#368

Committed 22 Mar 2025 10:03PM UTC coverage: 83.31% (-0.2%) from 83.503%

Build # #368

Build Type

push

Committed by

Commit Message

Changelog & credits update

Run Details

4862 of 5836 relevant lines covered (83.31%)

0.83 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.55

/jsign-crypto/src/main/java/net/jsign/jca/AmazonCredentials.java

/*
 * Copyright 2023 Emmanuel Bourg
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package net.jsign.jca;

import java.io.IOException;

/**
 * AWS credentials
 *
 * @since 5.0
 */
public class AmazonCredentials {

    private final String accessKey;
    private final String secretKey;
    private final String sessionToken;

    public AmazonCredentials(String accessKey, String secretKey, String sessionToken) {
        this.accessKey = accessKey;
        this.secretKey = secretKey;
        this.sessionToken = sessionToken;
    }

    public String getAccessKey() {
        return accessKey;
    }

    public String getSecretKey() {
        return secretKey;
    }

    public String getSessionToken() {
        return sessionToken;
    }

    /**
     * Parses the concatenated AWS credentials
     *
     * @param credentials <tt>accessKey|secretKey|sessionToken</tt> (the session token is optional)
     */
    public static AmazonCredentials parse(String credentials) throws IllegalArgumentException {
        // parse the credentials
        String[] elements = credentials.split("\\|", 3);
        if (elements.length < 2) {
            throw new IllegalArgumentException("Invalid AWS credentials: " + credentials);
        }
        String accessKey = elements[0];
        String secretKey = elements[1];
        String sessionToken = elements.length > 2 ? elements[2] : null;

        return new AmazonCredentials(accessKey, secretKey, sessionToken);   
    }

    /**
     * Returns the default AWS credentials, fetched from the following sources in order:
     * <ul>
     *   <li>The environment variables <tt>AWS_ACCESS_KEY_ID</tt> (or <tt>AWS_ACCESS_KEY</tt>),
     *       <tt>AWS_SECRET_KEY</tt> (or <tt>AWS_SECRET_ACCESS_KEY</tt>) and <tt>AWS_SESSION_TOKEN</tt></li>
     *   <li>The ECS container credentials service (ECS, EKS, Greengrass, Fargate)</li>
     *   <li>The EC2 instance metadata service (IMDSv2)</li>
     * </ul>
     */
    public static AmazonCredentials getDefault() throws IOException {
        if (getenv("AWS_ACCESS_KEY_ID") != null || getenv("AWS_ACCESS_KEY") != null) {
            String accessKey = getenv("AWS_ACCESS_KEY_ID");
            if (accessKey == null) {
                accessKey = getenv("AWS_ACCESS_KEY");
            }
            String secretKey = getenv("AWS_SECRET_KEY");
            if (secretKey == null) {
                secretKey = getenv("AWS_SECRET_ACCESS_KEY");
            }
            String sessionToken = getenv("AWS_SESSION_TOKEN");

            return new AmazonCredentials(accessKey, secretKey, sessionToken);
        } else {
            try {
                return new AmazonECSCredentialsClient().getCredentials();
            } catch (IOException ecsException) {
                try {
                    return new AmazonIMDS2Client().getCredentials();
                } catch (IOException imds2Exception) {
                    ecsException.addSuppressed(imds2Exception);
                    throw ecsException;
                }
            }
        }
    }

    static String getenv(String name) {
        return System.getenv(name);
    }
}

1	/*
2	* Copyright 2023 Emmanuel Bourg
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16
17	package net.jsign.jca;
18
19	import java.io.IOException;
20
21	/**
22	* AWS credentials
23	*
24	* @since 5.0
25	*/
26	public class AmazonCredentials {
27
28	private final String accessKey;
29	private final String secretKey;
30	private final String sessionToken;
31
32	public AmazonCredentials(String accessKey, String secretKey, String sessionToken) {	1✔
33	this.accessKey = accessKey;	1✔
34	this.secretKey = secretKey;	1✔
35	this.sessionToken = sessionToken;	1✔
36	}	1✔
37
38	public String getAccessKey() {
39	return accessKey;	1✔
40	}
41
42	public String getSecretKey() {
43	return secretKey;	1✔
44	}
45
46	public String getSessionToken() {
47	return sessionToken;	1✔
48	}
49
50	/**
51	* Parses the concatenated AWS credentials
52	*
53	* @param credentials <tt>accessKey\|secretKey\|sessionToken</tt> (the session token is optional)
54	*/
55	public static AmazonCredentials parse(String credentials) throws IllegalArgumentException {
56	// parse the credentials
57	String[] elements = credentials.split("\\\|", 3);	1✔
58	if (elements.length < 2) {	1✔
59	throw new IllegalArgumentException("Invalid AWS credentials: " + credentials);	1✔
60	}
61	String accessKey = elements[0];	1✔
62	String secretKey = elements[1];	1✔
63	String sessionToken = elements.length > 2 ? elements[2] : null;	1✔
64
65	return new AmazonCredentials(accessKey, secretKey, sessionToken);	1✔
66	}
67
68	/**
69	* Returns the default AWS credentials, fetched from the following sources in order:
70	* <ul>
71	* <li>The environment variables <tt>AWS_ACCESS_KEY_ID</tt> (or <tt>AWS_ACCESS_KEY</tt>),
72	* <tt>AWS_SECRET_KEY</tt> (or <tt>AWS_SECRET_ACCESS_KEY</tt>) and <tt>AWS_SESSION_TOKEN</tt></li>
73	* <li>The ECS container credentials service (ECS, EKS, Greengrass, Fargate)</li>
74	* <li>The EC2 instance metadata service (IMDSv2)</li>
75	* </ul>
76	*/
77	public static AmazonCredentials getDefault() throws IOException {
78	if (getenv("AWS_ACCESS_KEY_ID") != null \|\| getenv("AWS_ACCESS_KEY") != null) {	1✔
79	String accessKey = getenv("AWS_ACCESS_KEY_ID");	1✔
80	if (accessKey == null) {	1✔
81	accessKey = getenv("AWS_ACCESS_KEY");	1✔
82	}
83	String secretKey = getenv("AWS_SECRET_KEY");	1✔
84	if (secretKey == null) {	1✔
85	secretKey = getenv("AWS_SECRET_ACCESS_KEY");	1✔
86	}
87	String sessionToken = getenv("AWS_SESSION_TOKEN");	1✔
88
89	return new AmazonCredentials(accessKey, secretKey, sessionToken);	1✔
90	} else {
91	try {
92	return new AmazonECSCredentialsClient().getCredentials();	×
93	} catch (IOException ecsException) {	1✔
94	try {
95	return new AmazonIMDS2Client().getCredentials();	×
96	} catch (IOException imds2Exception) {	1✔
97	ecsException.addSuppressed(imds2Exception);	1✔
98	throw ecsException;	1✔
99	}
100	}
101	}
102	}
103
104	static String getenv(String name) {
105	return System.getenv(name);	1✔
106	}
107	}

ebourg / jsign / #368

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous