| /** |
| * Licensed to jclouds, Inc. (jclouds) under one or more |
| * contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. jclouds licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.jclouds.route53.filters; |
| |
| import static com.google.common.base.Charsets.UTF_8; |
| import static com.google.common.base.Throwables.propagate; |
| import static javax.ws.rs.core.HttpHeaders.DATE; |
| import static org.jclouds.crypto.CryptoStreams.base64; |
| import static org.jclouds.crypto.CryptoStreams.mac; |
| import static org.jclouds.util.Strings2.toInputStream; |
| |
| import java.io.IOException; |
| import java.security.InvalidKeyException; |
| |
| import javax.inject.Inject; |
| import javax.inject.Provider; |
| import javax.inject.Singleton; |
| |
| import org.jclouds.aws.domain.SessionCredentials; |
| import org.jclouds.crypto.Crypto; |
| import org.jclouds.date.TimeStamp; |
| import org.jclouds.domain.Credentials; |
| import org.jclouds.http.HttpException; |
| import org.jclouds.http.HttpRequest; |
| import org.jclouds.http.HttpRequestFilter; |
| import org.jclouds.io.InputSuppliers; |
| import org.jclouds.rest.RequestSigner; |
| |
| import com.google.common.base.Supplier; |
| |
| /** |
| * Signs the Route53 request. |
| * |
| * @see <a href= |
| * "http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html#StringToSign" |
| * /> |
| * @author Adrian Cole |
| * |
| */ |
| @Singleton |
| public class RestAuthentication implements HttpRequestFilter, RequestSigner { |
| |
| private final Supplier<Credentials> creds; |
| private final Provider<String> timeStampProvider; |
| private final Crypto crypto; |
| |
| @Inject |
| public RestAuthentication(@org.jclouds.location.Provider Supplier<Credentials> creds, |
| @TimeStamp Provider<String> timeStampProvider, Crypto crypto) { |
| this.creds = creds; |
| this.timeStampProvider = timeStampProvider; |
| this.crypto = crypto; |
| } |
| |
| public HttpRequest filter(HttpRequest request) throws HttpException { |
| Credentials current = creds.get(); |
| if (current instanceof SessionCredentials) { |
| request = replaceSecurityTokenHeader(request, SessionCredentials.class.cast(current)); |
| } |
| request = replaceDateHeader(request, timeStampProvider.get()); |
| String signature = sign(createStringToSign(request)); |
| return replaceAuthorizationHeader(request, signature); |
| } |
| |
| private HttpRequest replaceSecurityTokenHeader(HttpRequest request, SessionCredentials current) { |
| return request.toBuilder().replaceHeader("x-amz-security-token", current.getSessionToken()).build(); |
| } |
| |
| private HttpRequest replaceDateHeader(HttpRequest request, String timestamp) { |
| request = request.toBuilder().replaceHeader(DATE, timestamp).build(); |
| return request; |
| } |
| |
| @Override |
| public String createStringToSign(HttpRequest input) { |
| return input.getFirstHeaderOrNull(DATE); |
| } |
| |
| @Override |
| public String sign(String toSign) { |
| try { |
| return base64(mac(InputSuppliers.of(toSign), crypto.hmacSHA256(creds.get().credential.getBytes(UTF_8)))); |
| } catch (InvalidKeyException e) { |
| throw propagate(e); |
| } catch (IOException e) { |
| throw propagate(e); |
| } |
| } |
| |
| private HttpRequest replaceAuthorizationHeader(HttpRequest request, String signature) { |
| request = request |
| .toBuilder() |
| .replaceHeader("X-Amzn-Authorization", |
| "AWS3-HTTPS AWSAccessKeyId=" + creds.get().identity + ",Algorithm=HmacSHA256,Signature=" + signature) |
| .build(); |
| return request; |
| } |
| |
| |
| } |