Merge pull request #542 from YangSen-qn/optimize_credential

Optimize credential

Author: xwen-winnie

src/main/java/com/qiniu/processing/OperationManager.java

@@ -89,7 +89,7 @@ public String pfop(String bucket, String key, String fops, StringMap params) thr
         params.put("bucket", bucket).put("key", key).put("fops", fops);
         byte[] data = StringUtils.utf8Bytes(params.formString());
         String url = configuration.apiHost(auth.accessKey, bucket) + "/pfop/";
-        StringMap headers = auth.authorization(url, data, Client.FormMime);
+        StringMap headers = auth.authorizationV2(url, "POST", data, Client.FormMime);
         Response response = client.post(url, data, headers, Client.FormMime);
         if (!response.isOK()) {
             throw new QiniuException(response);

src/main/java/com/qiniu/storage/BucketManager.java

@@ -104,7 +104,7 @@ public String[] buckets() throws QiniuException {
 
     public Response bucketsResponse() throws QiniuException {
         String url = String.format("%s/buckets", configHelper.rsHost());
-        Response res = get(url);
+        Response res = post(url, null);
         if (!res.isOK()) {
             throw new QiniuException(res);
         }
@@ -227,7 +227,7 @@ public Response listV2(String bucket, String prefix, String marker, int limit, S
             throws QiniuException {
         String url = String.format("%s/v2/list?%s", configHelper.rsfHost(auth.accessKey, bucket),
                 listQuery(bucket, prefix, marker, limit, delimiter));
-        return get(url);
+        return post(url, null);
     }
 
     public FileListing listFilesV2(String bucket, String prefix, String marker, int limit, String delimiter)
@@ -275,7 +275,7 @@ public FileInfo stat(String bucket, String fileKey) throws QiniuException {
     }
 
     public Response statResponse(String bucket, String fileKey) throws QiniuException {
-        Response res = rsGet(bucket, String.format("/stat/%s", encodedEntry(bucket, fileKey)));
+        Response res = rsPost(bucket, String.format("/stat/%s", encodedEntry(bucket, fileKey)), null);
         if (!res.isOK()) {
             throw new QiniuException(res);
         }
@@ -594,7 +594,7 @@ public Response asyncFetch(String url, String bucket, StringMap params) throws Q
      */
     public Response checkAsynFetchid(String region, String fetchWorkId) throws QiniuException {
         String path = String.format("http://api-%s.qiniu.com/sisyphus/fetch?id=%s", region, fetchWorkId);
-        return client.get(path, auth.authorization(path));
+        return client.get(path, auth.authorizationV2(path));
     }
 
     /**
@@ -1079,12 +1079,12 @@ private Response pubPost(String path) throws QiniuException {
     }
 
     private Response get(String url) throws QiniuException {
-        StringMap headers = auth.authorization(url);
+        StringMap headers = auth.authorizationV2(url, "GET", null, null);
         return client.get(url, headers);
     }
 
     private Response post(String url, byte[] body) throws QiniuException {
-        StringMap headers = auth.authorization(url, body, Client.FormMime);
+        StringMap headers = auth.authorizationV2(url, "POST", body, Client.FormMime);
         return client.post(url, body, headers, Client.FormMime);
     }
 

src/main/java/com/qiniu/util/Auth.java

@@ -15,10 +15,14 @@
 import java.util.List;
 
 public final class Auth {
-
     public static final String DTOKEN_ACTION_VOD = "linking:vod";
     public static final String DTOKEN_ACTION_STATUS = "linking:status";
     public static final String DTOKEN_ACTION_TUTK = "linking:tutk";
+    public static final String HTTP_HEADER_KEY_CONTENT_TYPE = "Content-Type";
+
+    private static final String QBOX_AUTHORIZATION_PREFIX = "QBox ";
+    private static final String QINIU_AUTHORIZATION_PREFIX = "Qiniu ";
+
     /**
      * 上传策略
      * 参考文档：<a href="https://developer.qiniu.com/kodo/manual/put-policy">上传策略</a>
@@ -209,19 +213,51 @@ public String signRequest(String urlString, byte[] body, String contentType) {
     }
 
     /**
-     * 验证回调签名是否正确
+     * 验证回调签名是否正确，此方法仅能验证 QBox 签名以及 GET 请求的 Qiniu 签名
      *
-     * @param originAuthorization 待验证签名字符串，以 "QBox "作为起始字符
+     * @param originAuthorization 待验证签名字符串，以 "QBox " 作为起始字符，GET 请求支持 "Qiniu " 开头。
      * @param url                 回调地址
      * @param body                回调请求体。原始请求体，不要解析后再封装成新的请求体--可能导致签名不一致。
-     * @param contentType         回调ContentType
+     * @param contentType         回调 ContentType
      * @return
      */
+    @Deprecated
     public boolean isValidCallback(String originAuthorization, String url, byte[] body, String contentType) {
-        String authorization = "QBox " + signRequest(url, body, contentType);
+        Headers header = null;
+        if (!StringUtils.isNullOrEmpty(contentType)) {
+            header = new Headers.Builder()
+                    .add(HTTP_HEADER_KEY_CONTENT_TYPE, contentType)
+                    .build();
+        }
+        return isValidCallback(originAuthorization, new Request(url, "GET", header, body));
+    }
+
+    /**
+     * 验证回调签名是否正确，此方法支持验证 QBox 和 Qiniu 签名
+     *
+     * @param originAuthorization 待验证签名字符串，以 "QBox " 或 "Qiniu " 作为起始字符
+     * @param callback            callback 请求信息
+     * @return
+     */
+    public boolean isValidCallback(String originAuthorization, Request callback) {
+        if (callback == null) {
+            return false;
+        }
+
+        String authorization = "";
+        if (originAuthorization.startsWith(QINIU_AUTHORIZATION_PREFIX)) {
+            authorization = QINIU_AUTHORIZATION_PREFIX + signQiniuAuthorization(callback.url, callback.method, callback.body, callback.header);
+        } else if (originAuthorization.startsWith(QBOX_AUTHORIZATION_PREFIX)) {
+            String contentType = null;
+            if (callback.header != null) {
+                contentType = callback.header.get(HTTP_HEADER_KEY_CONTENT_TYPE);
+            }
+            authorization = QBOX_AUTHORIZATION_PREFIX + signRequest(callback.url, callback.body, contentType);
+        }
         return authorization.equals(originAuthorization);
     }
 
+
     /**
      * 下载签名
      *
@@ -362,7 +398,7 @@ public String signRequestV2(String url, String method, byte[] body, String conte
     public String signQiniuAuthorization(String url, String method, byte[] body, String contentType) {
         Headers headers = null;
         if (!StringUtils.isNullOrEmpty(contentType)) {
-            headers = new Headers.Builder().set("Content-Type", contentType).build();
+            headers = new Headers.Builder().set(HTTP_HEADER_KEY_CONTENT_TYPE, contentType).build();
         }
         return signQiniuAuthorization(url, method, body, headers);
     }
@@ -377,7 +413,7 @@ public String signQiniuAuthorization(String url, String method, byte[] body, Hea
         sb.append(method).append(" ").append(uri.getPath());
 
         if (uri.getQuery() != null) {
-            sb.append("?").append(uri.getQuery());
+            sb.append("?").append(uri.getRawQuery());
         }
 
         sb.append("\nHost: ").append(uri.getHost() != null ? uri.getHost() : "");
@@ -389,12 +425,12 @@ public String signQiniuAuthorization(String url, String method, byte[] body, Hea
         String contentType = null;
 
         if (null != headers) {
-            contentType = headers.get("Content-Type");
+            contentType = headers.get(HTTP_HEADER_KEY_CONTENT_TYPE);
             if (contentType != null) {
-                sb.append("\nContent-Type: ").append(contentType);
+                sb.append("\n").append(HTTP_HEADER_KEY_CONTENT_TYPE).append(": ").append(contentType);
             }
 
-            List<Header> xQiniuheaders = genXQiniuHeader(headers);
+            List<Header> xQiniuheaders = genXQiniuSignHeader(headers);
             java.util.Collections.sort(xQiniuheaders);
             if (xQiniuheaders.size() > 0) {
                 for (Header h : xQiniuheaders) {
@@ -416,11 +452,13 @@ public String signQiniuAuthorization(String url, String method, byte[] body, Hea
         return this.accessKey + ":" + digest;
     }
 
-    private List<Header> genXQiniuHeader(Headers headers) {
+    private List<Header> genXQiniuSignHeader(Headers headers) {
+
         ArrayList<Header> hs = new ArrayList<Header>();
         for (String name : headers.names()) {
             if (name.length() > "X-Qiniu-".length() && name.startsWith("X-Qiniu-")) {
-                for (String value : headers.values(name)) {
+                String value = headers.get(name);
+                if (value != null) {
                     hs.add(new Header(canonicalMIMEHeaderKey(name), value));
                 }
             }
@@ -446,7 +484,7 @@ public StringMap authorizationV2(String url, String method, byte[] body, String
 
     @Deprecated
     public StringMap authorizationV2(String url) {
-        return authorizationV2(url, "GET", null, null);
+        return authorizationV2(url, "GET", null, (String) null);
     }
 
     //连麦 RoomToken
@@ -522,4 +560,24 @@ public int compareTo(Header o) {
             }
         }
     }
+
+    public static class Request {
+        private final String url;
+        private final String method;
+        private final Headers header;
+        private final byte[] body;
+
+        /**
+         * @param url    回调地址
+         * @param method 回调请求方式
+         * @param header 回调头，注意 Content-Type Key 字段需为：{@link Auth#HTTP_HEADER_KEY_CONTENT_TYPE}，大小写敏感
+         * @param body   回调请求体。原始请求体，不要解析后再封装成新的请求体--可能导致签名不一致。
+         **/
+        public Request(String url, String method, Headers header, byte[] body) {
+            this.url = url;
+            this.method = method;
+            this.header = header;
+            this.body = body;
+        }
+    }
 }

src/test/java/test/com/qiniu/storage/BucketTest.java

@@ -18,17 +18,13 @@
 import org.junit.jupiter.api.Test;
 import test.com.qiniu.ResCode;
 import test.com.qiniu.TestConfig;
-import static org.junit.jupiter.api.Assertions.assertArrayEquals;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
+
 import java.io.IOException;
 import java.text.SimpleDateFormat;
 import java.util.*;
 
+import static org.junit.jupiter.api.Assertions.*;
+
 public class BucketTest {
 
     List<Integer> batchStatusCode = Arrays.asList(200, 298);
@@ -264,11 +260,11 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
 
         // test bucket not exits or file not exists
         Map<String[], Integer> entryCodeMap = new HashMap<String[], Integer>();
-        entryCodeMap.put(new String[] { TestConfig.testBucket_z0, TestConfig.dummyKey },
+        entryCodeMap.put(new String[]{TestConfig.testBucket_z0, TestConfig.dummyKey},
                 TestConfig.ERROR_CODE_KEY_NOT_EXIST);
-        entryCodeMap.put(new String[] { TestConfig.dummyBucket, TestConfig.testKey_z0 },
+        entryCodeMap.put(new String[]{TestConfig.dummyBucket, TestConfig.testKey_z0},
                 TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
-        entryCodeMap.put(new String[] { TestConfig.dummyBucket, TestConfig.dummyKey },
+        entryCodeMap.put(new String[]{TestConfig.dummyBucket, TestConfig.dummyKey},
                 TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
 
         for (Map.Entry<String[], Integer> entry : entryCodeMap.entrySet()) {
@@ -313,11 +309,11 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
         });
 
         Map<String[], Integer> entryCodeMap = new HashMap<String[], Integer>();
-        entryCodeMap.put(new String[] { TestConfig.testBucket_z0, TestConfig.dummyKey },
+        entryCodeMap.put(new String[]{TestConfig.testBucket_z0, TestConfig.dummyKey},
                 TestConfig.ERROR_CODE_KEY_NOT_EXIST);
-        entryCodeMap.put(new String[] { TestConfig.testBucket_z0, null }, TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
-        entryCodeMap.put(new String[] { TestConfig.dummyBucket, null }, TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
-        entryCodeMap.put(new String[] { TestConfig.dummyBucket, TestConfig.dummyKey },
+        entryCodeMap.put(new String[]{TestConfig.testBucket_z0, null}, TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
+        entryCodeMap.put(new String[]{TestConfig.dummyBucket, null}, TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
+        entryCodeMap.put(new String[]{TestConfig.dummyBucket, TestConfig.dummyKey},
                 TestConfig.ERROR_CODE_BUCKET_NOT_EXIST);
 
         for (Map.Entry<String[], Integer> entry : entryCodeMap.entrySet()) {
@@ -558,7 +554,7 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
                     assertEquals(200, response.statusCode);
                     bucketInfo = bucketManager.getBucketInfo(file.getBucketName());
                     assertEquals(1, bucketInfo.getAntiLeechMode());
-                    assertArrayEquals((new String[] { "www.qiniu.com" }), bucketInfo.getReferWhite());
+                    assertArrayEquals((new String[]{"www.qiniu.com"}), bucketInfo.getReferWhite());
                     assertEquals(false, bucketInfo.isNoRefer());
 
                     // 测试黑名单
@@ -570,7 +566,7 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
                     assertEquals(200, response.statusCode);
                     bucketInfo = bucketManager.getBucketInfo(file.getBucketName());
                     assertEquals(2, bucketInfo.getAntiLeechMode());
-                    assertArrayEquals((new String[] { "www.baidu.com" }), bucketInfo.getReferBlack());
+                    assertArrayEquals((new String[]{"www.baidu.com"}), bucketInfo.getReferBlack());
                     assertEquals(true, bucketInfo.isNoRefer());
 
                     // 测试关闭
@@ -726,7 +722,7 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
 
                     // 追加Event（invalid events）
                     try {
-                        rule = new BucketEventRule("a", new String[] {}, new String[] {});
+                        rule = new BucketEventRule("a", new String[]{}, new String[]{});
                         System.out.println(rule.asQueryString());
                         response = bucketManager.putBucketEvent(bucket, rule);
                         fail();
@@ -736,7 +732,7 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
 
                     // 追加Event（error:callbackURL must starts with http:// or https://）
                     try {
-                        rule = new BucketEventRule("a", new String[] { "put", "mkfile" }, new String[] {});
+                        rule = new BucketEventRule("a", new String[]{"put", "mkfile"}, new String[]{});
                         System.out.println(rule.asQueryString());
                         response = bucketManager.putBucketEvent(bucket, rule);
                         fail();
@@ -746,10 +742,10 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
 
                     // 追加Event
                     rule = new BucketEventRule("a",
-                            new String[] { "put", "mkfile", "delete", "copy", "move", "append", "disable", "enable",
-                                    "deleteMarkerCreate" },
-                            new String[] { "https://requestbin.fullcontact.com/1dsqext1?inspect",
-                                    "https://requestbin.fullcontact.com/160bunp1?inspect" });
+                            new String[]{"put", "mkfile", "delete", "copy", "move", "append", "disable", "enable",
+                                    "deleteMarkerCreate"},
+                            new String[]{"https://requestbin.fullcontact.com/1dsqext1?inspect",
+                                    "https://requestbin.fullcontact.com/160bunp1?inspect"});
                     System.out.println(rule.asQueryString());
                     response = bucketManager.putBucketEvent(bucket, rule);
                     assertEquals(200, response.statusCode);
@@ -801,7 +797,7 @@ public void testFile(TestConfig.TestFile file, BucketManager bucketManager) thro
                     // 更新Event
                     rule.setName("b");
                     rule.setPrefix("c");
-                    rule.setEvents(new String[] { "disable", "enable", "deleteMarkerCreate" });
+                    rule.setEvents(new String[]{"disable", "enable", "deleteMarkerCreate"});
                     System.out.println(rule.asQueryString());
                     response = bucketManager.updateBucketEvent(bucket, rule);
                     assertEquals(200, response.statusCode);
@@ -848,9 +844,9 @@ public void testCorsRules() throws Exception {
             @Override
             public void testFile(TestConfig.TestFile file, BucketManager bucketManager) throws IOException {
                 String bucket = file.getBucketName();
-                CorsRule rule1 = new CorsRule(new String[] { "*" }, new String[] { "" });
-                CorsRule rule2 = new CorsRule(new String[] { "*" }, new String[] { "GET", "POST" });
-                CorsRule rule3 = new CorsRule(new String[] { "" }, new String[] { "GET", "POST" });
+                CorsRule rule1 = new CorsRule(new String[]{"*"}, new String[]{""});
+                CorsRule rule2 = new CorsRule(new String[]{"*"}, new String[]{"GET", "POST"});
+                CorsRule rule3 = new CorsRule(new String[]{""}, new String[]{"GET", "POST"});
                 List<CorsRule[]> rulesList = new ArrayList<>();
                 rulesList.add(corsRules(rule1));
                 rulesList.add(corsRules(rule2));
@@ -989,7 +985,7 @@ public void testPutBucketMaxAge() throws Exception {
             @Override
             public void testFile(TestConfig.TestFile file, BucketManager bucketManager) throws IOException {
                 String bucket = file.getBucketName();
-                final long[] maxAges = { Integer.MIN_VALUE, -54321, -1, 0, 1, 8, 1234567, 11111111, Integer.MAX_VALUE };
+                final long[] maxAges = {Integer.MIN_VALUE, -54321, -1, 0, 1, 8, 1234567, 11111111, Integer.MAX_VALUE};
                 try {
                     for (long maxAge : maxAges) {
                         // 设置max-age
@@ -1025,7 +1021,7 @@ public void testPutBucketMaxAge2() throws Exception {
             public void testFile(TestConfig.TestFile file, BucketManager bucketManager) throws IOException {
                 String bucket = file.getBucketName();
                 String url = file.getTestUrl();
-                final long[] maxAges = { Integer.MIN_VALUE, -54321, -1, 0, 1, 8, 1234567, 11111111, Integer.MAX_VALUE };
+                final long[] maxAges = {Integer.MIN_VALUE, -54321, -1, 0, 1, 8, 1234567, 11111111, Integer.MAX_VALUE};
                 try {
                     for (long maxAge : maxAges) {
                         // 设置max-age
@@ -1425,7 +1421,7 @@ public void testBatch() throws Exception {
             public void testFile(TestConfig.TestFile file, BucketManager bucketManager) throws IOException {
                 String bucket = file.getBucketName();
                 String key = file.getKey();
-                String[] array = { key };
+                String[] array = {key};
                 String copyFromKey = "copyFrom" + Math.random();
 
                 String moveFromKey = "moveFrom" + Math.random();