Fix #13738.

Author: dkocher

s3/src/main/java/ch/cyberduck/core/s3/S3Session.java

@@ -160,6 +160,10 @@ protected XmlResponsesSaxParser getXmlResponseSaxParser() throws ServiceExceptio
         return new XmlResponsesSaxParser(client.getConfiguration(), false);
     }
 
+    public S3CredentialsStrategy getAuthentication() {
+        return authentication;
+    }
+
     /**
      * @return the identifier for the signature algorithm.
      */
@@ -289,21 +293,17 @@ protected S3CredentialsStrategy configureCredentialsStrategy(final ProxyFinder p
                     );
                 }
                 else {
+                    final Credentials credentials = new S3CredentialsConfigurator(
+                            new ThreadLocalHostnameDelegatingTrustManager(trust, host.getHostname()), key, prompt).reload().configure(host);
                     // Fetch temporary session token from AWS CLI configuration
-                    interceptor = new S3AuthenticationResponseInterceptor(this, new S3CredentialsStrategy() {
-                        @Override
-                        public Credentials get() throws LoginCanceledException {
-                            return new S3CredentialsConfigurator(
-                                    new ThreadLocalHostnameDelegatingTrustManager(trust, host.getHostname()), key, prompt).reload().configure(host);
-                        }
-                    });
+                    interceptor = new S3AuthenticationResponseInterceptor(this, () -> credentials);
                 }
                 configuration.setServiceUnavailableRetryStrategy(new CustomServiceUnavailableRetryStrategy(host,
                         new ExecutionCountServiceUnavailableRetryStrategy(interceptor)));
                 return interceptor;
             }
             else {
-                return host::getCredentials;
+                return () -> new Credentials(host.getCredentials());
             }
         }
     }

s3/src/main/java/ch/cyberduck/core/s3/S3UrlProvider.java

@@ -17,9 +17,20 @@
  * Bug fixes, suggestions and comments should be sent to [email protected]
  */
 
-import ch.cyberduck.core.*;
+import ch.cyberduck.core.DescriptiveUrl;
+import ch.cyberduck.core.DescriptiveUrlBag;
+import ch.cyberduck.core.HostWebUrlProvider;
+import ch.cyberduck.core.LocaleFactory;
+import ch.cyberduck.core.Path;
+import ch.cyberduck.core.PathContainerService;
+import ch.cyberduck.core.Scheme;
+import ch.cyberduck.core.SimplePathPredicate;
+import ch.cyberduck.core.URIEncoder;
+import ch.cyberduck.core.UrlProvider;
+import ch.cyberduck.core.UserDateFormatterFactory;
 import ch.cyberduck.core.cdn.Distribution;
 import ch.cyberduck.core.cdn.DistributionUrlProvider;
+import ch.cyberduck.core.exception.BackgroundException;
 import ch.cyberduck.core.preferences.HostPreferencesFactory;
 import ch.cyberduck.core.shared.DefaultUrlProvider;
 
@@ -45,16 +56,10 @@ public class S3UrlProvider implements UrlProvider {
     private final S3Session session;
     private final PathContainerService containerService;
     private final Map<Path, Set<Distribution>> distributions;
-    private final HostPasswordStore store;
 
     public S3UrlProvider(final S3Session session, final Map<Path, Set<Distribution>> distributions) {
-        this(session, distributions, PasswordStoreFactory.get());
-    }
-
-    public S3UrlProvider(final S3Session session, final Map<Path, Set<Distribution>> distributions, final HostPasswordStore store) {
         this.session = session;
         this.distributions = distributions;
-        this.store = store;
         this.containerService = session.getFeature(PathContainerService.class);
     }
 
@@ -198,12 +203,12 @@ public PresignedUrl(final Path file, final Calendar expiry) {
         @Override
         public String getUrl() {
             final String secret;
-            final Credentials credentials = CredentialsConfiguratorFactory.get(session.getHost().getProtocol()).configure(session.getHost());
-            if(credentials.isPasswordAuthentication()) {
-                secret = credentials.getPassword();
+            try {
+                secret = session.getAuthentication().get().getPassword();
             }
-            else {
-                secret = store.findLoginPassword(session.getHost());
+            catch(BackgroundException e) {
+                log.error("Failure retrieving secret required to sign temporary URL", e);
+                return DescriptiveUrl.EMPTY.getUrl();
             }
             if(StringUtils.isBlank(secret)) {
                 log.error("No secret found in password store required to sign temporary URL");

s3/src/test/java/ch/cyberduck/core/s3/S3UrlProviderTest.java

@@ -6,7 +6,6 @@
 import ch.cyberduck.core.DisabledCancelCallback;
 import ch.cyberduck.core.DisabledHostKeyCallback;
 import ch.cyberduck.core.DisabledLoginCallback;
-import ch.cyberduck.core.DisabledPasswordStore;
 import ch.cyberduck.core.Host;
 import ch.cyberduck.core.Path;
 import ch.cyberduck.core.exception.BackgroundException;
@@ -45,12 +44,7 @@ public RequestEntityRestStorageService getClient() {
             }
         };
         Path p = new Path("/bucket/f/key f", EnumSet.of(Path.Type.file));
-        assertEquals(5, new S3UrlProvider(session, Collections.emptyMap(), new DisabledPasswordStore() {
-            @Override
-            public String findLoginPassword(final Host bookmark) {
-                return "k";
-            }
-        }).toUrl(p).filter(DescriptiveUrl.Type.signed).size());
+        assertEquals(5, new S3UrlProvider(session, Collections.emptyMap()).toUrl(p).filter(DescriptiveUrl.Type.signed).size());
     }
 
     @Test
@@ -122,12 +116,7 @@ public RequestEntityRestStorageService getClient() {
             }
         };
         assertEquals(DescriptiveUrl.EMPTY,
-                new S3UrlProvider(session, Collections.emptyMap(), new DisabledPasswordStore() {
-                    @Override
-                    public String findLoginPassword(final Host bookmark) {
-                        return "k";
-                    }
-                }).toUrl(new Path("/test-eu-west-1-cyberduck/test f", EnumSet.of(Path.Type.file))).find(DescriptiveUrl.Type.signed)
+                new S3UrlProvider(session, Collections.emptyMap()).toUrl(new Path("/test-eu-west-1-cyberduck/test f", EnumSet.of(Path.Type.file))).find(DescriptiveUrl.Type.signed)
         );
     }
 
@@ -146,37 +135,22 @@ public RequestEntityRestStorageService getClient() {
                 }
             }
         };
-        final S3UrlProvider provider = new S3UrlProvider(session, Collections.emptyMap(), new DisabledPasswordStore() {
-            @Override
-            public String findLoginPassword(final Host bookmark) {
-                return "k";
-            }
-        });
+        final S3UrlProvider provider = new S3UrlProvider(session, Collections.emptyMap());
         assertNotNull(
                 provider.toUrl(new Path("/test-eu-west-1-cyberduck/test", EnumSet.of(Path.Type.file))).find(DescriptiveUrl.Type.signed)
         );
     }
 
     @Test
     public void testToSignedUrl() {
-        final S3UrlProvider provider = new S3UrlProvider(session, Collections.emptyMap(), new DisabledPasswordStore() {
-            @Override
-            public String findLoginPassword(final Host bookmark) {
-                return "k";
-            }
-        });
+        final S3UrlProvider provider = new S3UrlProvider(session, Collections.emptyMap());
         assertTrue(provider.toSignedUrl(new Path("/test-eu-west-1-cyberduck/test", EnumSet.of(Path.Type.file)), 30).getUrl().startsWith(
                 "https://test-eu-west-1-cyberduck.s3.amazonaws.com/test?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential="));
     }
 
     @Test
     public void testToSignedUrlVirtualHost() {
-        final S3UrlProvider provider = new S3UrlProvider(virtualhost, Collections.emptyMap(), new DisabledPasswordStore() {
-            @Override
-            public String findLoginPassword(final Host bookmark) {
-                return "k";
-            }
-        });
+        final S3UrlProvider provider = new S3UrlProvider(virtualhost, Collections.emptyMap());
         final String url = provider.toSignedUrl(new Path("/t", EnumSet.of(Path.Type.file)), 30).getUrl();
         assertTrue(url, url.startsWith(
                 "https://test-eu-central-1-cyberduck.s3.amazonaws.com/t?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential="));