Package org.restlet.ext.crypto.internal

Class AwsVerifier

  • All Implemented Interfaces:
    Verifier
    public class AwsVerifier
extends SecretVerifier
    Wrapped verifier that can verify HTTP requests utilizing the Amazon S3 authentication scheme. Verifies the user by computing the request signature using the local secret and comparing it to the signature provided in the request.

    Per the Amazon S3 specification the Date header is required. If the Date header is missing or the request is older than the allowed time limit, specified by the maxRequestAge property, the request fails verification.

    See Also:
    Authenticating REST Requests

    • Field Detail

      • DEFAULT_MAX_REQUEST_AGE

        private static final long DEFAULT_MAX_REQUEST_AGE
        Default maximum request age (15 minutes)
        See Also:
        Constant Field Values

      • maxRequestAge

        private long maxRequestAge
        The maximum age of a request, in milliseconds, before it is considered stale.

      • wrappedVerifier

        private LocalVerifier wrappedVerifier
        The local secret verifier.

    • Constructor Detail

      • AwsVerifier

        public AwsVerifier​(LocalVerifier wrappedVerifier)
        Creates a new HttpAwsS3Verifier instance.
        Parameters:
        wrappedVerifier - The wrapped verifier containing local identifier/secret couples

      • AwsVerifier

        public AwsVerifier​(LocalVerifier wrappedVerifier,
                   long maxRequestAge)
        Creates a new HttpAwsS3Verifier instance.
        Parameters:
        wrappedVerifier - The wrapped verifier containing local identifier/secret couples
        maxRequestAge - The maximum age of a request, in milliseconds, before it is considered stale

    • Method Detail

      • getIdentifier

        protected java.lang.String getIdentifier​(Request request,
                                         Response response)
        Returns the user identifier portion of an Amazon S3 compatible Authorization header.

        An Amazon S3 compatible Authorization header has the following pattern.
        Authorization: AWS id:signature

        Overrides:
        getIdentifier in class SecretVerifier
        Parameters:
        request - The request to inspect.
        response - The response to inspect.
        Returns:
        The user identifier.

      • getLocalSecret

        public char[] getLocalSecret​(java.lang.String identifier)
        Returns the local secret associated to a given identifier.
        Parameters:
        identifier - The identifier to lookup.
        Returns:
        The secret associated to the identifier or null.

      • getMaxRequestAge

        public long getMaxRequestAge()
        Returns the maximum age of a request, in milliseconds, before it is considered stale.

        A negative or zero value indicates no age restriction. The default value is 15 minutes.

      • getSecret

        protected char[] getSecret​(Request request,
                           Response response)
        Returns the signature portion of an Amazon S3 compatible Authorization header.

        An Amazon S3 compatible Authorization header has the following pattern.
        Authorization: AWS id:signature

        Overrides:
        getSecret in class SecretVerifier
        Parameters:
        request - The request to inspect.
        response - The response to inspect.
        Returns:
        The secret provided by the user.

      • getWrappedVerifier

        public LocalVerifier getWrappedVerifier()
        Returns the wrapped local secret verifier.
        Returns:
        The local secret verifier.

      • setMaxRequestAge

        public void setMaxRequestAge​(long value)
        Sets the maximum age of a request, in milliseconds, before it is considered stale.

        A negative or zero value indicates no age restriction. The default value is 15 minutes.

      • setWrappedVerifier

        public void setWrappedVerifier​(LocalVerifier wrappedVerifier)
        Sets the wrapped local secret verifier.
        Parameters:
        wrappedVerifier - The local secret verifier.

      • verify

        public int verify​(Request request,
                  Response response)
        Description copied from class: SecretVerifier
        Verifies that the proposed secret is correct for the specified request. By default, it compares the inputSecret of the request's authentication response with the one obtain by the ChallengeResponse.getSecret() method and sets the User instance of the request's ClientInfo if successful.
        Specified by:
        verify in interface Verifier
        Overrides:
        verify in class SecretVerifier
        Parameters:
        request - The request to inspect.
        response - The response to inspect.
        Returns:
        Result of the verification based on the RESULT_* constants.

      • verify

        public int verify​(java.lang.String identifier,
                  char[] secret)
           throws java.lang.IllegalArgumentException
        This function is not implemented because the authorization scheme requires direct access to the request. See verify(Request, Response).
        Specified by:
        verify in class SecretVerifier
        Parameters:
        identifier - The user identifier to match.
        secret - The provided secret to verify.
        Returns:
        Result of the verification based on the RESULT_* constants.
        Throws:
        java.lang.IllegalArgumentException