Created
June 9, 2020 04:58
-
-
Save circlee/ee32b5d71dbc599b9ee4843021b9b1a9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class MfaCredentailProvider implements AWSCredentialsProvider { | |
private DefaultAWSCredentialsProviderChain defaultChain = DefaultAWSCredentialsProviderChain.getInstance(); | |
private final String region; | |
private AWSCredentials token; | |
public MfaCredentailProvider(String region) { | |
if(region == null) { | |
this.region = new DefaultAwsRegionProviderChain().getRegion(); | |
} else { | |
this.region = region; | |
} | |
this.refresh(); | |
} | |
@Override | |
public AWSCredentials getCredentials() { | |
if(token != null) { | |
return token; | |
} else { | |
refresh(); | |
} | |
return token; | |
} | |
@Override | |
public void refresh() { | |
try { | |
token = getMfaCredentail(); | |
} catch (Exception e) { | |
e.printStackTrace(); | |
} | |
} | |
private AWSCredentials getMfaCredentail() { | |
Optional<MFADevice> mfaDevice = getMFADevice(); | |
if(!mfaDevice.isPresent()) { | |
return defaultChain.getCredentials(); | |
} | |
GetSessionTokenResult result = getSessionTokenResultByMfa(mfaDevice.get()); | |
Credentials cre = result.getCredentials(); | |
return new BasicSessionCredentials(cre.getAccessKeyId(), cre.getSecretAccessKey(), cre.getSessionToken()); | |
} | |
private Optional<MFADevice> getMFADevice() { | |
AmazonIdentityManagementClientBuilder builder = AmazonIdentityManagementClientBuilder.standard(); | |
builder.setRegion(this.region); | |
AmazonIdentityManagement im = builder.build(); | |
ListMFADevicesResult result = im.listMFADevices(); | |
return result.getMFADevices().stream().findFirst(); | |
} | |
private GetSessionTokenResult getSessionTokenResultByMfa(MFADevice mfaDevice) { | |
System.out.println("MFADevice : " + mfaDevice.toString()); | |
System.out.println("please input mfa token : "); | |
String token = ""; | |
try(Scanner scanner = new Scanner(System.in)) { | |
token = scanner.nextLine().trim(); | |
} | |
GetSessionTokenRequest r = new GetSessionTokenRequest(); | |
r.setSerialNumber(mfaDevice.getSerialNumber()); | |
r.setTokenCode(token); | |
AWSSecurityTokenService ss = AWSSecurityTokenServiceClientBuilder.standard() | |
.withRegion(this.region) | |
.build(); | |
log.info("AWS MFA success"); | |
return ss.getSessionToken(r); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment