From 7aa05c783ae9acd8f8ae26d3e889114bd0fc3870 Mon Sep 17 00:00:00 2001
From: Page Asgardius <asgardius@asgardius.company>
Date: Fri, 3 Feb 2023 15:52:10 -0700
Subject: [PATCH] check policy per object

---
 .../asgardius/page/s3manager/PolicyCheck.java | 47 +++++++++++++++++++
 .../java/asgardius/page/s3manager/Share.java  | 16 ++-----
 2 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100644 app/src/main/java/asgardius/page/s3manager/PolicyCheck.java

diff --git a/app/src/main/java/asgardius/page/s3manager/PolicyCheck.java b/app/src/main/java/asgardius/page/s3manager/PolicyCheck.java
new file mode 100644
index 0000000..77c17d7
--- /dev/null
+++ b/app/src/main/java/asgardius/page/s3manager/PolicyCheck.java
@@ -0,0 +1,47 @@
+package asgardius.page.s3manager;
+
+import com.amazonaws.services.s3.AmazonS3;
+import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
+
+import java.util.Date;
+
+public class PolicyCheck {
+    public static String getFileKey(AmazonS3 s3client, String bucket, String object, Date expiration) {
+        try {
+            Boolean publicobject;
+            String fileKey = null;
+            String policy = s3client.getBucketPolicy(bucket).getPolicyText();
+            publicobject = false;
+            if(policy.contains("arn:aws:s3:::"+bucket+"/*") && policy.contains("s3:GetObject")) {
+                publicobject = true;
+            } else if(policy.contains("s3:GetObject")) {
+                if((policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"*\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"**\"")) && policy.contains("s3:GetObject")) {
+                    publicobject = true;
+                } else {
+                    String[] path = object.split("/");
+                    String filepath = "";
+                    for (int i = 0; i < path.length-1; i++) {
+                        filepath = filepath+path[i]+"/";
+                        //System.out.println(filepath);
+                        if(policy.contains("\"arn:aws:s3:::"+bucket+"/"+filepath+"*\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+filepath+"**\"")) {
+                            publicobject = true;
+                            i = path.length;
+                        }
+                    }
+                }
+            }
+            if(publicobject) {
+                fileKey = s3client.getUrl(bucket, object).toString();
+            } else {
+                GeneratePresignedUrlRequest request;
+                request = new GeneratePresignedUrlRequest(bucket, object).withExpiration(expiration);
+                fileKey = s3client.generatePresignedUrl(request).toString();
+            }
+            return fileKey;
+        } catch (Exception e) {
+            GeneratePresignedUrlRequest request;
+            request = new GeneratePresignedUrlRequest(bucket, object).withExpiration(expiration);
+            return s3client.generatePresignedUrl(request).toString();
+        }
+    }
+}
diff --git a/app/src/main/java/asgardius/page/s3manager/Share.java b/app/src/main/java/asgardius/page/s3manager/Share.java
index 09136fa..bcdc7a5 100644
--- a/app/src/main/java/asgardius/page/s3manager/Share.java
+++ b/app/src/main/java/asgardius/page/s3manager/Share.java
@@ -273,6 +273,7 @@ public class Share extends AppCompatActivity {
 
                                 @Override
                                 public void run() {
+                                    simpleProgressBar.setVisibility(View.INVISIBLE);
                                     Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
                                 }
                             });
@@ -371,23 +372,13 @@ public class Share extends AppCompatActivity {
         objectlist = "";
         List<S3ObjectSummary> objects = result.getObjectSummaries();
         for (S3ObjectSummary os : objects) {
-            if(publicobject) {
-                objectlist = objectlist+s3client.getUrl(bucket, os.getKey()).toString()+"\n";
-            } else {
-                request = new GeneratePresignedUrlRequest(bucket, os.getKey()).withExpiration(expiration);
-                objectlist = objectlist+s3client.generatePresignedUrl(request).toString()+"\n";
-            }
+            objectlist = objectlist+PolicyCheck.getFileKey(s3client, bucket, os.getKey(), expiration)+"\n";
         }
         while (result.isTruncated()) {
             result = s3client.listNextBatchOfObjects (result);
             objects = result.getObjectSummaries();
             for (S3ObjectSummary os : objects) {
-                if(publicobject) {
-                    objectlist = objectlist+s3client.getUrl(bucket, os.getKey()).toString()+"\n";
-                } else {
-                    request = new GeneratePresignedUrlRequest(bucket, os.getKey()).withExpiration(expiration);
-                    objectlist = objectlist+s3client.generatePresignedUrl(request).toString()+"\n";
-                }
+                objectlist = objectlist+PolicyCheck.getFileKey(s3client, bucket, os.getKey(), expiration)+"\n";
             }
 
         }
@@ -464,6 +455,7 @@ public class Share extends AppCompatActivity {
 
                         @Override
                         public void run() {
+                            simpleProgressBar.setVisibility(View.INVISIBLE);
                             Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
                         }
                     });