Break out into a multi-module project

2026-04-20 10:28:12 +01:00 · 2019-04-20 21:56:20 -07:00
parent b41dde777e
commit d0d375aeb7
318 changed files with 255 additions and 215 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/s3/PolicySigner.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/s3/PolicySigner.java
@@ -0,0 +1,48 @@
+package org.whispersystems.textsecuregcm.s3;
+
+import com.amazonaws.util.Base16Lower;
+import com.google.common.annotations.VisibleForTesting;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+
+public class PolicySigner {
+
+  private final String awsAccessSecret;
+  private final String region;
+
+  public PolicySigner(String awsAccessSecret, String region) {
+    this.awsAccessSecret = awsAccessSecret;
+    this.region          = region;
+  }
+
+  public String getSignature(ZonedDateTime now, String policy) {
+    try {
+      Mac mac = Mac.getInstance("HmacSHA256");
+
+      mac.init(new SecretKeySpec(("AWS4" + awsAccessSecret).getBytes("UTF-8"), "HmacSHA256"));
+      byte[] dateKey = mac.doFinal(now.format(DateTimeFormatter.ofPattern("yyyyMMdd")).getBytes("UTF-8"));
+
+      mac.init(new SecretKeySpec(dateKey, "HmacSHA256"));
+      byte[] dateRegionKey = mac.doFinal(region.getBytes("UTF-8"));
+
+      mac.init(new SecretKeySpec(dateRegionKey, "HmacSHA256"));
+      byte[] dateRegionServiceKey = mac.doFinal("s3".getBytes("UTF-8"));
+
+      mac.init(new SecretKeySpec(dateRegionServiceKey, "HmacSHA256"));
+      byte[] signingKey  = mac.doFinal("aws4_request".getBytes("UTF-8"));
+
+      mac.init(new SecretKeySpec(signingKey, "HmacSHA256"));
+
+      return Base16Lower.encodeAsString(mac.doFinal(policy.getBytes("UTF-8")));
+    } catch (NoSuchAlgorithmException | InvalidKeyException | UnsupportedEncodingException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/s3/PostPolicyGenerator.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/s3/PostPolicyGenerator.java
@@ -0,0 +1,52 @@
+package org.whispersystems.textsecuregcm.s3;
+
+import org.apache.commons.codec.binary.Base64;
+import org.whispersystems.textsecuregcm.util.Pair;
+
+import java.io.UnsupportedEncodingException;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+
+public class PostPolicyGenerator {
+
+  public  static final DateTimeFormatter AWS_DATE_TIME   = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmssX");
+  private static final DateTimeFormatter CREDENTIAL_DATE = DateTimeFormatter.ofPattern("yyyyMMdd"          );
+
+  private final String region;
+  private final String bucket;
+  private final String awsAccessId;
+
+  public PostPolicyGenerator(String region, String bucket, String awsAccessId) {
+    this.region      = region;
+    this.bucket      = bucket;
+    this.awsAccessId = awsAccessId;
+  }
+
+  public Pair<String, String> createFor(ZonedDateTime now, String object) {
+    try {
+      String expiration     = now.plusMinutes(30).format(DateTimeFormatter.ISO_INSTANT);
+      String credentialDate = now.format(CREDENTIAL_DATE);
+      String requestDate    = now.format(AWS_DATE_TIME  );
+      String credential     = String.format("%s/%s/%s/s3/aws4_request", awsAccessId, credentialDate, region);
+
+      String policy = String.format("{ \"expiration\": \"%s\",\n" +
+                                        "  \"conditions\": [\n" +
+                                        "    {\"bucket\": \"%s\"},\n" +
+                                        "    {\"key\": \"%s\"},\n" +
+                                        "    {\"acl\": \"private\"},\n" +
+                                        "    [\"starts-with\", \"$Content-Type\", \"\"],\n" +
+                                        "    [\"content-length-range\", 1, 104857600],\n" +
+                                        "\n" +
+                                        "    {\"x-amz-credential\": \"%s\"},\n" +
+                                        "    {\"x-amz-algorithm\": \"AWS4-HMAC-SHA256\"},\n" +
+                                        "    {\"x-amz-date\": \"%s\" }\n" +
+                                        "  ]\n" +
+                                        "}", expiration, bucket, object, credential, requestDate);
+
+      return new Pair<>(credential, Base64.encodeBase64String(policy.getBytes("UTF-8")));
+    } catch (UnsupportedEncodingException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/s3/UrlSigner.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/s3/UrlSigner.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2013 Open WhisperSystems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecuregcm.s3;
+
+import com.amazonaws.HttpMethod;
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.services.s3.AmazonS3;
+import com.amazonaws.services.s3.AmazonS3Client;
+import com.amazonaws.services.s3.S3ClientOptions;
+import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
+
+import java.net.URL;
+import java.util.Date;
+
+public class UrlSigner {
+
+  private static final long   DURATION = 60 * 60 * 1000;
+
+  private final AWSCredentials credentials;
+  private final String bucket;
+
+  public UrlSigner(String accessKey, String accessSecret, String bucket) {
+    this.credentials = new BasicAWSCredentials(accessKey, accessSecret);
+    this.bucket      = bucket;
+  }
+
+  public URL getPreSignedUrl(long attachmentId, HttpMethod method, boolean unaccelerated) {
+    AmazonS3                    client  = new AmazonS3Client(credentials);
+    GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(bucket, String.valueOf(attachmentId), method);
+    
+    request.setExpiration(new Date(System.currentTimeMillis() + DURATION));
+    request.setContentType("application/octet-stream");
+
+    if (unaccelerated) {
+      client.setS3ClientOptions(S3ClientOptions.builder().setPathStyleAccess(true).build());
+    } else {
+      client.setS3ClientOptions(S3ClientOptions.builder().setAccelerateModeEnabled(true).build());
+    }
+
+    return client.generatePresignedUrl(request);
+  }
+
+}