Skip to content

Commit

Permalink
refine ProfileCredentialsProvider
Browse files Browse the repository at this point in the history
  • Loading branch information
@JacksonTian
JacksonTian committed Jul 24, 2024
1 parent abfb8b9 commit c1a9221
Show file tree
Hide file tree
Showing 3 changed files with 377 additions and 232 deletions.
1 change: 1 addition & 0 deletions aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/AuthConstant.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public class AuthConstant {
public static final String INI_TYPE_RAM = "ecs_ram_role";
public static final String INI_TYPE_ARN = "ram_role_arn";
public static final String INI_TYPE_KEY_PAIR = "rsa_key_pair";
public static final String INI_TYPE_ACESS_KEY = "access_key";
public static final String INI_PUBLIC_KEY_ID = "public_key_id";
public static final String INI_PRIVATE_KEY_FILE = "private_key_file";
public static final String INI_PRIVATE_KEY = "private_key";
Expand Down
159 changes: 90 additions & 69 deletions aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/ProfileCredentialsProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,13 @@
import java.util.Map;

public class ProfileCredentialsProvider implements AlibabaCloudCredentialsProvider {
private static volatile Wini ini;
private final String filePath;
private volatile Wini ini;
private AlibabaCloudCredentialsProvider innerProvider;

private static Wini getIni(String filePath) throws IOException {
private Wini getIni(String filePath) throws IOException {
if (null == ini) {
synchronized (ProfileCredentialsProvider.class) {
synchronized (this) {
if (null == ini) {
ini = new Wini(new File(filePath));
}
Expand All @@ -25,31 +27,61 @@ private static Wini getIni(String filePath) throws IOException {
return ini;
}

@Override
public AlibabaCloudCredentials getCredentials() throws ClientException {
String filePath = AuthUtils.getEnvironmentCredentialsFile();
if (filePath == null) {
// 本包可见
ProfileCredentialsProvider(String filePath) {
if (StringUtils.isEmpty(filePath)) {
filePath = AuthConstant.DEFAULT_CREDENTIALS_FILE_PATH;
}
if (filePath.isEmpty()) {
throw new ClientException("The specified credentials file is empty");
}
Wini ini;
try {
ini = getIni(filePath);
} catch (IOException e) {
return null;
}
Map<String, Map<String, String>> client = loadIni(ini);
Map<String, String> clientConfig = client.get(AuthUtils.getClientType());
this.filePath = filePath;
}

public ProfileCredentialsProvider() {
this(AuthUtils.getEnvironmentCredentialsFile());
}

private AlibabaCloudCredentialsProvider getCredentialsProvider(Map<String, String> clientConfig) throws ClientException {
if (clientConfig == null) {
throw new ClientException("Client is not open in the specified credentials file");
}
CredentialsProviderFactory credentialsProviderFactory = new CredentialsProviderFactory();
return createCredential(clientConfig, credentialsProviderFactory);

String configType = clientConfig.get(AuthConstant.INI_TYPE);
if (StringUtils.isEmpty(configType)) {
throw new ClientException("The configured client type is empty");
}
if (AuthConstant.INI_TYPE_ARN.equals(configType)) {
return getSTSAssumeRoleSessionCredentialsProvider(clientConfig);
}
if (AuthConstant.INI_TYPE_KEY_PAIR.equals(configType)) {
return getSTSGetSessionAccessKeyCredentialsProvider(clientConfig);
}
if (AuthConstant.INI_TYPE_RAM.equals(configType)) {
return getInstanceProfileCredentialsProvider(clientConfig);
}
if (AuthConstant.INI_TYPE_ACESS_KEY.equals(configType)) {
return getStaticCredentialsProvider(clientConfig);
}

throw new ClientException(String.format("The configured client type %s is not supported", configType));
}

@Override
public AlibabaCloudCredentials getCredentials() throws ClientException {
// lazy load it
if (this.innerProvider == null) {
Wini ini;
try {
ini = getIni(filePath);
} catch (IOException e) {
throw new ClientException("Client is not open in the specified credentials file");
}
Map<String, Map<String, String>> client = loadIni(ini);
Map<String, String> clientConfig = client.get(AuthUtils.getClientType());
this.innerProvider = getCredentialsProvider(clientConfig);
}
return this.innerProvider.getCredentials();
}

private Map<String, Map<String, String>> loadIni(Wini ini) {
private static Map<String, Map<String, String>> loadIni(Wini ini) {
Map<String, Map<String, String>> client = new HashMap<String, Map<String, String>>();
boolean enable;
for (Map.Entry<String, Profile.Section> clientType : ini.entrySet()) {
Expand All @@ -65,78 +97,67 @@ private Map<String, Map<String, String>> loadIni(Wini ini) {
return client;
}

private AlibabaCloudCredentials createCredential(Map<String, String> clientConfig,
CredentialsProviderFactory factory) throws ClientException {
String configType = clientConfig.get(AuthConstant.INI_TYPE);
if (StringUtils.isEmpty(configType)) {
throw new ClientException("The configured client type is empty");
}
if (AuthConstant.INI_TYPE_ARN.equals(configType)) {
return getSTSAssumeRoleSessionCredentials(clientConfig, factory);
}
if (AuthConstant.INI_TYPE_KEY_PAIR.equals(configType)) {
return getSTSGetSessionAccessKeyCredentials(clientConfig, factory);
}
if (AuthConstant.INI_TYPE_RAM.equals(configType)) {
return getInstanceProfileCredentials(clientConfig, factory);
}
String accessKeyId = clientConfig.get(AuthConstant.INI_ACCESS_KEY_ID);
String accessKeySecret = clientConfig.get(AuthConstant.INI_ACCESS_KEY_IDSECRET);
if (StringUtils.isEmpty(accessKeyId) || StringUtils.isEmpty(accessKeySecret)) {
return null;
}
return new BasicCredentials(accessKeyId, accessKeySecret);
}

private AlibabaCloudCredentials getSTSAssumeRoleSessionCredentials(Map<String, String> clientConfig,
CredentialsProviderFactory factory)
private static AlibabaCloudCredentialsProvider getSTSAssumeRoleSessionCredentialsProvider(Map<String, String> clientConfig)
throws ClientException {
String accessKeyId = clientConfig.get(AuthConstant.INI_ACCESS_KEY_ID);
if (StringUtils.isEmpty(accessKeyId)) {
throw new ClientException("The configured access_key_id is empty");
}
String accessKeySecret = clientConfig.get(AuthConstant.INI_ACCESS_KEY_IDSECRET);
if (StringUtils.isEmpty(accessKeySecret)) {
throw new ClientException("The configured access_key_secret is empty");
}
String roleSessionName = clientConfig.get(AuthConstant.INI_ROLE_SESSION_NAME);
if (StringUtils.isEmpty(roleSessionName)) {
throw new ClientException("The configured role_session_name is empty");
}
String roleArn = clientConfig.get(AuthConstant.INI_ROLE_ARN);
if (StringUtils.isEmpty(roleArn)) {
throw new ClientException("The configured role_arn is empty");
}
String regionId = clientConfig.get(AuthConstant.DEFAULT_REGION);
String policy = clientConfig.get(AuthConstant.INI_POLICY);
if (StringUtils.isEmpty(accessKeyId) || StringUtils.isEmpty(accessKeySecret)) {
throw new ClientException("The configured access_key_id or access_key_secret is empty");
}
if (StringUtils.isEmpty(roleSessionName) || StringUtils.isEmpty(roleArn)) {
throw new ClientException("The configured role_session_name or role_arn is empty");
}
STSAssumeRoleSessionCredentialsProvider provider =
factory.createCredentialsProvider(new STSAssumeRoleSessionCredentialsProvider(accessKeyId,
accessKeySecret, roleSessionName, roleArn, regionId, policy));
return provider.getCredentials();

return new STSAssumeRoleSessionCredentialsProvider(accessKeyId, accessKeySecret, roleSessionName, roleArn, regionId, policy);
}

private AlibabaCloudCredentials getSTSGetSessionAccessKeyCredentials(Map<String, String> clientConfig,
CredentialsProviderFactory factory)
private static AlibabaCloudCredentialsProvider getSTSGetSessionAccessKeyCredentialsProvider(Map<String, String> clientConfig)
throws ClientException {
String publicKeyId = clientConfig.get(AuthConstant.INI_PUBLIC_KEY_ID);
if (StringUtils.isEmpty(publicKeyId)) {
throw new ClientException("The configured public_key_id is empty");
}
String privateKeyFile = clientConfig.get(AuthConstant.INI_PRIVATE_KEY_FILE);
if (StringUtils.isEmpty(privateKeyFile)) {
throw new ClientException("The configured private_key_file is empty");
}
String privateKey = AuthUtils.readFile(privateKeyFile);
if (StringUtils.isEmpty(publicKeyId) || StringUtils.isEmpty(privateKey)) {
throw new ClientException("The configured public_key_id or private_key_file content is empty");
if (StringUtils.isEmpty(privateKey)) {
throw new ClientException("The configured private_key_file content is empty");
}
STSGetSessionAccessKeyCredentialsProvider provider =
factory.createCredentialsProvider(new STSGetSessionAccessKeyCredentialsProvider(publicKeyId, privateKey));
return provider.getCredentials();

return new STSGetSessionAccessKeyCredentialsProvider(publicKeyId, privateKey);
}

private AlibabaCloudCredentials getInstanceProfileCredentials(Map<String, String> clientConfig,
CredentialsProviderFactory factory)
throws ClientException {
private static AlibabaCloudCredentialsProvider getInstanceProfileCredentialsProvider(Map<String, String> clientConfig) throws ClientException {
String roleName = clientConfig.get(AuthConstant.INI_ROLE_NAME);
if (StringUtils.isEmpty(roleName)) {
throw new ClientException("The configured role_name is empty");
}
InstanceProfileCredentialsProvider provider =
factory.createCredentialsProvider(new InstanceProfileCredentialsProvider(roleName));
return provider.getCredentials();

return new InstanceProfileCredentialsProvider(roleName);
}

private static AlibabaCloudCredentialsProvider getStaticCredentialsProvider(Map<String, String> clientConfig) throws ClientException {
String accessKeyId = clientConfig.get(AuthConstant.INI_ACCESS_KEY_ID);
if (StringUtils.isEmpty(accessKeyId)) {
throw new ClientException("The configured access_key_id is empty");
}
String accessKeySecret = clientConfig.get(AuthConstant.INI_ACCESS_KEY_IDSECRET);
if (StringUtils.isEmpty(accessKeySecret)) {
throw new ClientException("The configured access_key_secret is empty");
}

return new StaticCredentialsProvider(new BasicCredentials(accessKeyId, accessKeySecret));
}
}
Loading

0 comments on commit c1a9221

Please sign in to comment.