Remove redundant implementation of request interceptor interface.

Author: dkocher

s3/src/main/java/ch/cyberduck/core/s3/S3Session.java

@@ -52,11 +52,11 @@
 import ch.cyberduck.core.ssl.DisabledX509TrustManager;
 import ch.cyberduck.core.ssl.X509KeyManager;
 import ch.cyberduck.core.ssl.X509TrustManager;
-import ch.cyberduck.core.sts.STSAssumeRoleRequestInterceptor;
-import ch.cyberduck.core.sts.STSAssumeRoleWithWebIdentityRequestInterceptor;
+import ch.cyberduck.core.sts.STSAssumeRoleCredentialsStrategy;
+import ch.cyberduck.core.sts.STSAssumeRoleWithWebIdentityCredentialsStrategy;
 import ch.cyberduck.core.sts.STSAuthorizationService;
-import ch.cyberduck.core.sts.STSGetSessionTokenRequestInterceptor;
-import ch.cyberduck.core.sts.STSRequestInterceptor;
+import ch.cyberduck.core.sts.STSCredentialsStrategy;
+import ch.cyberduck.core.sts.STSGetSessionTokenCredentialsStrategy;
 import ch.cyberduck.core.threading.CancelCallback;
 
 import org.apache.commons.lang3.StringUtils;
@@ -261,11 +261,10 @@ protected S3CredentialsStrategy configureCredentialsStrategy(final HttpClientBui
             }
             log.debug("Add interceptor {}", oauth);
             configuration.addInterceptorLast(oauth);
-            final STSAssumeRoleWithWebIdentityRequestInterceptor interceptor
-                    = new STSAssumeRoleWithWebIdentityRequestInterceptor(oauth, host, trust, key, prompt);
-            log.debug("Add interceptor {}", interceptor);
-            configuration.addInterceptorLast(interceptor);
-            return interceptor;
+            final STSAssumeRoleWithWebIdentityCredentialsStrategy strategy
+                    = new STSAssumeRoleWithWebIdentityCredentialsStrategy(oauth, host, trust, key, prompt);
+            log.debug("Return authenticator {}", strategy);
+            return strategy;
         }
         if(S3Session.isAwsHostname(host.getHostname())) {
             // Try auto-configure
@@ -276,16 +275,14 @@ protected S3CredentialsStrategy configureCredentialsStrategy(final HttpClientBui
             }
         }
         if(host.getProtocol().isRoleConfigurable()) {
-            final STSRequestInterceptor interceptor = new STSAssumeRoleRequestInterceptor(host, trust, key, prompt);
-            log.debug("Add interceptor {}", interceptor);
-            configuration.addInterceptorLast(interceptor);
-            return interceptor;
+            final STSCredentialsStrategy strategy = new STSAssumeRoleCredentialsStrategy(host, trust, key, prompt);
+            log.debug("Return authenticator {}", strategy);
+            return strategy;
         }
         if(host.getProtocol().isMultiFactorConfigurable()) {
-            final STSRequestInterceptor interceptor = new STSGetSessionTokenRequestInterceptor(host, trust, key, prompt);
-            log.debug("Add interceptor {}", interceptor);
-            configuration.addInterceptorLast(interceptor);
-            return interceptor;
+            final STSCredentialsStrategy strategy = new STSGetSessionTokenCredentialsStrategy(host, trust, key, prompt);
+            log.debug("Return authenticator {}", strategy);
+            return strategy;
         }
         // Keep copy of credentials
         final Credentials credentials = new Credentials(host.getCredentials());

s3/src/main/java/ch/cyberduck/core/sts/STSAssumeRoleRequestInterceptor.java renamed to s3/src/main/java/ch/cyberduck/core/sts/STSAssumeRoleCredentialsStrategy.java

@@ -26,7 +26,6 @@
 import ch.cyberduck.core.ssl.X509KeyManager;
 import ch.cyberduck.core.ssl.X509TrustManager;
 
-import org.apache.http.HttpRequestInterceptor;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -35,13 +34,13 @@
 /**
  * Swap static access key id and secret access key with temporary credentials obtained from STS AssumeRole
  */
-public class STSAssumeRoleRequestInterceptor extends STSRequestInterceptor implements S3CredentialsStrategy, HttpRequestInterceptor {
-    private static final Logger log = LogManager.getLogger(STSAssumeRoleRequestInterceptor.class);
+public class STSAssumeRoleCredentialsStrategy extends STSCredentialsStrategy implements S3CredentialsStrategy {
+    private static final Logger log = LogManager.getLogger(STSAssumeRoleCredentialsStrategy.class);
 
     private final ReentrantLock lock = new ReentrantLock();
     private final Host host;
 
-    public STSAssumeRoleRequestInterceptor(final Host host, final X509TrustManager trust, final X509KeyManager key, final LoginCallback prompt) {
+    public STSAssumeRoleCredentialsStrategy(final Host host, final X509TrustManager trust, final X509KeyManager key, final LoginCallback prompt) {
         super(host, trust, key, prompt);
         this.host = host;
     }
@@ -51,10 +50,8 @@ public TemporaryAccessTokens refresh(final Credentials credentials) throws Backg
         lock.lock();
         try {
             final String arn = new ProxyPreferencesReader(host, credentials).getProperty(Profile.STS_ROLE_ARN_PROPERTY_KEY, "s3.assumerole.rolearn");
-            log.debug("Use ARN {}", arn);
-            log.debug("Retrieve temporary credentials with {}", credentials);
-            // AssumeRoleRequest
-            return tokens = this.assumeRole(credentials, arn);
+            log.debug("Retrieve temporary credentials with {} for role ARN {}", credentials, arn);
+            return this.assumeRole(credentials, arn);
         }
         finally {
             lock.unlock();

s3/src/main/java/ch/cyberduck/core/sts/STSAssumeRoleWithWebIdentityRequestInterceptor.java renamed to s3/src/main/java/ch/cyberduck/core/sts/STSAssumeRoleWithWebIdentityCredentialsStrategy.java

@@ -28,7 +28,6 @@
 import ch.cyberduck.core.ssl.X509KeyManager;
 import ch.cyberduck.core.ssl.X509TrustManager;
 
-import org.apache.http.HttpRequestInterceptor;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -37,8 +36,8 @@
 /**
  * Swap OIDC Id token for temporary security credentials
  */
-public class STSAssumeRoleWithWebIdentityRequestInterceptor extends STSRequestInterceptor implements S3CredentialsStrategy, HttpRequestInterceptor {
-    private static final Logger log = LogManager.getLogger(STSAssumeRoleWithWebIdentityRequestInterceptor.class);
+public class STSAssumeRoleWithWebIdentityCredentialsStrategy extends STSCredentialsStrategy implements S3CredentialsStrategy {
+    private static final Logger log = LogManager.getLogger(STSAssumeRoleWithWebIdentityCredentialsStrategy.class);
 
     private final ReentrantLock lock = new ReentrantLock();
 
@@ -48,9 +47,9 @@ public class STSAssumeRoleWithWebIdentityRequestInterceptor extends STSRequestIn
     private final OAuth2RequestInterceptor oauth;
     private final Host host;
 
-    public STSAssumeRoleWithWebIdentityRequestInterceptor(final OAuth2RequestInterceptor oauth, final Host host,
-                                                          final X509TrustManager trust, final X509KeyManager key,
-                                                          final LoginCallback prompt) {
+    public STSAssumeRoleWithWebIdentityCredentialsStrategy(final OAuth2RequestInterceptor oauth, final Host host,
+                                                           final X509TrustManager trust, final X509KeyManager key,
+                                                           final LoginCallback prompt) {
         super(host, trust, key, prompt);
         this.oauth = oauth;
         this.host = host;
@@ -60,14 +59,14 @@ public STSAssumeRoleWithWebIdentityRequestInterceptor(final OAuth2RequestInterce
     public TemporaryAccessTokens refresh(final Credentials credentials) throws BackgroundException {
         lock.lock();
         final String arn = new ProxyPreferencesReader(host, credentials).getProperty(Profile.STS_ROLE_ARN_PROPERTY_KEY, "s3.assumerole.rolearn");
-        log.debug("Use ARN {}", arn);
         try {
-            return tokens = this.assumeRoleWithWebIdentity(oauth.validate(credentials.getOauth()), arn);
+            log.debug("Retrieve temporary credentials with {} for role ARN {}", credentials, arn);
+            return this.assumeRoleWithWebIdentity(oauth.validate(credentials.getOauth()), arn);
         }
         catch(LoginFailureException e) {
             // Expired or invalid OAuth tokens
             log.warn("Failure {} authorizing. Retry with refreshed OAuth tokens", e.getMessage());
-            return this.tokens = this.assumeRoleWithWebIdentity(oauth.refresh(), arn);
+            return this.assumeRoleWithWebIdentity(oauth.refresh(), arn);
         }
         finally {
             lock.unlock();

s3/src/main/java/ch/cyberduck/core/sts/STSCredentialsStrategy.java

@@ -0,0 +1,54 @@
+package ch.cyberduck.core.sts;
+
+/*
+ * Copyright (c) 2002-2025 iterate GmbH. All rights reserved.
+ * https://cyberduck.io/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+import ch.cyberduck.core.Credentials;
+import ch.cyberduck.core.Host;
+import ch.cyberduck.core.LoginCallback;
+import ch.cyberduck.core.TemporaryAccessTokens;
+import ch.cyberduck.core.exception.BackgroundException;
+import ch.cyberduck.core.s3.S3CredentialsStrategy;
+import ch.cyberduck.core.ssl.X509KeyManager;
+import ch.cyberduck.core.ssl.X509TrustManager;
+
+/**
+ * Swap static access key id and secret access key with temporary credentials obtained from STS AssumeRole
+ */
+public abstract class STSCredentialsStrategy extends STSAuthorizationService implements S3CredentialsStrategy {
+
+    private final Host host;
+
+    public STSCredentialsStrategy(final Host host, final X509TrustManager trust, final X509KeyManager key, final LoginCallback prompt) {
+        super(host, trust, key, prompt);
+        this.host = host;
+    }
+
+    /**
+     * Request new temporary access tokens from static access key in credentials
+     *
+     * @param credentials Static long-lived credentials
+     * @return Temporary access tokens from STS service
+     */
+    public abstract TemporaryAccessTokens refresh(final Credentials credentials) throws BackgroundException;
+
+    @Override
+    public Credentials get() throws BackgroundException {
+        final Credentials credentials = host.getCredentials();
+        final TemporaryAccessTokens tokens = credentials.getTokens();
+        // Get temporary credentials from STS using static long-lived credentials
+        return credentials.setTokens(tokens.isExpired() ? this.refresh(credentials) : tokens);
+    }
+}

s3/src/main/java/ch/cyberduck/core/sts/STSGetSessionTokenRequestInterceptor.java renamed to s3/src/main/java/ch/cyberduck/core/sts/STSGetSessionTokenCredentialsStrategy.java

@@ -26,7 +26,6 @@
 import ch.cyberduck.core.ssl.X509KeyManager;
 import ch.cyberduck.core.ssl.X509TrustManager;
 
-import org.apache.http.HttpRequestInterceptor;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -35,14 +34,14 @@
 /**
  * Swap static access key id and secret access key with temporary credentials obtained from STS AssumeRole
  */
-public class STSGetSessionTokenRequestInterceptor extends STSRequestInterceptor implements S3CredentialsStrategy, HttpRequestInterceptor {
-    private static final Logger log = LogManager.getLogger(STSGetSessionTokenRequestInterceptor.class);
+public class STSGetSessionTokenCredentialsStrategy extends STSCredentialsStrategy implements S3CredentialsStrategy {
+    private static final Logger log = LogManager.getLogger(STSGetSessionTokenCredentialsStrategy.class);
 
     private final ReentrantLock lock = new ReentrantLock();
 
     private final Host host;
 
-    public STSGetSessionTokenRequestInterceptor(final Host host, final X509TrustManager trust, final X509KeyManager key, final LoginCallback prompt) {
+    public STSGetSessionTokenCredentialsStrategy(final Host host, final X509TrustManager trust, final X509KeyManager key, final LoginCallback prompt) {
         super(host, trust, key, prompt);
         this.host = host;
     }
@@ -52,10 +51,8 @@ public TemporaryAccessTokens refresh(final Credentials credentials) throws Backg
         lock.lock();
         try {
             final String arn = new ProxyPreferencesReader(host, credentials).getProperty(Profile.STS_MFA_ARN_PROPERTY_KEY);
-            log.debug("Use ARN {}", arn);
-            log.debug("Retrieve temporary credentials with {}", credentials);
-            // GetSessionToken
-            return tokens = this.getSessionToken(credentials, arn);
+            log.debug("Retrieve temporary credentials with {} for role ARN {}", credentials, arn);
+            return this.getSessionToken(credentials, arn);
         }
         finally {
             lock.unlock();