Example 1 with S3User
use of com.pspace.ifs.ksan.gw.identity.S3User in project ksan by infinistor.
the class S3Signing method validatePost.
public S3Parameter validatePost(DataPostObject dataPostObject) throws GWException {
String uri = s3Parameter.getRequest().getRequestURI();
String headerAuthorization = null;
S3AuthorizationHeader authHeader = null;
boolean signatureVersion4;
if (dataPostObject.getAlgorithm() == null) {
if (dataPostObject.getAccessKey() == null || dataPostObject.getSignature() == null) {
logger.error(GWConstants.LOG_S3SIGNING_V2_SIGNATURE_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
signatureVersion4 = false;
headerAuthorization = GWConstants.AWS_SPACE + dataPostObject.getAccessKey() + GWConstants.COLON + dataPostObject.getSignature();
} else if (dataPostObject.getAlgorithm().equals(GWConstants.AWS4_HMAC_SHA256)) {
if (dataPostObject.getAccessKey() == null || dataPostObject.getSignature() == null) {
logger.error(GWConstants.LOG_S3SIGNING_V4_SIGNATURE_NULL, uri);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
signatureVersion4 = true;
headerAuthorization = GWConstants.AWS4_HMAC_SHA256 + GWConstants.SIGN_CREDENTIAL + dataPostObject.getAccessKey() + GWConstants.SIGN_SIGNATURE + dataPostObject.getSignature();
} else {
logger.error(GWConstants.LOG_S3SIGNING_UNKNOWN_ALGORITHM_VALUE, dataPostObject.getAlgorithm());
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
try {
authHeader = new S3AuthorizationHeader(headerAuthorization);
// whether v2 or v4 (normal header and query)
logger.debug(GWConstants.LOG_S3SIGNING_AUTH_HEADER, authHeader);
} catch (IllegalArgumentException iae) {
PrintStack.logging(logger, iae);
throw new GWException(GWErrorCode.INVALID_ARGUMENT, iae, s3Parameter);
}
String requestIdentity = authHeader.identity;
if (requestIdentity == null) {
logger.error(GWConstants.LOG_S3SIGNING_ACCESS_NULL);
throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
}
S3User user = GWUtils.getDBInstance().getIdentity(requestIdentity, s3Parameter);
if (user == null) {
logger.error(GWConstants.LOG_S3SIGNING_USER_NULL);
throw new GWException(GWErrorCode.INVALID_ACCESS_KEY_ID, s3Parameter);
}
if (dataPostObject.getExpiration() != null) {
long dateSkew = GWUtils.parseTimeExpire(dataPostObject.getExpiration(), s3Parameter);
if (dateSkew < 0) {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
long now = System.currentTimeMillis() / 1000;
logger.info(GWConstants.LOG_S3SIGNING_MATCH_TIME, now, dateSkew);
if (now > dateSkew) {
logger.error(GWConstants.LOG_S3SIGNING_TIME_EXPIRED, dateSkew, now);
throw new GWException(GWErrorCode.REQUEST_TIME_TOO_SKEWED, s3Parameter);
}
} else {
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
if (signatureVersion4) {
byte[] kSecret = (GWConstants.AWS4 + user.getAccessSecret()).getBytes(StandardCharsets.UTF_8);
byte[] kDate = hmac(GWConstants.HMACSHA256, authHeader.getDate().getBytes(StandardCharsets.UTF_8), kSecret);
byte[] kRegion = hmac(GWConstants.HMACSHA256, authHeader.getRegion().getBytes(StandardCharsets.UTF_8), kDate);
byte[] kService = hmac(GWConstants.HMACSHA256, authHeader.getService().getBytes(StandardCharsets.UTF_8), kRegion);
byte[] kSigning = hmac(GWConstants.HMACSHA256, GWConstants.AWS4_REQUEST.getBytes(StandardCharsets.UTF_8), kService);
String expectedSignature = BaseEncoding.base16().lowerCase().encode(hmac(GWConstants.HMACSHA256, dataPostObject.getPolicy().getBytes(StandardCharsets.UTF_8), kSigning));
if (!GWUtils.constantTimeEquals(dataPostObject.getSignature(), expectedSignature)) {
logger.error(GWConstants.LOG_S3SIGNING_FAILED_VALIDATE_EXPECT_AND_AUTH_HEADER, expectedSignature, dataPostObject.getSignature());
throw new GWException(GWErrorCode.SIGNATURE_DOES_NOT_MATCH, s3Parameter);
}
} else {
String expectedSignature = Base64.getEncoder().encodeToString(hmac(GWConstants.HMACSHA1, dataPostObject.getPolicy().getBytes(StandardCharsets.UTF_8), user.getAccessSecret().getBytes(StandardCharsets.UTF_8)));
if (!GWUtils.constantTimeEquals(dataPostObject.getSignature(), expectedSignature)) {
logger.error(GWConstants.LOG_S3SIGNING_FAILED_VALIDATE_EXPECT_AND_AUTH_HEADER, expectedSignature, dataPostObject.getSignature());
throw new GWException(GWErrorCode.SIGNATURE_DOES_NOT_MATCH, s3Parameter);
}
}
// s3Parameter.s3Property = GWUtils.getS3Property();
s3Parameter.setUser(user);
return s3Parameter;
}
Also used :
S3User(com.pspace.ifs.ksan.gw.identity.S3User)
GWException(com.pspace.ifs.ksan.gw.exception.GWException)
Example 2 with S3User
use of com.pspace.ifs.ksan.gw.identity.S3User in project ksan by infinistor.
the class MariaDB method getIdentity.
@Override
public S3User getIdentity(String requestIdentity, S3Parameter s3Parameter) throws GWException {
for (S3User user : userSet) {
if (user.getAccessKey().equals(requestIdentity)) {
return user;
}
}
S3User user = null;
String query = GWConstants.SELECT_USERS_ACCESS_KEY;
List<HashMap<String, Object>> resultList = null;
List<Object> params = new ArrayList<Object>();
params.add(requestIdentity);
resultList = select(query, params, s3Parameter);
if (resultList != null) {
logger.info(GWConstants.RESULT, resultList.get(0).get(GWConstants.USERS_TABLE_USER_ID));
user = new S3User((long) resultList.get(0).get(GWConstants.USERS_TABLE_USER_ID), (String) resultList.get(0).get(GWConstants.USERS_TABLE_USER_NAME), requestIdentity, (String) resultList.get(0).get(GWConstants.USERS_TABLE_ACCESS_SECRET));
userSet.add(user);
}
return user;
}Example 3 with S3User
use of com.pspace.ifs.ksan.gw.identity.S3User in project ksan by infinistor.
the class MariaDB method loadUser.
@Override
public void loadUser() throws GWException {
String query = GWConstants.SELECT_USERS;
List<HashMap<String, Object>> resultList = null;
List<Object> params = new ArrayList<Object>();
resultList = select(query, params, null);
if (resultList != null) {
for (HashMap<String, Object> result : resultList) {
S3User user = new S3User((long) result.get(GWConstants.USERS_TABLE_USER_ID), (String) result.get(GWConstants.USERS_TABLE_USER_NAME), (String) result.get(GWConstants.USERS_TABLE_ACCESS_KEY), (String) result.get(GWConstants.USERS_TABLE_ACCESS_SECRET));
userSet.add(user);
}
}
}Example 4 with S3User
use of com.pspace.ifs.ksan.gw.identity.S3User in project ksan by infinistor.
the class MariaDB method getIdentityByID.
@Override
public S3User getIdentityByID(String userId, S3Parameter s3Parameter) throws GWException {
long id = Long.parseLong(userId);
for (S3User user : userSet) {
if (user.getUserId() == id) {
return user;
}
}
S3User user = null;
String query = GWConstants.SELECT_USERS_USER_ID;
List<HashMap<String, Object>> resultList = null;
List<Object> params = new ArrayList<Object>();
params.add(userId);
resultList = select(query, params, s3Parameter);
if (resultList != null) {
logger.info(GWConstants.RESULT, resultList.get(0).get(GWConstants.USERS_TABLE_USER_ID));
user = new S3User((long) resultList.get(0).get(GWConstants.USERS_TABLE_USER_ID), (String) resultList.get(0).get(GWConstants.USERS_TABLE_USER_NAME), (String) resultList.get(0).get(GWConstants.USERS_TABLE_ACCESS_KEY), (String) resultList.get(0).get(GWConstants.USERS_TABLE_ACCESS_SECRET));
userSet.add(user);
}
return user;
}Example 5 with S3User
use of com.pspace.ifs.ksan.gw.identity.S3User in project ksan by infinistor.
the class MariaDB method getIdentityByName.
@Override
public S3User getIdentityByName(String userName, S3Parameter s3Parameter) throws GWException {
for (S3User user : userSet) {
if (user.getUserName().equals(userName)) {
return user;
}
}
S3User user = null;
String query = GWConstants.SELECT_USERS_USER_NAME;
List<HashMap<String, Object>> resultList = null;
List<Object> params = new ArrayList<Object>();
params.add(userName);
resultList = select(query, params, s3Parameter);
if (resultList != null) {
logger.info(GWConstants.RESULT, resultList.get(0).get(GWConstants.USERS_TABLE_USER_ID));
user = new S3User((long) resultList.get(0).get(GWConstants.USERS_TABLE_USER_ID), (String) resultList.get(0).get(GWConstants.USERS_TABLE_USER_NAME), (String) resultList.get(0).get(GWConstants.USERS_TABLE_ACCESS_KEY), (String) resultList.get(0).get(GWConstants.USERS_TABLE_ACCESS_SECRET));
userSet.add(user);
}
return user;
}Aggregations
S3User (com.pspace.ifs.ksan.gw.identity.S3User)7
ArrayList (java.util.ArrayList)4
HashMap (java.util.HashMap)4
GWException (com.pspace.ifs.ksan.gw.exception.GWException)3
IOException (java.io.IOException)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
InvalidKeyException (java.security.InvalidKeyException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
Bucket (com.pspace.ifs.ksan.objmanager.Bucket)1
ObjManager (com.pspace.ifs.ksan.objmanager.ObjManager)1
ResourceNotFoundException (com.pspace.ifs.ksan.objmanager.ObjManagerException.ResourceNotFoundException)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
SQLException (java.sql.SQLException)1
