com.eucalyptus.blockstorage.HttpTransfer.java Source code

Java tutorial

Introduction

Here is the source code for com.eucalyptus.blockstorage.HttpTransfer.java

Source

/*************************************************************************
 * Copyright 2009-2012 Eucalyptus Systems, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 3 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see http://www.gnu.org/licenses/.
 *
 * Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta
 * CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need
 * additional information or have any questions.
 *
 * This file may incorporate work covered under the following copyright
 * and permission notice:
 *
 *   Software License Agreement (BSD License)
 *
 *   Copyright (c) 2008, Regents of the University of California
 *   All rights reserved.
 *
 *   Redistribution and use of this software in source and binary forms,
 *   with or without modification, are permitted provided that the
 *   following conditions are met:
 *
 *     Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *     Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer
 *     in the documentation and/or other materials provided with the
 *     distribution.
 *
 *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 *   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 *   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 *   BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 *   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 *   CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 *   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 *   ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *   POSSIBILITY OF SUCH DAMAGE. USERS OF THIS SOFTWARE ACKNOWLEDGE
 *   THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE LICENSED MATERIAL,
 *   COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS SOFTWARE,
 *   AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
 *   IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA,
 *   SANTA BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY,
 *   WHICH IN THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION,
 *   REPLACEMENT OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO
 *   IDENTIFIED, OR WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT
 *   NEEDED TO COMPLY WITH ANY SUCH LICENSES OR RIGHTS.
 ************************************************************************/

package com.eucalyptus.blockstorage;

import java.net.URL;
import java.security.PrivateKey;
import java.security.Signature;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;

import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.httpclient.methods.DeleteMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.params.HttpMethodParams;
import org.apache.commons.httpclient.util.DateUtil;
import org.apache.log4j.Logger;
import org.bouncycastle.util.encoders.Base64;

import com.eucalyptus.blockstorage.util.StorageProperties;
import com.eucalyptus.component.auth.SystemCredentials;
import com.eucalyptus.component.auth.SystemCredentials.Credentials;
import com.eucalyptus.util.EucalyptusCloudException;
import com.google.common.base.Strings;

import java.util.Arrays;

//All HttpTransfer operations should be called asynchronously. The operations themselves are synchronous.
@Deprecated
public class HttpTransfer {
    private static Logger LOG = Logger.getLogger(HttpTransfer.class);
    protected HttpClient httpClient;
    protected HttpMethodBase method;

    protected static final String EUCA2_AUTH_ID = "EUCA2-RSA-SHA256";
    protected static final String EUCA2_AUTH_HEADER_NAME = "Authorization";
    protected static final String ISO_8601_FORMAT = "yyyyMMdd'T'HHmmss'Z'"; //Use the ISO8601 format

    private static final String EUCALYPTUS_OPERATION = "EucaOperation";
    private static final String EUCALYPTUS_HEADER = "EucaHeader";

    /**
     * Calculates and sets the Authorization header value for the request using the EucaRSA-V2 signing algorithm
     * Algorithm Overview:
     * 
     * 1. Generate the canonical Request
     *  a.) CanonicalRequest =
     *          HTTPRequestMethod + '\n' +
     *          CanonicalURI + '\n' +
     *          CanonicalQueryString + '\n' +
     *          CanonicalHeaders + '\n' +
     *          SignedHeaders
     *    b.) Where CanonicalURI = 
     *    c.) Where CanonicalQueryString = 
     *   d.) Where CanonicalHeaders =  sorted (by lowercased header name) ';' delimited list of <lowercase(headername)>:<value> items
     *   e.) Where SignedHeaders = sorted, ';' delimited list of headers in CanonicalHeaders
     * 
     * 2. Signature = RSA(privkey, SHA256(CanonicalRequest))
     * 
     * 3. Add an Authorization HTTP header to the request that contains the following strings, separated by spaces:
     * EUCA2-RSA-SHA256
     * The lower-case hexadecimal encoding of the component's X.509 certificate's md5 fingerprint
     * The SignedHeaders list calculated in Task 1
     * The Base64 encoding of the Signature calculated in Task 2
     * 
     * @param httpBaseRequest -- the request, the 'Authorization' header will be added to the request
     */
    public static void signEucaInternal(HttpMethodBase httpBaseRequest) {
        StringBuilder canonicalRequest = new StringBuilder();
        String canonicalURI = null;
        String verb = httpBaseRequest.getName();
        canonicalURI = httpBaseRequest.getPath();

        String canonicalQuery = calcCanonicalQuery(httpBaseRequest);
        String[] processedHeaders = getCanonicalAndSignedHeaders(httpBaseRequest);
        String canonicalHeaders = processedHeaders[0];
        String signedHeaders = processedHeaders[1];

        canonicalRequest.append(verb).append('\n');
        canonicalRequest.append(canonicalURI).append('\n');
        canonicalRequest.append(canonicalQuery).append('\n');
        canonicalRequest.append(canonicalHeaders).append('\n');
        canonicalRequest.append(signedHeaders);

        StringBuilder authHeader = new StringBuilder(EUCA2_AUTH_ID);
        String signature = null;
        String fingerprint = null;
        try {
            Credentials ccCreds = SystemCredentials.lookup(Storage.class);
            PrivateKey ccPrivateKey = ccCreds.getPrivateKey();
            fingerprint = ccCreds.getCertFingerprint();
            Signature sign = Signature.getInstance("SHA256withRSA");
            sign.initSign(ccPrivateKey);
            LOG.debug("Signing canonical request: " + canonicalRequest.toString());
            sign.update(canonicalRequest.toString().getBytes());
            byte[] sig = sign.sign();
            signature = new String(Base64.encode(sig));
        } catch (Exception ex) {
            LOG.error("Signing error while signing request", ex);
        }

        authHeader.append(" ").append(fingerprint.toLowerCase()).append(" ").append(signedHeaders.toString())
                .append(" ").append(signature);
        httpBaseRequest.addRequestHeader(EUCA2_AUTH_HEADER_NAME, authHeader.toString());
    }

    /**
     * Constructs and returns the canonicalQuery string per EucaRSA-V2 specs.
     * @param httpBaseRequest
     * @return
     */
    private static String calcCanonicalQuery(HttpMethodBase httpBaseRequest) {
        StringBuilder canonicalQuery = new StringBuilder();
        //Sort query elements, assume all values are already URL encoded
        String tmpQuery = httpBaseRequest.getQueryString();
        HashMap<String, String> parameters = new HashMap<String, String>();
        if (!Strings.isNullOrEmpty(tmpQuery)) {
            String[] rawQueryParams = tmpQuery.split("&");
            String[] queryParamNames = new String[rawQueryParams.length];
            String[] tmpKV = null;
            int i = 0;
            for (String paramKV : rawQueryParams) {
                tmpKV = paramKV.split("=");
                queryParamNames[i++] = tmpKV[0];
                if (tmpKV.length == 2) {
                    parameters.put(tmpKV[0], tmpKV[1]);
                } else {
                    parameters.put(tmpKV[0], "");
                }
            }

            Arrays.sort(queryParamNames);
            for (String paramName : queryParamNames) {
                canonicalQuery.append(paramName).append('=');
                if (parameters.get(paramName) != null) {
                    canonicalQuery.append(parameters.get(paramName));
                } else {
                    //Single key, no value
                    canonicalQuery.append("");
                }
                canonicalQuery.append('&');
            }

            if (canonicalQuery.length() > 0) {
                canonicalQuery.deleteCharAt(canonicalQuery.length() - 1); //Delete the trailing '&'
            }
        }
        return canonicalQuery.toString();
    }

    /**
     * Calculates the canonical and signed header strings in a single pass, done in one pass for efficiency
     * @param httpBaseRequest
     * @return Array of 2 elements, first element is the canonicalHeader string, second element is the signedHeaders string
     */
    private static String[] getCanonicalAndSignedHeaders(HttpMethodBase httpBaseRequest) {
        /*
         * The host header is required for EucaV2 signing, but it is not constructed by the HttpClient until the method is executed.
         * So, here we add a header with the same value and name so that we can do the proper sigining, but know that this value will
         * be overwritten when HttpMethodBase is executed to send the request.
         * 
         * This code is specific to the jakarta commons httpclient because that client will set the host header to hostname:port rather than
         * just hostname.
         * 
         * Supposedly you can force the value of the Host header with: httpBaseRequest.getParams().setVirtualHost("hostname"), but that was not successful
         */
        try {
            httpBaseRequest.addRequestHeader("Host",
                    httpBaseRequest.getURI().getHost() + ":" + httpBaseRequest.getURI().getPort());
        } catch (URIException e) {
            LOG.error(
                    "Could not add Host header for canonical headers during authorization header creation in HTTP client: ",
                    e);
            return null;
        }

        Header[] headers = httpBaseRequest.getRequestHeaders();
        StringBuilder signedHeaders = new StringBuilder();
        StringBuilder canonicalHeaders = new StringBuilder();

        if (headers != null) {
            Arrays.sort(headers, new Comparator<Header>() {
                @Override
                public int compare(Header arg0, Header arg1) {
                    return arg0.getName().toLowerCase().compareTo(arg1.getName().toLowerCase());
                }

            });

            for (Header header : headers) {
                //Add to the signed headers
                signedHeaders.append(header.getName().toLowerCase()).append(';');
                //Add the name and value to the canonical header
                canonicalHeaders.append(header.getName().toLowerCase()).append(':').append(header.getValue().trim())
                        .append('\n');
            }

            if (signedHeaders.length() > 0) {
                signedHeaders.deleteCharAt(signedHeaders.length() - 1); //Delete the trailing semi-colon
            }

            if (canonicalHeaders.length() > 0) {
                canonicalHeaders.deleteCharAt(canonicalHeaders.length() - 1); //Delete the trialing '\n' just to make things clear and consistent
            }
        }
        String[] result = new String[2];
        result[0] = canonicalHeaders.toString();
        result[1] = signedHeaders.toString();
        return result;
    }

    /**
     * Constructs the requested method, optionally signing the request via EucaRSA-V2 signing method if signRequest=true
     * Signing the request can be done later as well by explicitly calling signEucaInternal() and passing it the output of this method.
     * That case is useful for constructing the request and then adding headers explicitly before signing takes place.
     * @param verb - The HTTP verb GET|PUT|POST|DELETE|UPDATE
     * @param addr - THe destination address for the request
     * @param eucaOperation - The EucaOperation, if any (e.g. StoreSnapshot, GetWalrusSnapshot, or other values from ObjectStorageProperties.StorageOperations)
     * @param eucaHeader - The Euca Header value, if any. This is not typically used.
     * @param signRequest - Determines if the request is signed at construction time or must be done explicitly later (boolean)
     * @return
     */
    public HttpMethodBase constructHttpMethod(String verb, String addr, String eucaOperation, String eucaHeader,
            boolean signRequest) {
        String date = DateUtil.formatDate(new Date(), ISO_8601_FORMAT);
        //String date = new Date().toString();
        String httpVerb = verb;
        String addrPath = null;
        java.net.URI addrUri = null;
        try {
            addrUri = new URL(addr).toURI();
            addrPath = addrUri.getPath().toString();
            String query = addrUri.getQuery();
            if (query != null) {
                addrPath += "?" + query;
            }
        } catch (Exception ex) {
            LOG.error(ex, ex);
            return null;
        }

        HttpMethodBase method = null;
        if (httpVerb.equals("PUT")) {
            method = new PutMethodWithProgress(addr);
        } else if (httpVerb.equals("DELETE")) {
            method = new DeleteMethod(addr);
        } else {
            method = new GetMethod(addr);
        }

        method.setRequestHeader("Date", date);
        //method.setRequestHeader("Expect", "100-continue");

        method.setRequestHeader(EUCALYPTUS_OPERATION, eucaOperation);
        if (eucaHeader != null) {
            method.setRequestHeader(EUCALYPTUS_HEADER, eucaHeader);
        }

        if (signRequest) {
            signEucaInternal(method);
        }

        return method;
    }

    public void abortTransfer() throws EucalyptusCloudException {
        if (httpClient != null && method != null) {
            method.abort();
            method.releaseConnection();
        }
    }

    public HttpTransfer() {
    }
}