Search in sources :

Example 16 with GWException

use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.

the class S3ObjectOperation method copyObjectLocalToOSD.

private void copyObjectLocalToOSD(String srcPath, String srcObjId, String srcVersionId, String osdIP, String path, String objId, String versionId, String replication, String replicaDiskID) throws GWException {
    byte[] buffer = new byte[GWConstants.MAXBUFSIZE];
    File srcFile = new File(makeObjPath(srcPath, srcObjId, srcVersionId));
    OSDClient client = null;
    try {
        client = OSDClientManager.getInstance().getOSDClient(objMeta.getPrimaryDisk().getOsdIp());
        client.putInit(objMeta.getPrimaryDisk().getPath(), objMeta.getObjId(), versionId, s3Meta.getContentLength(), replication, replicaDiskID, "");
    } catch (Exception e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    try (FileInputStream fis = new FileInputStream(srcFile)) {
        int readLength = 0;
        while ((readLength = fis.read(buffer, 0, GWConstants.MAXBUFSIZE)) != -1) {
            client.put(buffer, 0, readLength);
        }
        client.putFlush();
        OSDClientManager.getInstance().returnOSDClient(client);
    } catch (Exception e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
}
Also used : OSDClient(com.pspace.ifs.ksan.gw.object.osdclient.OSDClient) GWException(com.pspace.ifs.ksan.gw.exception.GWException) File(java.io.File) GWException(com.pspace.ifs.ksan.gw.exception.GWException) ResourceNotFoundException(com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceNotFoundException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) FileInputStream(java.io.FileInputStream)

Example 17 with GWException

use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.

the class S3Signing method validatePost.

public S3Parameter validatePost(DataPostObject dataPostObject) throws GWException {
    String uri = s3Parameter.getRequest().getRequestURI();
    String headerAuthorization = null;
    S3AuthorizationHeader authHeader = null;
    boolean signatureVersion4;
    if (dataPostObject.getAlgorithm() == null) {
        if (dataPostObject.getAccessKey() == null || dataPostObject.getSignature() == null) {
            logger.error(GWConstants.LOG_S3SIGNING_V2_SIGNATURE_NULL, uri);
            throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
        }
        signatureVersion4 = false;
        headerAuthorization = GWConstants.AWS_SPACE + dataPostObject.getAccessKey() + GWConstants.COLON + dataPostObject.getSignature();
    } else if (dataPostObject.getAlgorithm().equals(GWConstants.AWS4_HMAC_SHA256)) {
        if (dataPostObject.getAccessKey() == null || dataPostObject.getSignature() == null) {
            logger.error(GWConstants.LOG_S3SIGNING_V4_SIGNATURE_NULL, uri);
            throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
        }
        signatureVersion4 = true;
        headerAuthorization = GWConstants.AWS4_HMAC_SHA256 + GWConstants.SIGN_CREDENTIAL + dataPostObject.getAccessKey() + GWConstants.SIGN_SIGNATURE + dataPostObject.getSignature();
    } else {
        logger.error(GWConstants.LOG_S3SIGNING_UNKNOWN_ALGORITHM_VALUE, dataPostObject.getAlgorithm());
        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
    }
    try {
        authHeader = new S3AuthorizationHeader(headerAuthorization);
        // whether v2 or v4 (normal header and query)
        logger.debug(GWConstants.LOG_S3SIGNING_AUTH_HEADER, authHeader);
    } catch (IllegalArgumentException iae) {
        PrintStack.logging(logger, iae);
        throw new GWException(GWErrorCode.INVALID_ARGUMENT, iae, s3Parameter);
    }
    String requestIdentity = authHeader.identity;
    if (requestIdentity == null) {
        logger.error(GWConstants.LOG_S3SIGNING_ACCESS_NULL);
        throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
    }
    S3User user = GWUtils.getDBInstance().getIdentity(requestIdentity, s3Parameter);
    if (user == null) {
        logger.error(GWConstants.LOG_S3SIGNING_USER_NULL);
        throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
    }
    if (dataPostObject.getExpiration() != null) {
        long dateSkew = GWUtils.parseTimeExpire(dataPostObject.getExpiration(), s3Parameter);
        if (dateSkew < 0) {
            throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
        }
        long now = System.currentTimeMillis() / 1000;
        logger.info(GWConstants.LOG_S3SIGNING_MATCH_TIME, now, dateSkew);
        if (now > dateSkew) {
            logger.error(GWConstants.LOG_S3SIGNING_TIME_EXPIRED, dateSkew, now);
            throw new GWException(GWErrorCode.REQUEST_TIME_TOO_SKEWED, s3Parameter);
        }
    } else {
        throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
    }
    if (signatureVersion4) {
        byte[] kSecret = (GWConstants.AWS4 + user.getAccessSecret()).getBytes(StandardCharsets.UTF_8);
        byte[] kDate = hmac(GWConstants.HMACSHA256, authHeader.getDate().getBytes(StandardCharsets.UTF_8), kSecret);
        byte[] kRegion = hmac(GWConstants.HMACSHA256, authHeader.getRegion().getBytes(StandardCharsets.UTF_8), kDate);
        byte[] kService = hmac(GWConstants.HMACSHA256, authHeader.getService().getBytes(StandardCharsets.UTF_8), kRegion);
        byte[] kSigning = hmac(GWConstants.HMACSHA256, GWConstants.AWS4_REQUEST.getBytes(StandardCharsets.UTF_8), kService);
        String expectedSignature = BaseEncoding.base16().lowerCase().encode(hmac(GWConstants.HMACSHA256, dataPostObject.getPolicy().getBytes(StandardCharsets.UTF_8), kSigning));
        if (!GWUtils.constantTimeEquals(dataPostObject.getSignature(), expectedSignature)) {
            logger.error(GWConstants.LOG_S3SIGNING_FAILED_VALIDATE_EXPECT_AND_AUTH_HEADER, expectedSignature, dataPostObject.getSignature());
            throw new GWException(GWErrorCode.SIGNATURE_DOES_NOT_MATCH, s3Parameter);
        }
    } else {
        String expectedSignature = Base64.getEncoder().encodeToString(hmac(GWConstants.HMACSHA1, dataPostObject.getPolicy().getBytes(StandardCharsets.UTF_8), user.getAccessSecret().getBytes(StandardCharsets.UTF_8)));
        if (!GWUtils.constantTimeEquals(dataPostObject.getSignature(), expectedSignature)) {
            logger.error(GWConstants.LOG_S3SIGNING_FAILED_VALIDATE_EXPECT_AND_AUTH_HEADER, expectedSignature, dataPostObject.getSignature());
            throw new GWException(GWErrorCode.SIGNATURE_DOES_NOT_MATCH, s3Parameter);
        }
    }
    // s3Parameter.s3Property = GWUtils.getS3Property();
    s3Parameter.setUser(user);
    return s3Parameter;
}
Also used : S3User(com.pspace.ifs.ksan.gw.identity.S3User) GWException(com.pspace.ifs.ksan.gw.exception.GWException)

Example 18 with GWException

use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.

the class GWUtils method parseIso8601.

/**
 * Parse ISO 8601 timestamp into seconds since 1970.
 */
public static long parseIso8601(String date, S3Parameter s3Parameter) throws GWException {
    SimpleDateFormat formatter = new SimpleDateFormat(GWConstants.ISO_8601_TIME_FORMAT);
    formatter.setTimeZone(TimeZone.getTimeZone(GWConstants.UTC));
    logger.debug(GWConstants.LOG_UTILS_8061_DATE, date);
    try {
        return formatter.parse(date).getTime() / 1000;
    } catch (ParseException pe) {
        throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
    }
}
Also used : ParseException(java.text.ParseException) GWException(com.pspace.ifs.ksan.gw.exception.GWException) SimpleDateFormat(java.text.SimpleDateFormat)

Example 19 with GWException

use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.

the class GWUtils method makeOriginalXml.

public static String makeOriginalXml(String xml, S3Parameter s3Parameter) throws GWException {
    logger.debug(GWConstants.LOG_UTILS_SOURCE_ACL, xml);
    if (Strings.isNullOrEmpty(xml)) {
        return "";
    }
    ObjectMapper objectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).configure(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true);
    AccessControlPolicyJson actualObj;
    try {
        actualObj = objectMapper.readValue(xml, AccessControlPolicyJson.class);
    } catch (JsonProcessingException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    AccessControlPolicy accessControlPolicy = new AccessControlPolicy();
    accessControlPolicy.owner = new AccessControlPolicy.Owner();
    if (actualObj.ow != null) {
        if (!Strings.isNullOrEmpty(actualObj.ow.id)) {
            accessControlPolicy.owner.id = actualObj.ow.id;
        }
        if (!Strings.isNullOrEmpty(actualObj.ow.dN)) {
            accessControlPolicy.owner.displayName = actualObj.ow.dN;
        }
    }
    if (actualObj.acs != null) {
        accessControlPolicy.aclList = new AccessControlPolicy.AccessControlList();
        if (actualObj.acs.gt != null) {
            accessControlPolicy.aclList.grants = new ArrayList<AccessControlPolicy.AccessControlList.Grant>();
            for (AccessControlPolicyJson.ACS.Gt gt : actualObj.acs.gt) {
                AccessControlPolicy.AccessControlList.Grant grant = new AccessControlPolicy.AccessControlList.Grant();
                if (!Strings.isNullOrEmpty(gt.perm)) {
                    if (gt.perm.equals(GWConstants.GRANT_AB_FC)) {
                        grant.permission = GWConstants.GRANT_FULL_CONTROL;
                    } else if (gt.perm.equals(GWConstants.GRANT_AB_W)) {
                        grant.permission = GWConstants.GRANT_WRITE;
                    } else if (gt.perm.equals(GWConstants.GRANT_AB_R)) {
                        grant.permission = GWConstants.GRANT_READ;
                    } else if (gt.perm.equals(GWConstants.GRANT_AB_RA)) {
                        grant.permission = GWConstants.GRANT_READ_ACP;
                    } else if (gt.perm.equals(GWConstants.GRANT_AB_WA)) {
                        grant.permission = GWConstants.GRANT_WRITE_ACP;
                    }
                }
                if (gt.gte != null) {
                    AccessControlPolicy.AccessControlList.Grant.Grantee grantee = new AccessControlPolicy.AccessControlList.Grant.Grantee();
                    if (!Strings.isNullOrEmpty(gt.gte.id)) {
                        grantee.id = gt.gte.id;
                    }
                    if (!Strings.isNullOrEmpty(gt.gte.ddN)) {
                        grantee.displayName = gt.gte.ddN;
                    }
                    if (!Strings.isNullOrEmpty(gt.gte.eA)) {
                        grantee.emailAddress = gt.gte.eA;
                    }
                    if (!Strings.isNullOrEmpty(gt.gte.type)) {
                        if (gt.gte.type.equals(GWConstants.GRANT_AB_CU)) {
                            grantee.type = GWConstants.CANONICAL_USER;
                        } else if (gt.gte.type.equals(GWConstants.GRANT_AB_G)) {
                            grantee.type = GWConstants.GROUP;
                        }
                    }
                    if (!Strings.isNullOrEmpty(gt.gte.uri)) {
                        if (gt.gte.uri.equals(GWConstants.GRANT_AB_PU)) {
                            grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
                        } else if (gt.gte.uri.equals(GWConstants.GRANT_AB_AU)) {
                            grantee.uri = GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS;
                        }
                    }
                    grant.grantee = grantee;
                }
                accessControlPolicy.aclList.grants.add(grant);
            }
        }
    }
    String aclXml = "";
    XmlMapper xmlMapper = new XmlMapper();
    try {
        xmlMapper.setSerializationInclusion(Include.NON_EMPTY);
        aclXml = xmlMapper.writeValueAsString(accessControlPolicy).replaceAll(GWConstants.WSTXNS, GWConstants.XSI);
    } catch (JsonProcessingException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    aclXml = aclXml.replace(GWConstants.ACCESS_CONTROL_POLICY, GWConstants.ACCESS_CONTROL_POLICY_XMLNS);
    if (!aclXml.contains(GWConstants.XML_VERSION)) {
        aclXml = GWConstants.XML_VERSION_FULL_STANDALONE + aclXml;
    }
    return aclXml;
}
Also used : Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) AccessControlPolicy(com.pspace.ifs.ksan.gw.format.AccessControlPolicy) XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper) Grantee(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee) AccessControlPolicyJson(com.pspace.ifs.ksan.gw.format.AccessControlPolicyJson) Grantee(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee) GWException(com.pspace.ifs.ksan.gw.exception.GWException) Grant(com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 20 with GWException

use of com.pspace.ifs.ksan.gw.exception.GWException in project ksan by infinistor.

the class GetBucketWebsite method process.

@Override
public void process() throws GWException {
    logger.info(GWConstants.LOG_GET_BUCKET_WEBSITE_START);
    String bucket = s3Parameter.getBucketName();
    initBucketInfo(bucket);
    S3Bucket s3Bucket = new S3Bucket();
    s3Bucket.setCors(getBucketInfo().getCors());
    s3Bucket.setAccess(getBucketInfo().getAccess());
    s3Parameter.setBucket(s3Bucket);
    GWUtils.checkCors(s3Parameter);
    if (s3Parameter.isPublicAccess() && GWUtils.isIgnorePublicAcls(s3Parameter)) {
        throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
    }
    checkGrantBucketOwner(s3Parameter.isPublicAccess(), String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_READ_ACP);
    String web = getBucketInfo().getWeb();
    logger.debug(GWConstants.LOG_GET_BUCKET_WEBSITE, web);
    if (Strings.isNullOrEmpty(web)) {
        throw new GWException(GWErrorCode.NO_SUCH_WEBSITE_CONFIGURATION, s3Parameter);
    }
    try {
        s3Parameter.getResponse().setContentType(GWConstants.XML_CONTENT_TYPE);
        s3Parameter.getResponse().getOutputStream().write(web.getBytes());
    } catch (IOException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
}
Also used : S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket) GWException(com.pspace.ifs.ksan.gw.exception.GWException) IOException(java.io.IOException)

Aggregations

GWException (com.pspace.ifs.ksan.gw.exception.GWException)130 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)61 S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)58 XMLStreamException (javax.xml.stream.XMLStreamException)48 IOException (java.io.IOException)46 JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)45 ResourceNotFoundException (com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceNotFoundException)43 ResourceAlreadyExistException (com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceAlreadyExistException)32 XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)23 Metadata (com.pspace.ifs.ksan.objmanager.Metadata)23 S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)17 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)16 XMLOutputFactory (javax.xml.stream.XMLOutputFactory)15 AccessControlPolicy (com.pspace.ifs.ksan.gw.format.AccessControlPolicy)14 Writer (java.io.Writer)13 XMLStreamWriter (javax.xml.stream.XMLStreamWriter)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11 Grant (com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant)10 S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)10 Date (java.util.Date)8