public AWSCredentials getCredentials() { if (sessionToken.isEmpty()) { return new BasicAWSCredentials(accessKey, secretKey); } else { return new BasicSessionCredentials(accessKey, secretKey, sessionToken); } } public void refresh() {}
return new BasicSessionCredentials(accessKeyId, secretKey, token);
@Override public AWSCredentials getCredentials() { String accessKey = System.getenv(ACCESS_KEY_ENV_VAR); if (accessKey == null) { accessKey = System.getenv(ALTERNATE_ACCESS_KEY_ENV_VAR); } String secretKey = System.getenv(SECRET_KEY_ENV_VAR); if (secretKey == null) { secretKey = System.getenv(ALTERNATE_SECRET_KEY_ENV_VAR); } accessKey = StringUtils.trim(accessKey); secretKey = StringUtils.trim(secretKey); String sessionToken = StringUtils.trim(System.getenv(AWS_SESSION_TOKEN_ENV_VAR)); if (StringUtils.isNullOrEmpty(accessKey) || StringUtils.isNullOrEmpty(secretKey)) { throw new SdkClientException( "Unable to load AWS credentials from environment variables " + "(" + ACCESS_KEY_ENV_VAR + " (or " + ALTERNATE_ACCESS_KEY_ENV_VAR + ") and " + SECRET_KEY_ENV_VAR + " (or " + ALTERNATE_SECRET_KEY_ENV_VAR + "))"); } return sessionToken == null ? new BasicAWSCredentials(accessKey, secretKey) : new BasicSessionCredentials(accessKey, secretKey, sessionToken); }
@Override public AWSCredentials getCredentials() { String accessKey = StringUtils.trim(System.getProperty(ACCESS_KEY_SYSTEM_PROPERTY)); String secretKey = StringUtils.trim(System.getProperty(SECRET_KEY_SYSTEM_PROPERTY)); String sessionToken = StringUtils.trim(System.getProperty(SESSION_TOKEN_SYSTEM_PROPERTY)); if (StringUtils.isNullOrEmpty(accessKey) || StringUtils.isNullOrEmpty(secretKey)) { throw new SdkClientException( "Unable to load AWS credentials from Java system " + "properties (" + ACCESS_KEY_SYSTEM_PROPERTY + " and " + SECRET_KEY_SYSTEM_PROPERTY + ")"); } if (StringUtils.isNullOrEmpty(sessionToken)) { return new BasicAWSCredentials(accessKey, secretKey); } else { return new BasicSessionCredentials(accessKey, secretKey, sessionToken); } }
private static void applicationCredentials(Config conf, String serviceName, Consumer<AWSCredentialsProvider> consumer) { String accessKey = find(conf, "aws." + serviceName + "." + ACCESS_KEY, "aws." + ACCESS_KEY); if (accessKey != null) { String secretKey = find(conf, "aws." + serviceName + "." + SECRET_KEY, "aws." + SECRET_KEY); String sessionToken = find(conf, "aws." + serviceName + "." + SESSION_TOKEN, "aws." + SESSION_TOKEN); AWSCredentials credentials = sessionToken == null ? new BasicAWSCredentials(accessKey, secretKey) : new BasicSessionCredentials(accessKey, secretKey, sessionToken); consumer.accept(new AWSStaticCredentialsProvider(credentials)); } }
new BasicSessionCredentials( credentials.getAccessKeyId(), credentials.getSecretAccessKey(),
/** * Returns immutable session credentials for this session, beginning a new one if necessary. */ public synchronized AWSSessionCredentials getImmutableCredentials() { Credentials creds = getSessionCredentials(); return new BasicSessionCredentials(creds.getAccessKeyId(), creds.getSecretAccessKey(), creds.getSessionToken()); }
SessionCredentialsHolder(Credentials credentials) { this.sessionCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); this.sessionCredentialsExpiration = credentials.getExpiration(); }
/** * Parse the process output to retrieve the credentials. */ private AWSCredentials credentials(JsonNode credentialsJson) { String accessKeyId = getText(credentialsJson, "AccessKeyId"); String secretAccessKey = getText(credentialsJson, "SecretAccessKey"); String sessionToken = getText(credentialsJson, "SessionToken"); ValidationUtils.assertStringNotEmpty(accessKeyId, "AccessKeyId"); ValidationUtils.assertStringNotEmpty(accessKeyId, "SecretAccessKey"); if (sessionToken != null) { return new BasicSessionCredentials(accessKeyId, secretAccessKey, sessionToken); } else { return new BasicAWSCredentials(accessKeyId, secretAccessKey); } }
credentials = new BasicSessionCredentials(accessKey.asText(), secretKey.asText(), token.asText()); } else {
private AWSCredentials fromStaticCredentials() { if (StringUtils.isNullOrEmpty(profile.getAwsAccessIdKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Access Key ID is not specified.", profile.getProfileName())); } if (StringUtils.isNullOrEmpty(profile.getAwsSecretAccessKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Secret Access Key is not specified.", profile.getAwsSecretAccessKey())); } if (profile.getAwsSessionToken() == null) { return new BasicAWSCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey()); } else { if (profile.getAwsSessionToken().isEmpty()) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Session Token is empty.", profile.getProfileName())); } return new BasicSessionCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey(), profile.getAwsSessionToken()); } }
/** * Starts a new session by sending a request to the AWS Security Token * Service (STS) with the long lived AWS credentials. This class then vends * the short lived session credentials sent back from STS. */ private void startSession() { AssumeRoleWithWebIdentityResult sessionTokenResult = securityTokenService .assumeRoleWithWebIdentity(new AssumeRoleWithWebIdentityRequest().withWebIdentityToken(wifToken) .withProviderId(wifProvider) .withRoleArn(roleArn) .withRoleSessionName("ProviderSession") .withDurationSeconds(this.sessionDuration)); Credentials stsCredentials = sessionTokenResult.getCredentials(); subjectFromWIF = sessionTokenResult.getSubjectFromWebIdentityToken(); sessionCredentials = new BasicSessionCredentials( stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }
/** * Load the credentials from prefs */ void loadCachedCredentials() { Log.d(TAG, "Loading credentials from SharedPreferences"); sessionCredentialsExpiration = new Date(prefs.getLong(namespace(EXP_KEY), 0)); // make sure we have valid data in prefs boolean hasAK = prefs.contains(namespace(AK_KEY)); boolean hasSK = prefs.contains(namespace(SK_KEY)); boolean hasST = prefs.contains(namespace(ST_KEY)); if (!hasAK || !hasSK || !hasST) { Log.d(TAG, "No valid credentials found in SharedPreferences"); sessionCredentialsExpiration = null; return; } String AK = prefs.getString(namespace(AK_KEY), null); String SK = prefs.getString(namespace(SK_KEY), null); String ST = prefs.getString(namespace(ST_KEY), null); sessionCredentials = new BasicSessionCredentials(AK, SK, ST); }
@Override public AWSCredentials getCredentials() { String accessKey = StringUtils.trim(System.getProperty(ACCESS_KEY_SYSTEM_PROPERTY)); String secretKey = StringUtils.trim(System.getProperty(SECRET_KEY_SYSTEM_PROPERTY)); String sessionToken = StringUtils.trim(System.getProperty(SESSION_TOKEN_SYSTEM_PROPERTY)); if (StringUtils.isNullOrEmpty(accessKey) || StringUtils.isNullOrEmpty(secretKey)) { throw new SdkClientException( "Unable to load AWS credentials from Java system " + "properties (" + ACCESS_KEY_SYSTEM_PROPERTY + " and " + SECRET_KEY_SYSTEM_PROPERTY + ")"); } if (StringUtils.isNullOrEmpty(sessionToken)) { return new BasicAWSCredentials(accessKey, secretKey); } else { return new BasicSessionCredentials(accessKey, secretKey, sessionToken); } }
/** * Returns immutable session credentials for this session, beginning a new * one if necessary. */ public synchronized AWSSessionCredentials getImmutableCredentials() { Credentials creds = getSessionCredentials(); return new BasicSessionCredentials(creds.getAccessKeyId(), creds.getSecretAccessKey(), creds.getSessionToken()); }
/** * Parse the process output to retrieve the credentials. */ private AWSCredentials credentials(JsonNode credentialsJson) { String accessKeyId = getText(credentialsJson, "AccessKeyId"); String secretAccessKey = getText(credentialsJson, "SecretAccessKey"); String sessionToken = getText(credentialsJson, "SessionToken"); ValidationUtils.assertStringNotEmpty(accessKeyId, "AccessKeyId"); ValidationUtils.assertStringNotEmpty(accessKeyId, "SecretAccessKey"); if (sessionToken != null) { return new BasicSessionCredentials(accessKeyId, secretAccessKey, sessionToken); } else { return new BasicAWSCredentials(accessKeyId, secretAccessKey); } }
/** * Starts a new session by sending a request to the AWS Security Token * Service (STS) with the long lived AWS credentials. This class then vends * the short lived session credentials sent back from STS. */ private void startSession() { GetSessionTokenResult sessionTokenResult = securityTokenService .getSessionToken(new GetSessionTokenRequest() .withDurationSeconds(DEFAULT_DURATION_SECONDS)); Credentials stsCredentials = sessionTokenResult.getCredentials(); sessionCredentials = new BasicSessionCredentials( stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }
/** * Starts a new session by sending a request to the AWS Security Token * Service (STS) to assume a Role using the long lived AWS credentials. This * class then vends the short lived session credentials for the assumed Role * sent back from STS. */ private void startSession() { AssumeRoleResult assumeRoleResult = securityTokenService.assumeRole(new AssumeRoleRequest() .withRoleArn(roleArn).withDurationSeconds(DEFAULT_DURATION_SECONDS) .withRoleSessionName(roleSessionName)); Credentials stsCredentials = assumeRoleResult.getCredentials(); sessionCredentials = new BasicSessionCredentials(stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }
/** * Starts a new session by sending a request to the AWS Security Token * Service (STS) with the long lived AWS credentials. This class then vends * the short lived session credentials sent back from STS. */ private void startSession() { AssumeRoleWithWebIdentityResult sessionTokenResult = securityTokenService .assumeRoleWithWebIdentity(new AssumeRoleWithWebIdentityRequest() .withWebIdentityToken(wifToken) .withProviderId(wifProvider) .withRoleArn(roleArn) .withRoleSessionName("ProviderSession") .withDurationSeconds(this.sessionDuration)); Credentials stsCredentials = sessionTokenResult.getCredentials(); subjectFromWIF = sessionTokenResult.getSubjectFromWebIdentityToken(); sessionCredentials = new BasicSessionCredentials( stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); sessionCredentialsExpiration = stsCredentials.getExpiration(); }
/** * Gets the session credentials by requesting an OpenId Connect token from * Amazon Cognito and then trading it with AWS Secure Token Service for the * short lived session credentials. */ private void populateCredentialsWithSts(String token) { boolean isAuthenticated = identityProvider.isAuthenticated(); String roleArn = (isAuthenticated) ? authRoleArn : unauthRoleArn; AssumeRoleWithWebIdentityRequest sessionTokenRequest = new AssumeRoleWithWebIdentityRequest() .withWebIdentityToken(token) .withRoleArn(roleArn) .withRoleSessionName("ProviderSession") .withDurationSeconds(sessionDuration); appendUserAgent(sessionTokenRequest, getUserAgent()); AssumeRoleWithWebIdentityResult sessionTokenResult = securityTokenService .assumeRoleWithWebIdentity(sessionTokenRequest); Credentials stsCredentials = sessionTokenResult.getCredentials(); sessionCredentials = new BasicSessionCredentials( stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken()); setSessionCredentialsExpiration(stsCredentials.getExpiration()); }