io.lakefs.auth

Class GetCallerIdentityV4Presigner

java.lang.Object

io.lakefs.auth.GetCallerIdentityV4Presigner

All Implemented Interfaces:

STSGetCallerIdentityPresigner

public class GetCallerIdentityV4Presigner
extends Object
implements STSGetCallerIdentityPresigner

* GetCallerIdentityV4Presigner generates a presigned URL for the GetCallerIdentity API, signed using SigV4. * This class extends AWS4Signer of AWS SDK version 1.7.4 and copies some functions from https://github.com/aws/aws-sdk-java/blob/1.7.4/src/main/java/com/amazonaws/auth/AWS4Signer.java * The copied functions exist in AWS SDK 1.7.4 but not AWS SDK 1.11.375, so they are not available on Hadoop AWS 3.

Field Summary

Fields inherited from interface io.lakefs.auth.STSGetCallerIdentityPresigner

AMZ_ACTION_PARAM_NAME, AMZ_ALGORITHM_PARAM_NAME, AMZ_CREDENTIAL_PARAM_NAME, AMZ_DATE_PARAM_NAME, AMZ_EXPIRES_PARAM_NAME, AMZ_SECURITY_TOKEN_PARAM_NAME, AMZ_SIGNATURE_PARAM_NAME, AMZ_SIGNED_HEADERS_PARAM_NAME, AMZ_VERSION_PARAM_NAME

Constructor Summary

Constructors

Constructor and Description
GetCallerIdentityV4Presigner()

Method Summary

Modifier and Type	Method and Description
byte[]	computeSignature(com.amazonaws.auth.AWSCredentials sanitizedCredentials, String dateStamp, String region, String SERVICE_NAME, String TERMINATOR, String stringToSign)
protected String	getCanonicalizedHeaderString(Map<String,String> requestHeaders)
protected String	getCanonicalizedQueryString(Map<String,String> parameters) Examines the specified query string parameters and returns a canonicalized form.
protected String	getCanonicalRequest(String httpMethod, Map<String,String> parameters, Map<String,String> headers, String contentSha256)
static String	getDateStamp(long dateMilli)
protected String	getHostHeader(URI endpoint)
protected Date	getSignatureDate(int timeOffset)
protected String	getSignedHeadersString(Map<String,String> headers)
protected String	getStringToSign(String algorithm, String dateTime, String scope, String canonicalRequest)
static String	getTimeStamp(long dateMilli)
byte[]	hash(String text) Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.
static boolean	isUsingNonDefaultPort(URI uri) Returns true if the specified URI is using a non-standard port (i.e.
GeneratePresignGetCallerIdentityResponse	presignRequest(io.lakefs.auth.GeneratePresignGetCallerIdentityRequest input)
protected com.amazonaws.auth.AWSCredentials	sanitizeCredentials(com.amazonaws.auth.AWSCredentials credentials) Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.
protected byte[]	sign(byte[] data, byte[] key, com.amazonaws.auth.SigningAlgorithm algorithm)
byte[]	sign(String stringData, byte[] key, com.amazonaws.auth.SigningAlgorithm algorithm)
static String	urlEncode(String value, boolean path) Encode a string for use in the path of a URL; uses URLEncoder.encode, (which encodes a string for use in the query portion of a URL), then applies some postfilters to fix things up per the RFC.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GetCallerIdentityV4Presigner

public GetCallerIdentityV4Presigner()

Method Detail

sign

public byte[] sign(String stringData,
                   byte[] key,
                   com.amazonaws.auth.SigningAlgorithm algorithm)
            throws com.amazonaws.AmazonClientException

Throws:

com.amazonaws.AmazonClientException

sign

protected byte[] sign(byte[] data,
                      byte[] key,
                      com.amazonaws.auth.SigningAlgorithm algorithm)
               throws com.amazonaws.AmazonClientException

Throws:

com.amazonaws.AmazonClientException

hash

public byte[] hash(String text)
            throws com.amazonaws.AmazonClientException

Hashes the string contents (assumed to be UTF-8) using the SHA-256 algorithm.

Parameters:

text - The string to hash.

Returns:

The hashed bytes from the specified string.

Throws:

com.amazonaws.AmazonClientException - If the hash cannot be computed.

getCanonicalizedQueryString

protected String getCanonicalizedQueryString(Map<String,String> parameters)

Examines the specified query string parameters and returns a canonicalized form.

The canonicalized query string is formed by first sorting all the query string parameters, then URI encoding both the key and value and then joining them, in order, separating key value pairs with an '&'.

Parameters:

parameters - The query string parameters to be canonicalized.

Returns:

A canonicalized form for the specified query string parameters.

sanitizeCredentials

protected com.amazonaws.auth.AWSCredentials sanitizeCredentials(com.amazonaws.auth.AWSCredentials credentials)

Loads the individual access key ID and secret key from the specified credentials, ensuring that access to the credentials is synchronized on the credentials object itself, and trimming any extra whitespace from the credentials.

Returns either a BasicSessionCredentials or a BasicAWSCredentials object, depending on the input type.

Parameters:

credentials -

Returns:

A new credentials object with the sanitized credentials.

getSignatureDate

protected Date getSignatureDate(int timeOffset)

getDateStamp

public static String getDateStamp(long dateMilli)

getTimeStamp

public static String getTimeStamp(long dateMilli)

getCanonicalizedHeaderString

protected String getCanonicalizedHeaderString(Map<String,String> requestHeaders)

getSignedHeadersString

protected String getSignedHeadersString(Map<String,String> headers)

getCanonicalRequest

protected String getCanonicalRequest(String httpMethod,
                                     Map<String,String> parameters,
                                     Map<String,String> headers,
                                     String contentSha256)

getStringToSign

protected String getStringToSign(String algorithm,
                                 String dateTime,
                                 String scope,
                                 String canonicalRequest)

urlEncode

public static String urlEncode(String value,
                               boolean path)

Encode a string for use in the path of a URL; uses URLEncoder.encode, (which encodes a string for use in the query portion of a URL), then applies some postfilters to fix things up per the RFC. Can optionally handle strings which are meant to encode a path (ie include '/'es which should NOT be escaped).

Parameters:

value - the value to encode

path - true if the value is intended to represent a path

Returns:

the encoded value

isUsingNonDefaultPort

public static boolean isUsingNonDefaultPort(URI uri)

Returns true if the specified URI is using a non-standard port (i.e. any port other than 80 for HTTP URIs or any port other than 443 for HTTPS URIs).

Parameters:

uri -

Returns:

True if the specified URI is using a non-standard port, otherwise false.

getHostHeader

protected String getHostHeader(URI endpoint)

presignRequest

public GeneratePresignGetCallerIdentityResponse presignRequest(io.lakefs.auth.GeneratePresignGetCallerIdentityRequest input)

Specified by:

presignRequest in interface STSGetCallerIdentityPresigner

computeSignature

public byte[] computeSignature(com.amazonaws.auth.AWSCredentials sanitizedCredentials,
                               String dateStamp,
                               String region,
                               String SERVICE_NAME,
                               String TERMINATOR,
                               String stringToSign)