Java tutorial
/************************************************************************* * Copyright 2009-2015 Eucalyptus Systems, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 3 of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see http://www.gnu.org/licenses/. * * Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta * CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need * additional information or have any questions. ************************************************************************/ package com.eucalyptus.auth.tokens; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.BasicSessionCredentials; import com.eucalyptus.auth.Accounts; import com.eucalyptus.auth.AuthException; import com.eucalyptus.auth.principal.AccountFullName; import com.eucalyptus.auth.principal.User; import com.eucalyptus.util.Exceptions; import com.google.common.base.Supplier; import com.google.common.base.Suppliers; /** * */ public class SecurityTokenAWSCredentialsProvider implements AWSCredentialsProvider { private static final int DEFAULT_EXPIRATION_SECS = 900; private static final int DEFAULT_PRE_EXPIRY_SECS = 60; private final AtomicReference<Supplier<AWSCredentials>> credentialsSupplier = new AtomicReference<>(); private final Supplier<User> user; private final int expirationSecs; private final int preExpirySecs; public SecurityTokenAWSCredentialsProvider(final AccountFullName accountFullName) { this(new Supplier<User>() { @Override public User get() { try { return Accounts.lookupPrincipalByAccountNumber(accountFullName.getAccountNumber()); } catch (AuthException e) { throw Exceptions.toUndeclared(e); } } }); } public SecurityTokenAWSCredentialsProvider(final User user) { this(Suppliers.ofInstance(user)); } public SecurityTokenAWSCredentialsProvider(final Supplier<User> user) { this(user, DEFAULT_EXPIRATION_SECS); } public SecurityTokenAWSCredentialsProvider(final Supplier<User> user, final int expirationSecs) { this(user, Math.max(expirationSecs, DEFAULT_PRE_EXPIRY_SECS * 2), DEFAULT_PRE_EXPIRY_SECS); } public SecurityTokenAWSCredentialsProvider(final User user, final int expirationSecs, final int preExpirySecs) { this(Suppliers.ofInstance(user), expirationSecs, preExpirySecs); } public SecurityTokenAWSCredentialsProvider(final Supplier<User> user, final int expirationSecs, final int preExpirySecs) { this.user = user; this.expirationSecs = Math.max(expirationSecs, DEFAULT_PRE_EXPIRY_SECS * 2); this.preExpirySecs = preExpirySecs; refresh(); } @Override public AWSCredentials getCredentials() { return credentialsSupplier.get().get(); } @Override public void refresh() { credentialsSupplier.set(refreshCredentialsSupplier()); } private Supplier<AWSCredentials> refreshCredentialsSupplier() { return Suppliers.memoizeWithExpiration(new Supplier<AWSCredentials>() { @Override public AWSCredentials get() { try { final SecurityToken securityToken = SecurityTokenManager.issueSecurityToken(user.get(), expirationSecs); return new BasicSessionCredentials(securityToken.getAccessKeyId(), securityToken.getSecretKey(), securityToken.getToken()); } catch (final AuthException e) { throw Exceptions.toUndeclared(e); } } }, expirationSecs - preExpirySecs, TimeUnit.SECONDS); } }