Google Git
Sign in
apache / jclouds / a4fa0d5dfd314bcc7f26054a6f307e5f81ba432e / . / apis / route53 / src / main / java / org / jclouds / route53 / filters / RestAuthentication.java
blob: 5cf2913ded3756b20a52f1cfa0e89fca90998b3f [file] [log] [blame]
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.route53.filters;
import static com.google.common.base.Charsets.UTF_8;
import static com.google.common.base.Throwables.propagate;
import static javax.ws.rs.core.HttpHeaders.DATE;
import static org.jclouds.crypto.CryptoStreams.base64;
import static org.jclouds.crypto.CryptoStreams.mac;
import static org.jclouds.util.Strings2.toInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.jclouds.aws.domain.SessionCredentials;
import org.jclouds.crypto.Crypto;
import org.jclouds.date.TimeStamp;
import org.jclouds.domain.Credentials;
import org.jclouds.http.HttpException;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpRequestFilter;
import org.jclouds.io.InputSuppliers;
import org.jclouds.rest.RequestSigner;
import com.google.common.base.Supplier;
/**
* Signs the Route53 request.
*
* @see <a href=
* "http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html#StringToSign"
* />
* @author Adrian Cole
*
*/
@Singleton
public class RestAuthentication implements HttpRequestFilter, RequestSigner {
private final Supplier<Credentials> creds;
private final Provider<String> timeStampProvider;
private final Crypto crypto;
@Inject
public RestAuthentication(@org.jclouds.location.Provider Supplier<Credentials> creds,
@TimeStamp Provider<String> timeStampProvider, Crypto crypto) {
this.creds = creds;
this.timeStampProvider = timeStampProvider;
this.crypto = crypto;
}
public HttpRequest filter(HttpRequest request) throws HttpException {
Credentials current = creds.get();
if (current instanceof SessionCredentials) {
request = replaceSecurityTokenHeader(request, SessionCredentials.class.cast(current));
}
request = replaceDateHeader(request, timeStampProvider.get());
String signature = sign(createStringToSign(request));
return replaceAuthorizationHeader(request, signature);
}
private HttpRequest replaceSecurityTokenHeader(HttpRequest request, SessionCredentials current) {
return request.toBuilder().replaceHeader("x-amz-security-token", current.getSessionToken()).build();
}
private HttpRequest replaceDateHeader(HttpRequest request, String timestamp) {
request = request.toBuilder().replaceHeader(DATE, timestamp).build();
return request;
}
@Override
public String createStringToSign(HttpRequest input) {
return input.getFirstHeaderOrNull(DATE);
}
@Override
public String sign(String toSign) {
try {
return base64(mac(InputSuppliers.of(toSign), crypto.hmacSHA256(creds.get().credential.getBytes(UTF_8))));
} catch (InvalidKeyException e) {
throw propagate(e);
} catch (IOException e) {
throw propagate(e);
}
}
private HttpRequest replaceAuthorizationHeader(HttpRequest request, String signature) {
request = request
.toBuilder()
.replaceHeader("X-Amzn-Authorization",
"AWS3-HTTPS AWSAccessKeyId=" + creds.get().identity + ",Algorithm=HmacSHA256,Signature=" + signature)
.build();
return request;
}
}