S3Authenticator.java example

Explorer

littles3-master
- api
  - src
    - main
      - java
        com
        javaexchange
        RandomGUID.java
        jpeterson
        littles3
        bo
        Acp.java
        AllUsersGroup.java
        AuthenticatedUsersGroup.java
        AuthenticatorException.java
        Bucket.java
        CanonicalUser.java
        Grantee.java
        GroupBase.java
        InvalidAccessKeyIdException.java
        InvalidSecurityException.java
        RequestTimeTooSkewedException.java
        Resource.java
        ResourcePermission.java
        S3Object.java
        SignatureDoesNotMatchException.java
        dao
        BucketDao.java
        S3ObjectDao.java
        service
        BucketAlreadyExistsException.java
        BucketNotEmptyException.java
        StorageService.java
        util
        etag
        ETag.java
        FileETag.java
        http
        Range.java
        RangeFactory.java
        RangeInputStream.java
        RangeSet.java
        Rangeable.java
    - test
      - java
        com
        javaexchange
        RandomGUIDTest.java
        jpeterson
        littles3
        bo
        AcpTest.java
        AllUsersGroupTest.java
        AuthenticatedUsersGroupTest.java
        BucketTest.java
        CanonicalUserTest.java
        GroupBaseTest.java
        ResourcePermissionTest.java
        ResourceTest.java
        S3ObjectTest.java
        util
        etag
        FileETagTest.java
        http
        RangeFactoryTest.java
        RangeInputStreamTest.java
        RangeSetTest.java
        RangeTest.java
- modules
  - filesystem
    - src
      - main
        java
        com
        jpeterson
        littles3
        bo
        FileS3Object.java
        dao
        filesystem
        FileBase.java
        FileBucketDao.java
        FileS3ObjectDao.java
        service
        impl
        FileStorageServiceImpl.java
      - test
        java
        com
        jpeterson
        littles3
        bo
        FileS3ObjectTest.java
  - je
    - src
      - main
        java
        com
        jpeterson
        littles3
        dao
        je
        BucketTupleBinding.java
        FileS3ObjectTupleBinding.java
        JeBucketDao.java
        JeCentral.java
        JeS3ObjectDao.java
        S3ObjectBucketKey.java
        S3ObjectBucketKeyTupleBinding.java
- webapp
  - src
    - main
      - java
        com
        jpeterson
        littles3
        S3ObjectRequest.java
        StorageEngine.java
        bo
        Authenticator.java
        FileUserDirectory.java
        HackAuthenticator.java
        S3Authenticator.java
        StaticUserDirectory.java
        UserDirectory.java
    - test
      - java
        com
        jpeterson
        littles3
        S3ObjectRequestTest.java

/*
 * Copyright 2007 Jesse Peterson
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.jpeterson.littles3.bo;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;

import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.codec.binary.Base64;

import com.jpeterson.littles3.S3ObjectRequest;

/**
 * Performs Amazon S3 Authentication.
 * 
 * @author Jesse Peterson
 */
public class S3Authenticator implements Authenticator {
	private static final String HEADER_AUTHORIZATION = "Authorization";

	private static final String AUTHORIZATION_TYPE = "AWS";

	private UserDirectory userDirectory;

	/**
	 * Empty constructor.
	 */
	public S3Authenticator() {

	}

	/**
	 * Authenticate the request using the prescribed Amazon S3 authentication
	 * mechanisms.
	 * 
	 * @param req
	 *            The original HTTP request.
	 * @param s3Request
	 *            The S3 specific information for authenticating the request.
	 * @return The authenticated <code>CanonicalUser</code> making the request.
	 * @throws RequestTimeTooSkewedException
	 *             Thrown if the request timestamp is outside of the allotted
	 *             timeframe.
	 */
	public CanonicalUser authenticate(HttpServletRequest req,
			S3ObjectRequest s3Request) throws AuthenticatorException {
		// check to see if anonymous request
		String authorization = req.getHeader(HEADER_AUTHORIZATION);

		if (authorization == null) {
			return new CanonicalUser(CanonicalUser.ID_ANONYMOUS);
		}

		// attempting to be authenticated request

		if (false) {
			// check timestamp of request
			Date timestamp = s3Request.getTimestamp();
			if (timestamp == null) {
				throw new RequestTimeTooSkewedException("No timestamp provided");
			}

			GregorianCalendar calendar = new GregorianCalendar();
			Date now = calendar.getTime();
			calendar.add(Calendar.MINUTE, 15);
			Date maximumDate = calendar.getTime();
			calendar.add(Calendar.MINUTE, -30);
			Date minimumDate = calendar.getTime();

			if (timestamp.before(minimumDate)) {
				throw new RequestTimeTooSkewedException("Timestamp ["
						+ timestamp + "] too old. System time: " + now);
			}

			if (timestamp.after(maximumDate)) {
				throw new RequestTimeTooSkewedException("Timestamp ["
						+ timestamp + "] too new. System time: " + now);
			}
		}

		// authenticate request
		String[] fields = authorization.split(" ");

		if (fields.length != 2) {
			throw new InvalidSecurityException(
					"Unsupported authorization format");
		}

		if (!fields[0].equals(AUTHORIZATION_TYPE)) {
			throw new InvalidSecurityException(
					"Unsupported authorization type: " + fields[0]);
		}

		String[] keys = fields[1].split(":");

		if (keys.length != 2) {
			throw new InvalidSecurityException(
					"Invalid AWSAccesskeyId:Signature");
		}

		String accessKeyId = keys[0];
		String signature = keys[1];
		String secretAccessKey = userDirectory
				.getAwsSecretAccessKey(accessKeyId);
		String calculatedSignature;

		try {
			SecretKey key = new SecretKeySpec(secretAccessKey.getBytes(),
					"HmacSHA1");
			Mac m = Mac.getInstance("HmacSHA1");
			m.init(key);
			m.update(s3Request.getStringToSign().getBytes());
			byte[] mac = m.doFinal();
			calculatedSignature = new String(Base64.encodeBase64(mac));
		} catch (NoSuchAlgorithmException e) {
			throw new InvalidSecurityException(e);
		} catch (InvalidKeyException e) {
			throw new InvalidSecurityException(e);
		}

		System.out.println("-----------------");
		System.out.println("signature: " + signature);
		System.out.println("calculatedSignature: " + calculatedSignature);
		System.out.println("-----------------");

		if (calculatedSignature.equals(signature)) {
			// authenticated!
			return userDirectory.getCanonicalUser(secretAccessKey);
		} else {
			throw new SignatureDoesNotMatchException(
					"Provided signature doesn't match calculated value");
		}
	}

	/**
	 * Get the <code>UserDirectory</code> for accessing user information for
	 * authentication.
	 * 
	 * @return The <code>UserDirectory</code> for accessing user information for
	 *         authentication.
	 */
	public UserDirectory getUserDirectory() {
		return userDirectory;
	}

	/**
	 * Set the <code>UserDirectory</code> for accessing user information for
	 * authentication.
	 * 
	 * @param userDirectory
	 *            The <code>UserDirectory</code> for accessing user information
	 *            for authentication.
	 */
	public void setUserDirectory(UserDirectory userDirectory) {
		this.userDirectory = userDirectory;
	}
}