public HttpRequest sign(HttpRequest request) {
// Grab the needed data to build the signature
Multimap<String, String> canonicalizedHeadersMap = buildCanonicalizedHeadersMap(request);
String canonicalizedHeadersString = buildCanonicalizedHeadersString(canonicalizedHeadersMap);
String signedHeaders = buildSignedHeaders(canonicalizedHeadersMap);
String date = request.getFirstHeaderOrNull(GlacierHeaders.ALTERNATE_DATE);
String dateWithoutTimestamp = formatDateWithoutTimestamp(date);
String method = request.getMethod();
String endpoint = request.getEndpoint().getRawPath();
String credentialScope = buildCredentialScope(dateWithoutTimestamp);
HashCode hashedPayload = buildHashedPayload(request);
// Task 1: Create a Canonical Request For Signature Version 4.
HashCode hashedCanonicalRequest =
buildHashedCanonicalRequest(
method, endpoint, hashedPayload, canonicalizedHeadersString, signedHeaders);
// Task 2: Create a String to Sign for Signature Version 4.
String stringToSign = createStringToSign(date, credentialScope, hashedCanonicalRequest);
// Task 3: Calculate the AWS Signature Version 4.
String signature = buildSignature(dateWithoutTimestamp, stringToSign);
// Sign the request
String authHeader = buildAuthHeader(identity, credentialScope, signedHeaders, signature);
request = request.toBuilder().replaceHeader(HttpHeaders.AUTHORIZATION, authHeader).build();
return request;
}
public static <T> HttpRequest cleanRequest(HttpRequest returnVal) {
checkNotNull(returnVal, "http request");
for (HttpRequestFilter filter : returnVal.getFilters()) returnVal = filter.filter(returnVal);
return HttpRequest.builder()
.method(returnVal.getMethod())
.endpoint(returnVal.getEndpoint())
.headers(returnVal.getHeaders())
.payload(returnVal.getPayload())
.build();
}
public Request apply(HttpRequest request) {
for (HttpRequestFilter filter : request.getFilters()) {
filter.filter(request);
}
RequestBuilder builder = new RequestBuilder(request.getMethod());
builder.setUrl(request.getEndpoint().toASCIIString());
Payload payload = request.getPayload();
if (payload != null) {
boolean chunked = "chunked".equals(request.getFirstHeaderOrNull("Transfer-Encoding"));
if (request.getPayload().getContentMetadata().getContentMD5() != null)
builder.addHeader(
"Content-MD5",
CryptoStreams.base64(request.getPayload().getContentMetadata().getContentMD5()));
if (request.getPayload().getContentMetadata().getContentType() != null)
builder.addHeader(
HttpHeaders.CONTENT_TYPE, request.getPayload().getContentMetadata().getContentType());
if (request.getPayload().getContentMetadata().getContentLanguage() != null)
builder.addHeader(
HttpHeaders.CONTENT_LANGUAGE,
request.getPayload().getContentMetadata().getContentLanguage());
if (request.getPayload().getContentMetadata().getContentEncoding() != null)
builder.addHeader(
HttpHeaders.CONTENT_ENCODING,
request.getPayload().getContentMetadata().getContentEncoding());
if (request.getPayload().getContentMetadata().getContentDisposition() != null)
builder.addHeader(
"Content-Disposition",
request.getPayload().getContentMetadata().getContentDisposition());
if (!chunked) {
Long length =
checkNotNull(
request.getPayload().getContentMetadata().getContentLength(),
"payload.getContentLength");
builder.addHeader(HttpHeaders.CONTENT_LENGTH, length.toString());
}
setPayload(builder, payload);
} else {
builder.addHeader(HttpHeaders.CONTENT_LENGTH, "0");
}
builder.addHeader(HttpHeaders.USER_AGENT, USER_AGENT);
for (String header : request.getHeaders().keySet()) {
for (String value : request.getHeaders().get(header)) {
builder.addHeader(header, value);
}
}
return builder.build();
}
public HttpRequest filter(HttpRequest input) throws HttpException {
HttpRequest request =
input.toBuilder().endpoint(input.getEndpoint().toString().replace("%3F", "?")).build();
String contentHash = hashBody(request.getPayload());
Multimap<String, String> headers = ArrayListMultimap.create();
headers.put("X-Ops-Content-Hash", contentHash);
String timestamp = timeStampProvider.get();
String toSign =
createStringToSign(
request.getMethod(), hashPath(request.getEndpoint().getPath()), contentHash, timestamp);
headers.put("X-Ops-Userid", creds.get().identity);
headers.put("X-Ops-Sign", SIGNING_DESCRIPTION);
request = calculateAndReplaceAuthorizationHeaders(request, toSign);
headers.put("X-Ops-Timestamp", timestamp);
utils.logRequest(signatureLog, request, "<<");
return request.toBuilder().replaceHeaders(headers).build();
}
public Request apply(HttpRequest request) {
for (HttpRequestFilter filter : request.getFilters()) {
filter.filter(request);
}
AsyncHttpClient client = new AsyncHttpClient();
AsyncHttpClient.BoundRequestBuilder nativeRequestBuilder;
String endpoint = request.getEndpoint().toASCIIString();
if (request.getMethod().equals(HttpMethod.HEAD)) {
nativeRequestBuilder = client.prepareHead(endpoint);
} else if (request.getMethod().equals(HttpMethod.GET)) {
nativeRequestBuilder = client.prepareGet(endpoint);
} else if (request.getMethod().equals(HttpMethod.DELETE)) {
nativeRequestBuilder = client.prepareDelete(endpoint);
} else if (request.getMethod().equals(HttpMethod.PUT)) {
nativeRequestBuilder = client.preparePut(endpoint);
} else if (request.getMethod().equals(HttpMethod.POST)) {
nativeRequestBuilder = client.preparePost(endpoint);
} else {
throw new UnsupportedOperationException(request.getMethod());
}
Payload payload = request.getPayload();
if (payload != null) {
boolean chunked = "chunked".equals(request.getFirstHeaderOrNull("Transfer-Encoding"));
if (request.getPayload().getContentMD5() != null)
nativeRequestBuilder.addHeader(
"Content-MD5", CryptoStreams.base64(request.getPayload().getContentMD5()));
if (request.getPayload().getContentType() != null)
nativeRequestBuilder.addHeader(
HttpHeaders.CONTENT_TYPE, request.getPayload().getContentType());
if (!chunked) {
Long length =
checkNotNull(request.getPayload().getContentLength(), "payload.getContentLength");
nativeRequestBuilder.addHeader(HttpHeaders.CONTENT_LENGTH, length.toString());
}
setPayload(nativeRequestBuilder, payload);
} else {
nativeRequestBuilder.addHeader(HttpHeaders.CONTENT_LENGTH, "0");
}
nativeRequestBuilder.addHeader(HttpHeaders.USER_AGENT, USER_AGENT);
for (String header : request.getHeaders().keySet()) {
for (String value : request.getHeaders().get(header)) {
nativeRequestBuilder.addHeader(header, value);
}
}
return nativeRequestBuilder.build();
}
static String createStringToSign(
HttpRequest request, Map<String, String> signedHeaders, String credentialScope) {
StringBuilder canonicalRequest = new StringBuilder();
// HTTPRequestMethod + '\n' +
canonicalRequest.append(request.getMethod()).append("\n");
// CanonicalURI + '\n' +
canonicalRequest.append(request.getEndpoint().getPath()).append("\n");
// CanonicalQueryString + '\n' +
checkArgument(
request.getEndpoint().getQuery() == null, "Query parameters not yet supported %s", request);
canonicalRequest.append("\n");
// CanonicalHeaders + '\n' +
for (Map.Entry<String, String> entry : signedHeaders.entrySet()) {
canonicalRequest.append(entry.getKey()).append(':').append(entry.getValue()).append('\n');
}
canonicalRequest.append("\n");
// SignedHeaders + '\n' +
canonicalRequest.append(Joiner.on(';').join(signedHeaders.keySet())).append('\n');
// HexEncode(Hash(Payload))
String payload = request.getPayload().getRawContent().toString();
canonicalRequest.append(
base16().lowerCase().encode(sha256().hashString(payload, UTF_8).asBytes()));
StringBuilder toSign = new StringBuilder();
// Algorithm + '\n' +
toSign.append("AWS4-HMAC-SHA256").append('\n');
// RequestDate + '\n' +
toSign.append(signedHeaders.get("x-amz-date")).append('\n');
// CredentialScope + '\n' +
toSign.append(credentialScope).append('\n');
// HexEncode(Hash(CanonicalRequest))
toSign.append(
base16()
.lowerCase()
.encode(sha256().hashString(canonicalRequest.toString(), UTF_8).asBytes()));
return toSign.toString();
}
@Override
protected Request convert(HttpRequest request) throws IOException, InterruptedException {
Request.Builder builder = new Request.Builder();
builder.url(request.getEndpoint().toString());
populateHeaders(request, builder);
RequestBody body = null;
Payload payload = request.getPayload();
if (payload != null) {
Long length =
checkNotNull(payload.getContentMetadata().getContentLength(), "payload.getContentLength");
if (length > 0) {
body = generateRequestBody(request, payload);
}
}
builder.method(request.getMethod(), body);
return builder.build();
}
private void appendMethod(HttpRequest request, StringBuilder toSign) {
toSign.append(request.getMethod()).append("\n");
}
public T fromHttpRequest(HttpRequest in) {
return super.fromHttpMessage(in)
.method(in.getMethod())
.endpoint(in.getEndpoint())
.filters(in.getFilters());
}
@Override
protected HttpURLConnection convert(HttpRequest request)
throws IOException, InterruptedException {
boolean chunked = "chunked".equals(request.getFirstHeaderOrNull("Transfer-Encoding"));
URL url = request.getEndpoint().toURL();
HttpURLConnection connection =
(HttpURLConnection) url.openConnection(proxyForURI.apply(request.getEndpoint()));
if (connection instanceof HttpsURLConnection) {
HttpsURLConnection sslCon = (HttpsURLConnection) connection;
if (utils.relaxHostname()) sslCon.setHostnameVerifier(verifier);
if (sslContextSupplier != null) {
// used for providers which e.g. use certs for authentication (like FGCP)
// Provider provides SSLContext impl (which inits context with key manager)
sslCon.setSSLSocketFactory(sslContextSupplier.get().getSocketFactory());
} else if (utils.trustAllCerts()) {
sslCon.setSSLSocketFactory(untrustedSSLContextProvider.get().getSocketFactory());
}
}
connection.setConnectTimeout(utils.getConnectionTimeout());
connection.setReadTimeout(utils.getSocketOpenTimeout());
connection.setAllowUserInteraction(false);
// do not follow redirects since https redirects don't work properly
// ex. Caused by: java.io.IOException: HTTPS hostname wrong: should be
// <adriancole.s3int0.s3-external-3.amazonaws.com>
connection.setInstanceFollowRedirects(false);
try {
connection.setRequestMethod(request.getMethod());
} catch (ProtocolException e) {
try {
methodField.set(connection, request.getMethod());
} catch (IllegalAccessException e1) {
logger.error(e, "could not set request method: ", request.getMethod());
propagate(e1);
}
}
for (Map.Entry<String, String> entry : request.getHeaders().entries()) {
connection.setRequestProperty(entry.getKey(), entry.getValue());
}
String host = request.getEndpoint().getHost();
if (request.getEndpoint().getPort() != -1) {
host += ":" + request.getEndpoint().getPort();
}
connection.setRequestProperty(HOST, host);
if (connection.getRequestProperty(USER_AGENT) == null) {
connection.setRequestProperty(USER_AGENT, DEFAULT_USER_AGENT);
}
Payload payload = request.getPayload();
if (payload != null) {
MutableContentMetadata md = payload.getContentMetadata();
for (Map.Entry<String, String> entry : contentMetadataCodec.toHeaders(md).entries()) {
connection.setRequestProperty(entry.getKey(), entry.getValue());
}
if (chunked) {
connection.setChunkedStreamingMode(8196);
writePayloadToConnection(payload, "streaming", connection);
} else {
Long length = checkNotNull(md.getContentLength(), "payload.getContentLength");
// http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6755625
checkArgument(
length < Integer.MAX_VALUE,
"JDK 1.6 does not support >2GB chunks. Use chunked encoding, if possible.");
if (length > 0) {
connection.setRequestProperty(CONTENT_LENGTH, length.toString());
connection.setFixedLengthStreamingMode(length.intValue());
writePayloadToConnection(payload, length, connection);
} else {
writeNothing(connection);
}
}
} else {
writeNothing(connection);
}
return connection;
}