hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/signature/Credential.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.ozone.s3.signature;

import org.apache.hadoop.ozone.s3.exception.OS3Exception;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


/**
 * Credential in the AWS authorization header.
 * Ref: https://docs.aws.amazon.com/AmazonS3/latest/API/
 * sigv4-auth-using-authorization-header.html
 */
public class Credential {
  private static final Logger LOG = LoggerFactory.getLogger(Credential.class);

  private String accessKeyID;
  private String date;
  private String awsRegion;
  private String awsService;
  private String awsRequest;
  private String credential;

  /**
   * Construct Credential Object.
   *
   * @param cred
   */
  Credential(String cred) throws MalformedResourceException {
    this.credential = cred;
    parseCredential();
  }

  /**
   * Parse credential value.
   * <p>
   * Sample credential value:
   * Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request
   *
   * @throws OS3Exception
   */
  @SuppressWarnings("StringSplitter")
  public void parseCredential() throws MalformedResourceException {
    String[] split = credential.split("/");
    switch (split.length) {
    case 5:
      // Ex: dkjad922329ddnks/20190321/us-west-1/s3/aws4_request
      accessKeyID = split[0].trim();
      date = split[1].trim();
      awsRegion = split[2].trim();
      awsService = split[3].trim();
      awsRequest = split[4].trim();
      return;
    case 6:
      // Access id is kerberos principal.
      // Ex: testuser/om@EXAMPLE.COM/20190321/us-west-1/s3/aws4_request
      accessKeyID = split[0] + "/" + split[1];
      date = split[2].trim();
      awsRegion = split[3].trim();
      awsService = split[4].trim();
      awsRequest = split[5].trim();
      return;
    default:
      throw new MalformedResourceException(
          "Credentials not in expected format.", credential);
    }
  }

  public String getAccessKeyID() {
    return accessKeyID;
  }

  public String getDate() {
    return date;
  }

  public String getAwsRegion() {
    return awsRegion;
  }

  public String getAwsService() {
    return awsService;
  }

  public String getAwsRequest() {
    return awsRequest;
  }

  public String getCredential() {
    return credential;
  }

  public String createScope() {
    return String.format("%s/%s/%s/%s", getDate(),
        getAwsRegion(), getAwsService(),
        getAwsRequest());
  }
}