Add new constructors in Signer classes to use java v1 credentials and…

… support to use different signing name (#26) Add new constructors in Signer classes to use java v1 credentials and add support use different signing name when signing requests
aws · Sep 17, 2024 · 3ae6ba0 · 3ae6ba0
1 parent 95d2bd6
commit 3ae6ba0
Show file tree

Hide file tree

Showing 7 changed files with 307 additions and 14 deletions.
diff --git a/pom.xml b/pom.xml
@@ -19,7 +19,7 @@
     <groupId>com.amazonaws</groupId>
     <artifactId>amazon-neptune-sigv4-signer</artifactId>
     <packaging>jar</packaging>
-    <version>3.0.1-SNAPSHOT</version>
+    <version>3.0.1</version>
 
     <name>amazon-neptune-sigv4-signer</name>
     <description>
@@ -83,6 +83,11 @@
             <artifactId>http-auth-aws</artifactId>
             <version>2.25.13</version>
         </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-core</artifactId>
+            <version>1.12.772</version>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>auth</artifactId>

diff --git a/src/main/java/com/amazonaws/neptune/auth/NeptuneApacheHttpSigV4Signer.java b/src/main/java/com/amazonaws/neptune/auth/NeptuneApacheHttpSigV4Signer.java
@@ -15,6 +15,7 @@
 
 package com.amazonaws.neptune.auth;
 
+import com.amazonaws.auth.AWSCredentialsProvider;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import org.apache.http.Header;
@@ -59,16 +60,59 @@ public class NeptuneApacheHttpSigV4Signer extends NeptuneSigV4SignerBase<HttpUri
      * Create a V4 Signer for Apache Commons HTTP requests.
      *
      * @param regionName             name of the region for which the request is signed
-     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
      * @throws NeptuneSigV4SignerException in case initialization fails
      */
-    public NeptuneApacheHttpSigV4Signer(
-            final String regionName, final AwsCredentialsProvider awsCredentialsProvider)
+    public NeptuneApacheHttpSigV4Signer(final String regionName,
+                                        final AWSCredentialsProvider v1AwsCredentialProvider)
             throws NeptuneSigV4SignerException {
 
+        super(regionName, v1AwsCredentialProvider);
+    }
+
+    /**
+     * Create a V4 Signer for Apache Commons HTTP requests.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName            name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneApacheHttpSigV4Signer(final String regionName,
+                                        final AWSCredentialsProvider v1AwsCredentialProvider,
+                                        final String serviceName) throws NeptuneSigV4SignerException {
+
+        super(regionName, v1AwsCredentialProvider, serviceName);
+    }
+
+    /**
+     * Create a V4 Signer for Apache Commons HTTP requests.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneApacheHttpSigV4Signer(final String regionName,
+                                        final AwsCredentialsProvider awsCredentialsProvider) throws NeptuneSigV4SignerException {
+
         super(regionName, awsCredentialsProvider);
     }
 
+    /**
+     * Create a V4 Signer for Apache Commons HTTP requests.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName            name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneApacheHttpSigV4Signer(final String regionName,
+                                        final AwsCredentialsProvider awsCredentialsProvider,
+                                        final String serviceName) throws NeptuneSigV4SignerException {
+
+        super(regionName, awsCredentialsProvider, serviceName);
+    }
+
     @Override
     protected SdkHttpFullRequest toSignableRequest(final HttpUriRequest request)
             throws NeptuneSigV4SignerException {

diff --git a/src/main/java/com/amazonaws/neptune/auth/NeptuneNettyHttpSigV4Signer.java b/src/main/java/com/amazonaws/neptune/auth/NeptuneNettyHttpSigV4Signer.java
@@ -15,6 +15,7 @@
 
 package com.amazonaws.neptune.auth;
 
+import com.amazonaws.auth.AWSCredentialsProvider;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.utils.StringUtils;
@@ -44,19 +45,58 @@
  */
 public class NeptuneNettyHttpSigV4Signer extends NeptuneSigV4SignerBase<FullHttpRequest> {
 
+    /**
+     * Create a V4 Signer for Netty HTTP requests.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneNettyHttpSigV4Signer(final String regionName,
+                                       final AWSCredentialsProvider v1AwsCredentialProvider) throws NeptuneSigV4SignerException {
+        super(regionName, v1AwsCredentialProvider);
+    }
+
+    /**
+     * Create a V4 Signer for Netty HTTP requests.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName            name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneNettyHttpSigV4Signer(final String regionName,
+                                       final AWSCredentialsProvider v1AwsCredentialProvider,
+                                       final String serviceName) throws NeptuneSigV4SignerException {
+        super(regionName, v1AwsCredentialProvider, serviceName);
+    }
+
     /**
      * Create a V4 Signer for Netty HTTP requests.
      *
      * @param regionName             name of the region for which the request is signed
      * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
      * @throws NeptuneSigV4SignerException in case initialization fails
      */
-    public NeptuneNettyHttpSigV4Signer(
-            final String regionName, final AwsCredentialsProvider awsCredentialsProvider)
-            throws NeptuneSigV4SignerException {
+    public NeptuneNettyHttpSigV4Signer(final String regionName,
+                                       final AwsCredentialsProvider awsCredentialsProvider) throws NeptuneSigV4SignerException {
         super(regionName, awsCredentialsProvider);
     }
 
+    /**
+     * Create a V4 Signer for Netty HTTP requests.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName            name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneNettyHttpSigV4Signer(final String regionName,
+                                       final AwsCredentialsProvider awsCredentialsProvider,
+                                       final String serviceName) throws NeptuneSigV4SignerException {
+        super(regionName, awsCredentialsProvider, serviceName);
+    }
+
     @Override
     protected SdkHttpFullRequest toSignableRequest(final FullHttpRequest request)
             throws NeptuneSigV4SignerException {

diff --git a/src/main/java/com/amazonaws/neptune/auth/NeptuneRequestMetadataSigV4Signer.java b/src/main/java/com/amazonaws/neptune/auth/NeptuneRequestMetadataSigV4Signer.java
@@ -15,6 +15,7 @@
 
 package com.amazonaws.neptune.auth;
 
+import com.amazonaws.auth.AWSCredentialsProvider;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 
@@ -48,20 +49,59 @@
  * </ul>
  */
 public class NeptuneRequestMetadataSigV4Signer extends NeptuneSigV4SignerBase<RequestMetadata> {
+
     /**
      * Create a V4 Signer for {@link RequestMetadata}.
      *
      * @param regionName             name of the region for which the request is signed
-     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
      * @throws NeptuneSigV4SignerException in case initialization fails
      */
-    public NeptuneRequestMetadataSigV4Signer(
-            final String regionName, final AwsCredentialsProvider awsCredentialsProvider)
-            throws NeptuneSigV4SignerException {
+    public NeptuneRequestMetadataSigV4Signer(final String regionName,
+                                             final AWSCredentialsProvider v1AwsCredentialProvider) throws NeptuneSigV4SignerException {
+        super(regionName, v1AwsCredentialProvider);
+    }
+
+    /**
+     * Create a V4 Signer for {@link RequestMetadata}.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName            name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneRequestMetadataSigV4Signer(final String regionName,
+                                             final AWSCredentialsProvider v1AwsCredentialProvider,
+                                             final String serviceName) throws NeptuneSigV4SignerException {
+        super(regionName, v1AwsCredentialProvider, serviceName);
+    }
 
+    /**
+     * Create a V4 Signer for {@link RequestMetadata}.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneRequestMetadataSigV4Signer(final String regionName,
+                                             final AwsCredentialsProvider awsCredentialsProvider) throws NeptuneSigV4SignerException {
         super(regionName, awsCredentialsProvider);
     }
 
+    /**
+     * Create a V4 Signer for {@link RequestMetadata}.
+     *
+     * @param regionName             name of the region for which the request is signed
+     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName            name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneRequestMetadataSigV4Signer(final String regionName,
+                                             final AwsCredentialsProvider awsCredentialsProvider,
+                                             final String serviceName) throws NeptuneSigV4SignerException {
+        super(regionName, awsCredentialsProvider, serviceName);
+    }
+
     /**
      * Converts a {@link RequestMetadata} to a signable metadata by adding signature headers for AWS SigV4 auth.
      *

diff --git a/src/main/java/com/amazonaws/neptune/auth/NeptuneSigV4SignerBase.java b/src/main/java/com/amazonaws/neptune/auth/NeptuneSigV4SignerBase.java
@@ -15,6 +15,8 @@
 
 package com.amazonaws.neptune.auth;
 
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.neptune.auth.credentials.V1toV2CredentialsProvider;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.auth.signer.Aws4Signer;
 import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
@@ -72,27 +74,75 @@ public abstract class NeptuneSigV4SignerBase<T> implements NeptuneSigV4Signer<T>
      */
     private final AwsCredentialsProvider awsCredentialsProvider;
     private final Region awsRegion;
+    /**
+     * AWS Service used to sign the requests
+     */
+    private final String serviceName;
 
     /**
      * The {@link Aws4Signer} used internally to compute the request signature.
      */
     private final Aws4Signer aws4Signer;
 
+    /**
+     * Create a {@link NeptuneSigV4Signer} instance for the given region and neptune-db service.
+     *
+     * @param regionName name of the region for which the request is signed
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneSigV4SignerBase(final String regionName,
+                                  final AWSCredentialsProvider v1AwsCredentialProvider) throws NeptuneSigV4SignerException {
+        // Use neptune-db as default service name
+        this(regionName, v1AwsCredentialProvider, NEPTUNE_SERVICE_NAME);
+    }
+
+    /**
+     * Create a {@link NeptuneSigV4Signer} instance for the given region and service name.
+     *
+     * @param regionName name of the region for which the request is signed
+     * @param v1AwsCredentialProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName name of the service name used to sign the requests. Defaults to neptune-db
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneSigV4SignerBase(final String regionName,
+                                  final AWSCredentialsProvider v1AwsCredentialProvider,
+                                  final String serviceName) throws NeptuneSigV4SignerException {
+        this(regionName, V1toV2CredentialsProvider.create(v1AwsCredentialProvider), serviceName);
+    }
+
+    /**
+     * Create a {@link NeptuneSigV4Signer} instance for the given region and neptune-db service.
+     *
+     * @param regionName name of the region for which the request is signed
+     * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @throws NeptuneSigV4SignerException in case initialization fails
+     */
+    public NeptuneSigV4SignerBase(final String regionName,
+                                  final AwsCredentialsProvider awsCredentialsProvider) throws NeptuneSigV4SignerException {
+        // Use neptune-db as default service name
+        this(regionName, awsCredentialsProvider, NEPTUNE_SERVICE_NAME);
+    }
+
     /**
      * Create a {@link NeptuneSigV4Signer} instance for the given region and service name.
      *
      * @param regionName name of the region for which the request is signed
      * @param awsCredentialsProvider the provider offering access to the credentials used for signing the request
+     * @param serviceName name of the service name used to sign the requests. Defaults to neptune-db
      * @throws NeptuneSigV4SignerException in case initialization fails
      */
-    public NeptuneSigV4SignerBase(
-            final String regionName, final AwsCredentialsProvider awsCredentialsProvider)
+    public NeptuneSigV4SignerBase(final String regionName,
+                                  final AwsCredentialsProvider awsCredentialsProvider,
+                                  final String serviceName)
             throws NeptuneSigV4SignerException {
 
         checkNotNull(regionName, "The region name must not be null");
         checkNotNull(awsCredentialsProvider, "The credentials provider must not be null");
+        checkNotNull(serviceName, "The serviceName must not be null");
         this.awsCredentialsProvider = awsCredentialsProvider;
         this.awsRegion = Region.of(regionName);
+        this.serviceName = serviceName;
 
         // initialize the signer 
         // => note that using the signer with multiple threads is safe as long as we do not
@@ -162,7 +212,7 @@ public void signRequest(final T request) throws NeptuneSigV4SignerException {
             final AwsCredentials credentials = awsCredentialsProvider.resolveCredentials();
             final Aws4SignerParams awsSignerParams = Aws4SignerParams.builder().
                 awsCredentials(credentials).
-                signingName(NEPTUNE_SERVICE_NAME).
+                signingName(serviceName).
                 signingRegion(awsRegion).
                 build();
 

diff --git a/src/main/java/com/amazonaws/neptune/auth/credentials/V1toV2CredentialsProvider.java b/src/main/java/com/amazonaws/neptune/auth/credentials/V1toV2CredentialsProvider.java
@@ -0,0 +1,40 @@
+package com.amazonaws.neptune.auth.credentials;
+
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.AWSSessionCredentials;
+import com.amazonaws.auth.AnonymousAWSCredentials;
+import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+
+public class V1toV2CredentialsProvider implements AwsCredentialsProvider {
+    private final AWSCredentialsProvider v1CredentialsProvider;
+
+    public static AwsCredentialsProvider create(final AWSCredentialsProvider v1CredentialsProvider) {
+        return new V1toV2CredentialsProvider(v1CredentialsProvider);
+    }
+
+    private V1toV2CredentialsProvider(final AWSCredentialsProvider v1CredentialsProvider) {
+        this.v1CredentialsProvider = v1CredentialsProvider;
+    }
+
+    @Override
+    public AwsCredentials resolveCredentials() {
+        final AWSCredentials v1Credentials = this.v1CredentialsProvider.getCredentials();
+
+        if (v1Credentials instanceof AnonymousAWSCredentials) {
+            return AnonymousCredentialsProvider.create().resolveCredentials();
+        } else if (v1Credentials instanceof AWSSessionCredentials) {
+            return AwsSessionCredentials.builder()
+                    .accessKeyId(v1Credentials.getAWSAccessKeyId())
+                    .secretAccessKey(v1Credentials.getAWSSecretKey())
+                    .sessionToken(((AWSSessionCredentials) v1Credentials).getSessionToken())
+                    .build();
+        } else {
+            return AwsBasicCredentials.create(v1Credentials.getAWSAccessKeyId(), v1Credentials.getAWSSecretKey());
+        }
+    }
+}