialsProvider.getCredentials(); }