Repository: jclouds Updated Branches: refs/heads/master 7a110b31b -> db00f679e
JCLOUDS-255: Consistently use query string auth Fixes regressions introduced in 7a110b31ba7a7bd68c9c180a922391a46ff5510e. Project: http://git-wip-us.apache.org/repos/asf/jclouds/repo Commit: http://git-wip-us.apache.org/repos/asf/jclouds/commit/db00f679 Tree: http://git-wip-us.apache.org/repos/asf/jclouds/tree/db00f679 Diff: http://git-wip-us.apache.org/repos/asf/jclouds/diff/db00f679 Branch: refs/heads/master Commit: db00f679ef32831bc65bcea02ecb05bc5330a5b9 Parents: 7a110b3 Author: Andrew Gaul <[email protected]> Authored: Tue Apr 18 20:40:45 2017 -0700 Committer: Andrew Gaul <[email protected]> Committed: Wed Apr 19 00:54:33 2017 -0700 ---------------------------------------------------------------------- .../s3/blobstore/S3BlobRequestSigner.java | 12 ++--- .../s3/filters/RequestAuthorizeSignatureV2.java | 2 +- .../s3/blobstore/S3BlobSignerExpectTest.java | 41 ++++++-------- .../s3/blobstore/AWSS3BlobSignerExpectTest.java | 56 +++++++++++++++----- 4 files changed, 67 insertions(+), 44 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/jclouds/blob/db00f679/apis/s3/src/main/java/org/jclouds/s3/blobstore/S3BlobRequestSigner.java ---------------------------------------------------------------------- diff --git a/apis/s3/src/main/java/org/jclouds/s3/blobstore/S3BlobRequestSigner.java b/apis/s3/src/main/java/org/jclouds/s3/blobstore/S3BlobRequestSigner.java index 261d734..e110012 100644 --- a/apis/s3/src/main/java/org/jclouds/s3/blobstore/S3BlobRequestSigner.java +++ b/apis/s3/src/main/java/org/jclouds/s3/blobstore/S3BlobRequestSigner.java @@ -41,6 +41,9 @@ import com.google.common.reflect.Invokable; @Singleton public class S3BlobRequestSigner<T extends S3Client> implements BlobRequestSigner { + /** Matches Amazon default when Expiry parameter not present. */ + private static final int DEFAULT_EXPIRY_SECONDS = 15 * 60; + private final RequestAuthorizeSignature authSigner; protected final RestAnnotationProcessor processor; @@ -67,9 +70,7 @@ public class S3BlobRequestSigner<T extends S3Client> implements BlobRequestSigne @Override public HttpRequest signGetBlob(String container, String name) { - checkNotNull(container, "container"); - checkNotNull(name, "name"); - return cleanRequest(processor.apply(Invocation.create(getMethod, ImmutableList.<Object> of(container, name)))); + return signGetBlob(container, name, DEFAULT_EXPIRY_SECONDS); } @Override @@ -82,10 +83,7 @@ public class S3BlobRequestSigner<T extends S3Client> implements BlobRequestSigne @Override public HttpRequest signPutBlob(String container, Blob blob) { - checkNotNull(container, "container"); - checkNotNull(blob, "blob"); - return cleanRequest(processor.apply(Invocation.create(createMethod, - ImmutableList.<Object> of(container, blobToObject.apply(blob))))); + return signPutBlob(container, blob, DEFAULT_EXPIRY_SECONDS); } @Override http://git-wip-us.apache.org/repos/asf/jclouds/blob/db00f679/apis/s3/src/main/java/org/jclouds/s3/filters/RequestAuthorizeSignatureV2.java ---------------------------------------------------------------------- diff --git a/apis/s3/src/main/java/org/jclouds/s3/filters/RequestAuthorizeSignatureV2.java b/apis/s3/src/main/java/org/jclouds/s3/filters/RequestAuthorizeSignatureV2.java index c1b4719..caee79b 100644 --- a/apis/s3/src/main/java/org/jclouds/s3/filters/RequestAuthorizeSignatureV2.java +++ b/apis/s3/src/main/java/org/jclouds/s3/filters/RequestAuthorizeSignatureV2.java @@ -291,8 +291,8 @@ public class RequestAuthorizeSignatureV2 implements RequestAuthorizeSignature, R // signature will be converted to a space by a subsequent addQueryParameter. // See HttpRequestTest.testAddBase64AndUrlEncodedQueryParams for more details. .addQueryParam(S3Constants.TEMPORARY_SIGNATURE_PARAM, signature) - // remove signer created by RestAnnotationProcessor .removeHeader(HttpHeaders.DATE) + // remove signer created by RestAnnotationProcessor .filters(ImmutableList.<HttpRequestFilter>of()) .build(); return ret; http://git-wip-us.apache.org/repos/asf/jclouds/blob/db00f679/apis/s3/src/test/java/org/jclouds/s3/blobstore/S3BlobSignerExpectTest.java ---------------------------------------------------------------------- diff --git a/apis/s3/src/test/java/org/jclouds/s3/blobstore/S3BlobSignerExpectTest.java b/apis/s3/src/test/java/org/jclouds/s3/blobstore/S3BlobSignerExpectTest.java index ac7768b..de59322 100644 --- a/apis/s3/src/test/java/org/jclouds/s3/blobstore/S3BlobSignerExpectTest.java +++ b/apis/s3/src/test/java/org/jclouds/s3/blobstore/S3BlobSignerExpectTest.java @@ -22,7 +22,6 @@ import org.jclouds.http.HttpRequest; import org.jclouds.rest.ConfiguresHttpApi; import org.jclouds.s3.S3Client; import org.jclouds.s3.config.S3HttpApiModule; -import org.testng.SkipException; import org.testng.annotations.Test; import com.google.common.base.Supplier; @@ -42,23 +41,20 @@ public class S3BlobSignerExpectTest extends BaseBlobSignerExpectTest { protected HttpRequest getBlob() { return HttpRequest.builder().method("GET") .endpoint("http://localhost/container/name";) - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:0uvBv1wEskuhFHYJF/L6kEV9A7o=").build(); + .addQueryParam("Expires", "1212684799") + .addQueryParam("AWSAccessKeyId", "identity") + .addQueryParam("Signature", "Z0UqrkQv83rykFxvI3f0dQtxEAM=") + .build(); } @Override - @Test - public void testSignGetBlobWithTime() { - throw new SkipException("not yet implemented"); - } - - //TODO - @Override protected HttpRequest getBlobWithTime() { return HttpRequest.builder().method("GET") - .endpoint("http://locahost/container/name";) - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:0uvBv1wEskuhFHYJF/L6kEV9A7o=").build(); + .endpoint("http://localhost/container/name";) + .addQueryParam("Expires", "1212683902") + .addQueryParam("AWSAccessKeyId", "identity") + .addQueryParam("Signature", "Y4Ac4sZfBemGZmgfG78F7IX+IFg=") + .build(); } @Override @@ -74,25 +70,22 @@ public class S3BlobSignerExpectTest extends BaseBlobSignerExpectTest { protected HttpRequest putBlob() { return HttpRequest.builder().method("PUT") .endpoint("http://localhost/container/name";) + .addQueryParam("Expires", "1212684799") + .addQueryParam("AWSAccessKeyId", "identity") + .addQueryParam("Signature", "N3+nS6ogzOqgT+YaThFN6RU/+xs=") .addHeader("Expect", "100-continue") - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:zM2oT+71KcoOSxv1SU5L12UXnT8=").build(); + .build(); } @Override - @Test - public void testSignPutBlobWithTime() throws Exception { - throw new SkipException("not yet implemented"); - } - - //TODO - @Override protected HttpRequest putBlobWithTime() { return HttpRequest.builder().method("PUT") .endpoint("http://localhost/container/name";) + .addQueryParam("Expires", "1212683902") + .addQueryParam("AWSAccessKeyId", "identity") + .addQueryParam("Signature", "genkB2vLxe3AWV/bPvRTMqQts7E=") .addHeader("Expect", "100-continue") - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:zM2oT+71KcoOSxv1SU5L12UXnT8=").build(); + .build(); } @Override http://git-wip-us.apache.org/repos/asf/jclouds/blob/db00f679/providers/aws-s3/src/test/java/org/jclouds/aws/s3/blobstore/AWSS3BlobSignerExpectTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-s3/src/test/java/org/jclouds/aws/s3/blobstore/AWSS3BlobSignerExpectTest.java b/providers/aws-s3/src/test/java/org/jclouds/aws/s3/blobstore/AWSS3BlobSignerExpectTest.java index 14c273f..4577427 100644 --- a/providers/aws-s3/src/test/java/org/jclouds/aws/s3/blobstore/AWSS3BlobSignerExpectTest.java +++ b/providers/aws-s3/src/test/java/org/jclouds/aws/s3/blobstore/AWSS3BlobSignerExpectTest.java @@ -18,12 +18,17 @@ package org.jclouds.aws.s3.blobstore; import static org.testng.Assert.assertEquals; +import java.util.Date; import java.util.Map; +import javax.inject.Named; + +import org.jclouds.Constants; import org.jclouds.aws.s3.config.AWSS3HttpApiModule; import org.jclouds.aws.s3.filters.AWSRequestAuthorizeSignature; import org.jclouds.blobstore.BlobStore; import org.jclouds.blobstore.domain.Blob; +import org.jclouds.date.DateService; import org.jclouds.date.TimeStamp; import org.jclouds.http.HttpRequest; import org.jclouds.rest.ConfiguresHttpApi; @@ -33,6 +38,7 @@ import org.testng.annotations.Test; import com.google.common.base.Splitter; import com.google.common.base.Supplier; +import com.google.common.base.Suppliers; import com.google.inject.Module; import com.google.inject.Scopes; @@ -49,9 +55,14 @@ public class AWSS3BlobSignerExpectTest extends S3BlobSignerExpectTest { protected HttpRequest getBlob() { return HttpRequest.builder().method("GET") .endpoint("https://container.s3.amazonaws.com/name";) + .addQueryParam("X-Amz-Algorithm", "AWS4-HMAC-SHA256") + .addQueryParam("X-Amz-Credential", "identity/20080605/us-east-1/s3/aws4_request") + .addQueryParam("X-Amz-Date", "20080605T163819Z") + .addQueryParam("X-Amz-Expires", "900") + .addQueryParam("X-Amz-SignedHeaders", "host") + .addQueryParam("X-Amz-Signature", "1aa13b18ef9c4a9a98db7539e9eeb2c63afadbab649e14e28d5b765dfd96c32b") .addHeader("Host", HOST) - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:0uvBv1wEskuhFHYJF/L6kEV9A7o=").build(); + .build(); } @Override @@ -71,8 +82,10 @@ public class AWSS3BlobSignerExpectTest extends S3BlobSignerExpectTest { .endpoint("https://container.s3.amazonaws.com/name";) .addHeader("Host", HOST) .addHeader("Range", "bytes=0-1") - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:0uvBv1wEskuhFHYJF/L6kEV9A7o=").build(); + .addHeader("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") + .addHeader("X-Amz-Date", "20080605T163819Z") + .addHeader("Authorization", "AWS4-HMAC-SHA256 Credential=identity/20080605/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8f6a70bf43f31c92a67095510b080f574154df8a5ccb988ec8a6cbcce03dd5b8") + .build(); } private void compareRequestComponents(final HttpRequest request, final HttpRequest compare) { @@ -80,15 +93,16 @@ public class AWSS3BlobSignerExpectTest extends S3BlobSignerExpectTest { String query = request.getEndpoint().toString().split("\\?")[1]; final Map<String, String> params = Splitter.on('&').trimResults().withKeyValueSeparator("=").split(query); assertEquals(params.get("X-Amz-Algorithm"), "AWS4-HMAC-SHA256"); - assertEquals(params.get("X-Amz-Expires"), "3"); + assertEquals(params.get("X-Amz-Expires"), "900"); assertEquals(params.get("X-Amz-SignedHeaders"), "host"); } + @Override @Test public void testSignGetBlobWithTime() { BlobStore getBlobWithTime = requestsSendResponses(init()); HttpRequest compare = getBlobWithTime(); - HttpRequest request = getBlobWithTime.getContext().getSigner().signGetBlob(container, name, 3L /* seconds */); + HttpRequest request = getBlobWithTime.getContext().getSigner().signGetBlob(container, name, 900L /* seconds */); compareRequestComponents(request, compare); } @@ -119,18 +133,33 @@ public class AWSS3BlobSignerExpectTest extends S3BlobSignerExpectTest { protected HttpRequest removeBlob() { return HttpRequest.builder().method("DELETE") .endpoint("https://container.s3.amazonaws.com/name";) + .addHeader("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") + .addHeader("X-Amz-Date", "20080605T163819Z") + .addHeader("Authorization", "AWS4-HMAC-SHA256 Credential=identity/20080605/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=b068a3b2a76f06bf1d73b907243602f43962f5572ea1e588ed193c8c656118fe") .addHeader("Host", HOST) - .addHeader("Date", "Thu, 05 Jun 2008 16:38:19 GMT") - .addHeader("Authorization", "AWS identity:4FnyjdX/ULdDMRbVlLNjZfEo9RQ=").build(); + .build(); + } + + @Override + @Test + public void testSignPutBlob() throws Exception { + BlobStore signPutBloblWithTime = requestsSendResponses(init()); + Blob blob = signPutBloblWithTime.blobBuilder(name).payload(text).contentType("text/plain").build(); + HttpRequest compare = putBlobWithTime(); + compare.setPayload(blob.getPayload()); + HttpRequest request = signPutBloblWithTime.getContext().getSigner().signPutBlob(container, blob); + compareRequestComponents(request, compare); + assertEquals(request.getPayload(), compare.getPayload()); } + @Override @Test public void testSignPutBlobWithTime() throws Exception { BlobStore signPutBloblWithTime = requestsSendResponses(init()); Blob blob = signPutBloblWithTime.blobBuilder(name).payload(text).contentType("text/plain").build(); HttpRequest compare = putBlobWithTime(); compare.setPayload(blob.getPayload()); - HttpRequest request = signPutBloblWithTime.getContext().getSigner().signPutBlob(container, blob, 3L /* seconds */); + HttpRequest request = signPutBloblWithTime.getContext().getSigner().signPutBlob(container, blob, 900L /* seconds */); compareRequestComponents(request, compare); assertEquals(request.getPayload(), compare.getPayload()); } @@ -148,10 +177,13 @@ public class AWSS3BlobSignerExpectTest extends S3BlobSignerExpectTest { return DATE; } - // subclass expects v2 signatures @Override - protected void bindRequestSigner() { - bind(RequestAuthorizeSignature.class).to(AWSRequestAuthorizeSignature.class).in(Scopes.SINGLETON); + @TimeStamp + protected Supplier<Date> provideTimeStampCacheDate( + @Named(Constants.PROPERTY_SESSION_INTERVAL) long seconds, + @TimeStamp final Supplier<String> timestamp, + final DateService dateService) { + return Suppliers.ofInstance(new Date(1212683899000L)); } } }
