weizhouapache commented on code in PR #8264:
URL: https://github.com/apache/cloudstack/pull/8264#discussion_r1408897036
##########
services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java:
##########
@@ -3590,6 +3586,48 @@ public void validatePostUploadRequest(String signature,
String metadata, String
}
}
+ /**
+ * Validates whether the provided signature matches the signature
generated from the other parameters;
+ * throws an InvalidParameterValueException if it does not.
+ */
+ protected void validatePostUploadRequestSignature(String signature, String
hostname, String uuid, String metadata, String timeout) {
+ s_logger.trace(String.format("Validating signature [%s] for post
upload request [%s].", signature, uuid));
+ String protocol = getUploadProtocol();
+ String fullUrl = String.format("%s://%s/upload/%s", protocol,
hostname, uuid);
+ String data = String.format("%s%s%s", metadata, fullUrl, timeout);
+
+ String computedSignature = EncryptionUtil.generateSignature(data,
getPostUploadPSK());
+ s_logger.debug(String.format("Computed signature for post upload
request [%s] is [%s].", uuid, computedSignature));
+
+ boolean isSignatureValid = computedSignature.equals(signature);
+ if (!isSignatureValid) {
+ s_logger.debug(String.format("Signature for post upload request
[%s] is invalid.", uuid));
+ String errorMsg = "signature validation failed.";
+ updateStateMapWithError(uuid, errorMsg);
+ throw new InvalidParameterValueException(errorMsg);
+ }
+ s_logger.debug(String.format("Signature for post upload request [%s]
is valid.", uuid));
+ }
+
+ /**
+ * Returns the protocol used for uploads as a string.
+ */
+ protected String getUploadProtocol() {
+ if (useHttpsToUpload()) {
+ s_logger.debug(String.format("Param [%s] is set to true;
therefore, HTTPS is being used.", USE_HTTPS_TO_UPLOAD));
+ return "https";
+ }
+ s_logger.debug(String.format("Param [%s] is set to false; therefore,
HTTP is being used.", USE_HTTPS_TO_UPLOAD));
+ return "http";
Review Comment:
you can use NetUtils.HTTP_PROTO instead
##########
services/secondary-storage/server/src/main/java/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java:
##########
@@ -3590,6 +3586,48 @@ public void validatePostUploadRequest(String signature,
String metadata, String
}
}
+ /**
+ * Validates whether the provided signature matches the signature
generated from the other parameters;
+ * throws an InvalidParameterValueException if it does not.
+ */
+ protected void validatePostUploadRequestSignature(String signature, String
hostname, String uuid, String metadata, String timeout) {
+ s_logger.trace(String.format("Validating signature [%s] for post
upload request [%s].", signature, uuid));
+ String protocol = getUploadProtocol();
+ String fullUrl = String.format("%s://%s/upload/%s", protocol,
hostname, uuid);
+ String data = String.format("%s%s%s", metadata, fullUrl, timeout);
+
+ String computedSignature = EncryptionUtil.generateSignature(data,
getPostUploadPSK());
+ s_logger.debug(String.format("Computed signature for post upload
request [%s] is [%s].", uuid, computedSignature));
+
+ boolean isSignatureValid = computedSignature.equals(signature);
+ if (!isSignatureValid) {
+ s_logger.debug(String.format("Signature for post upload request
[%s] is invalid.", uuid));
+ String errorMsg = "signature validation failed.";
+ updateStateMapWithError(uuid, errorMsg);
+ throw new InvalidParameterValueException(errorMsg);
+ }
+ s_logger.debug(String.format("Signature for post upload request [%s]
is valid.", uuid));
+ }
+
+ /**
+ * Returns the protocol used for uploads as a string.
+ */
+ protected String getUploadProtocol() {
+ if (useHttpsToUpload()) {
+ s_logger.debug(String.format("Param [%s] is set to true;
therefore, HTTPS is being used.", USE_HTTPS_TO_UPLOAD));
+ return "https";
Review Comment:
can define a constant NetUtils.HTTPS_PROTO
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
