Package com.amazonaws.neptune.auth

Class NeptuneSigV4SignerBase<T>

  • Type Parameters:
    T - type of the request to be signed
    All Implemented Interfaces:
    NeptuneSigV4Signer<T>
    Direct Known Subclasses:
    NeptuneApacheHttpSigV4Signer, NeptuneNettyHttpSigV4Signer, NeptuneRequestMetadataSigV4Signer
    public abstract class NeptuneSigV4SignerBase<T>
extends Object
implements NeptuneSigV4Signer<T>
    Base implementation of NeptuneSigV4Signer interface.

    This implementation uses the internal AWS SDK signer to sign requests. The constructor requires the region name for which to sign as well as an AwsCredentialsProvider providing access to the credentials used for signing the request. The service name used within the signing process is hardcoded to be "neptune-db", which is the official name of the Amazon Neptune service.

    The implementation uses the following approach for signing the request:

    1. Convert the input request nto an AWS SDK SdkHttpFullRequest.
    2. Sign the SdkHttpFullRequest using an AWS SDK Aws4Signer
    3. \Attach the computed authorization headers to the input request, thus signing it
    The signed request can then be sent to an IAM authorized Neptune instance.
    Author:
    schmdtm

    • Constructor Detail

      • NeptuneSigV4SignerBase

        public NeptuneSigV4SignerBase​(String regionName,
                              com.amazonaws.auth.AWSCredentialsProvider v1AwsCredentialProvider)
                       throws NeptuneSigV4SignerException
        Create a NeptuneSigV4Signer instance for the given region and neptune-db service.
        Parameters:
        regionName - name of the region for which the request is signed
        v1AwsCredentialProvider - the provider offering access to the credentials used for signing the request
        Throws:
        NeptuneSigV4SignerException - in case initialization fails

      • NeptuneSigV4SignerBase

        public NeptuneSigV4SignerBase​(String regionName,
                              com.amazonaws.auth.AWSCredentialsProvider v1AwsCredentialProvider,
                              String serviceName)
                       throws NeptuneSigV4SignerException
        Create a NeptuneSigV4Signer instance for the given region and service name.
        Parameters:
        regionName - name of the region for which the request is signed
        v1AwsCredentialProvider - the provider offering access to the credentials used for signing the request
        serviceName - name of the service name used to sign the requests. Defaults to neptune-db
        Throws:
        NeptuneSigV4SignerException - in case initialization fails

      • NeptuneSigV4SignerBase

        public NeptuneSigV4SignerBase​(String regionName,
                              software.amazon.awssdk.auth.credentials.AwsCredentialsProvider awsCredentialsProvider)
                       throws NeptuneSigV4SignerException
        Create a NeptuneSigV4Signer instance for the given region and neptune-db service.
        Parameters:
        regionName - name of the region for which the request is signed
        awsCredentialsProvider - the provider offering access to the credentials used for signing the request
        Throws:
        NeptuneSigV4SignerException - in case initialization fails

      • NeptuneSigV4SignerBase

        public NeptuneSigV4SignerBase​(String regionName,
                              software.amazon.awssdk.auth.credentials.AwsCredentialsProvider awsCredentialsProvider,
                              String serviceName)
                       throws NeptuneSigV4SignerException
        Create a NeptuneSigV4Signer instance for the given region and service name.
        Parameters:
        regionName - name of the region for which the request is signed
        awsCredentialsProvider - the provider offering access to the credentials used for signing the request
        serviceName - name of the service name used to sign the requests. Defaults to neptune-db
        Throws:
        NeptuneSigV4SignerException - in case initialization fails

    • Method Detail

      • toSignableRequest

        protected abstract software.amazon.awssdk.http.SdkHttpFullRequest toSignableRequest​(T nativeRequest)
                                                                             throws NeptuneSigV4SignerException
        Convert the native request into an AWS SDK SignableRequest object which can be used to perform signing. This means that the information from the request relevant for signing (such as request URI, query string, headers, etc.) need to be extracted from the native request and mapped to a SignableRequest object, which is used internally for the signing process.

        Note that the signable request internally, during the signing process, adds a "Host" header. This may lead to problems if the original request has a host header with a name in different capitalization (e.g. "host"), leading to duplicate host headers and the signing process to fail. Hence, when using the API you need to make sure that there is either no host header in your original request or the host header uses the exact string "Host" as the header name. The easiest solution, if you have control over the native HTTP request, is to just leave out the host header when translating and create one when signing (the host header value will be part of the struct returned from the signing process).

        Parameters:
        nativeRequest - the native HTTP request
        Returns:
        the SdkHttpFullRequest
        Throws:
        NeptuneSigV4SignerException - in case something goes wrong during translation

      • attachSignature

        protected abstract void attachSignature​(T nativeRequest,
                                        NeptuneSigV4SignerBase.NeptuneSigV4Signature signature)
                                 throws NeptuneSigV4SignerException
        Attach the signature provided in the signature object to the nativeRequest. More precisely, the signature contains two headers, X-AMZ-DATE and an Authorization header, which need to be attached to the native HTTP request as HTTP headers or query string depending on the type of signature requested - header/pre-signed url.
        Parameters:
        nativeRequest - the native HTTP request
        signature - the signature information to attach
        Throws:
        NeptuneSigV4SignerException - in case something goes wrong during signing of the native request

      • signRequest

        public void signRequest​(T request)
                 throws NeptuneSigV4SignerException
        Main logics to sign the request. The scheme is to convert the request into a signable request using toSignableRequest, then sign it using the AWS SDK, and finally attach the signature headers to the original request using attachSignature.

        Note that toSignableRequest and attachSignature are abstract classes in this base class, they require dedicated implementations depending on the type of the native HTTP request.

        Specified by:
        signRequest in interface NeptuneSigV4Signer<T>
        Parameters:
        request - the request to be signed
        Throws:
        NeptuneSigV4SignerException - in case something goes wrong during signing

      • convertToSignableRequest

        protected software.amazon.awssdk.http.SdkHttpFullRequest convertToSignableRequest​(String httpMethodName,
                                                                                  URI httpEndpointUri,
                                                                                  String resourcePath,
                                                                                  Map<String,​List<String>> httpHeaders,
                                                                                  Map<String,​List<String>> httpParameters,
                                                                                  InputStream httpContent)
                                                                           throws NeptuneSigV4SignerException
        Helper method to create an AWS SDK SdkHttpFullRequest based on HTTP information. None of the information passed in here must be null. Can (yet must not) be used by implementing classes.

        Also note that the resulting request will not yet be actually signed; this is really only a helper to convert the relevant information from the original HTTP request into the AWS SDK's internal format that will be used for computing the signature in a later step, see the signRequest method for details.

        Parameters:
        httpMethodName - name of the HTTP method (e.g. "GET", "POST", ...)
        httpEndpointUri - URI of the endpoint to which the HTTP request is sent. E.g. http://[host]:port/
        resourcePath - the resource path of the request. /resource/id is the path in http://[host]:port/resource/id
        httpHeaders - the headers, defined as a mapping from keys (header name) to a list of values (header [values,values])
        httpParameters - the parameters, defined as a mapping from keys (parameter names) to a list of values
        httpContent - the content carried by the HTTP request; use an empty InputStream for GET requests
        Returns:
        the resulting AWS SDK signable request
        Throws:
        NeptuneSigV4SignerException - in case something goes wrong signing the request

      • extractParametersFromQueryString

        protected Map<String,​List<String>> extractParametersFromQueryString​(String queryStr)
        Extracts the parameters from a query string (such as param1=value1&param2=value2&...). The same parameter name may occur multiple times (e.g. param1 might actually be the same string value as param2). The result is represented as a map from unique key names to a list of their values. The query string may be null, in which case an empty map is returned.
        Parameters:
        queryStr - the query string from which parameters are extracted
        Returns:
        a hash map, mapping parameters by name to a list of values