/**
  * Create a signature given the set of request credentials and a secret key.
  *
  * @param credentials the credentials specified on the request
  * @param secretKey the secret key that will be used to generate the signature
  * @return the signature
  */
 private String createSignature(Credentials credentials, String secretKey) {
   return new SignatureGenerator()
       .generate(
           secretKey,
           credentials.getMethod(),
           credentials.getTimestamp(),
           credentials.getPath(),
           credentials.getContent());
 }
  @Override
  public Principal authenticate(Credentials credentials) {
    // Make sure the timestamp has not expired - this is to protect against replay attacks
    if (!validateTimestamp(credentials.getTimestamp())) {
      LOG.info("Invalid timestamp");
      return null;
    }

    // Get the principal identified by the credentials
    Principal principal = getPrincipal(credentials);
    if (principal == null) {
      LOG.info("Could not get principal");
      return null;
    }

    // Get the secret key and use it to validate the request signature
    String secretKey = getSecretKeyFromPrincipal(principal);
    if (!validateSignature(credentials, secretKey)) {
      LOG.info("Invalid signature");
      return null;
    }

    return principal;
  }