Search in sources :

Example 1 with PostConditionsV4

use of com.google.cloud.storage.PostPolicyV4.PostConditionsV4 in project java-storage by googleapis.

the class StorageImpl method generateSignedPostPolicyV4.

@Override
public PostPolicyV4 generateSignedPostPolicyV4(BlobInfo blobInfo, long duration, TimeUnit unit, PostFieldsV4 fields, PostConditionsV4 conditions, PostPolicyV4Option... options) {
    EnumMap<SignUrlOption.Option, Object> optionMap = Maps.newEnumMap(SignUrlOption.Option.class);
    // Convert to a map of SignUrlOptions so we can re-use some utility methods
    for (PostPolicyV4Option option : options) {
        optionMap.put(SignUrlOption.Option.valueOf(option.getOption().name()), option.getValue());
    }
    optionMap.put(SignUrlOption.Option.SIGNATURE_VERSION, SignUrlOption.SignatureVersion.V4);
    ServiceAccountSigner credentials = (ServiceAccountSigner) optionMap.get(SignUrlOption.Option.SERVICE_ACCOUNT_CRED);
    if (credentials == null) {
        checkState(this.getOptions().getCredentials() instanceof ServiceAccountSigner, "Signing key was not provided and could not be derived");
        credentials = (ServiceAccountSigner) this.getOptions().getCredentials();
    }
    checkArgument(!(optionMap.containsKey(SignUrlOption.Option.VIRTUAL_HOSTED_STYLE) && optionMap.containsKey(SignUrlOption.Option.PATH_STYLE) && optionMap.containsKey(SignUrlOption.Option.BUCKET_BOUND_HOST_NAME)), "Only one of VIRTUAL_HOSTED_STYLE, PATH_STYLE, or BUCKET_BOUND_HOST_NAME SignUrlOptions can be" + " specified.");
    String bucketName = slashlessBucketNameFromBlobInfo(blobInfo);
    boolean usePathStyle = shouldUsePathStyleForSignedUrl(optionMap);
    String url;
    if (usePathStyle) {
        url = STORAGE_XML_URI_SCHEME + "://" + STORAGE_XML_URI_HOST_NAME + "/" + bucketName + "/";
    } else {
        url = STORAGE_XML_URI_SCHEME + "://" + bucketName + "." + STORAGE_XML_URI_HOST_NAME + "/";
    }
    if (optionMap.containsKey(SignUrlOption.Option.BUCKET_BOUND_HOST_NAME)) {
        url = optionMap.get(SignUrlOption.Option.BUCKET_BOUND_HOST_NAME) + "/";
    }
    SimpleDateFormat googDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
    SimpleDateFormat yearMonthDayFormat = new SimpleDateFormat("yyyyMMdd");
    SimpleDateFormat expirationFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    googDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
    yearMonthDayFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
    expirationFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
    long timestamp = getOptions().getClock().millisTime();
    String date = googDateFormat.format(timestamp);
    String signingCredential = credentials.getAccount() + "/" + yearMonthDayFormat.format(timestamp) + "/auto/storage/goog4_request";
    Map<String, String> policyFields = new HashMap<>();
    PostConditionsV4.Builder conditionsBuilder = conditions.toBuilder();
    for (Map.Entry<String, String> entry : fields.getFieldsMap().entrySet()) {
        // Every field needs a corresponding policy condition, so add them if they're missing
        conditionsBuilder.addCustomCondition(ConditionV4Type.MATCHES, entry.getKey(), entry.getValue());
        policyFields.put(entry.getKey(), entry.getValue());
    }
    PostConditionsV4 v4Conditions = conditionsBuilder.addBucketCondition(ConditionV4Type.MATCHES, blobInfo.getBucket()).addKeyCondition(ConditionV4Type.MATCHES, blobInfo.getName()).addCustomCondition(ConditionV4Type.MATCHES, "x-goog-date", date).addCustomCondition(ConditionV4Type.MATCHES, "x-goog-credential", signingCredential).addCustomCondition(ConditionV4Type.MATCHES, "x-goog-algorithm", "GOOG4-RSA-SHA256").build();
    PostPolicyV4Document document = PostPolicyV4Document.of(expirationFormat.format(timestamp + unit.toMillis(duration)), v4Conditions);
    String policy = BaseEncoding.base64().encode(document.toJson().getBytes());
    String signature = BaseEncoding.base16().encode(credentials.sign(policy.getBytes())).toLowerCase();
    for (PostPolicyV4.ConditionV4 condition : v4Conditions.getConditions()) {
        if (condition.type == ConditionV4Type.MATCHES) {
            policyFields.put(condition.operand1, condition.operand2);
        }
    }
    policyFields.put("key", blobInfo.getName());
    policyFields.put("x-goog-credential", signingCredential);
    policyFields.put("x-goog-algorithm", "GOOG4-RSA-SHA256");
    policyFields.put("x-goog-date", date);
    policyFields.put("x-goog-signature", signature);
    policyFields.put("policy", policy);
    policyFields.remove("bucket");
    return PostPolicyV4.of(url, policyFields);
}
Also used : PostConditionsV4(com.google.cloud.storage.PostPolicyV4.PostConditionsV4) HashMap(java.util.HashMap) StorageObject(com.google.api.services.storage.model.StorageObject) ServiceAccountSigner(com.google.auth.ServiceAccountSigner) PostPolicyV4Document(com.google.cloud.storage.PostPolicyV4.PostPolicyV4Document) SimpleDateFormat(java.text.SimpleDateFormat) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) EnumMap(java.util.EnumMap) HashMap(java.util.HashMap)

Aggregations

StorageObject (com.google.api.services.storage.model.StorageObject)1 ServiceAccountSigner (com.google.auth.ServiceAccountSigner)1 PostConditionsV4 (com.google.cloud.storage.PostPolicyV4.PostConditionsV4)1 PostPolicyV4Document (com.google.cloud.storage.PostPolicyV4.PostPolicyV4Document)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 SimpleDateFormat (java.text.SimpleDateFormat)1 EnumMap (java.util.EnumMap)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1