feat: support idtoken credentials

Author: yndu13

aliyun-java-sdk-core/src/main/java/com/aliyuncs/RoaAcsRequest.java

@@ -184,33 +184,40 @@ public HttpRequest signRequest(Signer signer, AlibabaCloudCredentials credential
             imutableMap.put("RegionId", getSysRegionId());
         }
         if (null != signer && null != credentials && !(credentials instanceof AnonymousCredentials)) {
-            String accessKeyId = credentials.getAccessKeyId();
-            if (credentials instanceof BasicSessionCredentials) {
-                String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
-                if (null != sessionToken) {
-                    imutableMap.put("x-acs-accesskey-id", accessKeyId);
-                    imutableMap.put("x-acs-security-token", sessionToken);
-                }
-            }
             if (credentials instanceof BearerTokenCredentials) {
                 String bearerToken = ((BearerTokenCredentials) credentials).getBearerToken();
-                if (null != ((BearerTokenCredentials) credentials).getBearerToken()) {
+                if (null != bearerToken) {
                     imutableMap.put("x-acs-bearer-token", bearerToken);
+                    imutableMap.put("x-acs-signature-type", "BEARERTOKEN");
                 }
+            } else if (credentials instanceof IDTokenCredentials) {
+                String idToken = ((IDTokenCredentials) credentials).getIDToken();
+                if (null != idToken) {
+                    imutableMap.put("x-acs-zero-trust-idtoken", idToken);
+                }
+            } else {
+                String accessKeyId = credentials.getAccessKeyId();
+                if (credentials instanceof BasicSessionCredentials) {
+                    String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
+                    if (null != sessionToken) {
+                        imutableMap.put("x-acs-accesskey-id", accessKeyId);
+                        imutableMap.put("x-acs-security-token", sessionToken);
+                    }
+                }
+                if (signer.getContent() != null && hashedRequestPayload != null) {
+                    imutableMap.put(signer.getContent(), hashedRequestPayload);
+                }
+                String strToSign = this.composer.composeStringToSign(this.getSysMethod(), this.getSysUriPattern(), signer,
+                        this.getSysQueryParameters(), imutableMap, this.getPathParameters());
+                if (this.getSysSignatureVersion() == SignatureVersion.V3) {
+                    strToSign += "\n" + hashedRequestPayload;
+                    strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
+                }
+                this.strToSign = strToSign;
+                String signature = signer.signString(strToSign, credentials);
+                imutableMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
+                        + (this.getSysSignatureVersion() == SignatureVersion.V3 ? ",SignedHeaders=" + this.getSysSignedHeaders(imutableMap) : ""));
             }
-            if (signer.getContent() != null && hashedRequestPayload != null) {
-                imutableMap.put(signer.getContent(), hashedRequestPayload);
-            }
-            String strToSign = this.composer.composeStringToSign(this.getSysMethod(), this.getSysUriPattern(), signer,
-                    this.getSysQueryParameters(), imutableMap, this.getPathParameters());
-            if (this.getSysSignatureVersion() == SignatureVersion.V3) {
-                strToSign += "\n" + hashedRequestPayload;
-                strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
-            }
-            this.strToSign = strToSign;
-            String signature = signer.signString(strToSign, credentials);
-            imutableMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
-                    + (this.getSysSignatureVersion() == SignatureVersion.V3 ? ",SignedHeaders=" + this.getSysSignedHeaders(imutableMap) : ""));
         }
         this.setSysUrl(this.composeUrl(domain.getDomainName(), this.getSysQueryParameters()));
         this.headers = imutableMap;

aliyun-java-sdk-core/src/main/java/com/aliyuncs/RpcAcsRequest.java

@@ -172,51 +172,58 @@ public HttpRequest signRequest(Signer signer, AlibabaCloudCredentials credential
             }
         }
         if (null != signer && null != credentials && !(credentials instanceof AnonymousCredentials)) {
-            String accessKeyId = credentials.getAccessKeyId();
-            String accessSecret = credentials.getAccessKeySecret();
-            if (credentials instanceof BasicSessionCredentials) {
-                String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
-                if (null != sessionToken) {
-                    imutableMap.put("SecurityToken", sessionToken);
-                    headerMap.put("x-acs-security-token", sessionToken);
-                }
-            }
             if (credentials instanceof BearerTokenCredentials) {
                 String bearerToken = ((BearerTokenCredentials) credentials).getBearerToken();
-                if (null != ((BearerTokenCredentials) credentials).getBearerToken()) {
+                if (null != bearerToken) {
                     imutableMap.put("BearerToken", bearerToken);
+                    imutableMap.put("SignatureType", "BEARERTOKEN");
                     headerMap.put("x-acs-bearer-token", bearerToken);
                 }
-            }
-            if (signer.getContent() != null && hashedRequestPayload != null) {
-                headerMap.put(signer.getContent(), hashedRequestPayload);
-            }
-            imutableMap.put("AccessKeyId", accessKeyId);
-            if (this.getSysSignatureVersion() == SignatureVersion.V3) {
-                String strToSign = this.composer.composeStringToSign(this.getSysMethod(), null, signer,
-                        this.getSysQueryParameters(), headerMap, null) + "\n" + hashedRequestPayload;
-                this.strToSign = strToSign;
-                strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
-                String signature = signer.signString(strToSign, accessSecret);
-                headerMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
-                        + ",SignedHeaders=" + this.getSysSignedHeaders(headerMap));
-                imutableMap = this.getSysQueryParameters();
+            } else if (credentials instanceof IDTokenCredentials) {
+                String idToken = ((IDTokenCredentials) credentials).getIDToken();
+                if (null != idToken) {
+                    headerMap.put("x-acs-zero-trust-idtoken", idToken);
+                }
             } else {
-                Map<String, String> paramsToSign = new HashMap<String, String>();
-                paramsToSign.putAll(bodyParams);
-                paramsToSign.putAll(imutableMap);
-                String strToSign = this.composer.composeStringToSign(
-                        this.getSysMethod(), null, signer, paramsToSign, null, null);
-                this.strToSign = strToSign;
-                String signature;
-                if (credentials instanceof KeyPairCredentials) {
-                    signature = signer.signString(strToSign, credentials);
+                String accessKeyId = credentials.getAccessKeyId();
+                String accessSecret = credentials.getAccessKeySecret();
+                if (credentials instanceof BasicSessionCredentials) {
+                    String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
+                    if (null != sessionToken) {
+                        imutableMap.put("SecurityToken", sessionToken);
+                        headerMap.put("x-acs-security-token", sessionToken);
+                    }
+                }
+                if (signer.getContent() != null && hashedRequestPayload != null) {
+                    headerMap.put(signer.getContent(), hashedRequestPayload);
+                }
+                imutableMap.put("AccessKeyId", accessKeyId);
+                if (this.getSysSignatureVersion() == SignatureVersion.V3) {
+                    String strToSign = this.composer.composeStringToSign(this.getSysMethod(), null, signer,
+                            this.getSysQueryParameters(), headerMap, null) + "\n" + hashedRequestPayload;
+                    this.strToSign = strToSign;
+                    strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
+                    String signature = signer.signString(strToSign, accessSecret);
+                    headerMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
+                            + ",SignedHeaders=" + this.getSysSignedHeaders(headerMap));
+                    imutableMap = this.getSysQueryParameters();
                 } else {
-                    signature = signer.signString(strToSign, accessSecret + "&");
+                    Map<String, String> paramsToSign = new HashMap<String, String>();
+                    paramsToSign.putAll(bodyParams);
+                    paramsToSign.putAll(imutableMap);
+                    String strToSign = this.composer.composeStringToSign(
+                            this.getSysMethod(), null, signer, paramsToSign, null, null);
+                    this.strToSign = strToSign;
+                    String signature;
+                    if (credentials instanceof KeyPairCredentials) {
+                        signature = signer.signString(strToSign, credentials);
+                    } else {
+                        signature = signer.signString(strToSign, accessSecret + "&");
+                    }
+                    imutableMap.put("Signature", this.composer.getAuthorization(signer, accessKeyId, signature));
+                    headerMap.clear();
+                    headerMap.putAll(this.getSysHeaders());
                 }
-                imutableMap.put("Signature", this.composer.getAuthorization(signer, accessKeyId, signature));
-                headerMap.clear();
-                headerMap.putAll(this.getSysHeaders());
             }
         }
         this.setSysUrl(this.composeUrl(domain.getDomainName(), imutableMap));

aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/IDTokenCredentials.java

@@ -0,0 +1,27 @@
+package com.aliyuncs.auth;
+
+public class IDTokenCredentials implements AlibabaCloudCredentials {
+    private String idToken;
+
+    public IDTokenCredentials(String idToken) {
+        this.idToken = idToken;
+    }
+
+    @Override
+    public String getAccessKeyId() {
+        return null;
+    }
+
+    @Override
+    public String getAccessKeySecret() {
+        return null;
+    }
+
+    public String getIDToken() {
+        return idToken;
+    }
+
+    public void setIDToken(String idToken) {
+        this.idToken = idToken;
+    }
+}

aliyun-java-sdk-core/src/test/java/com/aliyuncs/auth/IDTokenCredentialsTest.java

@@ -0,0 +1,25 @@
+package com.aliyuncs.auth;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class IDTokenCredentialsTest {
+    @Test
+    public void constructorTest() {
+        String token = "token";
+        IDTokenCredentials credentials = new IDTokenCredentials(token);
+        Assert.assertEquals(token, credentials.getIDToken());
+        Assert.assertNull(credentials.getAccessKeyId());
+        Assert.assertNull(credentials.getAccessKeySecret());
+    }
+
+    @Test
+    public void setIDTokenTest() {
+        String token = "token";
+        IDTokenCredentials credentials = new IDTokenCredentials(token);
+        Assert.assertEquals(token, credentials.getIDToken());
+        String newToken = "new Token";
+        credentials.setIDToken(newToken);
+        Assert.assertEquals(newToken, credentials.getIDToken());
+    }
+}