complete work on signURL

Author: aozarov

gcloud-java-core/pom.xml

@@ -28,13 +28,13 @@
     <dependency>
       <groupId>com.google.http-client</groupId>
       <artifactId>google-http-client</artifactId>
-      <version>1.19.0</version>
+      <version>1.20.0</version>
       <scope>compile</scope>
     </dependency>
     <dependency>
       <groupId>com.google.oauth-client</groupId>
       <artifactId>google-oauth-client</artifactId>
-      <version>1.19.0</version>
+      <version>1.20.0</version>
       <scope>compile</scope>
     </dependency>
     <dependency>

gcloud-java-examples/pom.xml

@@ -21,4 +21,15 @@
       <version>${project.version}</version>
     </dependency>
   </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <configuration>
+          <skip>false</skip>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
 </project>

gcloud-java-examples/src/main/java/com/google/gcloud/examples/StorageExample.java

@@ -16,6 +16,8 @@
 
 package com.google.gcloud.examples;
 
+import com.google.gcloud.AuthCredentials;
+import com.google.gcloud.AuthCredentials.ServiceAccountAuthCredentials;
 import com.google.gcloud.RetryParams;
 import com.google.gcloud.spi.StorageRpc.Tuple;
 import com.google.gcloud.storage.BatchRequest;
@@ -27,6 +29,7 @@
 import com.google.gcloud.storage.StorageService;
 import com.google.gcloud.storage.StorageService.ComposeRequest;
 import com.google.gcloud.storage.StorageService.CopyRequest;
+import com.google.gcloud.storage.StorageService.SignUrlOption;
 import com.google.gcloud.storage.StorageServiceFactory;
 import com.google.gcloud.storage.StorageServiceOptions;
 
@@ -40,7 +43,14 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
 import java.util.Arrays;
+import java.util.Calendar;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -58,7 +68,8 @@
  * -Dexec.args="[<project_id>] list [<bucket>]| info [<bucket> [<file>]]|
  *  download <bucket> <path> [local_file]| upload <local_file> <bucket> [<path>]|
  *  delete <bucket> <path>+| cp <from_bucket> <from_path> <to_bucket> <to_path>|
- *  compose <bucket> <from_path>+ <to_path>| update_metadata <bucket> <file> [key=value]*"}
+ *  compose <bucket> <from_path>+ <to_path>| update_metadata <bucket> <file> [key=value]*|
+ *  sign_url <service_account_private_key_file> <service_account_email> <bucket> <path>"}
  * </li>
  * </ol>
  *
@@ -75,7 +86,7 @@ private static abstract class StorageAction<T> {
 
     abstract void run(StorageService storage, T request) throws Exception;
 
-    abstract T parse(String... args) throws IllegalArgumentException, IOException;
+    abstract T parse(String... args) throws Exception;
 
     protected String params() {
       return "";
@@ -424,7 +435,7 @@ public String params() {
    *
    * @see <a href="https://cloud.google.com/storage/docs/json_api/v1/objects/update">Objects: update</a>
    */
-  private static class UpdateMetadata extends StorageAction<Tuple<Blob, Map<String, String>>> {
+  private static class UpdateMetadataAction extends StorageAction<Tuple<Blob, Map<String, String>>> {
 
     @Override
     public void run(StorageService storage, Tuple<Blob, Map<String, String>> tuple)
@@ -467,6 +478,52 @@ public String params() {
     }
   }
 
+  /**
+   * This class demonstrates how to sign a url.
+   * URL will be valid for 1 day.
+   *
+   * @see <a href="https://cloud.google.com/storage/docs/access-control#Signed-URLs">Signed URLs</a>
+   */
+  private static class SignUrlAction extends
+      StorageAction<Tuple<ServiceAccountAuthCredentials, Blob>> {
+
+    private static final char[] PASSWORD =  "notasecret".toCharArray();
+
+    @Override
+    public void run(StorageService storage, Tuple<ServiceAccountAuthCredentials, Blob> tuple)
+        throws Exception {
+      run(storage, tuple.x(), tuple.y());
+    }
+
+    private void run(StorageService storage, ServiceAccountAuthCredentials cred, Blob blob)
+        throws IOException {
+      Calendar cal = Calendar.getInstance();
+      cal.add(Calendar.DATE, 1);
+      long expiration = cal.getTimeInMillis() / 1000;
+      System.out.println("Signed URL: " +
+          storage.signUrl(blob, expiration, SignUrlOption.serviceAccount(cred)));
+    }
+
+    @Override
+    Tuple<ServiceAccountAuthCredentials, Blob> parse(String... args)
+        throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException,
+        UnrecoverableKeyException {
+      if (args.length != 4) {
+        throw new IllegalArgumentException();
+      }
+      KeyStore keystore = KeyStore.getInstance("PKCS12");
+      keystore.load(Files.newInputStream(Paths.get(args[0])), PASSWORD);
+      PrivateKey privateKey = (PrivateKey) keystore.getKey("privatekey", PASSWORD);
+      ServiceAccountAuthCredentials cred = AuthCredentials.createFor(args[1], privateKey);
+      return Tuple.of(cred, Blob.of(args[2], args[3]));
+    }
+
+    @Override
+    public String params() {
+      return "<service_account_private_key_file> <service_account_email> <bucket> <path>";
+    }
+  }
+
   static {
     ACTIONS.put("info", new InfoAction());
     ACTIONS.put("delete", new DeleteAction());
@@ -475,7 +532,8 @@ public String params() {
     ACTIONS.put("download", new DownloadAction());
     ACTIONS.put("cp", new CopyAction());
     ACTIONS.put("compose", new ComposeAction());
-    ACTIONS.put("update_metadata", new UpdateMetadata());
+    ACTIONS.put("update_metadata", new UpdateMetadataAction());
+    ACTIONS.put("sign_url", new SignUrlAction());
   }
 
   public static void printUsage() {

gcloud-java-storage/src/main/java/com/google/gcloud/spi/DefaultStorageRpc.java

@@ -81,8 +81,8 @@ public DefaultStorageRpc(StorageServiceOptions options) {
     HttpTransport transport = options.httpTransportFactory().create();
     HttpRequestInitializer initializer = options.httpRequestInitializer();
     this.options = options;
-    // todo: validate what is returned by getRootURL and use that for host default (and use host())
     storage = new Storage.Builder(transport, new JacksonFactory(), initializer)
+        .setRootUrl(options.host())
         .setApplicationName("gcloud-java")
         .build();
   }

gcloud-java-storage/src/main/java/com/google/gcloud/storage/StorageServiceImpl.java

@@ -29,6 +29,7 @@
 import static com.google.gcloud.spi.StorageRpc.Option.IF_SOURCE_METAGENERATION_MATCH;
 import static com.google.gcloud.spi.StorageRpc.Option.IF_SOURCE_METAGENERATION_NOT_MATCH;
 import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.api.services.storage.model.StorageObject;
 import com.google.common.base.Function;
@@ -51,6 +52,7 @@
 import java.io.UnsupportedEncodingException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.net.URLEncoder;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Signature;
@@ -467,7 +469,7 @@ public URL signUrl(Blob blob, long expiration, SignUrlOption... options) {
       stBuilder.append(blob.contentType());
     }
     stBuilder.append('\n');
-    stBuilder.append(expiration).append('\n').append('\n');
+    stBuilder.append(expiration).append('\n');
     StringBuilder path = new StringBuilder();
     if (!blob.bucket().startsWith("/")) {
       path.append('/');
@@ -484,9 +486,9 @@ public URL signUrl(Blob blob, long expiration, SignUrlOption... options) {
     try {
       Signature signer = Signature.getInstance("SHA256withRSA");
       signer.initSign(cred.privateKey());
-      signer.update(stBuilder.toString().getBytes("UTF-8"));
-      String signature = BaseEncoding.base64Url().encode(signer.sign());
-      // todo - use options().host() - after default is correct and value is past to RPC
+      signer.update(stBuilder.toString().getBytes(UTF_8));
+      String signature =
+          URLEncoder.encode(BaseEncoding.base64().encode(signer.sign()), UTF_8.name());
       stBuilder = new StringBuilder("https://storage.googleapis.com").append(path);
       stBuilder.append("?GoogleAccessId=").append(cred.account());
       stBuilder.append("&Expires=").append(expiration);

gcloud-java-storage/src/test/java/com/google/gcloud/storage/CorsTest.java

@@ -38,7 +38,7 @@ public void testOrigin() {
   public void corsTest() {
     List<Origin> origins = ImmutableList.of(Origin.any(), Origin.of("o"));
     List<String> headers = ImmutableList.of("h1", "h2");
-    List<HttpMethod> methods = ImmutableList.of(HttpMethod.ANY);
+    List<HttpMethod> methods = ImmutableList.of(HttpMethod.GET);
     Cors cors = Cors.builder()
         .maxAgeSeconds(100)
         .origins(origins)

pom.xml

@@ -85,6 +85,19 @@
     </pluginRepository>
   </pluginRepositories>
   <build>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <groupId>org.codehaus.mojo</groupId>
+          <artifactId>exec-maven-plugin</artifactId>
+          <version>1.3.2</version>
+          <configuration>
+            <skip>true</skip>
+            <executable>java</executable>
+          </configuration>
+        </plugin>
+      </plugins>
+    </pluginManagement>
     <plugins>
       <plugin>
         <groupId>org.codehaus.mojo</groupId>