Package com.s3auth.relay

Source Code of com.s3auth.relay.SecuredHost

/**
* Copyright (c) 2012-2014, s3auth.com
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met: 1) Redistributions of source code must retain the above
* copyright notice, this list of conditions and the following
* disclaimer. 2) Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution. 3) Neither the name of the s3auth.com nor
* the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
* NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package com.s3auth.relay;

import com.jcabi.aspects.Loggable;
import com.s3auth.hosts.Host;
import com.s3auth.hosts.Range;
import com.s3auth.hosts.Resource;
import com.s3auth.hosts.Stats;
import com.s3auth.hosts.Version;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.validation.constraints.NotNull;
import javax.ws.rs.core.HttpHeaders;
import lombok.EqualsAndHashCode;
import lombok.ToString;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.CharEncoding;

/**
* Single HTTP processing thread.
*
* <p>It's a wrapper around {@link Host}, that adds HTTP Basic Auth mechanism
* to a normal HTTP request processing. The class is instantiated in
* {@link HttpThread}.
*
* <p>The class is immutable and thread-safe.
*
* @author Yegor Bugayenko (yegor@tpc2.com)
* @version $Id$
* @since 0.0.1
* @see HttpThread
*/
@ToString(of = "host")
@EqualsAndHashCode(of = { "host", "request" })
@Loggable(Loggable.DEBUG)
final class SecuredHost implements Host {

    /**
     * Authorization header pattern.
     */
    private static final Pattern AUTH_PATTERN =
        Pattern.compile("Basic ([a-zA-Z0-9/+]+=*)");

    /**
     * Original host.
     */
    private final transient Host host;

    /**
     * Http request to process.
     */
    private final transient HttpRequest request;

    /**
     * Public ctor.
     * @param hst Original host
     * @param rqst The request
     */
    SecuredHost(@NotNull final Host hst,
        @NotNull final HttpRequest rqst) {
        this.host = hst;
        this.request = rqst;
    }

    @Override
    @Loggable(value = Loggable.DEBUG, ignore = IOException.class)
    public Resource fetch(@NotNull final URI uri, @NotNull final Range range,
        @NotNull final Version version)throws IOException {
        final Resource res;
        if (this.isHidden(uri)) {
            res = this.secured(uri, range, version);
        } else {
            res = this.host.fetch(uri, range, version);
        }
        return res;
    }

    @Override
    public boolean isHidden(@NotNull final URI uri) throws IOException {
        return this.host.isHidden(uri);
    }

    @Override
    public boolean authorized(@NotNull final String user,
        @NotNull final String password) throws IOException {
        return this.host.authorized(user, password);
    }

    @Override
    public void close() throws IOException {
        this.host.close();
    }

    @Override
    public String syslog() {
        return this.host.syslog();
    }

    @Override
    public Stats stats() {
        return this.host.stats();
    }

    /**
     * Fetch this URI in a secure way.
     * @param uri The URI to fetch
     * @param range The range
     * @param version The object version
     * @return Fetched resource
     * @throws IOException If some IO problem inside
     */
    private Resource secured(final URI uri, final Range range,
        final Version version) throws IOException {
        if (!this.request.headers().containsKey(HttpHeaders.AUTHORIZATION)) {
            throw new HttpException(
                new HttpResponse()
                    .withStatus(HttpURLConnection.HTTP_UNAUTHORIZED)
                    .withHeader(
                        HttpHeaders.WWW_AUTHENTICATE,
                        String.format(
                            "Basic realm=\"%s\"",
                            this.request.headers().get(HttpHeaders.HOST)
                                .iterator().next()
                        )
                    )
            );
        }
        final Matcher matcher = SecuredHost.AUTH_PATTERN.matcher(
            this.request.headers().get(HttpHeaders.AUTHORIZATION)
                .iterator().next()
        );
        if (!matcher.matches()) {
            throw new HttpException(
                HttpURLConnection.HTTP_BAD_REQUEST,
                String.format(
                    "'%s' header is in wrong format",
                    HttpHeaders.AUTHORIZATION
                )
            );
        }
        final String[] parts;
        try {
            parts = new String(
                Base64.decodeBase64(matcher.group(1)),
                CharEncoding.UTF_8
            ).split(":", 2);
        } catch (final UnsupportedEncodingException ex) {
            throw new IllegalStateException(ex);
        }
        if (parts.length != 2) {
            throw new HttpException(
                HttpURLConnection.HTTP_BAD_REQUEST,
                "should be two parts in Basic auth header"
            );
        }
        if (!this.authorized(parts[0], parts[1])) {
            throw new HttpException(
                new HttpResponse()
                    .withStatus(HttpURLConnection.HTTP_UNAUTHORIZED)
                    .withHeader(
                        HttpHeaders.WWW_AUTHENTICATE,
                        "Basic realm=\"try again\""
                    )
                    .withBody(this.host.toString())
            );
        }
        return this.host.fetch(uri, range, version);
    }

}
TOP

Related Classes of com.s3auth.relay.SecuredHost

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.