Commit 2622b013 authored by Erik Leckner's avatar Erik Leckner
Browse files

file-azure

parent 7dc64e0d
......@@ -25,17 +25,19 @@ import org.springframework.stereotype.Component;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.temporal.UnsupportedTemporalTypeException;
import java.util.concurrent.TimeUnit;
/*
For a given blob object, generator a SAS Token that'll let bearers access the blob for 24 hours.
*/
@Log
@Component
public class AzureBlobSasTokenServiceImpl {
public class AzureTokenServiceImpl {
private DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
public String signContainer(String containerUrl) {
public String signContainer(String containerUrl, long duration, TimeUnit timeUnit) {
BlobUrlParts parts = BlobUrlParts.parse(containerUrl);
String endpoint = calcBlobAccountUrl(parts);
......@@ -50,11 +52,11 @@ public class AzureBlobSasTokenServiceImpl {
.containerName(parts.getBlobContainerName())
.buildClient();
OffsetDateTime expiresInHalfADay = calcTokenExpirationDate();
UserDelegationKey key = rbacKeySource.getUserDelegationKey(null, expiresInHalfADay);
OffsetDateTime expires = calcTokenExpirationDate(duration, timeUnit);
UserDelegationKey key = rbacKeySource.getUserDelegationKey(null, expires);
BlobSasPermission readOnlyPerms = BlobSasPermission.parse("r");
BlobServiceSasSignatureValues tokenProps = new BlobServiceSasSignatureValues(expiresInHalfADay, readOnlyPerms);
BlobServiceSasSignatureValues tokenProps = new BlobServiceSasSignatureValues(expires, readOnlyPerms);
String sasToken = blobContainerClient.generateUserDelegationSas(tokenProps, key);
......@@ -62,7 +64,7 @@ public class AzureBlobSasTokenServiceImpl {
return sasUri;
}
public String sign(String blobUrl) {
public String sign(String blobUrl, long duration, TimeUnit timeUnit) {
BlobUrlParts parts = BlobUrlParts.parse(blobUrl);
String endpoint = calcBlobAccountUrl(parts);
BlobServiceClient rbacKeySource = new BlobServiceClientBuilder()
......@@ -73,10 +75,10 @@ public class AzureBlobSasTokenServiceImpl {
.credential(defaultCredential)
.endpoint(blobUrl)
.buildClient();
OffsetDateTime expiresInHalfADay = calcTokenExpirationDate();
UserDelegationKey key = rbacKeySource.getUserDelegationKey(null, expiresInHalfADay);
OffsetDateTime expires = calcTokenExpirationDate(duration, timeUnit);
UserDelegationKey key = rbacKeySource.getUserDelegationKey(null, expires);
BlobSasPermission readOnlyPerms = BlobSasPermission.parse("r");
BlobServiceSasSignatureValues tokenProps = new BlobServiceSasSignatureValues(expiresInHalfADay, readOnlyPerms);
BlobServiceSasSignatureValues tokenProps = new BlobServiceSasSignatureValues(expires, readOnlyPerms);
String sasToken = tokenSource.generateUserDelegationSas(tokenProps, key);
String sasUri = String.format("%s?%s", blobUrl, sasToken);
System.out.println(String.format("sasUri=%s", sasUri));
......@@ -87,7 +89,22 @@ public class AzureBlobSasTokenServiceImpl {
return String.format("https://%s.blob.core.windows.net", parts.getAccountName());
}
private OffsetDateTime calcTokenExpirationDate() {
return OffsetDateTime.now(ZoneOffset.UTC).plusHours(12);
private OffsetDateTime calcTokenExpirationDate(long duration, TimeUnit timeUnit) {
if (timeUnit == null) {
throw new UnsupportedTemporalTypeException("Unsupported temporal type");
}
if (timeUnit == TimeUnit.DAYS) {
return OffsetDateTime.now(ZoneOffset.UTC).plusDays(duration);
} else if (timeUnit == TimeUnit.SECONDS){
return OffsetDateTime.now(ZoneOffset.UTC).plusSeconds(duration);
} else if (timeUnit == TimeUnit.NANOSECONDS){
return OffsetDateTime.now(ZoneOffset.UTC).plusNanos(duration);
} else if (timeUnit == TimeUnit.MINUTES){
return OffsetDateTime.now(ZoneOffset.UTC).plusMinutes(duration);
} else if (timeUnit == TimeUnit.HOURS){
return OffsetDateTime.now(ZoneOffset.UTC).plusHours(duration);
} else {
throw new UnsupportedTemporalTypeException("Unsupported temporal type");
}
}
}
......@@ -39,7 +39,7 @@ import com.azure.storage.blob.specialized.BlockBlobClient;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.opengroup.osdu.file.provider.azure.common.base.MoreObjects;
import org.opengroup.osdu.file.provider.azure.service.AzureBlobSasTokenServiceImpl;
import org.opengroup.osdu.file.provider.azure.service.AzureTokenServiceImpl;
import org.springframework.stereotype.Service;
import javax.inject.Inject;
......@@ -60,7 +60,7 @@ public class StorageImpl implements Storage {
private static String storageAccount;
@Inject
AzureBlobSasTokenServiceImpl token;
AzureTokenServiceImpl token;
public StorageImpl() {
this.storageAccount = getStorageAccount();
......@@ -97,7 +97,7 @@ public class StorageImpl implements Storage {
@SneakyThrows
@Override
public URL signUrl(BlobInfo blobInfo, long duration, TimeUnit unit) {
public URL signUrl(BlobInfo blobInfo, long duration, TimeUnit timeUnit) {
URL url = null;
try {
log.debug("Signing the blob in container {} for path {}", blobInfo.getContainer(), blobInfo.getName());
......@@ -105,7 +105,7 @@ public class StorageImpl implements Storage {
String blobURL = generateBlobPath(storageAccount, blobInfo.getContainer(), blobInfo.getName());
System.out.println(String.format("Signing the blob %s", blobURL));
log.debug("Signing the blob {}", blobURL);
String signedUrl = token.sign(blobURL);
String signedUrl = token.sign(blobURL, duration, timeUnit);
System.out.println(String.format("signedUrl: %s", signedUrl));
return new URL(signedUrl);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment