kopia lustrzana https://github.com/gaul/s3proxy
add getters for S3AuthorizationHeader fields and make fields private
rodzic
85b2fa0321
commit
99ff5f950b
|
@ -323,17 +323,18 @@ final class AwsSignature {
|
|||
throws InvalidKeyException, IOException, NoSuchAlgorithmException,
|
||||
S3Exception {
|
||||
String canonicalRequest = createCanonicalRequest(request, uri, payload,
|
||||
authHeader.hashAlgorithm);
|
||||
String algorithm = authHeader.hmacAlgorithm;
|
||||
authHeader.getHashAlgorithm());
|
||||
String algorithm = authHeader.getHmacAlgorithm();
|
||||
byte[] dateKey = signMessage(
|
||||
authHeader.date.getBytes(StandardCharsets.UTF_8),
|
||||
authHeader.getDate().getBytes(StandardCharsets.UTF_8),
|
||||
("AWS4" + credential).getBytes(StandardCharsets.UTF_8),
|
||||
algorithm);
|
||||
byte[] dateRegionKey = signMessage(
|
||||
authHeader.region.getBytes(StandardCharsets.UTF_8), dateKey,
|
||||
authHeader.getRegion().getBytes(StandardCharsets.UTF_8),
|
||||
dateKey,
|
||||
algorithm);
|
||||
byte[] dateRegionServiceKey = signMessage(
|
||||
authHeader.service.getBytes(StandardCharsets.UTF_8),
|
||||
authHeader.getService().getBytes(StandardCharsets.UTF_8),
|
||||
dateRegionKey, algorithm);
|
||||
byte[] signingKey = signMessage(
|
||||
"aws4_request".getBytes(StandardCharsets.UTF_8),
|
||||
|
@ -344,7 +345,7 @@ final class AwsSignature {
|
|||
}
|
||||
String signatureString = "AWS4-HMAC-SHA256\n" +
|
||||
date + "\n" +
|
||||
authHeader.date + "/" + authHeader.region +
|
||||
authHeader.getDate() + "/" + authHeader.getRegion() +
|
||||
"/s3/aws4_request\n" +
|
||||
canonicalRequest;
|
||||
byte[] signature = signMessage(
|
||||
|
|
|
@ -33,17 +33,14 @@ final class S3AuthorizationHeader {
|
|||
private static final String SIGNATURE_FIELD = "Signature=";
|
||||
private static final String CREDENTIAL_FIELD = "Credential=";
|
||||
|
||||
// TODO: these fields should have accessors
|
||||
// CHECKSTYLE:OFF
|
||||
final AuthenticationType authenticationType;
|
||||
@Nullable final String hmacAlgorithm;
|
||||
@Nullable final String hashAlgorithm;
|
||||
@Nullable final String region;
|
||||
@Nullable final String date;
|
||||
@Nullable final String service;
|
||||
final String identity;
|
||||
final String signature;
|
||||
// CHECKSTYLE:ON
|
||||
private final AuthenticationType authenticationType;
|
||||
@Nullable private final String hmacAlgorithm;
|
||||
@Nullable private final String hashAlgorithm;
|
||||
@Nullable private final String region;
|
||||
@Nullable private final String date;
|
||||
@Nullable private final String service;
|
||||
private final String identity;
|
||||
private final String signature;
|
||||
|
||||
S3AuthorizationHeader(String header) {
|
||||
if (header.startsWith("AWS ")) {
|
||||
|
@ -122,4 +119,36 @@ final class S3AuthorizationHeader {
|
|||
return header.substring(signatureIndex, signatureEnd);
|
||||
}
|
||||
}
|
||||
|
||||
public AuthenticationType getAuthenticationType() {
|
||||
return authenticationType;
|
||||
}
|
||||
|
||||
public String getHmacAlgorithm() {
|
||||
return hmacAlgorithm;
|
||||
}
|
||||
|
||||
public String getHashAlgorithm() {
|
||||
return hashAlgorithm;
|
||||
}
|
||||
|
||||
public String getRegion() {
|
||||
return region;
|
||||
}
|
||||
|
||||
public String getDate() {
|
||||
return date;
|
||||
}
|
||||
|
||||
public String getService() {
|
||||
return service;
|
||||
}
|
||||
|
||||
public String getIdentity() {
|
||||
return identity;
|
||||
}
|
||||
|
||||
public String getSignature() {
|
||||
return signature;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -407,7 +407,7 @@ public class S3ProxyHandler {
|
|||
} catch (IllegalArgumentException iae) {
|
||||
throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, iae);
|
||||
}
|
||||
requestIdentity = authHeader.identity;
|
||||
requestIdentity = authHeader.getIdentity();
|
||||
}
|
||||
|
||||
long dateSkew = 0; //date for timeskew check
|
||||
|
@ -420,12 +420,14 @@ public class S3ProxyHandler {
|
|||
boolean haveDate = true;
|
||||
|
||||
AuthenticationType finalAuthType = null;
|
||||
if (authHeader.authenticationType == AuthenticationType.AWS_V2 &&
|
||||
if (authHeader.getAuthenticationType() ==
|
||||
AuthenticationType.AWS_V2 &&
|
||||
(authenticationType == AuthenticationType.AWS_V2 ||
|
||||
authenticationType == AuthenticationType.AWS_V2_OR_V4)) {
|
||||
finalAuthType = AuthenticationType.AWS_V2;
|
||||
} else if (
|
||||
authHeader.authenticationType == AuthenticationType.AWS_V4 &&
|
||||
authHeader.getAuthenticationType() ==
|
||||
AuthenticationType.AWS_V4 &&
|
||||
(authenticationType == AuthenticationType.AWS_V4 ||
|
||||
authenticationType == AuthenticationType.AWS_V2_OR_V4)) {
|
||||
finalAuthType = AuthenticationType.AWS_V4;
|
||||
|
@ -517,7 +519,7 @@ public class S3ProxyHandler {
|
|||
}
|
||||
}
|
||||
// The aim ?
|
||||
switch (authHeader.authenticationType) {
|
||||
switch (authHeader.getAuthenticationType()) {
|
||||
case AWS_V2:
|
||||
switch (authenticationType) {
|
||||
case AWS_V2:
|
||||
|
@ -542,12 +544,12 @@ public class S3ProxyHandler {
|
|||
break;
|
||||
default:
|
||||
throw new IllegalArgumentException("Unhandled type: " +
|
||||
authHeader.authenticationType);
|
||||
authHeader.getAuthenticationType());
|
||||
}
|
||||
|
||||
String expectedSignature = null;
|
||||
|
||||
if (authHeader.hmacAlgorithm == null) { //v2
|
||||
if (authHeader.getHmacAlgorithm() == null) { //v2
|
||||
// When presigned url is generated, it doesn't consider
|
||||
// service path
|
||||
String uriForSigning = presignedUrl ? uri : this.servicePath +
|
||||
|
@ -581,7 +583,7 @@ public class S3ProxyHandler {
|
|||
// maybe we should check this when signing,
|
||||
// a lot of dup code with aws sign code.
|
||||
MessageDigest md = MessageDigest.getInstance(
|
||||
authHeader.hashAlgorithm);
|
||||
authHeader.getHashAlgorithm());
|
||||
byte[] hash = md.digest(payload);
|
||||
if (!contentSha256.equals(
|
||||
BaseEncoding.base16().lowerCase()
|
||||
|
@ -604,7 +606,8 @@ public class S3ProxyHandler {
|
|||
}
|
||||
}
|
||||
|
||||
if (!constantTimeEquals(expectedSignature, authHeader.signature)) {
|
||||
if (!constantTimeEquals(expectedSignature,
|
||||
authHeader.getSignature())) {
|
||||
throw new S3Exception(S3ErrorCode.SIGNATURE_DOES_NOT_MATCH);
|
||||
}
|
||||
}
|
||||
|
@ -2053,7 +2056,7 @@ public class S3ProxyHandler {
|
|||
throw new S3Exception(S3ErrorCode.INVALID_ARGUMENT, iae);
|
||||
}
|
||||
|
||||
switch (authHeader.authenticationType) {
|
||||
switch (authHeader.getAuthenticationType()) {
|
||||
case AWS_V2:
|
||||
switch (authenticationType) {
|
||||
case AWS_V2:
|
||||
|
@ -2078,11 +2081,11 @@ public class S3ProxyHandler {
|
|||
break;
|
||||
default:
|
||||
throw new IllegalArgumentException("Unhandled type: " +
|
||||
authHeader.authenticationType);
|
||||
authHeader.getAuthenticationType());
|
||||
}
|
||||
|
||||
Map.Entry<String, BlobStore> provider =
|
||||
blobStoreLocator.locateBlobStore(authHeader.identity, null,
|
||||
blobStoreLocator.locateBlobStore(authHeader.getIdentity(), null,
|
||||
null);
|
||||
if (provider == null) {
|
||||
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
|
||||
|
@ -2094,11 +2097,14 @@ public class S3ProxyHandler {
|
|||
byte[] kSecret = ("AWS4" + credential).getBytes(
|
||||
StandardCharsets.UTF_8);
|
||||
byte[] kDate = hmac("HmacSHA256",
|
||||
authHeader.date.getBytes(StandardCharsets.UTF_8), kSecret);
|
||||
authHeader.getDate().getBytes(StandardCharsets.UTF_8),
|
||||
kSecret);
|
||||
byte[] kRegion = hmac("HmacSHA256",
|
||||
authHeader.region.getBytes(StandardCharsets.UTF_8), kDate);
|
||||
byte[] kService = hmac("HmacSHA256", authHeader.service.getBytes(
|
||||
StandardCharsets.UTF_8), kRegion);
|
||||
authHeader.getRegion().getBytes(StandardCharsets.UTF_8),
|
||||
kDate);
|
||||
byte[] kService = hmac("HmacSHA256",
|
||||
authHeader.getService().getBytes(StandardCharsets.UTF_8),
|
||||
kRegion);
|
||||
byte[] kSigning = hmac("HmacSHA256",
|
||||
"aws4_request".getBytes(StandardCharsets.UTF_8), kService);
|
||||
String expectedSignature = BaseEncoding.base16().lowerCase().encode(
|
||||
|
|
Ładowanie…
Reference in New Issue