check policy per object
This commit is contained in:
parent
ce28a53de7
commit
7aa05c783a
2 changed files with 51 additions and 12 deletions
47
app/src/main/java/asgardius/page/s3manager/PolicyCheck.java
Normal file
47
app/src/main/java/asgardius/page/s3manager/PolicyCheck.java
Normal file
|
|
@ -0,0 +1,47 @@
|
||||||
|
package asgardius.page.s3manager;
|
||||||
|
|
||||||
|
import com.amazonaws.services.s3.AmazonS3;
|
||||||
|
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class PolicyCheck {
|
||||||
|
public static String getFileKey(AmazonS3 s3client, String bucket, String object, Date expiration) {
|
||||||
|
try {
|
||||||
|
Boolean publicobject;
|
||||||
|
String fileKey = null;
|
||||||
|
String policy = s3client.getBucketPolicy(bucket).getPolicyText();
|
||||||
|
publicobject = false;
|
||||||
|
if(policy.contains("arn:aws:s3:::"+bucket+"/*") && policy.contains("s3:GetObject")) {
|
||||||
|
publicobject = true;
|
||||||
|
} else if(policy.contains("s3:GetObject")) {
|
||||||
|
if((policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"*\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"**\"")) && policy.contains("s3:GetObject")) {
|
||||||
|
publicobject = true;
|
||||||
|
} else {
|
||||||
|
String[] path = object.split("/");
|
||||||
|
String filepath = "";
|
||||||
|
for (int i = 0; i < path.length-1; i++) {
|
||||||
|
filepath = filepath+path[i]+"/";
|
||||||
|
//System.out.println(filepath);
|
||||||
|
if(policy.contains("\"arn:aws:s3:::"+bucket+"/"+filepath+"*\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+filepath+"**\"")) {
|
||||||
|
publicobject = true;
|
||||||
|
i = path.length;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(publicobject) {
|
||||||
|
fileKey = s3client.getUrl(bucket, object).toString();
|
||||||
|
} else {
|
||||||
|
GeneratePresignedUrlRequest request;
|
||||||
|
request = new GeneratePresignedUrlRequest(bucket, object).withExpiration(expiration);
|
||||||
|
fileKey = s3client.generatePresignedUrl(request).toString();
|
||||||
|
}
|
||||||
|
return fileKey;
|
||||||
|
} catch (Exception e) {
|
||||||
|
GeneratePresignedUrlRequest request;
|
||||||
|
request = new GeneratePresignedUrlRequest(bucket, object).withExpiration(expiration);
|
||||||
|
return s3client.generatePresignedUrl(request).toString();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -273,6 +273,7 @@ public class Share extends AppCompatActivity {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
|
simpleProgressBar.setVisibility(View.INVISIBLE);
|
||||||
Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
|
Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
@ -371,23 +372,13 @@ public class Share extends AppCompatActivity {
|
||||||
objectlist = "";
|
objectlist = "";
|
||||||
List<S3ObjectSummary> objects = result.getObjectSummaries();
|
List<S3ObjectSummary> objects = result.getObjectSummaries();
|
||||||
for (S3ObjectSummary os : objects) {
|
for (S3ObjectSummary os : objects) {
|
||||||
if(publicobject) {
|
objectlist = objectlist+PolicyCheck.getFileKey(s3client, bucket, os.getKey(), expiration)+"\n";
|
||||||
objectlist = objectlist+s3client.getUrl(bucket, os.getKey()).toString()+"\n";
|
|
||||||
} else {
|
|
||||||
request = new GeneratePresignedUrlRequest(bucket, os.getKey()).withExpiration(expiration);
|
|
||||||
objectlist = objectlist+s3client.generatePresignedUrl(request).toString()+"\n";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
while (result.isTruncated()) {
|
while (result.isTruncated()) {
|
||||||
result = s3client.listNextBatchOfObjects (result);
|
result = s3client.listNextBatchOfObjects (result);
|
||||||
objects = result.getObjectSummaries();
|
objects = result.getObjectSummaries();
|
||||||
for (S3ObjectSummary os : objects) {
|
for (S3ObjectSummary os : objects) {
|
||||||
if(publicobject) {
|
objectlist = objectlist+PolicyCheck.getFileKey(s3client, bucket, os.getKey(), expiration)+"\n";
|
||||||
objectlist = objectlist+s3client.getUrl(bucket, os.getKey()).toString()+"\n";
|
|
||||||
} else {
|
|
||||||
request = new GeneratePresignedUrlRequest(bucket, os.getKey()).withExpiration(expiration);
|
|
||||||
objectlist = objectlist+s3client.generatePresignedUrl(request).toString()+"\n";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -464,6 +455,7 @@ public class Share extends AppCompatActivity {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
|
simpleProgressBar.setVisibility(View.INVISIBLE);
|
||||||
Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
|
Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue