From 2ac39494f7134292abf0c2eecdf173c22dda57d0 Mon Sep 17 00:00:00 2001 From: Vincenzo Mecca Date: Fri, 22 Nov 2024 16:12:56 +0100 Subject: [PATCH] [DSC-1897] Fixes awsCredentialSupplier creation for awsSessionToken --- .../storage/bitstore/S3BitStoreService.java | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/dspace-api/src/main/java/org/dspace/storage/bitstore/S3BitStoreService.java b/dspace-api/src/main/java/org/dspace/storage/bitstore/S3BitStoreService.java index cc1a5b9496e2..7f3e69a8b0cc 100644 --- a/dspace-api/src/main/java/org/dspace/storage/bitstore/S3BitStoreService.java +++ b/dspace-api/src/main/java/org/dspace/storage/bitstore/S3BitStoreService.java @@ -83,6 +83,7 @@ public class S3BitStoreService extends BaseBitStoreService { protected static final String DEFAULT_BUCKET_PREFIX = "dspace-asset-"; protected static final Gson GSON = new GsonBuilder().serializeNulls().setPrettyPrinting().create(); + public static final String REGEX_SECRET = "^(.{3})(.*)(.{3})$"; // Prefix indicating a registered bitstream protected final String REGISTERED_FLAG = "-R"; /** @@ -272,8 +273,8 @@ protected static Supplier getAwsCredentialsSupplie BasicAWSCredentials credentials = new BasicAWSCredentials(awsAccessKey, awsSecretKey); log.info( "AmazonS3Client credentials - accessKey: {}, secretKey: {}", - credentials.getAWSAccessKeyId().replaceFirst("^(.{3})(.*)(.{3})$", "$1***$3"), - credentials.getAWSSecretKey().replaceFirst("^(.{3})(.*)(.{3})$", "$1***$3") + credentials.getAWSAccessKeyId().replaceFirst(REGEX_SECRET, "$1***$3"), + credentials.getAWSSecretKey().replaceFirst(REGEX_SECRET, "$1***$3") ); return getAwsCredentialsSupplier(credentials); } @@ -289,9 +290,10 @@ protected static Supplier getBasicCredentialsSuppl ) { BasicSessionCredentials credentials = new BasicSessionCredentials(awsAccessKey, awsSecretKey, awsSessionToken); log.info( - "AmazonS3Client credentials - accessKey: {}, secretKey: {}", - credentials.getAWSAccessKeyId().replaceFirst("^(.{3})(.*)(.{3})$", "$1***$3"), - credentials.getAWSSecretKey().replaceFirst("^(.{3})(.*)(.{3})$", "$1***$3") + "AmazonS3Client credentials - accessKey: {}, secretKey: {}, awsSessionToken: {}", + credentials.getAWSAccessKeyId().replaceFirst(REGEX_SECRET, "$1***$3"), + credentials.getAWSSecretKey().replaceFirst(REGEX_SECRET, "$1***$3"), + credentials.getSessionToken().replaceFirst(REGEX_SECRET, "$1***$3") ); return getAwsCredentialsSupplier(credentials); } @@ -345,9 +347,15 @@ public void init() throws IOException { try { Supplier awsCredentialsSupplier; if (StringUtils.isNotBlank(getAwsAccessKey()) && StringUtils.isNotBlank(getAwsSecretKey())) { - log.warn("Use local defined S3 credentials"); - awsCredentialsSupplier = getBasicCredentialsSupplier(getAwsAccessKey(), getAwsSecretKey(), - getAwsSessionToken()); + if (StringUtils.isNotBlank(getAwsSessionToken())) { + log.warn("Use local S3 credentials with session token"); + awsCredentialsSupplier = + getBasicCredentialsSupplier(getAwsAccessKey(), getAwsSecretKey(), getAwsSessionToken()); + } else { + log.warn("Use local S3 credentials with access and secret keys"); + awsCredentialsSupplier = + getAwsCredentialsSupplier(getAwsAccessKey(), getAwsSecretKey()); + } } else { log.info("Use an IAM role or aws environment credentials"); awsCredentialsSupplier = DefaultAWSCredentialsProviderChain::new;