Example 1 with PostPolicy
use of com.pspace.ifs.ksan.gw.format.PostPolicy in project ksan by infinistor.
the class PostObject method process.
@Override
public void process() throws GWException {
logger.info(GWConstants.LOG_POST_OBJECT_START);
String bucket = s3Parameter.getBucketName();
initBucketInfo(bucket);
S3Bucket s3Bucket = new S3Bucket();
s3Bucket.setCors(getBucketInfo().getCors());
s3Bucket.setAccess(getBucketInfo().getAccess());
s3Parameter.setBucket(s3Bucket);
DataPostObject dataPostObject = new DataPostObject(s3Parameter);
dataPostObject.extract();
String object = dataPostObject.getKey();
s3Parameter.setObjectName(object);
logger.debug(GWConstants.LOG_BUCKET_OBJECT, bucket, object);
if (Strings.isNullOrEmpty(dataPostObject.getKey())) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
logger.info("policy list : {}", dataPostObject.getPolicy());
if (!Strings.isNullOrEmpty(dataPostObject.getPolicy())) {
Decoder decoder = Base64.getDecoder();
byte[] bytePostPolicy = decoder.decode(dataPostObject.getPolicy());
String postPolicy = new String(bytePostPolicy);
ObjectMapper jsonMapper = new ObjectMapper();
PostPolicy postPolicyJson = null;
try {
postPolicyJson = jsonMapper.readValue(postPolicy, PostPolicy.class);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
Map<String, String> conditionMap = new HashMap<String, String>();
if (postPolicyJson.conditions == null) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
if (postPolicyJson.conditions.size() == 0) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
for (Object o : postPolicyJson.conditions) {
// check
logger.info("conditions ==> className(" + o.getClass().getName() + ")");
if (o.getClass().getName().equals("java.util.LinkedHashMap")) {
@SuppressWarnings("unchecked") Map<String, String> policyMap = (HashMap<String, String>) o;
for (Map.Entry<String, String> s : policyMap.entrySet()) {
logger.info("conditions ==> key(" + s.getKey() + "), value(" + s.getValue() + ")");
dataPostObject.checkPolicy(s.getKey(), s.getValue());
conditionMap.put(s.getKey().toLowerCase(), s.getValue());
}
} else if (o.getClass().getName().equals("java.util.ArrayList")) {
@SuppressWarnings("unchecked") List<Object> policyList = (List<Object>) o;
if (!((String) policyList.get(0)).equalsIgnoreCase("starts-with") && !((String) policyList.get(0)).equalsIgnoreCase("eq") && !((String) policyList.get(0)).equalsIgnoreCase("content-length-range")) {
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
if (((String) policyList.get(0)).equalsIgnoreCase("eq")) {
logger.info("conditions ==> cond(" + policyList.get(0) + "), value1 (" + policyList.get(1) + "), value2 (" + policyList.get(2) + ")");
dataPostObject.checkPolicy((String) policyList.get(1), (String) policyList.get(2));
} else if (((String) policyList.get(0)).equalsIgnoreCase("starts-with")) {
logger.info("conditions ==> cond(" + policyList.get(0) + "), value1 (" + policyList.get(1) + "), value2 (" + policyList.get(2) + ")");
dataPostObject.checkPolityStarts((String) policyList.get(1), (String) policyList.get(2));
} else if (((String) policyList.get(0)).equalsIgnoreCase("content-length-range")) {
if (policyList.size() != 3) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
logger.info("conditions ==> cond(" + policyList.get(0) + "), value1 (" + policyList.get(1) + "), value2 (" + policyList.get(2) + ")");
if ((int) policyList.get(1) < 0) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
if (dataPostObject.getPayload().length < (int) policyList.get(1)) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
if ((int) policyList.get(2) < 0) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
if (dataPostObject.getPayload().length > (int) policyList.get(2)) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
}
} else {
logger.info(o.getClass().getName());
}
}
if (Strings.isNullOrEmpty(postPolicyJson.expiration)) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
} else {
dataPostObject.setExpiration(postPolicyJson.getExpiration());
}
// bucket check
if (Strings.isNullOrEmpty(conditionMap.get(GWConstants.CATEGORY_BUCKET))) {
logger.info(GWErrorCode.ACCESS_DENIED.getMessage());
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
}
if (!Strings.isNullOrEmpty(dataPostObject.getAccessKey())) {
if (Strings.isNullOrEmpty(dataPostObject.getSignature())) {
logger.info(GWErrorCode.BAD_REQUEST.getMessage());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
// signing check
S3Signing s3signing = new S3Signing(s3Parameter);
s3Parameter = s3signing.validatePost(dataPostObject);
if (!isGrantBucket(String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE)) {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
} else {
if (!isGrantBucket(GWConstants.LOG_REQUEST_ROOT_ID, GWConstants.GRANT_WRITE)) {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
}
s3Parameter.setInputStream(new ByteArrayInputStream(dataPostObject.getPayload()));
String cacheControl = dataPostObject.getCacheControl();
String contentDisposition = dataPostObject.getContentDisposition();
String contentEncoding = dataPostObject.getContentEncoding();
String contentLanguage = dataPostObject.getContentLanguage();
String contentType = dataPostObject.getContentType();
String customerAlgorithm = dataPostObject.getServerSideEncryptionCustomerAlgorithm();
String customerKey = dataPostObject.getServerSideEncryptionCustomerKey();
String customerKeyMD5 = dataPostObject.getServerSideEncryptionCustomerKeyMD5();
String serversideEncryption = dataPostObject.getServerSideEncryption();
S3Metadata s3Metadata = new S3Metadata();
s3Metadata.setOwnerId(Long.toString(s3Parameter.getUser().getUserId()));
s3Metadata.setOwnerName(s3Parameter.getUser().getUserName());
s3Metadata.setUserMetadataMap(dataPostObject.getUserMetadata());
if (!Strings.isNullOrEmpty(serversideEncryption)) {
if (!serversideEncryption.equalsIgnoreCase(GWConstants.AES256)) {
logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.SERVER_SIDE_OPTION);
throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
} else {
s3Metadata.setServersideEncryption(serversideEncryption);
}
}
if (!Strings.isNullOrEmpty(cacheControl)) {
s3Metadata.setCacheControl(cacheControl);
}
if (!Strings.isNullOrEmpty(contentDisposition)) {
s3Metadata.setContentDisposition(contentDisposition);
}
if (!Strings.isNullOrEmpty(contentEncoding)) {
s3Metadata.setContentEncoding(contentEncoding);
}
if (!Strings.isNullOrEmpty(contentLanguage)) {
s3Metadata.setContentLanguage(contentLanguage);
}
if (!Strings.isNullOrEmpty(contentType)) {
s3Metadata.setContentType(contentType);
}
if (!Strings.isNullOrEmpty(customerAlgorithm)) {
s3Metadata.setCustomerAlgorithm(customerAlgorithm);
}
if (!Strings.isNullOrEmpty(customerKey)) {
s3Metadata.setCustomerKey(customerKey);
}
if (!Strings.isNullOrEmpty(customerKeyMD5)) {
s3Metadata.setCustomerKeyMD5(customerKeyMD5);
}
String aclXml = GWUtils.makeAclXml(accessControlPolicy, null, dataPostObject.getAclKeyword(), null, dataPostObject.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataPostObject.getGrantRead(), dataPostObject.getGrantWrite(), dataPostObject.getGrantFullControl(), dataPostObject.getGrantReadAcp(), dataPostObject.getGrantWriteAcp(), s3Parameter);
String bucketEncryption = getBucketInfo().getEncryption();
S3ServerSideEncryption encryption = new S3ServerSideEncryption(bucketEncryption, serversideEncryption, customerAlgorithm, customerKey, customerKeyMD5, s3Parameter);
encryption.build();
// Tagging information
String taggingCount = GWConstants.TAGGING_INIT;
String taggingxml = "";
Tagging tagging = new Tagging();
tagging.tagset = new TagSet();
try {
if (dataPostObject.getTagging() != null)
tagging = new XmlMapper().readValue(dataPostObject.getTagging(), Tagging.class);
} catch (JsonProcessingException e) {
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
try {
if (tagging != null)
taggingxml = new XmlMapper().writeValueAsString(tagging);
} catch (JsonProcessingException e) {
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
if (tagging != null) {
if (tagging.tagset != null && tagging.tagset.tags != null) {
for (Tag t : tagging.tagset.tags) {
// key, value 길이 체크
if (t.key.length() > 128) {
throw new GWException(GWErrorCode.INVALID_TAG, s3Parameter);
}
if (t.value.length() > 256) {
throw new GWException(GWErrorCode.INVALID_TAG, s3Parameter);
}
}
}
if (tagging.tagset != null && tagging.tagset.tags != null) {
if (tagging.tagset.tags.size() > 10) {
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
taggingCount = String.valueOf(tagging.tagset.tags.size());
}
}
String versioningStatus = getBucketVersioning(bucket);
String versionId = null;
Metadata objMeta = null;
try {
// check exist object
objMeta = open(bucket, object);
if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
versionId = String.valueOf(System.nanoTime());
} else {
versionId = GWConstants.VERSIONING_DISABLE_TAIL;
}
} catch (GWException e) {
logger.info(e.getMessage());
if (GWConfig.getReplicaCount() > 1) {
objMeta = create(bucket, object);
} else {
objMeta = createLocal(bucket, object);
}
if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
versionId = String.valueOf(System.nanoTime());
} else {
versionId = GWConstants.VERSIONING_DISABLE_TAIL;
}
}
S3ObjectOperation objectOperation = new S3ObjectOperation(objMeta, s3Metadata, s3Parameter, versionId, encryption);
S3Object s3Object = objectOperation.putObject();
s3Metadata.setETag(s3Object.getEtag());
s3Metadata.setSize(s3Object.getFileSize());
s3Metadata.setContentLength(s3Object.getFileSize());
s3Metadata.setTier(GWConstants.AWS_TIER_STANTARD);
s3Metadata.setLastModified(s3Object.getLastModified());
s3Metadata.setDeleteMarker(s3Object.getDeleteMarker());
s3Metadata.setVersionId(s3Object.getVersionId());
s3Metadata.setTaggingCount(taggingCount);
if (encryption.isEnableSSEServer()) {
s3Metadata.setServersideEncryption(GWConstants.AES256);
}
s3Parameter.setFileSize(s3Object.getFileSize());
ObjectMapper jsonMapper = new ObjectMapper();
String jsonmeta = "";
try {
jsonmeta = jsonMapper.writeValueAsString(s3Metadata);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
logger.debug(GWConstants.LOG_PUT_OBJECT_PRIMARY_DISK_ID, objMeta.getPrimaryDisk().getId());
try {
objMeta.set(s3Object.getEtag(), taggingxml, jsonmeta, aclXml, s3Object.getFileSize());
objMeta.setVersionId(versionId, GWConstants.OBJECT_TYPE_FILE, true);
insertObject(bucket, object, objMeta);
logger.debug(GWConstants.LOG_PUT_OBJECT_INFO, bucket, object, s3Object.getFileSize(), s3Object.getEtag(), aclXml, versionId);
} catch (GWException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
s3Parameter.getResponse().addHeader(HttpHeaders.ETAG, GWUtils.maybeQuoteETag(s3Object.getEtag()));
if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
s3Parameter.getResponse().addHeader(GWConstants.X_AMZ_VERSION_ID, s3Object.getVersionId());
logger.debug(GWConstants.LOG_PUT_OBJECT_VERSIONID, s3Object.getVersionId());
}
if (!Strings.isNullOrEmpty(dataPostObject.getSuccessActionRedirect())) {
try {
s3Parameter.getResponse().sendRedirect(dataPostObject.getSuccessActionRedirect() + GWConstants.PARAMETER_BUCKET + bucket + GWConstants.PARAMETER_KEY + s3Parameter.getObjectName() + GWConstants.PARAMETER_ETAG + s3Metadata.getETag() + GWConstants.ENCODING_DOUBLE_QUOTE);
} catch (IOException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
}
dataPostObject.setSuccessActionStatus(GWConstants.STATUS_SC_OK);
}
if (!Strings.isNullOrEmpty(dataPostObject.getSuccessActionStatus())) {
switch(Integer.parseInt(dataPostObject.getSuccessActionStatus())) {
case HttpServletResponse.SC_OK:
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
break;
case HttpServletResponse.SC_CREATED:
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_CREATED);
break;
case HttpServletResponse.SC_NO_CONTENT:
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
break;
default:
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
break;
}
} else {
s3Parameter.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
}
}
Also used :
HashMap(java.util.HashMap)
S3ServerSideEncryption(com.pspace.ifs.ksan.gw.object.S3ServerSideEncryption)
S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata)
Metadata(com.pspace.ifs.ksan.objmanager.Metadata)
Decoder(java.util.Base64.Decoder)
S3ObjectOperation(com.pspace.ifs.ksan.gw.object.S3ObjectOperation)
S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket)
TagSet(com.pspace.ifs.ksan.gw.format.Tagging.TagSet)
S3Signing(com.pspace.ifs.ksan.gw.sign.S3Signing)
List(java.util.List)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
S3Object(com.pspace.ifs.ksan.gw.object.S3Object)
DataPostObject(com.pspace.ifs.ksan.gw.data.DataPostObject)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
IOException(java.io.IOException)
XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper)
ByteArrayInputStream(java.io.ByteArrayInputStream)
S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata)
Tagging(com.pspace.ifs.ksan.gw.format.Tagging)
DataPostObject(com.pspace.ifs.ksan.gw.data.DataPostObject)
S3Object(com.pspace.ifs.ksan.gw.object.S3Object)
Tag(com.pspace.ifs.ksan.gw.format.Tagging.TagSet.Tag)
HashMap(java.util.HashMap)
Map(java.util.Map)
PostPolicy(com.pspace.ifs.ksan.gw.format.PostPolicy)
Aggregations
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)1
DataPostObject (com.pspace.ifs.ksan.gw.data.DataPostObject)1
GWException (com.pspace.ifs.ksan.gw.exception.GWException)1
PostPolicy (com.pspace.ifs.ksan.gw.format.PostPolicy)1
Tagging (com.pspace.ifs.ksan.gw.format.Tagging)1
TagSet (com.pspace.ifs.ksan.gw.format.Tagging.TagSet)1
Tag (com.pspace.ifs.ksan.gw.format.Tagging.TagSet.Tag)1
S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)1
S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)1
S3Object (com.pspace.ifs.ksan.gw.object.S3Object)1
S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)1
S3ServerSideEncryption (com.pspace.ifs.ksan.gw.object.S3ServerSideEncryption)1
S3Signing (com.pspace.ifs.ksan.gw.sign.S3Signing)1
Metadata (com.pspace.ifs.ksan.objmanager.Metadata)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
Decoder (java.util.Base64.Decoder)1
HashMap (java.util.HashMap)1
