From c0b1b3408b9efd2b8ae83716ef8fc0aed0611ccb Mon Sep 17 00:00:00 2001 From: David Venable Date: Tue, 12 Dec 2023 06:51:19 -0800 Subject: [PATCH] Clean-up from recent merge of PR #3103 (#3843) Cleaning up some unnecessary code and dependencies from the recent merge of PR #3103. Adds missing certificate and key files to fix failures from recent merge of PR #3103. Signed-off-by: David Venable --- .../aws-plugin-api/build.gradle | 1 - .../AwsRequestSigningApacheInterceptor.java | 232 ------------------ .../common/src/test/resources/test_cert.crt | 14 ++ .../src/test/resources/test_decrypted_key.key | 15 ++ 4 files changed, 29 insertions(+), 233 deletions(-) delete mode 100644 data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsRequestSigningApacheInterceptor.java create mode 100644 data-prepper-plugins/common/src/test/resources/test_cert.crt create mode 100644 data-prepper-plugins/common/src/test/resources/test_decrypted_key.key diff --git a/data-prepper-plugins/aws-plugin-api/build.gradle b/data-prepper-plugins/aws-plugin-api/build.gradle index a5f11fdc08..1792959eb8 100644 --- a/data-prepper-plugins/aws-plugin-api/build.gradle +++ b/data-prepper-plugins/aws-plugin-api/build.gradle @@ -3,7 +3,6 @@ dependencies { implementation 'software.amazon.awssdk:auth' implementation 'software.amazon.awssdk:apache-client' implementation 'org.apache.httpcomponents.client5:httpclient5:5.2' - implementation 'com.amazonaws:aws-java-sdk-sts:1.12.395' } test { diff --git a/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsRequestSigningApacheInterceptor.java b/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsRequestSigningApacheInterceptor.java deleted file mode 100644 index 32ba64a362..0000000000 --- a/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsRequestSigningApacheInterceptor.java +++ /dev/null @@ -1,232 +0,0 @@ -/* - * Copyright OpenSearch Contributors. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with - * the License. A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions - * and limitations under the License. - */ -package org.opensearch.dataprepper.aws.api; - -import com.amazonaws.auth.AWSCredentials; -import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; -import org.apache.hc.core5.http.HttpRequest; -import org.apache.hc.core5.http.ClassicHttpRequest; -import org.apache.hc.core5.http.EntityDetails; -import org.apache.hc.core5.http.Header; -import org.apache.hc.core5.http.NameValuePair; -import org.apache.hc.core5.http.HttpHost; -import org.apache.hc.core5.http.HttpRequestInterceptor; -import org.apache.hc.core5.http.message.BasicHeader; -import org.apache.hc.core5.http.protocol.HttpContext; -import org.apache.hc.core5.net.URIBuilder; -import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; -import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute; -import software.amazon.awssdk.core.interceptor.ExecutionAttributes; -import software.amazon.awssdk.core.signer.Signer; -import software.amazon.awssdk.http.SdkHttpFullRequest; -import software.amazon.awssdk.http.SdkHttpMethod; -import software.amazon.awssdk.regions.Region; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Objects; -import java.util.TreeMap; - -import static org.apache.http.protocol.HttpCoreContext.HTTP_TARGET_HOST; - -/** - * An {@link HttpRequestInterceptor} that signs requests using any AWS {@link Signer} - * and {@link AwsCredentialsProvider}. - */ -public final class AwsRequestSigningApacheInterceptor implements HttpRequestInterceptor { - - /** - * Constant to check content-length - */ - private static final String CONTENT_LENGTH = "content-length"; - /** - * Constant to check Zero content length - */ - private static final String ZERO_CONTENT_LENGTH = "0"; - /** - * Constant to check if host is the endpoint - */ - private static final String HOST = "host"; - - /** - * The service that we're connecting to. - */ - private final String service; - - /** - * The particular signer implementation. - */ - private final Signer signer; - - /** - * The source of AWS credentials for signing. - */ - private final AwsCredentialsProvider awsCredentialsProvider; - - /** - * The region signing region. - */ - private final Region region; - - /** - * - * @param service service that we're connecting to - * @param signer particular signer implementation - * @param awsCredentialsProvider source of AWS credentials for signing - * @param region signing region - */ - public AwsRequestSigningApacheInterceptor(final String service, - final Signer signer, - final AwsCredentialsProvider awsCredentialsProvider, - final Region region) { - this.service = Objects.requireNonNull(service); - this.signer = Objects.requireNonNull(signer); - this.awsCredentialsProvider = Objects.requireNonNull(awsCredentialsProvider); - this.region = Objects.requireNonNull(region); - } - - /** - * - * @param service service that we're connecting to - * @param signer particular signer implementation - * @param awsCredentialsProvider source of AWS credentials for signing - * @param region signing region - */ - public AwsRequestSigningApacheInterceptor(final String service, - final Signer signer, - final AwsCredentialsProvider awsCredentialsProvider, - final String region) { - this(service, signer, awsCredentialsProvider, Region.of(region)); - } - - /** - * {@inheritDoc} - */ - @Override - public void process(final HttpRequest request, final EntityDetails entity, final HttpContext context) - throws IOException { - URIBuilder uriBuilder; - try { - uriBuilder = new URIBuilder(request.getUri()); - } catch (URISyntaxException e) { - throw new IOException("Invalid URI", e); - } - - // Copy Apache HttpRequest to AWS Request - SdkHttpFullRequest.Builder requestBuilder = SdkHttpFullRequest.builder() - .method(SdkHttpMethod.fromValue(request.getMethod())) - .uri(buildUri(context, uriBuilder)); - - if (request instanceof ClassicHttpRequest) { - ClassicHttpRequest classicHttpRequest = - (ClassicHttpRequest) request; - if (classicHttpRequest.getEntity() != null) { - InputStream content = classicHttpRequest.getEntity().getContent(); - requestBuilder.contentStreamProvider(() -> content); - } - } - requestBuilder.rawQueryParameters(nvpToMapParams(uriBuilder.getQueryParams())); - requestBuilder.headers(headerArrayToMap(request.getHeaders())); - - AWSCredentials credentials = new DefaultAWSCredentialsProviderChain().getCredentials(); - ExecutionAttributes attributes = new ExecutionAttributes(); - attributes.putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, awsCredentialsProvider.resolveCredentials()); - attributes.putAttribute(AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME, service); - attributes.putAttribute(AwsSignerExecutionAttribute.SIGNING_REGION, region); - - // Sign it - SdkHttpFullRequest signedRequest = signer.sign(requestBuilder.build(), attributes); - - // Now copy everything back - request.setHeaders(mapToHeaderArray(signedRequest.headers())); - } - - private URI buildUri(final HttpContext context, URIBuilder uriBuilder) throws IOException { - try { - HttpHost host = (HttpHost) context.getAttribute(HTTP_TARGET_HOST); - - if (host != null) { - uriBuilder.setHost(host.getHostName()); - uriBuilder.setScheme(host.getSchemeName()); - uriBuilder.setPort(host.getPort()); - } - - return uriBuilder.build(); - } catch (URISyntaxException e) { - throw new IOException("Invalid URI", e); - } - } - - /** - * - * @param params list of HTTP query params as NameValuePairs - * @return a multimap of HTTP query params - */ - private static Map> nvpToMapParams(final List params) { - Map> parameterMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); - for (NameValuePair nvp : params) { - List argsList = - parameterMap.computeIfAbsent(nvp.getName(), k -> new ArrayList<>()); - argsList.add(nvp.getValue()); - } - return parameterMap; - } - - /** - * @param headers modelled Header objects - * @return a Map of header entries - */ - private static Map> headerArrayToMap(final Header[] headers) { - Map> headersMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); - for (Header header : headers) { - if (!skipHeader(header)) { - headersMap.put(header.getName(), headersMap - .getOrDefault(header.getName(), - new LinkedList<>(Collections.singletonList(header.getValue())))); - } - } - return headersMap; - } - - /** - * @param header header line to check - * @return true if the given header should be excluded when signing - */ - private static boolean skipHeader(final Header header) { - return (CONTENT_LENGTH.equalsIgnoreCase(header.getName()) - && ZERO_CONTENT_LENGTH.equals(header.getValue())) // Strip Content-Length: 0 - || HOST.equalsIgnoreCase(header.getName()); // Host comes from endpoint - } - - /** - * @param mapHeaders Map of header entries - * @return modelled Header objects - */ - private static Header[] mapToHeaderArray(final Map> mapHeaders) { - Header[] headers = new Header[mapHeaders.size()]; - int i = 0; - for (Map.Entry> headerEntry : mapHeaders.entrySet()) { - for (String value : headerEntry.getValue()) { - headers[i++] = new BasicHeader(headerEntry.getKey(), value); - } - } - return headers; - } -} \ No newline at end of file diff --git a/data-prepper-plugins/common/src/test/resources/test_cert.crt b/data-prepper-plugins/common/src/test/resources/test_cert.crt new file mode 100644 index 0000000000..26c78d1411 --- /dev/null +++ b/data-prepper-plugins/common/src/test/resources/test_cert.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHTCCAYYCCQD4hqYeYDQZADANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEPMA0GA1UECgwGQW1hem9u +MRQwEgYDVQQLDAtEYXRhcHJlcHBlcjAgFw0yMTA2MjUxOTIzMTBaGA8yMTIxMDYw +MTE5MjMxMFowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMQ8wDQYDVQQHDAZB +dXN0aW4xDzANBgNVBAoMBkFtYXpvbjEUMBIGA1UECwwLRGF0YXByZXBwZXIwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrb3YhdKbQ5PtLHall10iLZC9ZdDVrq +HOvqVSM8NHlL8f82gJ3l0n9k7hYc5eKisutaS9eDTmJ+Dnn8xn/qPSKTIq9Wh+OZ +O+e9YEEpI/G4F9KpGULgMyRg9sJK0GlZdEt9o5GJNJIJUkptJU5eiLuE0IV+jyJo +Nvm8OE6EJPqxAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAjgnX5n/Tt7eo9uakIGAb +uBhvYdR8JqKXqF9rjFJ/MIK7FdQSF/gCdjnvBhzLlZFK/Nb6MGKoSKm5Lcr75LgC +FyhIwp3WlqQksiMFnOypYVY71vqDgj6UKdMaOBgthsYhngj8lC+wsVzWqQvkJ2Qg +/GAIzJwiZfXiaevQHRk79qI= +-----END CERTIFICATE----- diff --git a/data-prepper-plugins/common/src/test/resources/test_decrypted_key.key b/data-prepper-plugins/common/src/test/resources/test_decrypted_key.key new file mode 100644 index 0000000000..479b877131 --- /dev/null +++ b/data-prepper-plugins/common/src/test/resources/test_decrypted_key.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCq292IXSm0OT7Sx2pZddIi2QvWXQ1a6hzr6lUjPDR5S/H/NoCd +5dJ/ZO4WHOXiorLrWkvXg05ifg55/MZ/6j0ikyKvVofjmTvnvWBBKSPxuBfSqRlC +4DMkYPbCStBpWXRLfaORiTSSCVJKbSVOXoi7hNCFfo8iaDb5vDhOhCT6sQIDAQAB +AoGANrrhFqpJDpr7vcb1ER0Fp/YArbT27zVo+EUC6puBb41dQlQyFOImcHpjLaAq +H1PgnjU5cBp2hGQ+vOK0rwrYc/HNl6vfh6N3NbDptMiuoBafRJA9JzYourAM09BU +zmXyr61Yn3KHzx1PRwWe37icX93oXP3P0qHb3dI1ZF4jG0ECQQDU5N/a7ogoz2zn +ZssD6FvUOUQDsdBWdXmhUvg+YdZrV44e4xk+FVzwEONoRktEYKz9MFXlsgNHr445 +KRguHWcJAkEAzXQkwOkN8WID1wrwoobUIMbZSGAZzofwkKXgTTnllnT1qOQXuRbS +aCMejFEymBBef4aXP6N4+va2FKW/MF34aQJAO2oMl1sOoOUSrZngepy0VAwPUUCk +thxe74jqQu6nGpn6zd/vQYZQw6bS8Fz90H1yic6dilcd1znFZWp0lxoZkQJBALeI +xoBycRsuFQIYasi1q3AwUtBd0Q/3zkZZeBtk2hzjFMUwJaUZpxKSNOrialD/ZnuD +jz+xWBTRKe0d98JMX+kCQCmsJEj/HYQAC1GamZ7JQWogRSRF2KTgTWRaDXDxy0d4 +yUQgwHB+HZLFcbi1JEK6eIixCsX8iifrrkteh+1npJ0= +-----END RSA PRIVATE KEY-----