diff --git a/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RoaAcsRequest.java b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RoaAcsRequest.java index 47790016ef..c924998050 100644 --- a/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RoaAcsRequest.java +++ b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RoaAcsRequest.java @@ -184,33 +184,40 @@ public HttpRequest signRequest(Signer signer, AlibabaCloudCredentials credential imutableMap.put("RegionId", getSysRegionId()); } if (null != signer && null != credentials && !(credentials instanceof AnonymousCredentials)) { - String accessKeyId = credentials.getAccessKeyId(); - if (credentials instanceof BasicSessionCredentials) { - String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken(); - if (null != sessionToken) { - imutableMap.put("x-acs-accesskey-id", accessKeyId); - imutableMap.put("x-acs-security-token", sessionToken); - } - } if (credentials instanceof BearerTokenCredentials) { String bearerToken = ((BearerTokenCredentials) credentials).getBearerToken(); - if (null != ((BearerTokenCredentials) credentials).getBearerToken()) { + if (null != bearerToken) { imutableMap.put("x-acs-bearer-token", bearerToken); + imutableMap.put("x-acs-signature-type", "BEARERTOKEN"); } + } else if (credentials instanceof IDTokenCredentials) { + String idToken = ((IDTokenCredentials) credentials).getIDToken(); + if (null != idToken) { + imutableMap.put("x-acs-zero-trust-idtoken", idToken); + } + } else { + String accessKeyId = credentials.getAccessKeyId(); + if (credentials instanceof BasicSessionCredentials) { + String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken(); + if (null != sessionToken) { + imutableMap.put("x-acs-accesskey-id", accessKeyId); + imutableMap.put("x-acs-security-token", sessionToken); + } + } + if (signer.getContent() != null && hashedRequestPayload != null) { + imutableMap.put(signer.getContent(), hashedRequestPayload); + } + String strToSign = this.composer.composeStringToSign(this.getSysMethod(), this.getSysUriPattern(), signer, + this.getSysQueryParameters(), imutableMap, this.getPathParameters()); + if (this.getSysSignatureVersion() == SignatureVersion.V3) { + strToSign += "\n" + hashedRequestPayload; + strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8"))); + } + this.strToSign = strToSign; + String signature = signer.signString(strToSign, credentials); + imutableMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature) + + (this.getSysSignatureVersion() == SignatureVersion.V3 ? ",SignedHeaders=" + this.getSysSignedHeaders(imutableMap) : "")); } - if (signer.getContent() != null && hashedRequestPayload != null) { - imutableMap.put(signer.getContent(), hashedRequestPayload); - } - String strToSign = this.composer.composeStringToSign(this.getSysMethod(), this.getSysUriPattern(), signer, - this.getSysQueryParameters(), imutableMap, this.getPathParameters()); - if (this.getSysSignatureVersion() == SignatureVersion.V3) { - strToSign += "\n" + hashedRequestPayload; - strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8"))); - } - this.strToSign = strToSign; - String signature = signer.signString(strToSign, credentials); - imutableMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature) - + (this.getSysSignatureVersion() == SignatureVersion.V3 ? ",SignedHeaders=" + this.getSysSignedHeaders(imutableMap) : "")); } this.setSysUrl(this.composeUrl(domain.getDomainName(), this.getSysQueryParameters())); this.headers = imutableMap; diff --git a/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RpcAcsRequest.java b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RpcAcsRequest.java index a211b52c43..76c8b359f3 100644 --- a/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RpcAcsRequest.java +++ b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/RpcAcsRequest.java @@ -172,51 +172,58 @@ public HttpRequest signRequest(Signer signer, AlibabaCloudCredentials credential } } if (null != signer && null != credentials && !(credentials instanceof AnonymousCredentials)) { - String accessKeyId = credentials.getAccessKeyId(); - String accessSecret = credentials.getAccessKeySecret(); - if (credentials instanceof BasicSessionCredentials) { - String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken(); - if (null != sessionToken) { - imutableMap.put("SecurityToken", sessionToken); - headerMap.put("x-acs-security-token", sessionToken); - } - } if (credentials instanceof BearerTokenCredentials) { String bearerToken = ((BearerTokenCredentials) credentials).getBearerToken(); - if (null != ((BearerTokenCredentials) credentials).getBearerToken()) { + if (null != bearerToken) { imutableMap.put("BearerToken", bearerToken); + imutableMap.put("SignatureType", "BEARERTOKEN"); headerMap.put("x-acs-bearer-token", bearerToken); } - } - if (signer.getContent() != null && hashedRequestPayload != null) { - headerMap.put(signer.getContent(), hashedRequestPayload); - } - imutableMap.put("AccessKeyId", accessKeyId); - if (this.getSysSignatureVersion() == SignatureVersion.V3) { - String strToSign = this.composer.composeStringToSign(this.getSysMethod(), null, signer, - this.getSysQueryParameters(), headerMap, null) + "\n" + hashedRequestPayload; - this.strToSign = strToSign; - strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8"))); - String signature = signer.signString(strToSign, accessSecret); - headerMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature) - + ",SignedHeaders=" + this.getSysSignedHeaders(headerMap)); - imutableMap = this.getSysQueryParameters(); + } else if (credentials instanceof IDTokenCredentials) { + String idToken = ((IDTokenCredentials) credentials).getIDToken(); + if (null != idToken) { + headerMap.put("x-acs-zero-trust-idtoken", idToken); + } } else { - Map paramsToSign = new HashMap(); - paramsToSign.putAll(bodyParams); - paramsToSign.putAll(imutableMap); - String strToSign = this.composer.composeStringToSign( - this.getSysMethod(), null, signer, paramsToSign, null, null); - this.strToSign = strToSign; - String signature; - if (credentials instanceof KeyPairCredentials) { - signature = signer.signString(strToSign, credentials); + String accessKeyId = credentials.getAccessKeyId(); + String accessSecret = credentials.getAccessKeySecret(); + if (credentials instanceof BasicSessionCredentials) { + String sessionToken = ((BasicSessionCredentials) credentials).getSessionToken(); + if (null != sessionToken) { + imutableMap.put("SecurityToken", sessionToken); + headerMap.put("x-acs-security-token", sessionToken); + } + } + if (signer.getContent() != null && hashedRequestPayload != null) { + headerMap.put(signer.getContent(), hashedRequestPayload); + } + imutableMap.put("AccessKeyId", accessKeyId); + if (this.getSysSignatureVersion() == SignatureVersion.V3) { + String strToSign = this.composer.composeStringToSign(this.getSysMethod(), null, signer, + this.getSysQueryParameters(), headerMap, null) + "\n" + hashedRequestPayload; + this.strToSign = strToSign; + strToSign = signer.getSignerName() + "\n" + hexEncode(signer.hash(strToSign.getBytes("UTF-8"))); + String signature = signer.signString(strToSign, accessSecret); + headerMap.put("Authorization", this.composer.getAuthorization(signer, accessKeyId, signature) + + ",SignedHeaders=" + this.getSysSignedHeaders(headerMap)); + imutableMap = this.getSysQueryParameters(); } else { - signature = signer.signString(strToSign, accessSecret + "&"); + Map paramsToSign = new HashMap(); + paramsToSign.putAll(bodyParams); + paramsToSign.putAll(imutableMap); + String strToSign = this.composer.composeStringToSign( + this.getSysMethod(), null, signer, paramsToSign, null, null); + this.strToSign = strToSign; + String signature; + if (credentials instanceof KeyPairCredentials) { + signature = signer.signString(strToSign, credentials); + } else { + signature = signer.signString(strToSign, accessSecret + "&"); + } + imutableMap.put("Signature", this.composer.getAuthorization(signer, accessKeyId, signature)); + headerMap.clear(); + headerMap.putAll(this.getSysHeaders()); } - imutableMap.put("Signature", this.composer.getAuthorization(signer, accessKeyId, signature)); - headerMap.clear(); - headerMap.putAll(this.getSysHeaders()); } } this.setSysUrl(this.composeUrl(domain.getDomainName(), imutableMap)); diff --git a/aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/IDTokenCredentials.java b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/IDTokenCredentials.java new file mode 100644 index 0000000000..aa31ac902f --- /dev/null +++ b/aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/IDTokenCredentials.java @@ -0,0 +1,27 @@ +package com.aliyuncs.auth; + +public class IDTokenCredentials implements AlibabaCloudCredentials { + private String idToken; + + public IDTokenCredentials(String idToken) { + this.idToken = idToken; + } + + @Override + public String getAccessKeyId() { + return null; + } + + @Override + public String getAccessKeySecret() { + return null; + } + + public String getIDToken() { + return idToken; + } + + public void setIDToken(String idToken) { + this.idToken = idToken; + } +} diff --git a/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRoaRequestTest.java b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRoaRequestTest.java index 70c9ab93b8..94872a4c48 100644 --- a/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRoaRequestTest.java +++ b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRoaRequestTest.java @@ -6,6 +6,7 @@ import java.util.HashMap; import java.util.Map; +import com.aliyuncs.auth.*; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -15,11 +16,7 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; -import com.aliyuncs.auth.AlibabaCloudCredentials; -import com.aliyuncs.auth.BasicSessionCredentials; -import com.aliyuncs.auth.BearerTokenCredentials; import com.aliyuncs.auth.signers.HmacSHA1Signer; -import com.aliyuncs.auth.RoaSignatureComposer; import com.aliyuncs.http.FormatType; import com.aliyuncs.http.HttpRequest; import com.aliyuncs.http.MethodType; @@ -180,6 +177,14 @@ public void testSignRequest() Mockito.when(bearerCredentials.getBearerToken()).thenReturn("bearerToken"); Assert.assertTrue( request.signRequest(signer, bearerCredentials, FormatType.JSON, productDomain) instanceof HttpRequest); + + IDTokenCredentials idTokenCredentials = Mockito.mock(IDTokenCredentials.class); + Mockito.when(idTokenCredentials.getIDToken()).thenReturn(null); + Assert.assertTrue( + request.signRequest(signer, idTokenCredentials, FormatType.JSON, productDomain) instanceof HttpRequest); + Mockito.when(idTokenCredentials.getIDToken()).thenReturn("token"); + Assert.assertTrue( + request.signRequest(signer, idTokenCredentials, FormatType.JSON, productDomain) instanceof HttpRequest); } } diff --git a/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRpcRequestTest.java b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRpcRequestTest.java index ea93d542a5..a899d082a6 100644 --- a/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRpcRequestTest.java +++ b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/CommonRpcRequestTest.java @@ -1,9 +1,6 @@ package com.aliyuncs; -import com.aliyuncs.auth.BasicSessionCredentials; -import com.aliyuncs.auth.BearerTokenCredentials; -import com.aliyuncs.auth.KeyPairCredentials; -import com.aliyuncs.auth.Signer; +import com.aliyuncs.auth.*; import com.aliyuncs.http.FormatType; import com.aliyuncs.http.ProtocolType; import com.aliyuncs.http.UserAgentConfig; @@ -245,6 +242,8 @@ public void signRequestTest() throws UnsupportedEncodingException, InvalidKeyExc commonRpcRequest.setHttpContentType(FormatType.JSON); commonRpcRequest.signRequest(signer, bearerTokenCredentials, FormatType.JSON, domain); Assert.assertTrue(commonRpcRequest.getSysUrl().contains("BearerToken=token")); + Assert.assertTrue(commonRpcRequest.getSysUrl().contains("SignatureType=BEARERTOKEN")); + Assert.assertEquals("token", commonRpcRequest.getSysHeaders().get("x-acs-bearer-token")); Map map = commonRpcRequest.getSysBodyParameters(); Assert.assertEquals("test", map.get("test")); @@ -253,6 +252,15 @@ public void signRequestTest() throws UnsupportedEncodingException, InvalidKeyExc commonRpcRequest.signRequest(signer, bearerTokenCredentials, FormatType.JSON, domain); Assert.assertFalse(commonRpcRequest.getSysUrl().contains("BearerToken=token")); + commonRpcRequest = new CommonRpcRequest("test"); + commonRpcRequest.setSysProtocol(ProtocolType.HTTP); + IDTokenCredentials idTokenCredentials = mock(IDTokenCredentials.class); + when(idTokenCredentials.getIDToken()).thenReturn("token"); + commonRpcRequest.putBodyParameter("test", "test"); + commonRpcRequest.setHttpContentType(FormatType.JSON); + commonRpcRequest.signRequest(signer, idTokenCredentials, FormatType.JSON, domain); + Assert.assertEquals("token", commonRpcRequest.getSysHeaders().get("x-acs-zero-trust-idtoken")); + commonRpcRequest = new CommonRpcRequest("test"); commonRpcRequest.setSysProtocol(ProtocolType.HTTP); KeyPairCredentials keyPairCredentials = mock(KeyPairCredentials.class); diff --git a/aliyun-java-sdk-core/src/test/java/com/aliyuncs/auth/IDTokenCredentialsTest.java b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/auth/IDTokenCredentialsTest.java new file mode 100644 index 0000000000..a2a2e1dce6 --- /dev/null +++ b/aliyun-java-sdk-core/src/test/java/com/aliyuncs/auth/IDTokenCredentialsTest.java @@ -0,0 +1,25 @@ +package com.aliyuncs.auth; + +import org.junit.Assert; +import org.junit.Test; + +public class IDTokenCredentialsTest { + @Test + public void constructorTest() { + String token = "token"; + IDTokenCredentials credentials = new IDTokenCredentials(token); + Assert.assertEquals(token, credentials.getIDToken()); + Assert.assertNull(credentials.getAccessKeyId()); + Assert.assertNull(credentials.getAccessKeySecret()); + } + + @Test + public void setIDTokenTest() { + String token = "token"; + IDTokenCredentials credentials = new IDTokenCredentials(token); + Assert.assertEquals(token, credentials.getIDToken()); + String newToken = "new Token"; + credentials.setIDToken(newToken); + Assert.assertEquals(newToken, credentials.getIDToken()); + } +}