Skip to content

Commit c921d0f

Browse files
rock619kolea2
rock619
authored and
kolea2
committed
---
yaml --- r: 26761 b: refs/heads/v4support c: 249d163 h: refs/heads/master i: 26759: c982151
1 parent 3d30583 commit c921d0f

13 files changed

Lines changed: 42 additions & 628 deletions

File tree

[refs]

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,7 @@ refs/heads/igorbernstein2-patch-1: f62464ee14df1e44a3b173cdc3976563d1b3078b
176176
refs/heads/mrschmidt-collectiongroup: a6d948bf3731a7e1ce1fcd3db8ab733a3c9b17de
177177
refs/heads/release-google-cloud-java-v0.83.0: 4b55ec1b81b3886ede61ae868391a3cdf7eed90e
178178
refs/heads/release-google-cloud-java-v0.83.1-SNAPSHOT: 8d6db7ee534d12b1df38d8cf314871df76f87577
179-
refs/heads/v4support: 63c42ad68156c228e1bc3ca02f5ea8bf0d3bfd07
179+
refs/heads/v4support: 249d1636213be23efd68c92c08252e8b1ed930d6
180180
refs/tags/v0.82.0: 7b9807d5d0a400c757b8905fee768be4c85eba25
181181
refs/tags/v0.83.0: 370ec5a1131a86b36db8efce4f1a943607de8a60
182182
refs/tags/v0.84.0: 71e85198495a39f4524afa2669434b5075c17c3d

branches/v4support/google-cloud-clients/google-cloud-spanner/src/main/java/com/google/cloud/spanner/SessionPoolOptions.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ public Builder setMinSessions(int minSessions) {
9898
* Maximum number of sessions that this pool will have. If current numbers of sessions in the
9999
* pool is less than this and they are all busy, then a new session will be created for any new
100100
* operation. If current number of in use sessions is same as this and a new request comes, pool
101-
* can either block or fail. Defaults to 2000.
101+
* can either block or fail. Defaults to 400.
102102
*/
103103
public Builder setMaxSessions(int maxSessions) {
104104
this.maxSessions = maxSessions;

branches/v4support/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/CanonicalExtensionHeadersSerializer.java

Lines changed: 16 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -32,29 +32,31 @@
3232
public class CanonicalExtensionHeadersSerializer {
3333

3434
private static final char HEADER_SEPARATOR = ':';
35-
private static final char HEADER_NAME_SEPARATOR = ';';
36-
37-
private final Storage.SignUrlOption.SignatureVersion signatureVersion;
38-
39-
public CanonicalExtensionHeadersSerializer(
40-
Storage.SignUrlOption.SignatureVersion signatureVersion) {
41-
this.signatureVersion = signatureVersion;
42-
}
43-
44-
public CanonicalExtensionHeadersSerializer() {
45-
// TODO switch this when V4 becomes default
46-
this.signatureVersion = Storage.SignUrlOption.SignatureVersion.V2;
47-
}
4835

4936
public StringBuilder serialize(Map<String, String> canonicalizedExtensionHeaders) {
5037

5138
StringBuilder serializedHeaders = new StringBuilder();
5239

5340
if (canonicalizedExtensionHeaders == null || canonicalizedExtensionHeaders.isEmpty()) {
41+
5442
return serializedHeaders;
5543
}
5644

57-
Map<String, String> lowercaseHeaders = getLowercaseHeaders(canonicalizedExtensionHeaders);
45+
// Make all custom header names lowercase.
46+
Map<String, String> lowercaseHeaders = new HashMap<>();
47+
for (String headerName : new ArrayList<>(canonicalizedExtensionHeaders.keySet())) {
48+
49+
String lowercaseHeaderName = headerName.toLowerCase();
50+
51+
// If present, remove the x-goog-encryption-key and x-goog-encryption-key-sha256 headers.
52+
if ("x-goog-encryption-key".equals(lowercaseHeaderName)
53+
|| "x-goog-encryption-key-sha256".equals(lowercaseHeaderName)) {
54+
55+
continue;
56+
}
57+
58+
lowercaseHeaders.put(lowercaseHeaderName, canonicalizedExtensionHeaders.get(headerName));
59+
}
5860

5961
// Sort all custom headers by header name using a lexicographical sort by code point value.
6062
List<String> sortedHeaderNames = new ArrayList<>(lowercaseHeaders.keySet());
@@ -79,47 +81,4 @@ public StringBuilder serialize(Map<String, String> canonicalizedExtensionHeaders
7981
// Concatenate all custom headers
8082
return serializedHeaders;
8183
}
82-
83-
public StringBuilder serializeHeaderNames(Map<String, String> canonicalizedExtensionHeaders) {
84-
StringBuilder serializedHeaders = new StringBuilder();
85-
86-
if (canonicalizedExtensionHeaders == null || canonicalizedExtensionHeaders.isEmpty()) {
87-
return serializedHeaders;
88-
}
89-
Map<String, String> lowercaseHeaders = getLowercaseHeaders(canonicalizedExtensionHeaders);
90-
91-
List<String> sortedHeaderNames = new ArrayList<>(lowercaseHeaders.keySet());
92-
Collections.sort(sortedHeaderNames);
93-
94-
for (String headerName : sortedHeaderNames) {
95-
serializedHeaders.append(headerName).append(HEADER_NAME_SEPARATOR);
96-
}
97-
98-
serializedHeaders.setLength(serializedHeaders.length() - 1); // remove trailing semicolon
99-
100-
return serializedHeaders;
101-
}
102-
103-
private Map<String, String> getLowercaseHeaders(
104-
Map<String, String> canonicalizedExtensionHeaders) {
105-
// Make all custom header names lowercase.
106-
Map<String, String> lowercaseHeaders = new HashMap<>();
107-
for (String headerName : new ArrayList<>(canonicalizedExtensionHeaders.keySet())) {
108-
109-
String lowercaseHeaderName = headerName.toLowerCase();
110-
111-
// If present and we're V2, remove the x-goog-encryption-key and x-goog-encryption-key-sha256
112-
// headers. (CSEK headers are allowed for V4)
113-
if (Storage.SignUrlOption.SignatureVersion.V2.equals(signatureVersion)
114-
&& ("x-goog-encryption-key".equals(lowercaseHeaderName)
115-
|| "x-goog-encryption-key-sha256".equals(lowercaseHeaderName))) {
116-
117-
continue;
118-
}
119-
120-
lowercaseHeaders.put(lowercaseHeaderName, canonicalizedExtensionHeaders.get(headerName));
121-
}
122-
123-
return lowercaseHeaders;
124-
}
12584
}

branches/v4support/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/SignatureInfo.java

Lines changed: 4 additions & 152 deletions
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,8 @@
1818

1919
import static com.google.common.base.Preconditions.checkArgument;
2020

21-
import com.google.common.collect.ImmutableMap;
22-
import com.google.common.hash.Hashing;
23-
import com.google.common.net.UrlEscapers;
2421
import java.net.URI;
25-
import java.nio.charset.StandardCharsets;
26-
import java.text.SimpleDateFormat;
27-
import java.util.Date;
28-
import java.util.HashMap;
2922
import java.util.Map;
30-
import java.util.TimeZone;
3123

3224
/**
3325
* Signature Info holds payload components of the string that requires signing.
@@ -39,70 +31,30 @@
3931
public class SignatureInfo {
4032

4133
public static final char COMPONENT_SEPARATOR = '\n';
42-
public static final String GOOG4_RSA_SHA256 = "GOOG4-RSA-SHA256";
43-
public static final String SCOPE = "/auto/storage/goog4_request";
4434

4535
private final HttpMethod httpVerb;
4636
private final String contentMd5;
4737
private final String contentType;
4838
private final long expiration;
4939
private final Map<String, String> canonicalizedExtensionHeaders;
5040
private final URI canonicalizedResource;
51-
private final Storage.SignUrlOption.SignatureVersion signatureVersion;
52-
private final String accountEmail;
53-
private final long timestamp;
54-
55-
private final String yearMonthDay;
56-
private final String exactDate;
5741

5842
private SignatureInfo(Builder builder) {
5943
this.httpVerb = builder.httpVerb;
6044
this.contentMd5 = builder.contentMd5;
6145
this.contentType = builder.contentType;
6246
this.expiration = builder.expiration;
47+
this.canonicalizedExtensionHeaders = builder.canonicalizedExtensionHeaders;
6348
this.canonicalizedResource = builder.canonicalizedResource;
64-
this.signatureVersion = builder.signatureVersion;
65-
this.accountEmail = builder.accountEmail;
66-
this.timestamp = builder.timestamp;
67-
68-
if (Storage.SignUrlOption.SignatureVersion.V4.equals(signatureVersion)
69-
&& (!builder.canonicalizedExtensionHeaders.containsKey("host"))) {
70-
canonicalizedExtensionHeaders =
71-
new ImmutableMap.Builder<String, String>()
72-
.putAll(builder.canonicalizedExtensionHeaders)
73-
.put("host", "storage.googleapis.com")
74-
.build();
75-
} else {
76-
canonicalizedExtensionHeaders = builder.canonicalizedExtensionHeaders;
77-
}
78-
79-
Date date = new Date(timestamp);
80-
81-
SimpleDateFormat yearMonthDayFormat = new SimpleDateFormat("yyyyMMdd");
82-
SimpleDateFormat exactDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
83-
84-
yearMonthDayFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
85-
exactDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
86-
87-
yearMonthDay = yearMonthDayFormat.format(date);
88-
exactDate = exactDateFormat.format(date);
8949
}
9050

9151
/**
9252
* Constructs payload to be signed.
9353
*
94-
* @return payload to sign
54+
* @return paylod to sign
9555
* @see <a href="https://cloud.google.com/storage/docs/access-control#Signed-URLs">Signed URLs</a>
9656
*/
9757
public String constructUnsignedPayload() {
98-
// TODO reverse order when V4 becomes default
99-
if (Storage.SignUrlOption.SignatureVersion.V4.equals(signatureVersion)) {
100-
return constructV4UnsignedPayload();
101-
}
102-
return constructV2UnsignedPayload();
103-
}
104-
105-
private String constructV2UnsignedPayload() {
10658
StringBuilder payload = new StringBuilder();
10759

10860
payload.append(httpVerb.name()).append(COMPONENT_SEPARATOR);
@@ -115,72 +67,19 @@ private String constructV2UnsignedPayload() {
11567
payload.append(contentType);
11668
}
11769
payload.append(COMPONENT_SEPARATOR);
70+
11871
payload.append(expiration).append(COMPONENT_SEPARATOR);
11972

12073
if (canonicalizedExtensionHeaders != null) {
12174
payload.append(
122-
new CanonicalExtensionHeadersSerializer(Storage.SignUrlOption.SignatureVersion.V2)
123-
.serialize(canonicalizedExtensionHeaders));
75+
new CanonicalExtensionHeadersSerializer().serialize(canonicalizedExtensionHeaders));
12476
}
12577

12678
payload.append(canonicalizedResource);
12779

12880
return payload.toString();
12981
}
13082

131-
private String constructV4UnsignedPayload() {
132-
StringBuilder payload = new StringBuilder();
133-
134-
payload.append(GOOG4_RSA_SHA256).append(COMPONENT_SEPARATOR);
135-
payload.append(exactDate).append(COMPONENT_SEPARATOR);
136-
payload.append(yearMonthDay).append(SCOPE).append(COMPONENT_SEPARATOR);
137-
payload.append(constructV4CanonicalRequestHash());
138-
139-
return payload.toString();
140-
}
141-
142-
private String constructV4CanonicalRequestHash() {
143-
StringBuilder canonicalRequest = new StringBuilder();
144-
145-
CanonicalExtensionHeadersSerializer serializer =
146-
new CanonicalExtensionHeadersSerializer(Storage.SignUrlOption.SignatureVersion.V4);
147-
148-
canonicalRequest.append(httpVerb.name()).append(COMPONENT_SEPARATOR);
149-
canonicalRequest.append(canonicalizedResource).append(COMPONENT_SEPARATOR);
150-
canonicalRequest.append(constructV4QueryString()).append(COMPONENT_SEPARATOR);
151-
canonicalRequest
152-
.append(serializer.serialize(canonicalizedExtensionHeaders))
153-
.append(COMPONENT_SEPARATOR);
154-
canonicalRequest
155-
.append(serializer.serializeHeaderNames(canonicalizedExtensionHeaders))
156-
.append(COMPONENT_SEPARATOR);
157-
canonicalRequest.append("UNSIGNED-PAYLOAD");
158-
159-
return Hashing.sha256()
160-
.hashString(canonicalRequest.toString(), StandardCharsets.UTF_8)
161-
.toString();
162-
}
163-
164-
public String constructV4QueryString() {
165-
StringBuilder signedHeaders =
166-
new CanonicalExtensionHeadersSerializer(Storage.SignUrlOption.SignatureVersion.V4)
167-
.serializeHeaderNames(canonicalizedExtensionHeaders);
168-
169-
StringBuilder queryString = new StringBuilder();
170-
queryString.append("X-Goog-Algorithm=").append(GOOG4_RSA_SHA256).append("&");
171-
queryString.append(
172-
"X-Goog-Credential="
173-
+ UrlEscapers.urlFormParameterEscaper()
174-
.escape(accountEmail + "/" + yearMonthDay + SCOPE)
175-
+ "&");
176-
queryString.append("X-Goog-Date=" + exactDate + "&");
177-
queryString.append("X-Goog-Expires=" + expiration + "&");
178-
queryString.append(
179-
"X-Goog-SignedHeaders="
180-
+ UrlEscapers.urlFormParameterEscaper().escape(signedHeaders.toString()));
181-
return queryString.toString();
182-
}
183-
18483
public HttpMethod getHttpVerb() {
18584
return httpVerb;
18685
}
@@ -205,18 +104,6 @@ public URI getCanonicalizedResource() {
205104
return canonicalizedResource;
206105
}
207106

208-
public Storage.SignUrlOption.SignatureVersion getSignatureVersion() {
209-
return signatureVersion;
210-
}
211-
212-
public long getTimestamp() {
213-
return timestamp;
214-
}
215-
216-
public String getAccountEmail() {
217-
return accountEmail;
218-
}
219-
220107
public static final class Builder {
221108

222109
private final HttpMethod httpVerb;
@@ -225,9 +112,6 @@ public static final class Builder {
225112
private final long expiration;
226113
private Map<String, String> canonicalizedExtensionHeaders;
227114
private final URI canonicalizedResource;
228-
private Storage.SignUrlOption.SignatureVersion signatureVersion;
229-
private String accountEmail;
230-
private long timestamp;
231115

232116
/**
233117
* Constructs builder.
@@ -250,9 +134,6 @@ public Builder(SignatureInfo signatureInfo) {
250134
this.expiration = signatureInfo.expiration;
251135
this.canonicalizedExtensionHeaders = signatureInfo.canonicalizedExtensionHeaders;
252136
this.canonicalizedResource = signatureInfo.canonicalizedResource;
253-
this.signatureVersion = signatureInfo.signatureVersion;
254-
this.accountEmail = signatureInfo.accountEmail;
255-
this.timestamp = signatureInfo.timestamp;
256137
}
257138

258139
public Builder setContentMd5(String contentMd5) {
@@ -274,41 +155,12 @@ public Builder setCanonicalizedExtensionHeaders(
274155
return this;
275156
}
276157

277-
public Builder setSignatureVersion(Storage.SignUrlOption.SignatureVersion signatureVersion) {
278-
this.signatureVersion = signatureVersion;
279-
280-
return this;
281-
}
282-
283-
public Builder setAccountEmail(String accountEmail) {
284-
this.accountEmail = accountEmail;
285-
286-
return this;
287-
}
288-
289-
public Builder setTimestamp(long timestamp) {
290-
this.timestamp = timestamp;
291-
292-
return this;
293-
}
294-
295158
/** Creates an {@code SignatureInfo} object from this builder. */
296159
public SignatureInfo build() {
297160
checkArgument(httpVerb != null, "Required HTTP method");
298161
checkArgument(canonicalizedResource != null, "Required canonicalized resource");
299162
checkArgument(expiration >= 0, "Expiration must be greater than or equal to zero");
300163

301-
if (Storage.SignUrlOption.SignatureVersion.V4.equals(signatureVersion)) {
302-
checkArgument(accountEmail != null, "Account email required to use V4 signing");
303-
checkArgument(timestamp > 0, "Timestamp required to use V4 signing");
304-
checkArgument(
305-
expiration <= 604800, "Expiration can't be longer than 7 days to use V4 signing");
306-
}
307-
308-
if (canonicalizedExtensionHeaders == null) {
309-
canonicalizedExtensionHeaders = new HashMap<>();
310-
}
311-
312164
return new SignatureInfo(this);
313165
}
314166
}

branches/v4support/google-cloud-clients/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java

Lines changed: 0 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -886,15 +886,9 @@ enum Option {
886886
MD5,
887887
EXT_HEADERS,
888888
SERVICE_ACCOUNT_CRED,
889-
SIGNATURE_VERSION,
890889
HOST_NAME
891890
}
892891

893-
enum SignatureVersion {
894-
V2,
895-
V4
896-
}
897-
898892
private SignUrlOption(Option option, Object value) {
899893
this.option = option;
900894
this.value = value;
@@ -943,22 +937,6 @@ public static SignUrlOption withExtHeaders(Map<String, String> extHeaders) {
943937
return new SignUrlOption(Option.EXT_HEADERS, extHeaders);
944938
}
945939

946-
/**
947-
* Use if signature version should be V2. This is the default if neither this or {@code withV4Signature()} is
948-
* called.
949-
*/
950-
public static SignUrlOption withV2Signature() {
951-
return new SignUrlOption(Option.SIGNATURE_VERSION, SignatureVersion.V2);
952-
}
953-
954-
/**
955-
* Use if signature version should be V4. Note that V4 Signed URLs can't have an expiration longer than 7 days.
956-
* V2 will be the default if neither this or {@code withV2Signature()} is called.
957-
*/
958-
public static SignUrlOption withV4Signature() {
959-
return new SignUrlOption(Option.SIGNATURE_VERSION, SignatureVersion.V4);
960-
}
961-
962940
/**
963941
* Provides a service account signer to sign the URL. If not provided an attempt will be made to
964942
* get it from the environment.

0 commit comments

Comments
 (0)