Search in sources :

Example 1 with OSSTempCredential

use of com.mizhousoft.cloudsdk.oss.OSSTempCredential in project cloud-sdk by mizhousoft.

the class COSObjectStorageServiceImpl method getUploadTempCredential.

/**
 * {@inheritDoc}
 */
@Override
public OSSTempCredential getUploadTempCredential(String bucketName, Set<String> objectNames, int oneDurationSeconds) throws CloudSDKException {
    TreeMap<String, Object> config = new TreeMap<String, Object>();
    // 固定密钥
    config.put("SecretId", profile.getAccessKey());
    // 固定密钥
    config.put("SecretKey", profile.getSecretKey());
    // 临时密钥有效时长,单位是秒
    int durationSeconds = oneDurationSeconds * objectNames.size();
    config.put("durationSeconds", durationSeconds);
    try {
        List<Scope> scopes = new ArrayList<>(5);
        for (String objectName : objectNames) {
            scopes.add(new Scope("name/cos:PutObject", bucketName, profile.getRegion(), objectName));
            scopes.add(new Scope("name/cos:PostObject", bucketName, profile.getRegion(), objectName));
        }
        String policy = CosStsClient.getPolicy(scopes);
        config.put("policy", policy);
        JSONObject credential = CosStsClient.getCredential(config);
        JSONObject cre = credential.getJSONObject("credentials");
        String tmpSecretId = cre.getString("tmpSecretId");
        String tmpSecretKey = cre.getString("tmpSecretKey");
        String token = cre.getString("sessionToken");
        long startTime = credential.getLong("startTime");
        long expiredTime = credential.getLong("expiredTime");
        OSSTempCredential tc = new OSSTempCredential();
        tc.setExpiredTime(expiredTime);
        tc.setSecretId(tmpSecretId);
        tc.setSecretKey(tmpSecretKey);
        tc.setToken(token);
        tc.setStartTime(startTime);
        tc.setBucketName(bucketName);
        tc.setRegion(profile.getRegion());
        tc.setObjectNames(objectNames);
        return tc;
    } catch (IOException e) {
        throw new CloudSDKException(e.getMessage(), e);
    }
}
Also used : CloudSDKException(com.mizhousoft.cloudsdk.CloudSDKException) OSSTempCredential(com.mizhousoft.cloudsdk.oss.OSSTempCredential) ArrayList(java.util.ArrayList) IOException(java.io.IOException) TreeMap(java.util.TreeMap) Scope(com.tencent.cloud.Scope) JSONObject(org.json.JSONObject) JSONObject(org.json.JSONObject)

Example 2 with OSSTempCredential

use of com.mizhousoft.cloudsdk.oss.OSSTempCredential in project cloud-sdk by mizhousoft.

the class AliyunObjectStorageServiceImpl method getUploadTempCredential.

/**
 * {@inheritDoc}
 */
@Override
public OSSTempCredential getUploadTempCredential(String bucketName, Set<String> objectNames, int oneDurationSeconds) throws CloudSDKException {
    String policy = "{\"Version\":\"1\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"oss:PutObject\"],\"Resource\":[\"acs:oss:*:*:*\"]}]}";
    try {
        // 添加endpoint(直接使用STS endpoint,前两个参数留空,无需添加region ID)
        DefaultProfile.addEndpoint("", "Sts", profile.getStsEndpoint());
        // 构造default profile(参数留空,无需添加region ID)
        IClientProfile clientProfile = DefaultProfile.getProfile("", profile.getAccessKey(), profile.getSecretKey());
        // 用profile构造client
        DefaultAcsClient client = new DefaultAcsClient(clientProfile);
        final AssumeRoleRequest request = new AssumeRoleRequest();
        request.setSysMethod(MethodType.POST);
        request.setRoleArn(profile.getRoleArn());
        request.setRoleSessionName(profile.getRoleSessionName());
        // 若policy为空,则用户将获得该角色下所有权限
        request.setPolicy(policy);
        // 设置凭证有效时间
        request.setDurationSeconds((long) oneDurationSeconds);
        final AssumeRoleResponse response = client.getAcsResponse(request);
        Credentials credentials = response.getCredentials();
        OSSTempCredential tc = new OSSTempCredential();
        tc.setSecretId(credentials.getAccessKeyId());
        tc.setSecretKey(credentials.getAccessKeySecret());
        tc.setToken(credentials.getSecurityToken());
        tc.setBucketName(bucketName);
        tc.setObjectNames(objectNames);
        tc.setRegion(profile.getRegion());
        return tc;
    } catch (Throwable e) {
        throw new CloudSDKException(e.getMessage(), e);
    }
}
Also used : AssumeRoleRequest(com.aliyuncs.auth.sts.AssumeRoleRequest) CloudSDKException(com.mizhousoft.cloudsdk.CloudSDKException) OSSTempCredential(com.mizhousoft.cloudsdk.oss.OSSTempCredential) DefaultAcsClient(com.aliyuncs.DefaultAcsClient) AssumeRoleResponse(com.aliyuncs.auth.sts.AssumeRoleResponse) IClientProfile(com.aliyuncs.profile.IClientProfile) Credentials(com.aliyuncs.auth.sts.AssumeRoleResponse.Credentials)

Aggregations

CloudSDKException (com.mizhousoft.cloudsdk.CloudSDKException)2 OSSTempCredential (com.mizhousoft.cloudsdk.oss.OSSTempCredential)2 DefaultAcsClient (com.aliyuncs.DefaultAcsClient)1 AssumeRoleRequest (com.aliyuncs.auth.sts.AssumeRoleRequest)1 AssumeRoleResponse (com.aliyuncs.auth.sts.AssumeRoleResponse)1 Credentials (com.aliyuncs.auth.sts.AssumeRoleResponse.Credentials)1 IClientProfile (com.aliyuncs.profile.IClientProfile)1 Scope (com.tencent.cloud.Scope)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 TreeMap (java.util.TreeMap)1 JSONObject (org.json.JSONObject)1