Search in sources :

Example 1 with PostPolicy

use of com.pspace.ifs.ksan.gw.format.PostPolicy in project ksan by infinistor.

the class PostObject method process.

@Override
public void process() throws GWException {
    logger.info(GWConstants.LOG_POST_OBJECT_START);
    String bucket = s3Parameter.getBucketName();
    initBucketInfo(bucket);
    S3Bucket s3Bucket = new S3Bucket();
    s3Bucket.setCors(getBucketInfo().getCors());
    s3Bucket.setAccess(getBucketInfo().getAccess());
    s3Parameter.setBucket(s3Bucket);
    DataPostObject dataPostObject = new DataPostObject(s3Parameter);
    dataPostObject.extract();
    String object = dataPostObject.getKey();
    s3Parameter.setObjectName(object);
    logger.debug(GWConstants.LOG_BUCKET_OBJECT, bucket, object);
    if (Strings.isNullOrEmpty(dataPostObject.getKey())) {
        logger.info(GWErrorCode.BAD_REQUEST.getMessage());
        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
    }
    logger.info("policy list : {}", dataPostObject.getPolicy());
    if (!Strings.isNullOrEmpty(dataPostObject.getPolicy())) {
        Decoder decoder = Base64.getDecoder();
        byte[] bytePostPolicy = decoder.decode(dataPostObject.getPolicy());
        String postPolicy = new String(bytePostPolicy);
        ObjectMapper jsonMapper = new ObjectMapper();
        PostPolicy postPolicyJson = null;
        try {
            postPolicyJson = jsonMapper.readValue(postPolicy, PostPolicy.class);
        } catch (JsonProcessingException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
        }
        Map<String, String> conditionMap = new HashMap<String, String>();
        if (postPolicyJson.conditions == null) {
            logger.info(GWErrorCode.BAD_REQUEST.getMessage());
            throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
        }
        if (postPolicyJson.conditions.size() == 0) {
            logger.info(GWErrorCode.BAD_REQUEST.getMessage());
            throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
        }
        for (Object o : postPolicyJson.conditions) {
            // check
            logger.info("conditions ==> className(" + o.getClass().getName() + ")");
            if (o.getClass().getName().equals("java.util.LinkedHashMap")) {
                @SuppressWarnings("unchecked") Map<String, String> policyMap = (HashMap<String, String>) o;
                for (Map.Entry<String, String> s : policyMap.entrySet()) {
                    logger.info("conditions ==> key(" + s.getKey() + "), value(" + s.getValue() + ")");
                    dataPostObject.checkPolicy(s.getKey(), s.getValue());
                    conditionMap.put(s.getKey().toLowerCase(), s.getValue());
                }
            } else if (o.getClass().getName().equals("java.util.ArrayList")) {
                @SuppressWarnings("unchecked") List<Object> policyList = (List<Object>) o;
                if (!((String) policyList.get(0)).equalsIgnoreCase("starts-with") && !((String) policyList.get(0)).equalsIgnoreCase("eq") && !((String) policyList.get(0)).equalsIgnoreCase("content-length-range")) {
                    throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                }
                if (((String) policyList.get(0)).equalsIgnoreCase("eq")) {
                    logger.info("conditions ==> cond(" + policyList.get(0) + "), value1 (" + policyList.get(1) + "), value2 (" + policyList.get(2) + ")");
                    dataPostObject.checkPolicy((String) policyList.get(1), (String) policyList.get(2));
                } else if (((String) policyList.get(0)).equalsIgnoreCase("starts-with")) {
                    logger.info("conditions ==> cond(" + policyList.get(0) + "), value1 (" + policyList.get(1) + "), value2 (" + policyList.get(2) + ")");
                    dataPostObject.checkPolityStarts((String) policyList.get(1), (String) policyList.get(2));
                } else if (((String) policyList.get(0)).equalsIgnoreCase("content-length-range")) {
                    if (policyList.size() != 3) {
                        logger.info(GWErrorCode.BAD_REQUEST.getMessage());
                        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                    }
                    logger.info("conditions ==> cond(" + policyList.get(0) + "), value1 (" + policyList.get(1) + "), value2 (" + policyList.get(2) + ")");
                    if ((int) policyList.get(1) < 0) {
                        logger.info(GWErrorCode.BAD_REQUEST.getMessage());
                        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                    }
                    if (dataPostObject.getPayload().length < (int) policyList.get(1)) {
                        logger.info(GWErrorCode.BAD_REQUEST.getMessage());
                        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                    }
                    if ((int) policyList.get(2) < 0) {
                        logger.info(GWErrorCode.BAD_REQUEST.getMessage());
                        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                    }
                    if (dataPostObject.getPayload().length > (int) policyList.get(2)) {
                        logger.info(GWErrorCode.BAD_REQUEST.getMessage());
                        throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
                    }
                }
            } else {
                logger.info(o.getClass().getName());
            }
        }
        if (Strings.isNullOrEmpty(postPolicyJson.expiration)) {
            logger.info(GWErrorCode.BAD_REQUEST.getMessage());
            throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
        } else {
            dataPostObject.setExpiration(postPolicyJson.getExpiration());
        }
        // bucket check
        if (Strings.isNullOrEmpty(conditionMap.get(GWConstants.CATEGORY_BUCKET))) {
            logger.info(GWErrorCode.ACCESS_DENIED.getMessage());
            throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
        }
    }
    if (!Strings.isNullOrEmpty(dataPostObject.getAccessKey())) {
        if (Strings.isNullOrEmpty(dataPostObject.getSignature())) {
            logger.info(GWErrorCode.BAD_REQUEST.getMessage());
            throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
        }
        // signing check
        S3Signing s3signing = new S3Signing(s3Parameter);
        s3Parameter = s3signing.validatePost(dataPostObject);
        if (!isGrantBucket(String.valueOf(s3Parameter.getUser().getUserId()), GWConstants.GRANT_WRITE)) {
            throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
        }
    } else {
        if (!isGrantBucket(GWConstants.LOG_REQUEST_ROOT_ID, GWConstants.GRANT_WRITE)) {
            throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
        }
    }
    s3Parameter.setInputStream(new ByteArrayInputStream(dataPostObject.getPayload()));
    String cacheControl = dataPostObject.getCacheControl();
    String contentDisposition = dataPostObject.getContentDisposition();
    String contentEncoding = dataPostObject.getContentEncoding();
    String contentLanguage = dataPostObject.getContentLanguage();
    String contentType = dataPostObject.getContentType();
    String customerAlgorithm = dataPostObject.getServerSideEncryptionCustomerAlgorithm();
    String customerKey = dataPostObject.getServerSideEncryptionCustomerKey();
    String customerKeyMD5 = dataPostObject.getServerSideEncryptionCustomerKeyMD5();
    String serversideEncryption = dataPostObject.getServerSideEncryption();
    S3Metadata s3Metadata = new S3Metadata();
    s3Metadata.setOwnerId(Long.toString(s3Parameter.getUser().getUserId()));
    s3Metadata.setOwnerName(s3Parameter.getUser().getUserName());
    s3Metadata.setUserMetadataMap(dataPostObject.getUserMetadata());
    if (!Strings.isNullOrEmpty(serversideEncryption)) {
        if (!serversideEncryption.equalsIgnoreCase(GWConstants.AES256)) {
            logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.SERVER_SIDE_OPTION);
            throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
        } else {
            s3Metadata.setServersideEncryption(serversideEncryption);
        }
    }
    if (!Strings.isNullOrEmpty(cacheControl)) {
        s3Metadata.setCacheControl(cacheControl);
    }
    if (!Strings.isNullOrEmpty(contentDisposition)) {
        s3Metadata.setContentDisposition(contentDisposition);
    }
    if (!Strings.isNullOrEmpty(contentEncoding)) {
        s3Metadata.setContentEncoding(contentEncoding);
    }
    if (!Strings.isNullOrEmpty(contentLanguage)) {
        s3Metadata.setContentLanguage(contentLanguage);
    }
    if (!Strings.isNullOrEmpty(contentType)) {
        s3Metadata.setContentType(contentType);
    }
    if (!Strings.isNullOrEmpty(customerAlgorithm)) {
        s3Metadata.setCustomerAlgorithm(customerAlgorithm);
    }
    if (!Strings.isNullOrEmpty(customerKey)) {
        s3Metadata.setCustomerKey(customerKey);
    }
    if (!Strings.isNullOrEmpty(customerKeyMD5)) {
        s3Metadata.setCustomerKeyMD5(customerKeyMD5);
    }
    String aclXml = GWUtils.makeAclXml(accessControlPolicy, null, dataPostObject.getAclKeyword(), null, dataPostObject.getAcl(), getBucketInfo(), String.valueOf(s3Parameter.getUser().getUserId()), s3Parameter.getUser().getUserName(), dataPostObject.getGrantRead(), dataPostObject.getGrantWrite(), dataPostObject.getGrantFullControl(), dataPostObject.getGrantReadAcp(), dataPostObject.getGrantWriteAcp(), s3Parameter);
    String bucketEncryption = getBucketInfo().getEncryption();
    S3ServerSideEncryption encryption = new S3ServerSideEncryption(bucketEncryption, serversideEncryption, customerAlgorithm, customerKey, customerKeyMD5, s3Parameter);
    encryption.build();
    // Tagging information
    String taggingCount = GWConstants.TAGGING_INIT;
    String taggingxml = "";
    Tagging tagging = new Tagging();
    tagging.tagset = new TagSet();
    try {
        if (dataPostObject.getTagging() != null)
            tagging = new XmlMapper().readValue(dataPostObject.getTagging(), Tagging.class);
    } catch (JsonProcessingException e) {
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    try {
        if (tagging != null)
            taggingxml = new XmlMapper().writeValueAsString(tagging);
    } catch (JsonProcessingException e) {
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    if (tagging != null) {
        if (tagging.tagset != null && tagging.tagset.tags != null) {
            for (Tag t : tagging.tagset.tags) {
                // key, value 길이 체크
                if (t.key.length() > 128) {
                    throw new GWException(GWErrorCode.INVALID_TAG, s3Parameter);
                }
                if (t.value.length() > 256) {
                    throw new GWException(GWErrorCode.INVALID_TAG, s3Parameter);
                }
            }
        }
        if (tagging.tagset != null && tagging.tagset.tags != null) {
            if (tagging.tagset.tags.size() > 10) {
                throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
            }
            taggingCount = String.valueOf(tagging.tagset.tags.size());
        }
    }
    String versioningStatus = getBucketVersioning(bucket);
    String versionId = null;
    Metadata objMeta = null;
    try {
        // check exist object
        objMeta = open(bucket, object);
        if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
            versionId = String.valueOf(System.nanoTime());
        } else {
            versionId = GWConstants.VERSIONING_DISABLE_TAIL;
        }
    } catch (GWException e) {
        logger.info(e.getMessage());
        if (GWConfig.getReplicaCount() > 1) {
            objMeta = create(bucket, object);
        } else {
            objMeta = createLocal(bucket, object);
        }
        if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
            versionId = String.valueOf(System.nanoTime());
        } else {
            versionId = GWConstants.VERSIONING_DISABLE_TAIL;
        }
    }
    S3ObjectOperation objectOperation = new S3ObjectOperation(objMeta, s3Metadata, s3Parameter, versionId, encryption);
    S3Object s3Object = objectOperation.putObject();
    s3Metadata.setETag(s3Object.getEtag());
    s3Metadata.setSize(s3Object.getFileSize());
    s3Metadata.setContentLength(s3Object.getFileSize());
    s3Metadata.setTier(GWConstants.AWS_TIER_STANTARD);
    s3Metadata.setLastModified(s3Object.getLastModified());
    s3Metadata.setDeleteMarker(s3Object.getDeleteMarker());
    s3Metadata.setVersionId(s3Object.getVersionId());
    s3Metadata.setTaggingCount(taggingCount);
    if (encryption.isEnableSSEServer()) {
        s3Metadata.setServersideEncryption(GWConstants.AES256);
    }
    s3Parameter.setFileSize(s3Object.getFileSize());
    ObjectMapper jsonMapper = new ObjectMapper();
    String jsonmeta = "";
    try {
        jsonmeta = jsonMapper.writeValueAsString(s3Metadata);
    } catch (JsonProcessingException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    logger.debug(GWConstants.LOG_PUT_OBJECT_PRIMARY_DISK_ID, objMeta.getPrimaryDisk().getId());
    try {
        objMeta.set(s3Object.getEtag(), taggingxml, jsonmeta, aclXml, s3Object.getFileSize());
        objMeta.setVersionId(versionId, GWConstants.OBJECT_TYPE_FILE, true);
        insertObject(bucket, object, objMeta);
        logger.debug(GWConstants.LOG_PUT_OBJECT_INFO, bucket, object, s3Object.getFileSize(), s3Object.getEtag(), aclXml, versionId);
    } catch (GWException e) {
        PrintStack.logging(logger, e);
        throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
    }
    s3Parameter.getResponse().addHeader(HttpHeaders.ETAG, GWUtils.maybeQuoteETag(s3Object.getEtag()));
    if (GWConstants.VERSIONING_ENABLED.equalsIgnoreCase(versioningStatus)) {
        s3Parameter.getResponse().addHeader(GWConstants.X_AMZ_VERSION_ID, s3Object.getVersionId());
        logger.debug(GWConstants.LOG_PUT_OBJECT_VERSIONID, s3Object.getVersionId());
    }
    if (!Strings.isNullOrEmpty(dataPostObject.getSuccessActionRedirect())) {
        try {
            s3Parameter.getResponse().sendRedirect(dataPostObject.getSuccessActionRedirect() + GWConstants.PARAMETER_BUCKET + bucket + GWConstants.PARAMETER_KEY + s3Parameter.getObjectName() + GWConstants.PARAMETER_ETAG + s3Metadata.getETag() + GWConstants.ENCODING_DOUBLE_QUOTE);
        } catch (IOException e) {
            PrintStack.logging(logger, e);
            throw new GWException(GWErrorCode.INTERNAL_SERVER_ERROR, s3Parameter);
        }
        dataPostObject.setSuccessActionStatus(GWConstants.STATUS_SC_OK);
    }
    if (!Strings.isNullOrEmpty(dataPostObject.getSuccessActionStatus())) {
        switch(Integer.parseInt(dataPostObject.getSuccessActionStatus())) {
            case HttpServletResponse.SC_OK:
                s3Parameter.getResponse().setStatus(HttpServletResponse.SC_OK);
                break;
            case HttpServletResponse.SC_CREATED:
                s3Parameter.getResponse().setStatus(HttpServletResponse.SC_CREATED);
                break;
            case HttpServletResponse.SC_NO_CONTENT:
                s3Parameter.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
                break;
            default:
                s3Parameter.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
                break;
        }
    } else {
        s3Parameter.getResponse().setStatus(HttpServletResponse.SC_NO_CONTENT);
    }
}
Also used : HashMap(java.util.HashMap) S3ServerSideEncryption(com.pspace.ifs.ksan.gw.object.S3ServerSideEncryption) S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata) Metadata(com.pspace.ifs.ksan.objmanager.Metadata) Decoder(java.util.Base64.Decoder) S3ObjectOperation(com.pspace.ifs.ksan.gw.object.S3ObjectOperation) S3Bucket(com.pspace.ifs.ksan.gw.identity.S3Bucket) TagSet(com.pspace.ifs.ksan.gw.format.Tagging.TagSet) S3Signing(com.pspace.ifs.ksan.gw.sign.S3Signing) List(java.util.List) GWException(com.pspace.ifs.ksan.gw.exception.GWException) S3Object(com.pspace.ifs.ksan.gw.object.S3Object) DataPostObject(com.pspace.ifs.ksan.gw.data.DataPostObject) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) IOException(java.io.IOException) XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper) ByteArrayInputStream(java.io.ByteArrayInputStream) S3Metadata(com.pspace.ifs.ksan.gw.identity.S3Metadata) Tagging(com.pspace.ifs.ksan.gw.format.Tagging) DataPostObject(com.pspace.ifs.ksan.gw.data.DataPostObject) S3Object(com.pspace.ifs.ksan.gw.object.S3Object) Tag(com.pspace.ifs.ksan.gw.format.Tagging.TagSet.Tag) HashMap(java.util.HashMap) Map(java.util.Map) PostPolicy(com.pspace.ifs.ksan.gw.format.PostPolicy)

Aggregations

JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)1 DataPostObject (com.pspace.ifs.ksan.gw.data.DataPostObject)1 GWException (com.pspace.ifs.ksan.gw.exception.GWException)1 PostPolicy (com.pspace.ifs.ksan.gw.format.PostPolicy)1 Tagging (com.pspace.ifs.ksan.gw.format.Tagging)1 TagSet (com.pspace.ifs.ksan.gw.format.Tagging.TagSet)1 Tag (com.pspace.ifs.ksan.gw.format.Tagging.TagSet.Tag)1 S3Bucket (com.pspace.ifs.ksan.gw.identity.S3Bucket)1 S3Metadata (com.pspace.ifs.ksan.gw.identity.S3Metadata)1 S3Object (com.pspace.ifs.ksan.gw.object.S3Object)1 S3ObjectOperation (com.pspace.ifs.ksan.gw.object.S3ObjectOperation)1 S3ServerSideEncryption (com.pspace.ifs.ksan.gw.object.S3ServerSideEncryption)1 S3Signing (com.pspace.ifs.ksan.gw.sign.S3Signing)1 Metadata (com.pspace.ifs.ksan.objmanager.Metadata)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 Decoder (java.util.Base64.Decoder)1 HashMap (java.util.HashMap)1