coderhxt
diff --git a/‎aliyun-java-sdk-core/pom.xml‎
Lines changed: 5 additions & 0 deletions b/‎aliyun-java-sdk-core/pom.xml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/DefaultAcsClient.java‎
Lines changed: 9 additions & 4 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/DefaultAcsClient.java‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/AuthConstant.java‎
Lines changed: 26 additions & 0 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/AuthConstant.java‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/BasicSessionCredentials.java‎
Lines changed: 1 addition & 1 deletion b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/BasicSessionCredentials.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/CredentialsProviderFactory.java‎
Lines changed: 7 additions & 0 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/CredentialsProviderFactory.java‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/DefaultCredentialsProvider.java‎
Lines changed: 63 additions & 0 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/DefaultCredentialsProvider.java‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/ECSMetadataServiceCredentialsFetcher.java‎
Lines changed: 1 addition & 1 deletion b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/ECSMetadataServiceCredentialsFetcher.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/EnvironmentVariableCredentialsProvider.java‎
Lines changed: 26 additions & 0 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/EnvironmentVariableCredentialsProvider.java‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/InstanceProfileCredentials.java‎
Lines changed: 2 additions & 2 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/InstanceProfileCredentials.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/ProfileCredentialsProvider.java‎
Lines changed: 141 additions & 0 deletions b/‎aliyun-java-sdk-core/src/main/java/com/aliyuncs/auth/ProfileCredentialsProvider.java‎
Lines changed: 141 additions & 0 deletions
@@ -113,6 +113,11 @@
             <version>0.8.3</version>
             <classifier>runtime</classifier>
         </dependency>
+        <dependency>
+            <groupId>org.ini4j</groupId>
+            <artifactId>ini4j</artifactId>
+            <version>0.5.4</version>
+        </dependency>
     </dependencies>
 
     <build>
 
@@ -35,16 +35,17 @@ public class DefaultAcsClient implements IAcsClient {
     private boolean autoRetry = true;
     private IClientProfile clientProfile = null;
     private AlibabaCloudCredentialsProvider credentialsProvider;
+    private DefaultCredentialsProvider defaultCredentialsProvider;
 
     private IHttpClient httpClient;
     private EndpointResolver endpointResolver;
     private static final String SIGNATURE_BEGIN = "string to sign is:";
     private final UserAgentConfig userAgentConfig = new UserAgentConfig();
 
-    @Deprecated
-    public DefaultAcsClient() {
+    public DefaultAcsClient() throws ClientException {
         this.clientProfile = DefaultProfile.getProfile();
         this.httpClient = HttpClientFactory.buildClient(this.clientProfile);
+        this.defaultCredentialsProvider = new DefaultCredentialsProvider();
     }
 
     public DefaultAcsClient(IClientProfile profile) {
@@ -165,8 +166,12 @@ public <T extends AcsResponse> HttpResponse doAction(AcsRequest<T> request, bool
         if (null == request.getSysRegionId()) {
             request.setSysRegionId(region);
         }
-
-        AlibabaCloudCredentials credentials = this.credentialsProvider.getCredentials();
+        AlibabaCloudCredentials credentials;
+        if (null == credentialsProvider) {
+            credentials = this.defaultCredentialsProvider.getCredentials();
+        } else {
+            credentials = this.credentialsProvider.getCredentials();
+        }
         Signer signer = Signer.getSigner(credentials);
         FormatType format = profile.getFormat();
 
 
@@ -0,0 +1,26 @@
+package com.aliyuncs.auth;
+
+public class AuthConstant {
+    public static final String SYSTEM_ACCESSKEYID = "alibabacloud.accessKeyId";
+    public static final String SYSTEM_ACCESSKEYSECRET = "alibabacloud.accessKeyIdSecret";
+
+    public static final String DEFAULT_CREDENTIALS_FILE_PATH = System.getProperty("user.home") +
+            "/.alibabacloud/credentials.ini";
+    public static final String INI_ACCESS_KEY_ID = "access_key_id";
+    public static final String INI_ACCESS_KEY_IDSECRET = "access_key_secret";
+    public static final String INI_TYPE = "type";
+    public static final String INI_TYPE_RAM = "ecs_ram_role";
+    public static final String INI_TYPE_ARN = "ram_role_arn";
+    public static final String INI_TYPE_KEY_PAIR = "rsa_key_pair";
+    public static final String INI_PUBLIC_KEY_ID = "public_key_id";
+    public static final String INI_PRIVATE_KEY_FILE = "private_key_file";
+    public static final String INI_PRIVATE_KEY = "private_key";
+    public static final String INI_ROLE_NAME = "role_name";
+    public static final String INI_ROLE_SESSION_NAME = "role_session_name";
+    public static final String INI_ROLE_ARN = "role_arn";
+
+    public static final long TSC_VALID_TIME_SECONDS = 3600L;
+    public static final String DEFAULT_REGION = "cn-hangzhou";
+    public static final String INI_ENABLE = "enable";
+
+}
@@ -6,7 +6,7 @@ public class BasicSessionCredentials implements AlibabaCloudCredentials {
     private final String accessKeyId;
     private final String accessKeySecret;
     private final String sessionToken;
-    private final double expireFact = 0.8;
+    private final double expireFact = 0.95;
     private long sessionStartedTimeInMilliSeconds = 0;
 
     public BasicSessionCredentials(String accessKeyId, String accessKeySecret, String sessionToken) {
 
@@ -0,0 +1,7 @@
+package com.aliyuncs.auth;
+
+public class CredentialsProviderFactory {
+    public <T extends AlibabaCloudCredentialsProvider> T createCredentialsProvider(T classInstance) {
+        return classInstance;
+    }
+}
@@ -0,0 +1,63 @@
+package com.aliyuncs.auth;
+
+import com.aliyuncs.exceptions.ClientException;
+import com.aliyuncs.utils.AuthUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Vector;
+
+public class DefaultCredentialsProvider implements AlibabaCloudCredentialsProvider {
+    private List<AlibabaCloudCredentialsProvider> defaultProviders = new ArrayList<AlibabaCloudCredentialsProvider>();
+    private static final List<AlibabaCloudCredentialsProvider> userConfigurationProviders =
+            new Vector<AlibabaCloudCredentialsProvider>();
+
+    public DefaultCredentialsProvider() throws ClientException {
+        defaultProviders.add(new SystemPropertiesCredentialsProvider());
+        defaultProviders.add(new EnvironmentVariableCredentialsProvider());
+        defaultProviders.add(new ProfileCredentialsProvider());
+        String roleName = AuthUtils.getEnvironmentECSMetaData();
+        if (roleName != null) {
+            if (roleName.length() == 0) {
+                throw new ClientException("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty");
+            }
+            defaultProviders.add(new InstanceProfileCredentialsProvider(roleName));
+        }
+    }
+
+    @Override
+    public AlibabaCloudCredentials getCredentials() throws ClientException {
+        AlibabaCloudCredentials credential;
+        if (userConfigurationProviders.size() > 0) {
+            for (AlibabaCloudCredentialsProvider provider : userConfigurationProviders) {
+                credential = provider.getCredentials();
+                if (null != credential) {
+                    return credential;
+                }
+            }
+        }
+        for (AlibabaCloudCredentialsProvider provider : defaultProviders) {
+            credential = provider.getCredentials();
+            if (null != credential) {
+                return credential;
+            }
+        }
+        throw new ClientException("not found credentials");
+    }
+
+    public static boolean addCredentialsProvider(AlibabaCloudCredentialsProvider provider) {
+        return DefaultCredentialsProvider.userConfigurationProviders.add(provider);
+    }
+
+    public static boolean removeCredentialsProvider(AlibabaCloudCredentialsProvider provider) {
+        return DefaultCredentialsProvider.userConfigurationProviders.remove(provider);
+    }
+
+    public static boolean containsCredentialsProvider(AlibabaCloudCredentialsProvider provider) {
+        return DefaultCredentialsProvider.userConfigurationProviders.contains(provider);
+    }
+
+    public static void clearCredentialsProvider() {
+        DefaultCredentialsProvider.userConfigurationProviders.clear();
+    }
+}
@@ -18,7 +18,7 @@
 
 public class ECSMetadataServiceCredentialsFetcher {
     private static final String URL_IN_ECS_METADATA = "/latest/meta-data/ram/security-credentials/";
-    private static final int DEFAULT_TIMEOUT_IN_MILLISECONDS = 5000;
+    private static final int DEFAULT_TIMEOUT_IN_MILLISECONDS = 1000;
     private static final String ECS_METADAT_FETCH_ERROR_MSG = "Failed to get RAM session credentials from ECS metadata service.";
     private static final int DEFAULT_ECS_SESSION_TOKEN_DURATION_SECONDS = 3600 * 6;
     private URL credentialUrl;
 
@@ -0,0 +1,26 @@
+package com.aliyuncs.auth;
+
+import com.aliyuncs.exceptions.ClientException;
+import com.aliyuncs.utils.AuthUtils;
+
+public class EnvironmentVariableCredentialsProvider implements AlibabaCloudCredentialsProvider {
+    @Override
+    public AlibabaCloudCredentials getCredentials() throws ClientException {
+        if (!"default".equals(AuthUtils.getClientType())) {
+            return null;
+        }
+
+        String accessKeyId = AuthUtils.getEnvironmentAccessKeyId();
+        String accessKeySecret = AuthUtils.getEnvironmentAccessKeySecret();
+        if (accessKeyId == null || accessKeySecret == null) {
+            return null;
+        }
+        if (accessKeyId.length() == 0) {
+            throw new ClientException("Environment variable accessKeyId cannot be empty");
+        }
+        if (accessKeySecret.length() == 0) {
+            throw new ClientException("Environment variable accessKeySecret cannot be empty");
+        }
+        return new BasicCredentials(accessKeyId, accessKeySecret);
+    }
+}
@@ -8,8 +8,8 @@
 public class InstanceProfileCredentials extends BasicSessionCredentials {
 
     private final long expiration;
-    private final double expireFact = 0.9;
-    private final long refreshIntervalInMillSeconds = 10000; // 10 sec
+    private final double expireFact = 0.95;
+    private final long refreshIntervalInMillSeconds = 180000;
     private long lastFailedRefreshTime = 0;
 
     public InstanceProfileCredentials(String accessKeyId, String accessKeySecret, String sessionToken,
 
@@ -0,0 +1,141 @@
+package com.aliyuncs.auth;
+
+import com.aliyuncs.exceptions.ClientException;
+import com.aliyuncs.utils.AuthUtils;
+import com.aliyuncs.utils.StringUtils;
+import org.ini4j.Profile;
+import org.ini4j.Wini;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class ProfileCredentialsProvider implements AlibabaCloudCredentialsProvider {
+    private static volatile Wini ini;
+
+    private static Wini getIni(String filePath) throws IOException {
+        if (null == ini) {
+            synchronized (ProfileCredentialsProvider.class) {
+                if (null == ini) {
+                    ini = new Wini(new File(filePath));
+                }
+            }
+        }
+        return ini;
+    }
+
+    @Override
+    public AlibabaCloudCredentials getCredentials() throws ClientException {
+        String filePath = AuthUtils.getEnvironmentCredentialsFile();
+        if (filePath == null) {
+            filePath = AuthConstant.DEFAULT_CREDENTIALS_FILE_PATH;
+        }
+        if (filePath.length() == 0) {
+            throw new ClientException("The specified credentials file is empty");
+        }
+        Wini ini;
+        try {
+            ini = getIni(filePath);
+        } catch (IOException e) {
+            return null;
+        }
+        Map<String, Map<String, String>> client = loadIni(ini);
+        Map<String, String> clientConfig = client.get(AuthUtils.getClientType());
+        if (clientConfig == null) {
+            throw new ClientException("Client is not open in the specified credentials file");
+        }
+        CredentialsProviderFactory credentialsProviderFactory = new CredentialsProviderFactory();
+        return createCredential(clientConfig, credentialsProviderFactory);
+    }
+
+    private Map<String, Map<String, String>> loadIni(Wini ini) {
+        Map<String, Map<String, String>> client = new HashMap<String, Map<String, String>>();
+        boolean enable;
+        for (Map.Entry<String, Profile.Section> clientType : ini.entrySet()) {
+            enable = clientType.getValue().get(AuthConstant.INI_ENABLE, boolean.class);
+            if (enable) {
+                Map<String, String> clientConfig = new HashMap<String, String>();
+                for (Map.Entry<String, String> enabledClient : clientType.getValue().entrySet()) {
+                    clientConfig.put(enabledClient.getKey(), enabledClient.getValue());
+                }
+                client.put(clientType.getKey(), clientConfig);
+            }
+        }
+        return client;
+    }
+
+    private AlibabaCloudCredentials createCredential(Map<String, String> clientConfig,
+                                                     CredentialsProviderFactory factory) throws ClientException {
+        String configType = clientConfig.get(AuthConstant.INI_TYPE);
+        if (StringUtils.isEmpty(configType)) {
+            throw new ClientException("The configured client type is empty");
+        }
+        if (AuthConstant.INI_TYPE_ARN.equals(configType)) {
+            return getSTSAssumeRoleSessionCredentials(clientConfig, factory);
+        }
+        if (AuthConstant.INI_TYPE_KEY_PAIR.equals(configType)) {
+            return getSTSGetSessionAccessKeyCredentials(clientConfig, factory);
+        }
+        if (AuthConstant.INI_TYPE_RAM.equals(configType)) {
+            return getInstanceProfileCredentials(clientConfig, factory);
+        }
+        String accessKeyId = clientConfig.get(AuthConstant.INI_ACCESS_KEY_ID);
+        String accessKeySecret = clientConfig.get(AuthConstant.INI_ACCESS_KEY_IDSECRET);
+        if (StringUtils.isEmpty(accessKeyId) || StringUtils.isEmpty(accessKeySecret)) {
+            return null;
+        }
+        return new BasicCredentials(accessKeyId, accessKeySecret);
+    }
+
+    private AlibabaCloudCredentials getSTSAssumeRoleSessionCredentials(Map<String, String> clientConfig,
+                                                                       CredentialsProviderFactory factory)
+            throws ClientException {
+        String accessKeyId = clientConfig.get(AuthConstant.INI_ACCESS_KEY_ID);
+        String accessKeySecret = clientConfig.get(AuthConstant.INI_ACCESS_KEY_IDSECRET);
+        String roleSessionName = clientConfig.get(AuthConstant.INI_ROLE_SESSION_NAME);
+        String roleArn = clientConfig.get(AuthConstant.INI_ROLE_ARN);
+        String regionId = clientConfig.get(AuthConstant.DEFAULT_REGION);
+        if (StringUtils.isEmpty(accessKeyId) || StringUtils.isEmpty(accessKeySecret)) {
+            throw new ClientException("The configured access_key_id or access_key_secret is empty");
+        }
+        if (StringUtils.isEmpty(roleSessionName) || StringUtils.isEmpty(roleArn)) {
+            throw new ClientException("The configured role_session_name or role_arn is empty");
+        }
+        STSAssumeRoleSessionCredentialsProvider provider =
+                factory.createCredentialsProvider(new STSAssumeRoleSessionCredentialsProvider(accessKeyId,
+                        accessKeySecret, roleSessionName, roleArn, regionId));
+        return provider.getCredentials();
+    }
+
+    private AlibabaCloudCredentials getSTSGetSessionAccessKeyCredentials(Map<String, String> clientConfig,
+                                                                         CredentialsProviderFactory factory)
+            throws ClientException {
+        String publicKeyId = clientConfig.get(AuthConstant.INI_PUBLIC_KEY_ID);
+        String privateKeyFile = clientConfig.get(AuthConstant.INI_PRIVATE_KEY_FILE);
+        if (StringUtils.isEmpty(privateKeyFile)) {
+            throw new ClientException("The configured private_key_file is empty");
+        }
+        String privateKey = AuthUtils.getPrivateKey(privateKeyFile);
+        if (StringUtils.isEmpty(publicKeyId) || StringUtils.isEmpty(privateKey)) {
+            throw new ClientException("The configured public_key_id or private_key_file content is empty");
+        }
+        STSGetSessionAccessKeyCredentialsProvider provider =
+                factory.createCredentialsProvider(new STSGetSessionAccessKeyCredentialsProvider(publicKeyId, privateKey));
+        return provider.getCredentials();
+    }
+
+    private AlibabaCloudCredentials getInstanceProfileCredentials(Map<String, String> clientConfig,
+                                                                  CredentialsProviderFactory factory)
+            throws ClientException {
+        String roleName = clientConfig.get(AuthConstant.INI_ROLE_NAME);
+        if (StringUtils.isEmpty(roleName)) {
+            throw new ClientException("The configured role_name is empty");
+        }
+        InstanceProfileCredentialsProvider provider =
+                factory.createCredentialsProvider(new InstanceProfileCredentialsProvider(roleName));
+        return provider.getCredentials();
+    }
+
+
+}