Example 86 with GWException
use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.
the class S3Signing method publicvalidation.
public S3Parameter publicvalidation() throws GWException {
String uri = s3Parameter.getRequest().getRequestURI();
String hostHeader = s3Parameter.getRequest().getHeader(HttpHeaders.HOST);
String preuri = uriReconstructer(uri, hostHeader, Optional.fromNullable(s3Parameter.getVirtualHost()));
String bucket;
String[] path = null;
if (preuri.startsWith(GWConstants.SLASH_WEBSITE)) {
path = preuri.split(GWConstants.SLASH, 4);
bucket = path[2];
s3Parameter.setWebsite(true);
} else {
path = preuri.split(GWConstants.SLASH, 3);
bucket = path[1];
s3Parameter.setWebsite(false);
}
for (int i = 0; i < path.length; i++) {
try {
path[i] = URLDecoder.decode(path[i], GWConstants.CHARSET_UTF_8);
} catch (UnsupportedEncodingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, GWConstants.LOG_S3SIGNING_UNSUPPORT_ENCODING_LANGUAGE, s3Parameter);
}
}
if (preuri.startsWith(GWConstants.SLASH_WEBSITE)) {
path = preuri.split(GWConstants.SLASH, 4);
} else {
path = preuri.split(GWConstants.SLASH, 3);
}
Bucket bucketInfo = null;
ObjManager objManager = null;
try {
objManager = ObjManagerHelper.getInstance().getObjManager();
bucketInfo = objManager.getBucket(bucket);
} catch (ResourceNotFoundException e) {
logger.info("bucket({}) is not fount in the db", bucket);
throw new GWException(GWErrorCode.NO_SUCH_BUCKET, s3Parameter);
} catch (SQLException e) {
PrintStack.logging(logger, e);
} catch (Exception e) {
PrintStack.logging(logger, e);
} finally {
try {
ObjManagerHelper.getInstance().returnObjManager(objManager);
} catch (Exception e) {
PrintStack.logging(logger, e);
}
}
if (bucketInfo == null) {
throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
}
S3User user = GWUtils.getDBInstance().getIdentityByID(bucketInfo.getUserId(), s3Parameter);
if (user == null) {
throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
}
s3Parameter.setUser(user);
if (s3Parameter.isWebsite()) {
String[] enhancepath = new String[path.length - 1];
for (int i = 0; i < path.length; i++) {
if (i == 0) {
enhancepath[i] = path[i];
continue;
}
if (i == 1) {
continue;
}
enhancepath[i - 1] = path[i];
logger.debug(GWConstants.LOG_S3SIGNING_ENHANCE_PATH, i, enhancepath[i]);
}
// s3Parameter.path = enhancepath;
} else {
// s3Parameter.path = path;
}
return s3Parameter;
}
Also used :
S3User(com.pspace.ifs.ksan.gw.identity.S3User)
Bucket(com.pspace.ifs.ksan.objmanager.Bucket)
SQLException(java.sql.SQLException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
ObjManager(com.pspace.ifs.ksan.objmanager.ObjManager)
ResourceNotFoundException(com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceNotFoundException)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
SQLException(java.sql.SQLException)
ResourceNotFoundException(com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceNotFoundException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 87 with GWException
use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.
the class S3Signing method validation.
public S3Parameter validation() throws GWException {
boolean hasDateHeader = ishasDateHeader(s3Parameter.getRequest());
boolean hasXAmzDateHeader = ishasXAmzDateHeader(s3Parameter.getRequest());
boolean haveBothDateHeader = false;
if (hasDateHeader && hasXAmzDateHeader) {
haveBothDateHeader = true;
}
String uri = s3Parameter.getRequest().getRequestURI();
String hostHeader = s3Parameter.getRequest().getHeader(HttpHeaders.HOST);
boolean headernull = false;
if (!hasDateHeader && !hasXAmzDateHeader && s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_DATE) == null && s3Parameter.getRequest().getParameter(GWConstants.EXPIRES) == null) {
logger.error(GWConstants.LOG_S3SIGNING_SIGNATURE_OR_AUTH_HEADER_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, GWConstants.LOG_S3SIGNING_AWS_REQUIRES_VALID_DATE, s3Parameter);
}
String[] path = uri.split(GWConstants.SLASH, 3);
for (int i = 0; i < path.length; i++) {
try {
path[i] = URLDecoder.decode(path[i], GWConstants.CHARSET_UTF_8);
} catch (UnsupportedEncodingException e) {
throw new GWException(GWErrorCode.SERVER_ERROR, GWConstants.LOG_S3SIGNING_UNSUPPORT_ENCODING_LANGUAGE, s3Parameter);
}
}
S3AuthorizationHeader authHeader = null;
String headerAuthorization = s3Parameter.getRequest().getHeader(HttpHeaders.AUTHORIZATION);
if (headerAuthorization == null) {
String algorithm = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_ALGORITHM);
if (algorithm == null) {
// v2 query
String identity = s3Parameter.getRequest().getParameter(GWConstants.AWS_ACCESS_KEY_ID);
String signature = s3Parameter.getRequest().getParameter(GWConstants.SIGNATURE);
if (identity == null || signature == null) {
logger.error(GWConstants.LOG_S3SIGNING_V2_SIGNATURE_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
headerAuthorization = GWConstants.AWS_SPACE + identity + GWConstants.COLON + signature;
headernull = true;
} else if (algorithm.equals(GWConstants.AWS4_HMAC_SHA256)) {
// v4 query
String credential = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_CREDENTIAL);
String signedHeaders = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_SIGNEDHEADERS);
String signature = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_SIGNATURE);
if (credential == null || signedHeaders == null || signature == null) {
logger.error(GWConstants.LOG_S3SIGNING_V4_CREDENTIAL_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
headerAuthorization = GWConstants.AWS4_HMAC_SHA256 + GWConstants.SIGN_CREDENTIAL + credential + GWConstants.SIGN_REQEUEST_SIGNED_HEADERS + signedHeaders + GWConstants.SIGN_SIGNATURE + signature;
headernull = true;
} else {
logger.error(GWConstants.LOG_S3SIGNING_UNKNOWN_ALGORITHM_VALUE, algorithm);
throw new IllegalArgumentException(GWConstants.LOG_S3SIGNING_UNKNOWN_ALGORITHM + algorithm);
}
}
try {
authHeader = new S3AuthorizationHeader(headerAuthorization);
// whether v2 or v4 (normal header and query)
logger.debug(GWConstants.LOG_S3SIGNING_AUTH_HEADER, authHeader);
} catch (IllegalArgumentException iae) {
throw new GWException(GWErrorCode.INVALID_ARGUMENT, iae, s3Parameter);
}
String requestIdentity = authHeader.identity;
if (requestIdentity == null) {
logger.error(GWConstants.LOG_S3SIGNING_ACCESS_NULL);
throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
}
String preuri = uriReconstructer(uri, hostHeader, Optional.fromNullable(null));
S3User user = GWUtils.getDBInstance().getIdentity(requestIdentity, s3Parameter);
if (user == null) {
logger.error(GWConstants.LOG_S3SIGNING_USER_NULL);
throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
}
logger.info(GWConstants.LOG_S3SIGNING_USER, user.getUserName());
if (headernull) {
headerAuthorization = null;
}
boolean presignedUrl = false;
if (headerAuthorization == null) {
String algorithm = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_ALGORITHM);
if (algorithm == null) {
// v2 query
String identity = s3Parameter.getRequest().getParameter(GWConstants.AWS_ACCESS_KEY_ID);
String signature = s3Parameter.getRequest().getParameter(GWConstants.SIGNATURE);
if (identity == null || signature == null) {
logger.error(GWConstants.LOG_S3SIGNING_V2_SIGNATURE_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
headerAuthorization = GWConstants.AWS_SPACE + identity + GWConstants.COLON + signature;
presignedUrl = true;
} else if (algorithm.equals(GWConstants.AWS4_HMAC_SHA256)) {
// v4 query
String credential = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_CREDENTIAL);
String signedHeaders = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_SIGNEDHEADERS);
String signature = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_SIGNATURE);
if (credential == null || signedHeaders == null || signature == null) {
logger.error(GWConstants.LOG_S3SIGNING_V4_CREDENTIAL_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
headerAuthorization = GWConstants.AWS4_HMAC_SHA256 + GWConstants.SIGN_CREDENTIAL + credential + GWConstants.SIGN_REQEUEST_SIGNED_HEADERS + signedHeaders + GWConstants.SIGN_SIGNATURE + signature;
presignedUrl = true;
} else {
logger.error(GWConstants.LOG_S3SIGNING_UNKNOWN_ALGORITHM_VALUE, algorithm);
throw new IllegalArgumentException(GWConstants.LOG_S3SIGNING_UNKNOWN_ALGORITHM + algorithm);
}
}
// date for timeskew check
long dateSkew = 0;
// v2 GET /s3proxy-1080747708/foo?AWSAccessKeyId=local-identity&Expires=
// 1510322602&Signature=UTyfHY1b1Wgr5BFEn9dpPlWdtFE%3D)
// have no date
boolean haveDate = true;
AuthenticationType finalAuthType = null;
if (authHeader.authenticationType == AuthenticationType.AWS_V2) {
finalAuthType = AuthenticationType.AWS_V2;
} else if (authHeader.authenticationType == AuthenticationType.AWS_V4) {
finalAuthType = AuthenticationType.AWS_V4;
} else {
logger.error(GWConstants.LOG_S3SIGNING_AUTHENTICATION_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
if (hasXAmzDateHeader) {
// format diff between v2 and v4
if (finalAuthType == AuthenticationType.AWS_V2) {
logger.info(GWConstants.LOG_S3SIGNING_INTO_V2, s3Parameter.getRequest().getHeader(GWConstants.X_AMZ_DATE));
dateSkew = s3Parameter.getRequest().getDateHeader(GWConstants.X_AMZ_DATE);
dateSkew /= 1000;
// case sensetive?
} else if (finalAuthType == AuthenticationType.AWS_V4) {
logger.info(GWConstants.LOG_S3SIGNING_INTO_V4, s3Parameter.getRequest().getHeader(GWConstants.X_AMZ_DATE));
dateSkew = GWUtils.parseIso8601(s3Parameter.getRequest().getHeader(GWConstants.X_AMZ_DATE), s3Parameter);
}
} else if (s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_DATE) != null) {
// v4 query
String dateString = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_DATE);
dateSkew = GWUtils.parseIso8601(dateString, s3Parameter);
logger.info(GWConstants.LOG_S3SIGNING_DATE, dateString);
} else if (hasDateHeader) {
try {
dateSkew = s3Parameter.getRequest().getDateHeader(HttpHeaders.DATE);
dateSkew /= 1000;
logger.info(GWConstants.LOG_S3SIGNING_DATE_HEADER, dateSkew);
} catch (IllegalArgumentException iae) {
logger.info(GWConstants.LOG_S3SIGNING_ILLEGAL_DATE_SKEW, dateSkew);
throw new GWException(GWErrorCode.ACCESS_DENIED, iae, s3Parameter);
}
} else {
haveDate = false;
}
if (haveDate) {
GWUtils.isTimeSkewed(dateSkew, maxDateSkew, s3Parameter);
}
String credential = user.getAccessSecret();
String expiresString = s3Parameter.getRequest().getParameter(GWConstants.EXPIRES);
if (expiresString != null) {
// v2 query
long expires = Long.parseLong(expiresString);
long nowSeconds = System.currentTimeMillis() / 1000;
if (nowSeconds >= expires) {
logger.error(GWConstants.LOG_S3SIGNING_EXPIRES, expiresString);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
}
String dateString = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_DATE);
// from para v4 query
expiresString = s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_EXPIRES);
if (dateString != null && expiresString != null) {
// v4 query
long date = GWUtils.parseIso8601(dateString, s3Parameter);
long expires = Long.parseLong(expiresString);
long nowSeconds = System.currentTimeMillis() / 1000;
if (nowSeconds >= date + expires) {
logger.error("nowSeconds({}), date({}), expires({})", nowSeconds, date, expires);
throw new GWException(GWErrorCode.ACCESS_DENIED, GWConstants.LOG_S3SIGNING_HAS_EXPIRED, s3Parameter);
}
}
String expectedSignature = null;
// When presigned url is generated, it doesn't consider service path
// String uriForSigning = presignedUrl ? uri : uri;
String uriForSigning = preuri;
S3Signature s3Signature = new S3Signature();
logger.info(GWConstants.LOG_S3SIGNING_URI, preuri);
if (authHeader.hmacAlgorithm == null) {
// v2
expectedSignature = s3Signature.createAuthorizationSignature(s3Parameter.getRequest(), uriForSigning, credential, presignedUrl, haveBothDateHeader);
} else {
String contentSha256 = s3Parameter.getRequest().getHeader(GWConstants.X_AMZ_CONTENT_SHA256);
byte[] payload = null;
int skip = 0;
if (s3Parameter.getRequest().getParameter(GWConstants.X_AMZ_ALGORITHM) != null) {
payload = new byte[0];
} else if (GWConstants.STREAMING_AWS4_HMAC_SHA256_PAYLOAD.equals(contentSha256)) {
payload = new byte[0];
s3Parameter.setInputStream(new ChunkedInputStream(s3Parameter.getInputStream()));
} else if (GWConstants.UNSIGNED_PAYLOAD.equals(contentSha256)) {
payload = new byte[0];
} else {
logger.info(GWConstants.LOG_S3SIGNING_PATH_LENGTH, path.length);
if (s3Parameter.getRequest().getMethod().equals(GWConstants.METHOD_PUT) && path.length > 2) {
skip = 1;
}
if (skip == 0) {
try {
payload = ByteStreams.toByteArray(ByteStreams.limit(s3Parameter.getInputStream(), 1048576 + 1));
} catch (IOException e) {
PrintStack.logging(logger, e);
}
s3Parameter.setInputStream(new ByteArrayInputStream(payload));
}
}
if (skip == 1) {
expectedSignature = authHeader.signature;
} else {
try {
expectedSignature = // v4 sign
s3Signature.createAuthorizationSignatureV4(s3Parameter.getRequest(), authHeader, payload, uriForSigning, credential);
} catch (InvalidKeyException | NoSuchAlgorithmException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.INVALID_ARGUMENT, e, s3Parameter);
} catch (IOException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.INVALID_ARGUMENT, e, s3Parameter);
}
}
}
if (!GWUtils.constantTimeEquals(expectedSignature, authHeader.signature)) {
logger.error(GWConstants.LOG_S3SIGNING_FAILED_VALIDATE_EXPECT_AND_AUTH_HEADER, expectedSignature, authHeader.signature);
throw new GWException(GWErrorCode.SIGNATURE_DOES_NOT_MATCH, s3Parameter);
}
s3Parameter.setUser(user);
return s3Parameter;
}
Also used :
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
S3User(com.pspace.ifs.ksan.gw.identity.S3User)
ByteArrayInputStream(java.io.ByteArrayInputStream)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
Example 88 with GWException
use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.
the class GW method init.
public void init() throws GWException {
try {
config.configure();
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
checkArgument(config.endpoint() != null || config.secureEndpoint() != null, GWConstants.LOG_GW_MUST_ENDPOINT);
if (config.endpoint() != null) {
checkArgument(config.endpoint().getPath().isEmpty(), GWConstants.LOG_GW_MUST_ENDPOINT_PATH, config.endpoint().getPath());
}
if (config.secureEndpoint() != null) {
checkArgument(config.secureEndpoint().getPath().isEmpty(), GWConstants.LOG_GW_MUST_SECURE_ENDPOINT_PATH, config.secureEndpoint().getPath());
requireNonNull(config.keyStorePath(), GWConstants.LOG_GW_MUST_KEYSTORE_PATH);
requireNonNull(config.keyStorePassword(), GWConstants.LOG_GW_MUST_KEYSTORE_PASSWORD);
}
ExecutorThreadPool pool = new ExecutorThreadPool(config.jettyMaxThreads());
pool.setName(GWConstants.S3);
server = new Server(pool);
// if (config.servicePath() != null && !config.servicePath().isEmpty()) {
// ContextHandler context = new ContextHandler();
// context.setContextPath(config.servicePath());
// }
// The HTTP configuration object.
HttpConfiguration httpConfig = new HttpConfiguration();
// Configure the HTTP support, for example:
httpConfig.setSendServerVersion(false);
HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfig);
HttpCompliance customHttpCompliance = HttpCompliance.from(GWConstants.LOG_GW_RFC7230);
httpConnectionFactory.getHttpConfiguration().setHttpCompliance(customHttpCompliance);
UriCompliance customUriCompliance = UriCompliance.from(GWConstants.LOG_GW_RFC3986);
httpConnectionFactory.getHttpConfiguration().setUriCompliance(customUriCompliance);
// httpConnectionFactory.getHttpConfiguration().setUriCompliance(UriCompliance.RFC3986);
ServerConnector connector;
if (config.endpoint() != null) {
ProxyConnectionFactory httpProxyConnectionFactory = new ProxyConnectionFactory(httpConnectionFactory.getProtocol());
connector = new ServerConnector(server, httpProxyConnectionFactory, httpConnectionFactory);
connector.setHost(config.endpoint().getHost());
connector.setPort(config.endpoint().getPort());
// if(config.jettyMaxIdleTimeout() > 30000) {
connector.setIdleTimeout(config.jettyMaxIdleTimeout());
// }
connector.setReuseAddress(true);
server.addConnector(connector);
} else {
logger.info(GWConstants.LOG_GW_ENDPOINT_IS_NULL);
}
if (config.secureEndpoint() != null) {
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(config.keyStorePath());
sslContextFactory.setKeyStorePassword(config.keyStorePassword());
connector = new ServerConnector(server, sslContextFactory, httpConnectionFactory);
connector.setHost(config.secureEndpoint().getHost());
connector.setPort(config.secureEndpoint().getPort());
if (config.jettyMaxIdleTimeout() > 30000) {
connector.setIdleTimeout(config.jettyMaxIdleTimeout());
}
connector.setReuseAddress(true);
server.addConnector(connector);
} else {
logger.info(GWConstants.LOG_GW_SECURE_ENDPOINT_IS_NULL);
}
handler = new GWHandlerJetty(config);
server.setHandler(handler);
GWDB s3DB = GWUtils.getDBInstance();
try {
s3DB.init(config.dbHost(), config.dbPort(), config.database(), config.dbUser(), config.dbPass(), config.dbPoolSize());
} catch (Exception e) {
PrintStack.logging(logger, e);
}
try {
OSDClientManager.getInstance().init(config.osdPort(), config.osdClientCount());
} catch (Exception e) {
PrintStack.logging(logger, e);
}
try {
ObjManagerHelper.getInstance().init(config.objManagerCount());
} catch (Exception e) {
PrintStack.logging(logger, e);
}
GWUtils.initCache(config.getCacheDisk());
}
Also used :
Server(org.eclipse.jetty.server.Server)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
URISyntaxException(java.net.URISyntaxException)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
UriCompliance(org.eclipse.jetty.http.UriCompliance)
URISyntaxException(java.net.URISyntaxException)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
HttpCompliance(org.eclipse.jetty.http.HttpCompliance)
GWDB(com.pspace.ifs.ksan.gw.db.GWDB)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
ExecutorThreadPool(org.eclipse.jetty.util.thread.ExecutorThreadPool)
ProxyConnectionFactory(org.eclipse.jetty.server.ProxyConnectionFactory)
Example 89 with GWException
use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.
the class GWHandlerJetty method handle.
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
// TODO Auto-generated method stub
try (InputStream is = request.getInputStream()) {
logger.info(baseRequest.getRootURL() + baseRequest.getOriginalURI());
List<NameValuePair> params = URLEncodedUtils.parse(baseRequest.getHttpURI().toURI(), Charset.forName(GWConstants.CHARSET_UTF_8));
MultiMap<String> queryParameters = new MultiMap<String>();
for (NameValuePair param : params) {
logger.info(param.getName() + GWConstants.SPACE_COLON_SPACE + param.getValue());
String encodevalue = GWConstants.EMPTY_STRING;
if (param.getValue() != null) {
if (param.getName().equals(GWConstants.SIGNATURE))
encodevalue = param.getValue().replaceAll(GWConstants.SPACE, GWConstants.PLUS);
else
encodevalue = param.getValue();
}
queryParameters.put(param.getName(), encodevalue);
}
baseRequest.setQueryParameters(queryParameters);
handler.doHandle(baseRequest, request, response, is);
baseRequest.setHandled(true);
} catch (GWException e) {
sendS3Exception(request, response, e);
baseRequest.setHandled(true);
}
}
Also used :
NameValuePair(org.apache.http.NameValuePair)
MultiMap(org.eclipse.jetty.util.MultiMap)
InputStream(java.io.InputStream)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
Example 90 with GWException
use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.
the class S3ServerSideEncryption method build.
public void build() throws GWException {
if (!Strings.isNullOrEmpty(customerAlgorithm) && customerAlgorithm.equalsIgnoreCase(GWConstants.AES256) == true) {
if (!Strings.isNullOrEmpty(customerKey) && !Strings.isNullOrEmpty(customerKeyMD5)) {
String MD5 = makeMD5(customerKey);
if (MD5.compareTo(customerKeyMD5) != 0) {
logger.error(GWErrorCode.INVALID_DIGEST.getMessage() + GWConstants.LOG_S3SERVER_SIDE_ENCRYPTION_CALC_KEY + MD5 + GWConstants.LOG_S3SERVER_SIDE_ENCRYPTION_SOURCE_KEY + customerKeyMD5);
throw new GWException(GWErrorCode.INVALID_DIGEST, s3Parameter);
}
} else {
customerKey = GWConstants.INFINISTOR;
}
enableSSECustomer = true;
return;
}
if (!Strings.isNullOrEmpty(algorithm) && algorithm.equalsIgnoreCase(GWConstants.AES256) == true) {
enableSSEServer = true;
customerKey = GWConstants.INFINISTOR;
return;
}
// Check bucket encryption
if (!Strings.isNullOrEmpty(encryptionXml)) {
try {
ServerSideEncryption sse = new XmlMapper().readValue(encryptionXml, ServerSideEncryption.class);
if (sse.rules.size() > 0) {
for (Rule r : sse.rules) {
if (r.apply.SSEAlgorithm.compareTo(GWConstants.AES256) == 0) {
enableSSEServer = true;
customerKey = GWConstants.INFINISTOR;
return;
}
}
}
} catch (JsonMappingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
}
}
Also used :
JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException)
ServerSideEncryption(com.pspace.ifs.ksan.gw.format.ServerSideEncryption)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
Rule(com.pspace.ifs.ksan.gw.format.ServerSideEncryption.Rule)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper)
Aggregations
GWException (com.pspace.ifs.ksan.gw.exception.GWException)130
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)61
S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)58
XMLStreamException (javax.xml.stream.XMLStreamException)48
IOException (java.io.IOException)46
JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)45
ResourceNotFoundException (com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceNotFoundException)43
ResourceAlreadyExistException (com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceAlreadyExistException)32
XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)23
Metadata (com.pspace.ifs.ksan.objmanager.Metadata)23
S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)17
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)16
XMLOutputFactory (javax.xml.stream.XMLOutputFactory)15
AccessControlPolicy (com.pspace.ifs.ksan.gw.format.AccessControlPolicy)14
Writer (java.io.Writer)13
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)13
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
Grant (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)10
S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)10
Date (java.util.Date)8
