com.amazonaws.neptune.auth

Class NeptuneSigV4SignerBase<T>

java.lang.Object

com.amazonaws.neptune.auth.NeptuneSigV4SignerBase<T>

Type Parameters:

T - type of the request to be signed

All Implemented Interfaces:

NeptuneSigV4Signer<T>

Direct Known Subclasses:

NeptuneApacheHttpSigV4Signer, NeptuneNettyHttpSigV4Signer, NeptuneRequestMetadataSigV4Signer

public abstract class NeptuneSigV4SignerBase<T>
extends Object
implements NeptuneSigV4Signer<T>

Base implementation of NeptuneSigV4Signer interface.

This implementation uses the internal AWS SDK signer to sign requests. The constructor requires the region name for which to sign as well as an AWSCredentialsProvider providing access to the credentials used for signing the request. The service name used within the signing process is hardcoded to be "neptune-db", which is the official name of the Amazon Neptune service.

The implementation uses the following approach for signing the request:

1. Convert the input request nto an AWS SDK SignableRequest.
2. Sign the SignableRequest using an AWS SDK AWS4Signer
3. \Attach the computed authorization headers to the input request, thus signing it

The signed request can then be sent to an IAM authorized Neptune instance.

Author:

schmdtm

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	NeptuneSigV4SignerBase.NeptuneSigV4Signature Simple struct encapsulating pre-computed Signature V4 signing information.

Constructor Summary

Constructors

Constructor and Description
NeptuneSigV4SignerBase(String regionName, com.amazonaws.auth.AWSCredentialsProvider awsCredentialsProvider) Create a NeptuneSigV4Signer instance for the given region and service name.

Method Summary

Modifier and Type	Method and Description
protected abstract void	attachSignature(T nativeRequest, NeptuneSigV4SignerBase.NeptuneSigV4Signature signature) Attach the signature provided in the signature object to the nativeRequest.
protected void	checkNotNull(Object obj, String errMsg) Tiny helper function to assert that the object is not null.
protected com.amazonaws.SignableRequest<?>	convertToSignableRequest(String httpMethodName, URI httpEndpointUri, String resourcePath, Map<String,String> httpHeaders, Map<String,List<String>> httpParameters, InputStream httpContent) Helper method to create an AWS SDK SignableRequest based on HTTP information.
protected Map<String,List<String>>	extractParametersFromQueryString(String queryStr) Extracts the parameters from a query string (such as param1=value1&param2=value2&...).
void	signRequest(T request) Main logics to sign the request.
protected abstract com.amazonaws.SignableRequest<?>	toSignableRequest(T nativeRequest) Convert the native request into an AWS SDK SignableRequest object which can be used to perform signing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NeptuneSigV4SignerBase

public NeptuneSigV4SignerBase(String regionName,
                              com.amazonaws.auth.AWSCredentialsProvider awsCredentialsProvider)
                       throws NeptuneSigV4SignerException

Create a NeptuneSigV4Signer instance for the given region and service name.

Parameters:

regionName - name of the region for which the request is signed

awsCredentialsProvider - the provider offering access to the credentials used for signing the request

Throws:

NeptuneSigV4SignerException - in case initialization fails

Method Detail

toSignableRequest

protected abstract com.amazonaws.SignableRequest<?> toSignableRequest(T nativeRequest)
                                                               throws NeptuneSigV4SignerException

Convert the native request into an AWS SDK SignableRequest object which can be used to perform signing. This means that the information from the request relevant for signing (such as request URI, query string, headers, etc.) need to be extracted from the native request and mapped to a SignableRequest object, which is used internally for the signing process.

Note that the signable request internally, during the signing process, adds a "Host" header. This may lead to problems if the original request has a host header with a name in different capitalization (e.g. "host"), leading to duplicate host headers and the signing process to fail. Hence, when using the API you need to make sure that there is either no host header in your original request or the host header uses the exact string "Host" as the header name. The easiest solution, if you have control over the native HTTP request, is to just leave out the host header when translating and create one when signing (the host header value will be part of the struct returned from the signing process).

Parameters:

nativeRequest - the native HTTP request

Returns:

the SignableRequest

Throws:

NeptuneSigV4SignerException - in case something goes wrong during translation

attachSignature

protected abstract void attachSignature(T nativeRequest,
                                        NeptuneSigV4SignerBase.NeptuneSigV4Signature signature)
                                 throws NeptuneSigV4SignerException

Attach the signature provided in the signature object to the nativeRequest. More precisely, the signature contains two headers, X-AMZ-DATE and an Authorization header, which need to be attached to the native HTTP request as HTTP headers or query string depending on the type of signature requested - header/pre-signed url.

Parameters:

nativeRequest - the native HTTP request

signature - the signature information to attach

Throws:

NeptuneSigV4SignerException - in case something goes wrong during signing of the native request

signRequest

public void signRequest(T request)
                 throws NeptuneSigV4SignerException

Main logics to sign the request. The scheme is to convert the request into a signable request using toSignableRequest, then sign it using the AWS SDK, and finally attach the signature headers to the original request using attachSignature.

Note that toSignableRequest and attachSignature are abstract classes in this base class, they require dedicated implementations depending on the type of the native HTTP request.

Specified by:

signRequest in interface NeptuneSigV4Signer<T>

Parameters:

request - the request to be signed

Throws:

NeptuneSigV4SignerException - in case something goes wrong during signing

convertToSignableRequest

protected com.amazonaws.SignableRequest<?> convertToSignableRequest(String httpMethodName,
                                                                    URI httpEndpointUri,
                                                                    String resourcePath,
                                                                    Map<String,String> httpHeaders,
                                                                    Map<String,List<String>> httpParameters,
                                                                    InputStream httpContent)
                                                             throws NeptuneSigV4SignerException

Helper method to create an AWS SDK SignableRequest based on HTTP information. None of the information passed in here must be null. Can (yet must not) be used by implementing classes.

Also note that the resulting request will not yet be actually signed; this is really only a helper to convert the relevant information from the original HTTP request into the AWS SDK's internal format that will be used for computing the signature in a later step, see the signRequest method for details.

Parameters:

httpMethodName - name of the HTTP method (e.g. "GET", "POST", ...)

httpEndpointUri - URI of the endpoint to which the HTTP request is sent. E.g. http://[host]:port/

resourcePath - the resource path of the request. /resource/id is the path in http://[host]:port/resource/id

httpHeaders - the headers, defined as a mapping from keys (header name) to values (header values)

httpParameters - the parameters, defined as a mapping from keys (parameter names) to a list of values

httpContent - the content carried by the HTTP request; use an empty InputStream for GET requests

Returns:

the resulting AWS SDK signable request

Throws:

NeptuneSigV4SignerException - in case something goes wrong signing the request

extractParametersFromQueryString

protected Map<String,List<String>> extractParametersFromQueryString(String queryStr)

Extracts the parameters from a query string (such as param1=value1&param2=value2&...). The same parameter name may occur multiple times (e.g. param1 might actually be the same string value as param2). The result is represented as a map from unique key names to a list of their values. The query string may be null, in which case an empty map is returned.

Parameters:

queryStr - the query string from which parameters are extracted

Returns:

a hash map, mapping parameters by name to a list of values

checkNotNull

protected void checkNotNull(Object obj,
                            String errMsg)
                     throws NeptuneSigV4SignerException

Tiny helper function to assert that the object is not null. In case it is null, a NeptuneSigV4SignerException is thrown, with the specified error message.

Parameters:

obj - the object to be checked for null

errMsg - the error message to be propagated in case the check fails

Throws:

NeptuneSigV4SignerException - if the check fails