Examples of com.cloud.bridge.service.core.s3.S3ConditionFactory

• com.cloud.bridge.service.core.s3.S3AuthParams

  private S3AccessControlList toEngineAccessControlList(AccessControlList acl)
  {
    if (acl == null) return null;

    S3AccessControlList engineAcl = new S3AccessControlList();

    Grant[] grants = acl.getGrant();
    if (grants != null)
    {
      for (Grant grant: grants)
      {
        S3Grant engineGrant = new S3Grant();

        Grantee grantee = grant.getGrantee();
        if (grantee instanceof CanonicalUser)
        {
          engineGrant.setGrantee(SAcl.GRANTEE_USER);
          engineGrant.setCanonicalUserID(((CanonicalUser)grantee).getID());
        }
        else if (grantee instanceof Group)
        {
           Group temp = (Group)grantee;
           String uri = temp.getURI();
           if ( uri.equalsIgnoreCase( "http://acs.amazonaws.com/groups/global/AllUsers" )) {
              // -> this allows all public unauthenticated access based on permission given
              engineGrant.setGrantee(SAcl.GRANTEE_ALLUSERS);
              engineGrant.setCanonicalUserID( "*" );
           }
           else if (uri.equalsIgnoreCase( "http://acs.amazonaws.com/groups/global/Authenticated" )) {
              // -> this allows any authenticated user access based on permission given
              engineGrant.setGrantee(SAcl.GRANTEE_AUTHENTICATED);
              engineGrant.setCanonicalUserID( "A" );
           }
           else throw new UnsupportedOperationException("Unsupported grantee group URI: " + uri );

        }
        else throw new UnsupportedOperationException("Unsupported grantee type: " + grantee.getClass().getCanonicalName());

        Permission permission = grant.getPermission();
        String permissionValue = permission.getValue();
        if(permissionValue.equalsIgnoreCase("READ")) {
          engineGrant.setPermission(SAcl.PERMISSION_READ);
        } else if(permissionValue.equalsIgnoreCase("WRITE")) {
          engineGrant.setPermission(SAcl.PERMISSION_WRITE);
        } else if(permissionValue.equalsIgnoreCase("READ_ACP")) {
          engineGrant.setPermission(SAcl.PERMISSION_READ_ACL);
        } else if(permissionValue.equalsIgnoreCase("WRITE_ACP")) {
          engineGrant.setPermission(SAcl.PERMISSION_WRITE_ACL);
        } else if(permissionValue.equalsIgnoreCase("FULL_CONTROL")) {
          engineGrant.setPermission(SAcl.PERMISSION_FULL);
        } else {
          throw new UnsupportedOperationException("Unsupported permission: " + permissionValue);
        }
        engineAcl.addGrant(engineGrant);
      }
    }
    return engineAcl;
  }

        // [B] Obtain the grant request which applies to the acl request string.  This latter is supplied as the value of the x-amz-acl header.

        S3SetObjectAccessControlPolicyRequest engineRequest = new S3SetObjectAccessControlPolicyRequest();
        S3Grant grantRequest = new S3Grant();
        S3AccessControlList aclRequest = new S3AccessControlList();

        String aclRequestString = request.getHeader("x-amz-acl");
        OrderedPair <Integer,Integer> accessControlsForObjectOwner = SAclVO.getCannedAccessControls(aclRequestString,"SObject");
        grantRequest.setPermission(accessControlsForObjectOwner.getFirst());
        grantRequest.setGrantee(accessControlsForObjectOwner.getSecond());
        grantRequest.setCanonicalUserID(owner);
        aclRequest.addGrant(grantRequest);
        engineRequest.setAcl(aclRequest);
        engineRequest.setBucketName(bucketName);
        engineRequest.setKey(key);

        String signature = (String) request.getAttribute(S3Constants.PLAIN_POST_SIGNATURE);
        S3Grant grant = new S3Grant();
        grant.setCanonicalUserID(accessKey);
        grant.setGrantee(SAcl.GRANTEE_USER);
        grant.setPermission(SAcl.PERMISSION_FULL);
        S3AccessControlList acl = new S3AccessControlList();
        acl.addGrant(grant);
        S3PutObjectInlineRequest engineRequest = new S3PutObjectInlineRequest();
        engineRequest.setBucketName(bucket);
        engineRequest.setKey(key);
        engineRequest.setAcl(acl);
        engineRequest.setContentLength(contentLength);

        // [B] Obtain the grant request which applies to the acl request string.
        // This latter is supplied as the value of the x-amz-acl header.

        S3SetBucketAccessControlPolicyRequest engineRequest = new S3SetBucketAccessControlPolicyRequest();
        S3Grant grantRequest = new S3Grant();
        S3AccessControlList aclRequest = new S3AccessControlList();

        String aclRequestString = request.getHeader("x-amz-acl");
        OrderedPair<Integer, Integer> accessControlsForBucketOwner = SAclVO.getCannedAccessControls(aclRequestString, "SBucket");
        grantRequest.setPermission(accessControlsForBucketOwner.getFirst());
        grantRequest.setGrantee(accessControlsForBucketOwner.getSecond());
        grantRequest.setCanonicalUserID(owner);
        aclRequest.addGrant(grantRequest);
        engineRequest.setAcl(aclRequest);
        engineRequest.setBucketName(bucketName);

        // [C] Allow an S3Engine to handle the
        // S3SetBucketAccessControlPolicyRequest

        // [C] Get a list of all Grant elements in an AccessControlList
        part = getElement( doc, "http://s3.amazonaws.com/doc/2006-03-01/", "Grant" );
        if (null != part)
        {
            S3AccessControlList engineAcl = new S3AccessControlList();

            count = part.getLength();
            for( int i=0; i < count; i++ )
            {
                parent = part.item(i);
                S3Grant engineGrant = new S3Grant();

                // -> get a list of all the children elements of the 'Grant' parent element
                if (null != (children = parent.getChildNodes()))
                {
                    int numChildren = children.getLength();
                    for( int j=0; j < numChildren; j++ )
                    {
                        contents = children.item( j );
                        element  = contents.getNodeName().trim();
                        if ( element.endsWith( "Grantee" ))
                        {
                            NamedNodeMap attbs = contents.getAttributes();
                            if (null != attbs)
                            {
                                Node type = attbs.getNamedItemNS( "http://www.w3.org/2001/XMLSchema-instance", "type" );
                                if ( null != type )
                                    temp = type.getFirstChild().getNodeValue().trim();
                                else temp = null;

                                if ( null != temp && temp.equalsIgnoreCase( "CanonicalUser" ))
                                {
                                    engineGrant.setGrantee(SAcl.GRANTEE_USER);
                                    engineGrant.setCanonicalUserID( getChildNodeValue( contents, "ID" ));
                                }
                                else throw new UnsupportedOperationException( "Missing http://www.w3.org/2001/XMLSchema-instance:type value" );
                            }
                        }
                        else if (element.endsWith( "Permission" ))
                        {
                            temp = contents.getFirstChild().getNodeValue().trim();
                            if (temp.equalsIgnoreCase("READ"        )) engineGrant.setPermission(SAcl.PERMISSION_READ);
                            else if (temp.equalsIgnoreCase("WRITE"       )) engineGrant.setPermission(SAcl.PERMISSION_WRITE);
                            else if (temp.equalsIgnoreCase("READ_ACP"    )) engineGrant.setPermission(SAcl.PERMISSION_READ_ACL);
                            else if (temp.equalsIgnoreCase("WRITE_ACP"   )) engineGrant.setPermission(SAcl.PERMISSION_WRITE_ACL);
                            else if (temp.equalsIgnoreCase("FULL_CONTROL")) engineGrant.setPermission(SAcl.PERMISSION_FULL);
                            else throw new UnsupportedOperationException( "Unsupported permission: " + temp );
                        }
                    }
                    engineAcl.addGrant( engineGrant );
                }
            }
            request.setAcl( engineAcl );
        }
        return request;

        // -> is this a request for a specific version of the object?  look for "versionId=" in the query string
        String queryString = request.getQueryString();
        if (null != queryString) engineRequest.setVersion( returnParameter( queryString, "versionId=" ));

        S3AccessControlPolicy engineResponse = ServiceProvider.getInstance().getS3Engine().handleRequest(engineRequest);
        int resultCode = engineResponse.getResultCode();
        if (200 != resultCode) {
            response.setStatus( resultCode );
            return;
        }
        String version = engineResponse.getVersion();
        if (null != version) response.addHeader( "x-amz-version-id", version );


        // To allow the get object acl policy result to be serialized via Axiom classes
        GetObjectAccessControlPolicyResponse onePolicy = S3SerializableServiceImplementation.toGetObjectAccessControlPolicyResponse( engineResponse );

        engineRequest.setAccessKey(UserContext.current().getAccessKey());
        engineRequest.setRequestTimestamp( cal );
        engineRequest.setSignature( "" );   // TODO - Consider providing signature in a future release which allows additional user description
        engineRequest.setBucketName((String)request.getAttribute(S3Constants.BUCKET_ATTR_KEY));

        S3AccessControlPolicy engineResponse = ServiceProvider.getInstance().getS3Engine().handleRequest(engineRequest);

        // To allow the bucket acl policy result to be serialized via Axiom classes
        GetBucketAccessControlPolicyResponse onePolicy = S3SerializableServiceImplementation.toGetBucketAccessControlPolicyResponse( engineResponse );

        OutputStream outputStream = response.getOutputStream();

        int countMeta = 0;
        int state = 0;

        // [A] First parse all the parts out of the POST request and message body
        // -> bucket name is still encoded in a Host header
        S3AuthParams params = new S3AuthParams();
        List<S3MetaDataEntry> metaSet = new ArrayList<S3MetaDataEntry>();
        S3PutObjectInlineRequest engineRequest = new S3PutObjectInlineRequest();
        engineRequest.setBucketName( bucket );

        // -> the last body part contains the content that is used to write the S3 object, all
        //    other body parts are header values
        while( null != (oneLine = br.readLine()))
        {
            if ( oneLine.startsWith( lastBoundary ))
            {
                // -> this is the data of the object to put
                if (0 < temp.length())
                {
                    value = temp.toString();
                    temp.setLength( 0 );

                    engineRequest.setContentLength( value.length());
                    engineRequest.setDataAsString( value );
                }
                break;
            }
            else if ( oneLine.startsWith( boundary ))
            {
                // -> this is the header data
                if (0 < temp.length())
                {
                    value = temp.toString().trim();
                    temp.setLength( 0 );
                    //System.out.println( "param: " + name + " = " + value );

                    if (name.equalsIgnoreCase( "key" )) {
                        engineRequest.setKey( value );
                    }
                    else if (name.equalsIgnoreCase( "x-amz-acl" )) {
                        engineRequest.setCannedAccess( value );
                    }
                    else if (isMetaTag) {
                        S3MetaDataEntry oneMeta = new S3MetaDataEntry();
                        oneMeta.setName( metaName );
                        oneMeta.setValue( value );
                        metaSet.add( oneMeta );
                        countMeta++;
                        metaName = null;
                    }

                    // -> build up the headers so we can do authentication on this POST
                    HeaderParam oneHeader = new HeaderParam();
                    oneHeader.setName( name );
                    oneHeader.setValue( value );
                    params.addHeader( oneHeader );
                }
                state = 1;
            }
            else if (1 == state && 0 == oneLine.length())
            {

            txn.start();
            // -> authenticated calls
            if ( !((method.equalsIgnoreCase( "POST" ) && !(request.getQueryString().equalsIgnoreCase("delete"))) ) ){
                S3AuthParams params = extractRequestHeaders( request );
                authenticateRequest( request, params );
            }

            ServletAction action = routeRequest(request);
            if ( action != null ) {

    /**
     * We are using the S3AuthParams class to hide where the header values are coming
     * from so that the authenticateRequest call can be made from several places.
     */
    public static S3AuthParams extractRequestHeaders( HttpServletRequest request ) {
        S3AuthParams params = new S3AuthParams();

        Enumeration headers = request.getHeaderNames();
        if (null != headers)
        {
            while( headers.hasMoreElements())
            {
                HeaderParam oneHeader = new HeaderParam();
                String headerName = (String)headers.nextElement();
                oneHeader.setName( headerName );
                oneHeader.setValue( request.getHeader( headerName ));
                params.addHeader( oneHeader );
            }
        }
        return params;
    }