credentials/rsa_key_pair_credential.go - Code Metrics - Inspection of "support user-defined sts endpoint" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 268a44...ca9459 )

unknown

created 2023-02-24 04:33 UTC

credentials/rsa_key_pair_credential.go A

↳ Parent: Project

Size/Duplication

Total Lines	146
Duplicated Lines	0 %

Importance

Changes

Metric	Value
cc	26
eloc	100
dl	0
loc	146
rs	10
c	0
b	0
f	0

7 Methods

Rating	Name	Size	Complexity
A	credentials.*RsaKeyPairCredential.GetAccessKeyId	8	4
A	credentials.*RsaKeyPairCredential.GetAccessKeySecret	8	4
A	credentials.*RsaKeyPairCredential.GetType	2	1
A	credentials.*RsaKeyPairCredential.GetBearerToken	2	1
A	credentials.newRsaKeyPairCredential	7	1
A	credentials.*RsaKeyPairCredential.GetSecurityToken	2	1
F	credentials.*RsaKeyPairCredential.updateCredential	63	14

package credentials

import (
	"encoding/json"
	"errors"
	"fmt"
	"strconv"
	"time"

	"github.com/alibabacloud-go/tea/tea"
	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/utils"
)

// RsaKeyPairCredential is a kind of credentials
type RsaKeyPairCredential struct {
	*credentialUpdater
	PrivateKey        string
	PublicKeyId       string
	SessionExpiration int
	sessionCredential *sessionCredential
	runtime           *utils.Runtime
}

type rsaKeyPairResponse struct {
	SessionAccessKey *sessionAccessKey `json:"SessionAccessKey" xml:"SessionAccessKey"`
}

type sessionAccessKey struct {
	SessionAccessKeyId     string `json:"SessionAccessKeyId" xml:"SessionAccessKeyId"`
	SessionAccessKeySecret string `json:"SessionAccessKeySecret" xml:"SessionAccessKeySecret"`
	Expiration             string `json:"Expiration" xml:"Expiration"`
}

func newRsaKeyPairCredential(privateKey, publicKeyId string, sessionExpiration int, runtime *utils.Runtime) *RsaKeyPairCredential {
	return &RsaKeyPairCredential{
		PrivateKey:        privateKey,
		PublicKeyId:       publicKeyId,
		SessionExpiration: sessionExpiration,
		credentialUpdater: new(credentialUpdater),
		runtime:           runtime,
	}
}

// GetAccessKeyId reutrns RsaKeyPairCredential's AccessKeyId
// if AccessKeyId is not exist or out of date, the function will update it.
func (r *RsaKeyPairCredential) GetAccessKeyId() (*string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return tea.String(""), err
		}
	}
	return tea.String(r.sessionCredential.AccessKeyId), nil
}

// GetAccessSecret reutrns  RsaKeyPairCredential's AccessKeySecret
// if AccessKeySecret is not exist or out of date, the function will update it.
func (r *RsaKeyPairCredential) GetAccessKeySecret() (*string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return tea.String(""), err
		}
	}
	return tea.String(r.sessionCredential.AccessKeySecret), nil
}

// GetSecurityToken is useless  RsaKeyPairCredential
func (r *RsaKeyPairCredential) GetSecurityToken() (*string, error) {
	return tea.String(""), nil
}

// GetBearerToken is useless for  RsaKeyPairCredential
func (r *RsaKeyPairCredential) GetBearerToken() *string {
	return tea.String("")
}

// GetType reutrns  RsaKeyPairCredential's type
func (r *RsaKeyPairCredential) GetType() *string {
	return tea.String("rsa_key_pair")
}

func (r *RsaKeyPairCredential) updateCredential() (err error) {
	if r.runtime == nil {
		r.runtime = new(utils.Runtime)
	}
	request := request.NewCommonRequest()
	request.Domain = "sts.aliyuncs.com"
	if r.runtime.Host != "" {
		request.Domain = r.runtime.Host
	} else if r.runtime.STSEndpoint != "" {
		request.Domain = r.runtime.STSEndpoint
	}
	request.Scheme = "HTTPS"
	request.Method = "GET"
	request.QueryParams["AccessKeyId"] = r.PublicKeyId
	request.QueryParams["Action"] = "GenerateSessionAccessKey"
	request.QueryParams["Format"] = "JSON"
	if r.SessionExpiration > 0 {
		if r.SessionExpiration >= 900 && r.SessionExpiration <= 3600 {
			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.SessionExpiration)
		} else {
			err = errors.New("[InvalidParam]:Key Pair session duration should be in the range of 15min - 1Hr")
			return
		}
	} else {
		request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
	}
	request.QueryParams["SignatureMethod"] = "SHA256withRSA"
	request.QueryParams["SignatureType"] = "PRIVATEKEY"
	request.QueryParams["SignatureVersion"] = "1.0"
	request.QueryParams["Version"] = "2015-04-01"
	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
	request.QueryParams["SignatureNonce"] = utils.GetUUID()
	signature := utils.Sha256WithRsa(request.BuildStringToSign(), r.PrivateKey)
	request.QueryParams["Signature"] = signature
	request.Headers["Host"] = request.Domain
	request.Headers["Accept-Encoding"] = "identity"
	request.URL = request.BuildURL()
	content, err := doAction(request, r.runtime)
	if err != nil {
		return fmt.Errorf("refresh KeyPair err: %s", err.Error())
	}
	var resp *rsaKeyPairResponse
	err = json.Unmarshal(content, &resp)
	if err != nil {
		return fmt.Errorf("refresh KeyPair err: Json Unmarshal fail: %s", err.Error())
	}
	if resp == nil || resp.SessionAccessKey == nil {
		return fmt.Errorf("refresh KeyPair err: SessionAccessKey is empty")
	}
	sessionAccessKey := resp.SessionAccessKey
	if sessionAccessKey.SessionAccessKeyId == "" || sessionAccessKey.SessionAccessKeySecret == "" || sessionAccessKey.Expiration == "" {
		return fmt.Errorf("refresh KeyPair err: SessionAccessKeyId: %v, SessionAccessKeySecret: %v, Expiration: %v", sessionAccessKey.SessionAccessKeyId, sessionAccessKey.SessionAccessKeySecret, sessionAccessKey.Expiration)
	}

	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", sessionAccessKey.Expiration)
	r.lastUpdateTimestamp = time.Now().Unix()
	r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
	r.sessionCredential = &sessionCredential{
		AccessKeyId:     sessionAccessKey.SessionAccessKeyId,
		AccessKeySecret: sessionAccessKey.SessionAccessKeySecret,
	}

	return
}


1			package credentials
2
3			import (
4			"encoding/json"
5			"errors"
6			"fmt"
7			"strconv"
8			"time"
9
10			"github.com/alibabacloud-go/tea/tea"
11			"github.com/aliyun/credentials-go/credentials/request"
12			"github.com/aliyun/credentials-go/credentials/utils"
13			)
14
15			// RsaKeyPairCredential is a kind of credentials
16			type RsaKeyPairCredential struct {
17			*credentialUpdater
18			PrivateKey string
19			PublicKeyId string
20			SessionExpiration int
21			sessionCredential *sessionCredential
22			runtime *utils.Runtime
23			}
24
25			type rsaKeyPairResponse struct {
26			SessionAccessKey *sessionAccessKey `json:"SessionAccessKey" xml:"SessionAccessKey"`
27			}
28
29			type sessionAccessKey struct {
30			SessionAccessKeyId string `json:"SessionAccessKeyId" xml:"SessionAccessKeyId"`
31			SessionAccessKeySecret string `json:"SessionAccessKeySecret" xml:"SessionAccessKeySecret"`
32			Expiration string `json:"Expiration" xml:"Expiration"`
33			}
34
35			func newRsaKeyPairCredential(privateKey, publicKeyId string, sessionExpiration int, runtime utils.Runtime) RsaKeyPairCredential {
36			return &RsaKeyPairCredential{
37			PrivateKey: privateKey,
38			PublicKeyId: publicKeyId,
39			SessionExpiration: sessionExpiration,
40			credentialUpdater: new(credentialUpdater),
41			runtime: runtime,
42			}
43			}
44
45			// GetAccessKeyId reutrns RsaKeyPairCredential's AccessKeyId
46			// if AccessKeyId is not exist or out of date, the function will update it.
47			func (r RsaKeyPairCredential) GetAccessKeyId() (string, error) {
48			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
49			err := r.updateCredential()
50			if err != nil {
51			return tea.String(""), err
52			}
53			}
54			return tea.String(r.sessionCredential.AccessKeyId), nil
55			}
56
57			// GetAccessSecret reutrns RsaKeyPairCredential's AccessKeySecret
58			// if AccessKeySecret is not exist or out of date, the function will update it.
59			func (r RsaKeyPairCredential) GetAccessKeySecret() (string, error) {
60			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
61			err := r.updateCredential()
62			if err != nil {
63			return tea.String(""), err
64			}
65			}
66			return tea.String(r.sessionCredential.AccessKeySecret), nil
67			}
68
69			// GetSecurityToken is useless RsaKeyPairCredential
70			func (r RsaKeyPairCredential) GetSecurityToken() (string, error) {
71			return tea.String(""), nil
72			}
73
74			// GetBearerToken is useless for RsaKeyPairCredential
75			func (r RsaKeyPairCredential) GetBearerToken() string {
76			return tea.String("")
77			}
78
79			// GetType reutrns RsaKeyPairCredential's type
80			func (r RsaKeyPairCredential) GetType() string {
81			return tea.String("rsa_key_pair")
82			}
83
84			func (r *RsaKeyPairCredential) updateCredential() (err error) {
85			if r.runtime == nil {
86			r.runtime = new(utils.Runtime)
87			}
88			request := request.NewCommonRequest()
89			request.Domain = "sts.aliyuncs.com"
90			if r.runtime.Host != "" {
91			request.Domain = r.runtime.Host
92			} else if r.runtime.STSEndpoint != "" {
93			request.Domain = r.runtime.STSEndpoint
94			}
95			request.Scheme = "HTTPS"
96			request.Method = "GET"
97			request.QueryParams["AccessKeyId"] = r.PublicKeyId
98			request.QueryParams["Action"] = "GenerateSessionAccessKey"
99			request.QueryParams["Format"] = "JSON"
100			if r.SessionExpiration > 0 {
101			if r.SessionExpiration >= 900 && r.SessionExpiration <= 3600 {
102			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.SessionExpiration)
103			} else {
104			err = errors.New("[InvalidParam]:Key Pair session duration should be in the range of 15min - 1Hr")
105			return
106			}
107			} else {
108			request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
109			}
110			request.QueryParams["SignatureMethod"] = "SHA256withRSA"
111			request.QueryParams["SignatureType"] = "PRIVATEKEY"
112			request.QueryParams["SignatureVersion"] = "1.0"
113			request.QueryParams["Version"] = "2015-04-01"
114			request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
115			request.QueryParams["SignatureNonce"] = utils.GetUUID()
116			signature := utils.Sha256WithRsa(request.BuildStringToSign(), r.PrivateKey)
117			request.QueryParams["Signature"] = signature
118			request.Headers["Host"] = request.Domain
119			request.Headers["Accept-Encoding"] = "identity"
120			request.URL = request.BuildURL()
121			content, err := doAction(request, r.runtime)
122			if err != nil {
123			return fmt.Errorf("refresh KeyPair err: %s", err.Error())
124			}
125			var resp *rsaKeyPairResponse
126			err = json.Unmarshal(content, &resp)
127			if err != nil {
128			return fmt.Errorf("refresh KeyPair err: Json Unmarshal fail: %s", err.Error())
129			}
130			if resp == nil \|\| resp.SessionAccessKey == nil {
131			return fmt.Errorf("refresh KeyPair err: SessionAccessKey is empty")
132			}
133			sessionAccessKey := resp.SessionAccessKey
134			if sessionAccessKey.SessionAccessKeyId == "" \|\| sessionAccessKey.SessionAccessKeySecret == "" \|\| sessionAccessKey.Expiration == "" {
135			return fmt.Errorf("refresh KeyPair err: SessionAccessKeyId: %v, SessionAccessKeySecret: %v, Expiration: %v", sessionAccessKey.SessionAccessKeyId, sessionAccessKey.SessionAccessKeySecret, sessionAccessKey.Expiration)
136			}
137
138			expirationTime, err := time.Parse("2006-01-02T15:04:05Z", sessionAccessKey.Expiration)
139			r.lastUpdateTimestamp = time.Now().Unix()
140			r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
141			r.sessionCredential = &sessionCredential{
142			AccessKeyId: sessionAccessKey.SessionAccessKeyId,
143			AccessKeySecret: sessionAccessKey.SessionAccessKeySecret,
144			}
145
146			return
147			}
148

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( 268a44...ca9459 )

credentials/rsa_key_pair_credential.go A

Size/Duplication

Importance

7 Methods

Duplication Side-by-Side

Filter issues like