github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/clients/hadoopfs/src/test/java/io/lakefs/auth/GetCallerIdentityV4PresignerTest.java (about) 1 package io.lakefs.auth; 2 3 import com.amazonaws.Request; 4 import com.amazonaws.auth.AWSSessionCredentials; 5 import io.lakefs.Constants; 6 import org.junit.Assert; 7 import org.junit.Test; 8 9 import java.net.URI; 10 import java.net.URL; 11 import java.util.HashMap; 12 import java.util.Map; 13 import java.util.regex.Matcher; 14 import java.util.regex.Pattern; 15 16 17 public class GetCallerIdentityV4PresignerTest { 18 public static AWSSessionCredentials newMockAWSCreds() { 19 return new AWSSessionCredentials() { 20 @Override 21 public String getSessionToken() { 22 return "sessionToken"; 23 } 24 25 @Override 26 public String getAWSAccessKeyId() { 27 return "accessKeyId"; 28 } 29 30 @Override 31 public String getAWSSecretKey() { 32 return "secretKey"; 33 } 34 }; 35 } 36 37 public static Map<String, String> getQueryParams(String query) { 38 Map<String, String> params = new HashMap<>(); 39 if (query != null) { 40 String[] pairs = query.split("&"); 41 for (String pair : pairs) { 42 String[] keyValue = pair.split("="); 43 if (keyValue.length == 2) { 44 String key = keyValue[0]; 45 String value = keyValue[1]; 46 params.put(key, value); 47 } 48 } 49 } 50 return params; 51 } 52 53 @Test 54 public void testPresignAsURL() throws Exception { 55 AWSSessionCredentials awsCreds = GetCallerIdentityV4PresignerTest.newMockAWSCreds(); 56 GetCallerIdentityV4Presigner stsPresigner = new GetCallerIdentityV4Presigner(); 57 GeneratePresignGetCallerIdentityRequest stsReq = new GeneratePresignGetCallerIdentityRequest( 58 new URI("https://sts.amazonaws.com"), 59 awsCreds, 60 new HashMap<String, String>() {{ 61 put(Constants.DEFAULT_AUTH_PROVIDER_SERVER_ID_HEADER, "lakefs-host"); 62 }}, 63 60 64 ); 65 66 GeneratePresignGetCallerIdentityResponse signedRequest = stsPresigner.presignRequest(stsReq); 67 URL url = new URL(signedRequest.convertToURL()); 68 69 Assert.assertEquals("https", url.getProtocol()); 70 Assert.assertEquals("sts.amazonaws.com", url.getHost()); 71 Map<String, String> generatedQueryParams = GetCallerIdentityV4PresignerTest.getQueryParams(url.getQuery()); 72 73 Map<String, String> paramsExpected = new HashMap() {{ 74 put("X-Amz-Date", "\\d{8}T\\d{6}Z"); 75 put("Action", "GetCallerIdentity"); 76 put("X-Amz-Algorithm", "AWS4-HMAC-SHA256"); 77 put("X-Amz-Signature", "[a-f0-9]{64}"); 78 put("Version", "2011-06-15"); 79 put("X-Amz-SignedHeaders", "host%3Bx-lakefs-server-id"); 80 put("X-Amz-Security-Token", GetCallerIdentityV4Presigner.urlEncode(awsCreds.getSessionToken(), false)); 81 put("X-Amz-Credential", awsCreds.getAWSAccessKeyId() + "%2F\\d{8}%2Fus-east-1%2Fsts%2Faws4_request"); 82 put("X-Amz-Expires", "60"); 83 }}; 84 85 // check that all expected params are present in the generated URL 86 for (Map.Entry<String, String> entry : paramsExpected.entrySet()) { 87 String expectedKey = entry.getKey(); 88 String expectedValuePattern = entry.getValue(); 89 Assert.assertEquals(String.format("missing param %s in URL %s", expectedKey, url), true, generatedQueryParams.containsKey(expectedKey)); 90 Pattern compiledPattern = Pattern.compile(expectedValuePattern); 91 Matcher matcher = compiledPattern.matcher(generatedQueryParams.get(expectedKey)); 92 Assert.assertEquals(String.format("Query param %s does not match \npattern: %s", generatedQueryParams.get(expectedKey), expectedValuePattern), true, matcher.matches()); 93 } 94 } 95 }