feat: support idtoken credentials

Author: yndu13

aliyun-java-sdk-core/src/main/java/com/aliyuncs/RoaAcsRequest.java

@@ -184,33 +184,40 @@ public HttpRequest signRequest(Signer signer, AlibabaCloudCredentials credential
             imutableMap.put("RegionId", getSysRegionId());
         }
         if (null != signer && null != credentials && !(credentials instanceof AnonymousCredentials)) {
-            String accessKeyId = credentials.getAccessKeyId();
-            if (credentials instanceof BasicSessionCredentials) {
-                String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
-                if (null != sessionToken) {
-                    imutableMap.put("x-acs-accesskey-id", accessKeyId);
-                    imutableMap.put("x-acs-security-token", sessionToken);
-                }
-            }
             if (credentials instanceof BearerTokenCredentials) {
                 String bearerToken = ((BearerTokenCredentials) credentials).getBearerToken();
-                if (null != ((BearerTokenCredentials) credentials).getBearerToken()) {
+                if (null != bearerToken) {
                     imutableMap.put("x-acs-bearer-token", bearerToken);
+                    imutableMap.put("x-acs-signature-type", "BEARERTOKEN");
                 }
+            } else if (credentials instanceof IDTokenCredentials) {
+                String idToken = ((IDTokenCredentials) credentials).getIDToken();
+                if (null != idToken) {
+                    imutableMap.put("x-acs-zero-trust-idtoken", idToken);
+                }
+            } else {
+                String accessKeyId = credentials.getAccessKeyId();
+                if (credentials instanceof BasicSessionCredentials) {
+                    String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
+                    if (null != sessionToken) {
+                        imutableMap.put("x-acs-accesskey-id", accessKeyId);
+                        imutableMap.put("x-acs-security-token", sessionToken);
+                    }
+                }
+                if (signer.getContent() != null && hashedRequestPayload != null) {
+                    imutableMap.put(signer.getContent(), hashedRequestPayload);
+                }
+                String strToSign = this.composer.composeStringToSign(this.getSysMethod(), this.getSysUriPattern(), signer,
+                        this.getSysQueryParameters(), imutableMap, this.getPathParameters());
+                if (this.getSysSignatureVersion() == SignatureVersion.V3) {
+                    strToSign += "\n" + hashedRequestPayload;
+                    strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
+                }
+                this.strToSign = strToSign;
+                String signature = signer.signString(strToSign, credentials);
+                imutableMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
+                        + (this.getSysSignatureVersion() == SignatureVersion.V3 ? ",SignedHeaders=" + this.getSysSignedHeaders(imutableMap) : ""));
             }
-            if (signer.getContent() != null && hashedRequestPayload != null) {
-                imutableMap.put(signer.getContent(), hashedRequestPayload);
-            }
-            String strToSign = this.composer.composeStringToSign(this.getSysMethod(), this.getSysUriPattern(), signer,
-                    this.getSysQueryParameters(), imutableMap, this.getPathParameters());
-            if (this.getSysSignatureVersion() == SignatureVersion.V3) {
-                strToSign += "\n" + hashedRequestPayload;
-                strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
-            }
-            this.strToSign = strToSign;
-            String signature = signer.signString(strToSign, credentials);
-            imutableMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
-                    + (this.getSysSignatureVersion() == SignatureVersion.V3 ? ",SignedHeaders=" + this.getSysSignedHeaders(imutableMap) : ""));
         }
         this.setSysUrl(this.composeUrl(domain.getDomainName(), this.getSysQueryParameters()));
         this.headers = imutableMap;

aliyun-java-sdk-core/src/main/java/com/aliyuncs/RpcAcsRequest.java

@@ -172,51 +172,58 @@ public HttpRequest signRequest(Signer signer, AlibabaCloudCredentials credential
             }
         }
         if (null != signer && null != credentials && !(credentials instanceof AnonymousCredentials)) {
-            String accessKeyId = credentials.getAccessKeyId();
-            String accessSecret = credentials.getAccessKeySecret();
-            if (credentials instanceof BasicSessionCredentials) {
-                String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
-                if (null != sessionToken) {
-                    imutableMap.put("SecurityToken", sessionToken);
-                    headerMap.put("x-acs-security-token", sessionToken);
-                }
-            }
             if (credentials instanceof BearerTokenCredentials) {
                 String bearerToken = ((BearerTokenCredentials) credentials).getBearerToken();
-                if (null != ((BearerTokenCredentials) credentials).getBearerToken()) {
+                if (null != bearerToken) {
                     imutableMap.put("BearerToken", bearerToken);
+                    imutableMap.put("SignatureType", "BEARERTOKEN");
                     headerMap.put("x-acs-bearer-token", bearerToken);
                 }
-            }
-            if (signer.getContent() != null && hashedRequestPayload != null) {
-                headerMap.put(signer.getContent(), hashedRequestPayload);
-            }
-            imutableMap.put("AccessKeyId", accessKeyId);
-            if (this.getSysSignatureVersion() == SignatureVersion.V3) {
-                String strToSign = this.composer.composeStringToSign(this.getSysMethod(), null, signer,
-                        this.getSysQueryParameters(), headerMap, null) + "\n" + hashedRequestPayload;
-                this.strToSign = strToSign;
-                strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
-                String signature = signer.signString(strToSign, accessSecret);
-                headerMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
-                        + ",SignedHeaders=" + this.getSysSignedHeaders(headerMap));
-                imutableMap = this.getSysQueryParameters();
+            } else if (credentials instanceof IDTokenCredentials) {
+                String idToken = ((IDTokenCredentials) credentials).getIDToken();
+                if (null != idToken) {
+                    headerMap.put("x-acs-zero-trust-idtoken", idToken);
+                }
             } else {
-                Map<String, String> paramsToSign = new HashMap<String, String>();
-                paramsToSign.putAll(bodyParams);
-                paramsToSign.putAll(imutableMap);
-                String strToSign = this.composer.composeStringToSign(
-                        this.getSysMethod(), null, signer, paramsToSign, null, null);
-                this.strToSign = strToSign;
-                String signature;
-                if (credentials instanceof KeyPairCredentials) {
-                    signature = signer.signString(strToSign, credentials);
+                String accessKeyId = credentials.getAccessKeyId();
+                String accessSecret = credentials.getAccessKeySecret();
+                if (credentials instanceof BasicSessionCredentials) {
+                    String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken();
+                    if (null != sessionToken) {
+                        imutableMap.put("SecurityToken", sessionToken);
+                        headerMap.put("x-acs-security-token", sessionToken);
+                    }
+                }
+                if (signer.getContent() != null && hashedRequestPayload != null) {
+                    headerMap.put(signer.getContent(), hashedRequestPayload);
+                }
+                imutableMap.put("AccessKeyId", accessKeyId);
+                if (this.getSysSignatureVersion() == SignatureVersion.V3) {
+                    String strToSign = this.composer.composeStringToSign(this.getSysMethod(), null, signer,
+                            this.getSysQueryParameters(), headerMap, null) + "\n" + hashedRequestPayload;
+                    this.strToSign = strToSign;
+                    strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8")));
+                    String signature = signer.signString(strToSign, accessSecret);
+                    headerMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature)
+                            + ",SignedHeaders=" + this.getSysSignedHeaders(headerMap));
+                    imutableMap = this.getSysQueryParameters();
                 } else {
-                    signature = signer.signString(strToSign, accessSecret + "&");
+                    Map<String, String> paramsToSign = new HashMap<String, String>();
+                    paramsToSign.putAll(bodyParams);
+                    paramsToSign.putAll(imutableMap);
+                    String strToSign = this.composer.composeStringToSign(
+                            this.getSysMethod(), null, signer, paramsToSign, null, null);
+                    this.strToSign = strToSign;
+                    String signature;
+                    if (credentials instanceof KeyPairCredentials) {
+                        signature = signer.signString(strToSign, credentials);
+                    } else {
+                        signature = signer.signString(strToSign, accessSecret + "&");
+                    }
+                    imutableMap.put("Signature", this.composer.getAuthorization(signer, accessKeyId, signature));
+                    headerMap.clear();
+                    headerMap.putAll(this.getSysHeaders());
                 }
-                imutableMap.put("Signature", this.composer.getAuthorization(signer, accessKeyId, signature));
-                headerMap.clear();
-                headerMap.putAll(this.getSysHeaders());
             }
         }
         this.setSysUrl(this.composeUrl(domain.getDomainName(), imutableMap));

aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/IDTokenCredentials.java

@@ -0,0 +1,27 @@
+package com.aliyuncs.auth;
+
+public class IDTokenCredentials implements AlibabaCloudCredentials {
+    private String idToken;
+
+    public IDTokenCredentials(String idToken) {
+        this.idToken = idToken;
+    }
+
+    @Override
+    public String getAccessKeyId() {
+        return null;
+    }
+
+    @Override
+    public String getAccessKeySecret() {
+        return null;
+    }
+
+    public String getIDToken() {
+        return idToken;
+    }
+
+    public void setIDToken(String idToken) {
+        this.idToken = idToken;
+    }
+}

aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRoaRequestTest.java

@@ -6,6 +6,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import com.aliyuncs.auth.*;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -15,11 +16,7 @@
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
-import com.aliyuncs.auth.AlibabaCloudCredentials;
-import com.aliyuncs.auth.BasicSessionCredentials;
-import com.aliyuncs.auth.BearerTokenCredentials;
 import com.aliyuncs.auth.signers.HmacSHA1Signer;
-import com.aliyuncs.auth.RoaSignatureComposer;
 import com.aliyuncs.http.FormatType;
 import com.aliyuncs.http.HttpRequest;
 import com.aliyuncs.http.MethodType;
@@ -180,6 +177,14 @@ public void testSignRequest()
         Mockito.when(bearerCredentials.getBearerToken()).thenReturn("bearerToken");
         Assert.assertTrue(
                 request.signRequest(signer, bearerCredentials, FormatType.JSON, productDomain) instanceof HttpRequest);
+
+        IDTokenCredentials idTokenCredentials = Mockito.mock(IDTokenCredentials.class);
+        Mockito.when(idTokenCredentials.getIDToken()).thenReturn(null);
+        Assert.assertTrue(
+                request.signRequest(signer, idTokenCredentials, FormatType.JSON, productDomain) instanceof HttpRequest);
+        Mockito.when(idTokenCredentials.getIDToken()).thenReturn("token");
+        Assert.assertTrue(
+                request.signRequest(signer, idTokenCredentials, FormatType.JSON, productDomain) instanceof HttpRequest);
     }
 
 }

aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRpcRequestTest.java

@@ -1,9 +1,6 @@
 package com.aliyuncs;
 
-import com.aliyuncs.auth.BasicSessionCredentials;
-import com.aliyuncs.auth.BearerTokenCredentials;
-import com.aliyuncs.auth.KeyPairCredentials;
-import com.aliyuncs.auth.Signer;
+import com.aliyuncs.auth.*;
 import com.aliyuncs.http.FormatType;
 import com.aliyuncs.http.ProtocolType;
 import com.aliyuncs.http.UserAgentConfig;
@@ -245,6 +242,8 @@ public void signRequestTest() throws UnsupportedEncodingException, InvalidKeyExc
         commonRpcRequest.setHttpContentType(FormatType.JSON);
         commonRpcRequest.signRequest(signer, bearerTokenCredentials, FormatType.JSON, domain);
         Assert.assertTrue(commonRpcRequest.getSysUrl().contains("BearerToken=token"));
+        Assert.assertTrue(commonRpcRequest.getSysUrl().contains("SignatureType=BEARERTOKEN"));
+        Assert.assertEquals("token", commonRpcRequest.getSysHeaders().get("x-acs-bearer-token"));
         Map<String, String> map = commonRpcRequest.getSysBodyParameters();
         Assert.assertEquals("test", map.get("test"));
 
@@ -253,6 +252,15 @@ public void signRequestTest() throws UnsupportedEncodingException, InvalidKeyExc
         commonRpcRequest.signRequest(signer, bearerTokenCredentials, FormatType.JSON, domain);
         Assert.assertFalse(commonRpcRequest.getSysUrl().contains("BearerToken=token"));
 
+        commonRpcRequest = new CommonRpcRequest("test");
+        commonRpcRequest.setSysProtocol(ProtocolType.HTTP);
+        IDTokenCredentials idTokenCredentials = mock(IDTokenCredentials.class);
+        when(idTokenCredentials.getIDToken()).thenReturn("token");
+        commonRpcRequest.putBodyParameter("test", "test");
+        commonRpcRequest.setHttpContentType(FormatType.JSON);
+        commonRpcRequest.signRequest(signer, idTokenCredentials, FormatType.JSON, domain);
+        Assert.assertEquals("token", commonRpcRequest.getSysHeaders().get("x-acs-zero-trust-idtoken"));
+
         commonRpcRequest = new CommonRpcRequest("test");
         commonRpcRequest.setSysProtocol(ProtocolType.HTTP);
         KeyPairCredentials keyPairCredentials = mock(KeyPairCredentials.class);

aliyun-java-sdk-core/src/test/java/com/aliyuncs/auth/IDTokenCredentialsTest.java

@@ -0,0 +1,25 @@
+package com.aliyuncs.auth;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class IDTokenCredentialsTest {
+    @Test
+    public void constructorTest() {
+        String token = "token";
+        IDTokenCredentials credentials = new IDTokenCredentials(token);
+        Assert.assertEquals(token, credentials.getIDToken());
+        Assert.assertNull(credentials.getAccessKeyId());
+        Assert.assertNull(credentials.getAccessKeySecret());
+    }
+
+    @Test
+    public void setIDTokenTest() {
+        String token = "token";
+        IDTokenCredentials credentials = new IDTokenCredentials(token);
+        Assert.assertEquals(token, credentials.getIDToken());
+        String newToken = "new Token";
+        credentials.setIDToken(newToken);
+        Assert.assertEquals(newToken, credentials.getIDToken());
+    }
+}