1   
2   
3   
4   
5   
6   
7   
8   
9   
10  
11  
12  
13  
14  
15  
16  
17  
18  
19  
20  
21  
22  
23  
24  
25  
26  
27  
28  
29  
30  
31  
32  
33  
34  
35  
36  
37  
38  
39  
40  
41  
42  
43  
44  package org.eclipse.jgit.transport;
45  
46  import static java.nio.charset.StandardCharsets.UTF_8;
47  
48  import java.io.ByteArrayOutputStream;
49  import java.io.File;
50  import java.io.FileInputStream;
51  import java.io.FileNotFoundException;
52  import java.io.IOException;
53  import java.io.InputStream;
54  import java.io.OutputStream;
55  import java.net.HttpURLConnection;
56  import java.net.Proxy;
57  import java.net.ProxySelector;
58  import java.net.URL;
59  import java.net.URLConnection;
60  import java.security.DigestOutputStream;
61  import java.security.GeneralSecurityException;
62  import java.security.InvalidKeyException;
63  import java.security.MessageDigest;
64  import java.security.NoSuchAlgorithmException;
65  import java.text.MessageFormat;
66  import java.text.SimpleDateFormat;
67  import java.util.ArrayList;
68  import java.util.Collections;
69  import java.util.Date;
70  import java.util.HashSet;
71  import java.util.Iterator;
72  import java.util.List;
73  import java.util.Locale;
74  import java.util.Map;
75  import java.util.Properties;
76  import java.util.Set;
77  import java.util.SortedMap;
78  import java.util.TimeZone;
79  import java.util.TreeMap;
80  
81  import javax.crypto.Mac;
82  import javax.crypto.spec.SecretKeySpec;
83  
84  import org.eclipse.jgit.internal.JGitText;
85  import org.eclipse.jgit.lib.Constants;
86  import org.eclipse.jgit.lib.NullProgressMonitor;
87  import org.eclipse.jgit.lib.ProgressMonitor;
88  import org.eclipse.jgit.util.Base64;
89  import org.eclipse.jgit.util.HttpSupport;
90  import org.eclipse.jgit.util.StringUtils;
91  import org.eclipse.jgit.util.TemporaryBuffer;
92  import org.xml.sax.Attributes;
93  import org.xml.sax.InputSource;
94  import org.xml.sax.SAXException;
95  import org.xml.sax.XMLReader;
96  import org.xml.sax.helpers.DefaultHandler;
97  import org.xml.sax.helpers.XMLReaderFactory;
98  
99  
100 
101 
102 
103 
104 
105 
106 
107 
108 
109 
110 
111 
112 
113 
114 
115 public class AmazonS3 {
116 	private static final Set<String> SIGNED_HEADERS;
117 
118 	private static final String HMAC = "HmacSHA1"; 
119 
120 	private static final String X_AMZ_ACL = "x-amz-acl"; 
121 
122 	private static final String X_AMZ_META = "x-amz-meta-"; 
123 
124 	static {
125 		SIGNED_HEADERS = new HashSet<>();
126 		SIGNED_HEADERS.add("content-type"); 
127 		SIGNED_HEADERS.add("content-md5"); 
128 		SIGNED_HEADERS.add("date"); 
129 	}
130 
131 	private static boolean isSignedHeader(String name) {
132 		final String nameLC = StringUtils.toLowerCase(name);
133 		return SIGNED_HEADERS.contains(nameLC) || nameLC.startsWith("x-amz-"); 
134 	}
135 
136 	private static String toCleanString(List<String> list) {
137 		final StringBuilder s = new StringBuilder();
138 		for (String v : list) {
139 			if (s.length() > 0)
140 				s.append(',');
141 			s.append(v.replaceAll("\n", "").trim()); 
142 		}
143 		return s.toString();
144 	}
145 
146 	private static String remove(Map<String, String> m, String k) {
147 		final String r = m.remove(k);
148 		return r != null ? r : ""; 
149 	}
150 
151 	private static String httpNow() {
152 		final String tz = "GMT"; 
153 		final SimpleDateFormat fmt;
154 		fmt = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss", Locale.US); 
155 		fmt.setTimeZone(TimeZone.getTimeZone(tz));
156 		return fmt.format(new Date()) + " " + tz; 
157 	}
158 
159 	private static MessageDigest newMD5() {
160 		try {
161 			return MessageDigest.getInstance("MD5"); 
162 		} catch (NoSuchAlgorithmException e) {
163 			throw new RuntimeException(JGitText.get().JRELacksMD5Implementation, e);
164 		}
165 	}
166 
167 	
168 	private final String publicKey;
169 
170 	
171 	private final SecretKeySpec privateKey;
172 
173 	
174 	private final ProxySelector proxySelector;
175 
176 	
177 	private final String acl;
178 
179 	
180 	final int maxAttempts;
181 
182 	
183 	private final WalkEncryption encryption;
184 
185 	
186 	private final File tmpDir;
187 
188 	
189 	private final String domain;
190 
191 	
192 	interface Keys {
193 		String ACCESS_KEY = "accesskey"; 
194 		String SECRET_KEY = "secretkey"; 
195 		String PASSWORD = "password"; 
196 		String CRYPTO_ALG = "crypto.algorithm"; 
197 		String CRYPTO_VER = "crypto.version"; 
198 		String ACL = "acl"; 
199 		String DOMAIN = "domain"; 
200 		String HTTP_RETRY = "httpclient.retry-max"; 
201 		String TMP_DIR = "tmpdir"; 
202 	}
203 
204 	
205 
206 
207 
208 
209 
210 
211 
212 
213 
214 
215 
216 
217 
218 
219 
220 
221 
222 
223 
224 
225 
226 
227 
228 
229 
230 
231 
232 
233 
234 
235 	public AmazonS3(final Properties props) {
236 		domain = props.getProperty(Keys.DOMAIN, "s3.amazonaws.com"); 
237 
238 		publicKey = props.getProperty(Keys.ACCESS_KEY);
239 		if (publicKey == null)
240 			throw new IllegalArgumentException(JGitText.get().missingAccesskey);
241 
242 		final String secret = props.getProperty(Keys.SECRET_KEY);
243 		if (secret == null)
244 			throw new IllegalArgumentException(JGitText.get().missingSecretkey);
245 		privateKey = new SecretKeySpec(Constants.encodeASCII(secret), HMAC);
246 
247 		final String pacl = props.getProperty(Keys.ACL, "PRIVATE"); 
248 		if (StringUtils.equalsIgnoreCase("PRIVATE", pacl)) 
249 			acl = "private"; 
250 		else if (StringUtils.equalsIgnoreCase("PUBLIC", pacl)) 
251 			acl = "public-read"; 
252 		else if (StringUtils.equalsIgnoreCase("PUBLIC-READ", pacl)) 
253 			acl = "public-read"; 
254 		else if (StringUtils.equalsIgnoreCase("PUBLIC_READ", pacl)) 
255 			acl = "public-read"; 
256 		else
257 			throw new IllegalArgumentException("Invalid acl: " + pacl); 
258 
259 		try {
260 			encryption = WalkEncryption.instance(props);
261 		} catch (GeneralSecurityException e) {
262 			throw new IllegalArgumentException(JGitText.get().invalidEncryption, e);
263 		}
264 
265 		maxAttempts = Integer
266 				.parseInt(props.getProperty(Keys.HTTP_RETRY, "3")); 
267 		proxySelector = ProxySelector.getDefault();
268 
269 		String tmp = props.getProperty(Keys.TMP_DIR);
270 		tmpDir = tmp != null && tmp.length() > 0 ? new File(tmp) : null;
271 	}
272 
273 	
274 
275 
276 
277 
278 
279 
280 
281 
282 
283 
284 
285 
286 	public URLConnection get(String bucket, String key)
287 			throws IOException {
288 		for (int curAttempt = 0; curAttempt < maxAttempts; curAttempt++) {
289 			final HttpURLConnection c = open("GET", bucket, key); 
290 			authorize(c);
291 			switch (HttpSupport.response(c)) {
292 			case HttpURLConnection.HTTP_OK:
293 				encryption.validate(c, X_AMZ_META);
294 				return c;
295 			case HttpURLConnection.HTTP_NOT_FOUND:
296 				throw new FileNotFoundException(key);
297 			case HttpURLConnection.HTTP_INTERNAL_ERROR:
298 				continue;
299 			default:
300 				throw error(JGitText.get().s3ActionReading, key, c);
301 			}
302 		}
303 		throw maxAttempts(JGitText.get().s3ActionReading, key);
304 	}
305 
306 	
307 
308 
309 
310 
311 
312 
313 
314 
315 	public InputStream decrypt(URLConnection u) throws IOException {
316 		return encryption.decrypt(u.getInputStream());
317 	}
318 
319 	
320 
321 
322 
323 
324 
325 
326 
327 
328 
329 
330 
331 
332 
333 
334 
335 
336 
337 
338 
339 	public List<String> list(String bucket, String prefix)
340 			throws IOException {
341 		if (prefix.length() > 0 && !prefix.endsWith("/")) 
342 			prefix += "/"; 
343 		final ListParser lp = new ListParser(bucket, prefix);
344 		do {
345 			lp.list();
346 		} while (lp.truncated);
347 		return lp.entries;
348 	}
349 
350 	
351 
352 
353 
354 
355 
356 
357 
358 
359 
360 
361 
362 	public void delete(String bucket, String key)
363 			throws IOException {
364 		for (int curAttempt = 0; curAttempt < maxAttempts; curAttempt++) {
365 			final HttpURLConnection c = open("DELETE", bucket, key); 
366 			authorize(c);
367 			switch (HttpSupport.response(c)) {
368 			case HttpURLConnection.HTTP_NO_CONTENT:
369 				return;
370 			case HttpURLConnection.HTTP_INTERNAL_ERROR:
371 				continue;
372 			default:
373 				throw error(JGitText.get().s3ActionDeletion, key, c);
374 			}
375 		}
376 		throw maxAttempts(JGitText.get().s3ActionDeletion, key);
377 	}
378 
379 	
380 
381 
382 
383 
384 
385 
386 
387 
388 
389 
390 
391 
392 
393 
394 
395 
396 
397 
398 
399 	public void put(String bucket, String key, byte[] data)
400 			throws IOException {
401 		if (encryption != WalkEncryption.NONE) {
402 			
403 			
404 			
405 			try (OutputStream os = beginPut(bucket, key, null, null)) {
406 				os.write(data);
407 			}
408 			return;
409 		}
410 
411 		final String md5str = Base64.encodeBytes(newMD5().digest(data));
412 		final String lenstr = String.valueOf(data.length);
413 		for (int curAttempt = 0; curAttempt < maxAttempts; curAttempt++) {
414 			final HttpURLConnection c = open("PUT", bucket, key); 
415 			c.setRequestProperty("Content-Length", lenstr); 
416 			c.setRequestProperty("Content-MD5", md5str); 
417 			c.setRequestProperty(X_AMZ_ACL, acl);
418 			authorize(c);
419 			c.setDoOutput(true);
420 			c.setFixedLengthStreamingMode(data.length);
421 			try (OutputStream os = c.getOutputStream()) {
422 				os.write(data);
423 			}
424 
425 			switch (HttpSupport.response(c)) {
426 			case HttpURLConnection.HTTP_OK:
427 				return;
428 			case HttpURLConnection.HTTP_INTERNAL_ERROR:
429 				continue;
430 			default:
431 				throw error(JGitText.get().s3ActionWriting, key, c);
432 			}
433 		}
434 		throw maxAttempts(JGitText.get().s3ActionWriting, key);
435 	}
436 
437 	
438 
439 
440 
441 
442 
443 
444 
445 
446 
447 
448 
449 
450 
451 
452 
453 
454 
455 
456 
457 
458 
459 
460 
461 
462 
463 
464 
465 	public OutputStream beginPut(final String bucket, final String key,
466 			final ProgressMonitor monitor, final String monitorTask)
467 			throws IOException {
468 		final MessageDigest md5 = newMD5();
469 		final TemporaryBuffer buffer = new TemporaryBuffer.LocalFile(tmpDir) {
470 			@Override
471 			public void close() throws IOException {
472 				super.close();
473 				try {
474 					putImpl(bucket, key, md5.digest(), this, monitor,
475 							monitorTask);
476 				} finally {
477 					destroy();
478 				}
479 			}
480 		};
481 		return encryption.encrypt(new DigestOutputStream(buffer, md5));
482 	}
483 
484 	void putImpl(final String bucket, final String key,
485 			final byte[] csum, final TemporaryBuffer buf,
486 			ProgressMonitor monitor, String monitorTask) throws IOException {
487 		if (monitor == null)
488 			monitor = NullProgressMonitor.INSTANCE;
489 		if (monitorTask == null)
490 			monitorTask = MessageFormat.format(JGitText.get().progressMonUploading, key);
491 
492 		final String md5str = Base64.encodeBytes(csum);
493 		final long len = buf.length();
494 		for (int curAttempt = 0; curAttempt < maxAttempts; curAttempt++) {
495 			final HttpURLConnection c = open("PUT", bucket, key); 
496 			c.setFixedLengthStreamingMode(len);
497 			c.setRequestProperty("Content-MD5", md5str); 
498 			c.setRequestProperty(X_AMZ_ACL, acl);
499 			encryption.request(c, X_AMZ_META);
500 			authorize(c);
501 			c.setDoOutput(true);
502 			monitor.beginTask(monitorTask, (int) (len / 1024));
503 			try (OutputStream os = c.getOutputStream()) {
504 				buf.writeTo(os, monitor);
505 			} finally {
506 				monitor.endTask();
507 			}
508 
509 			switch (HttpSupport.response(c)) {
510 			case HttpURLConnection.HTTP_OK:
511 				return;
512 			case HttpURLConnection.HTTP_INTERNAL_ERROR:
513 				continue;
514 			default:
515 				throw error(JGitText.get().s3ActionWriting, key, c);
516 			}
517 		}
518 		throw maxAttempts(JGitText.get().s3ActionWriting, key);
519 	}
520 
521 	IOException error(final String action, final String key,
522 			final HttpURLConnection c) throws IOException {
523 		final IOException err = new IOException(MessageFormat.format(
524 				JGitText.get().amazonS3ActionFailed, action, key,
525 				Integer.valueOf(HttpSupport.response(c)),
526 				c.getResponseMessage()));
527 		if (c.getErrorStream() == null) {
528 			return err;
529 		}
530 
531 		try (InputStream errorStream = c.getErrorStream()) {
532 			final ByteArrayOutputStream b = new ByteArrayOutputStream();
533 			byte[] buf = new byte[2048];
534 			for (;;) {
535 				final int n = errorStream.read(buf);
536 				if (n < 0) {
537 					break;
538 				}
539 				if (n > 0) {
540 					b.write(buf, 0, n);
541 				}
542 			}
543 			buf = b.toByteArray();
544 			if (buf.length > 0) {
545 				err.initCause(new IOException("\n" + new String(buf))); 
546 			}
547 		}
548 		return err;
549 	}
550 
551 	IOException maxAttempts(String action, String key) {
552 		return new IOException(MessageFormat.format(
553 				JGitText.get().amazonS3ActionFailedGivingUp, action, key,
554 				Integer.valueOf(maxAttempts)));
555 	}
556 
557 	private HttpURLConnection open(final String method, final String bucket,
558 			final String key) throws IOException {
559 		final Map<String, String> noArgs = Collections.emptyMap();
560 		return open(method, bucket, key, noArgs);
561 	}
562 
563 	HttpURLConnection open(final String method, final String bucket,
564 			final String key, final Map<String, String> args)
565 			throws IOException {
566 		final StringBuilder urlstr = new StringBuilder();
567 		urlstr.append("http://"); //$NON-NLS-1$
568 		urlstr.append(bucket);
569 		urlstr.append('.');
570 		urlstr.append(domain);
571 		urlstr.append('/');
572 		if (key.length() > 0)
573 			HttpSupport.encode(urlstr, key);
574 		if (!args.isEmpty()) {
575 			final Iterator<Map.Entry<String, String>> i;
576 
577 			urlstr.append('?');
578 			i = args.entrySet().iterator();
579 			while (i.hasNext()) {
580 				final Map.Entry<String, String> e = i.next();
581 				urlstr.append(e.getKey());
582 				urlstr.append('=');
583 				HttpSupport.encode(urlstr, e.getValue());
584 				if (i.hasNext())
585 					urlstr.append('&');
586 			}
587 		}
588 
589 		final URL url = new URL(urlstr.toString());
590 		final Proxy proxy = HttpSupport.proxyFor(proxySelector, url);
591 		final HttpURLConnection c;
592 
593 		c = (HttpURLConnection) url.openConnection(proxy);
594 		c.setRequestMethod(method);
595 		c.setRequestProperty("User-Agent", "jgit/1.0"); 
596 		c.setRequestProperty("Date", httpNow()); 
597 		return c;
598 	}
599 
600 	void authorize(HttpURLConnection c) throws IOException {
601 		final Map<String, List<String>> reqHdr = c.getRequestProperties();
602 		final SortedMap<String, String> sigHdr = new TreeMap<>();
603 		for (Map.Entry<String, List<String>> entry : reqHdr.entrySet()) {
604 			final String hdr = entry.getKey();
605 			if (isSignedHeader(hdr))
606 				sigHdr.put(StringUtils.toLowerCase(hdr), toCleanString(entry.getValue()));
607 		}
608 
609 		final StringBuilder s = new StringBuilder();
610 		s.append(c.getRequestMethod());
611 		s.append('\n');
612 
613 		s.append(remove(sigHdr, "content-md5")); 
614 		s.append('\n');
615 
616 		s.append(remove(sigHdr, "content-type")); 
617 		s.append('\n');
618 
619 		s.append(remove(sigHdr, "date")); 
620 		s.append('\n');
621 
622 		for (Map.Entry<String, String> e : sigHdr.entrySet()) {
623 			s.append(e.getKey());
624 			s.append(':');
625 			s.append(e.getValue());
626 			s.append('\n');
627 		}
628 
629 		final String host = c.getURL().getHost();
630 		s.append('/');
631 		s.append(host.substring(0, host.length() - domain.length() - 1));
632 		s.append(c.getURL().getPath());
633 
634 		final String sec;
635 		try {
636 			final Mac m = Mac.getInstance(HMAC);
637 			m.init(privateKey);
638 			sec = Base64.encodeBytes(m.doFinal(s.toString().getBytes(UTF_8)));
639 		} catch (NoSuchAlgorithmException e) {
640 			throw new IOException(MessageFormat.format(JGitText.get().noHMACsupport, HMAC, e.getMessage()));
641 		} catch (InvalidKeyException e) {
642 			throw new IOException(MessageFormat.format(JGitText.get().invalidKey, e.getMessage()));
643 		}
644 		c.setRequestProperty("Authorization", "AWS " + publicKey + ":" + sec); 
645 	}
646 
647 	static Properties properties(File authFile)
648 			throws FileNotFoundException, IOException {
649 		final Properties p = new Properties();
650 		try (FileInputStream in = new FileInputStream(authFile)) {
651 			p.load(in);
652 		}
653 		return p;
654 	}
655 
656 	private final class ListParser extends DefaultHandler {
657 		final List<String> entries = new ArrayList<>();
658 
659 		private final String bucket;
660 
661 		private final String prefix;
662 
663 		boolean truncated;
664 
665 		private StringBuilder data;
666 
667 		ListParser(String bn, String p) {
668 			bucket = bn;
669 			prefix = p;
670 		}
671 
672 		void list() throws IOException {
673 			final Map<String, String> args = new TreeMap<>();
674 			if (prefix.length() > 0)
675 				args.put("prefix", prefix); 
676 			if (!entries.isEmpty())
677 				args.put("marker", prefix + entries.get(entries.size() - 1)); 
678 
679 			for (int curAttempt = 0; curAttempt < maxAttempts; curAttempt++) {
680 				final HttpURLConnection c = open("GET", bucket, "", args); 
681 				authorize(c);
682 				switch (HttpSupport.response(c)) {
683 				case HttpURLConnection.HTTP_OK:
684 					truncated = false;
685 					data = null;
686 
687 					final XMLReader xr;
688 					try {
689 						xr = XMLReaderFactory.createXMLReader();
690 					} catch (SAXException e) {
691 						throw new IOException(JGitText.get().noXMLParserAvailable);
692 					}
693 					xr.setContentHandler(this);
694 					try (InputStream in = c.getInputStream()) {
695 						xr.parse(new InputSource(in));
696 					} catch (SAXException parsingError) {
697 						throw new IOException(
698 								MessageFormat.format(
699 										JGitText.get().errorListing, prefix),
700 								parsingError);
701 					}
702 					return;
703 
704 				case HttpURLConnection.HTTP_INTERNAL_ERROR:
705 					continue;
706 
707 				default:
708 					throw AmazonS3.this.error("Listing", prefix, c); 
709 				}
710 			}
711 			throw maxAttempts("Listing", prefix); 
712 		}
713 
714 		@Override
715 		public void startElement(final String uri, final String name,
716 				final String qName, final Attributes attributes)
717 				throws SAXException {
718 			if ("Key".equals(name) || "IsTruncated".equals(name)) 
719 				data = new StringBuilder();
720 		}
721 
722 		@Override
723 		public void ignorableWhitespace(final char[] ch, final int s,
724 				final int n) throws SAXException {
725 			if (data != null)
726 				data.append(ch, s, n);
727 		}
728 
729 		@Override
730 		public void characters(char[] ch, int s, int n)
731 				throws SAXException {
732 			if (data != null)
733 				data.append(ch, s, n);
734 		}
735 
736 		@Override
737 		public void endElement(final String uri, final String name,
738 				final String qName) throws SAXException {
739 			if ("Key".equals(name)) 
740 				entries.add(data.toString().substring(prefix.length()));
741 			else if ("IsTruncated".equals(name)) 
742 				truncated = StringUtils.equalsIgnoreCase("true", data.toString()); 
743 			data = null;
744 		}
745 	}
746 }