func()

in sdk/auth/credentials/credentials.go [335:424]

• 70 lines of code
• 11 McCabe index (conditional complexity)

func (provider *RSAKeyPairCredentialsProvider) getCredentials() (sessionAK *sessionAccessKey, err error) {
	method := "POST"
	host := "sts.ap-northeast-1.aliyuncs.com"

	queries := make(map[string]string)
	queries["Version"] = "2015-04-01"
	queries["Action"] = "GenerateSessionAccessKey"
	queries["Format"] = "JSON"
	queries["Timestamp"] = utils.GetTimeInFormatISO8601()
	queries["SignatureMethod"] = "SHA256withRSA"
	queries["SignatureVersion"] = "1.0"
	queries["SignatureNonce"] = utils.GetNonce()
	queries["PublicKeyId"] = provider.PublicKeyId
	queries["SignatureType"] = "PRIVATEKEY"

	bodyForm := make(map[string]string)
	bodyForm["DurationSeconds"] = strconv.Itoa(provider.durationSeconds)

	// caculate signature
	signParams := make(map[string]string)
	for key, value := range queries {
		signParams[key] = value
	}
	for key, value := range bodyForm {
		signParams[key] = value
	}

	stringToSign := utils.GetUrlFormedMap(signParams)
	stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
	stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
	stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
	stringToSign = url.QueryEscape(stringToSign)
	stringToSign = method + "&%2F&" + stringToSign

	queries["Signature"] = utils.Sha256WithRsa(stringToSign, provider.PrivateKeyId)

	querystring := utils.GetUrlFormedMap(queries)
	// do request
	httpUrl := fmt.Sprintf("https://%s/?%s", host, querystring)

	body := utils.GetUrlFormedMap(bodyForm)

	httpRequest, err := hookNewRequest(http.NewRequest)(method, httpUrl, strings.NewReader(body))
	if err != nil {
		return
	}

	// set headers
	httpRequest.Header["Accept-Encoding"] = []string{"identity"}
	httpRequest.Header["Content-Type"] = []string{"application/x-www-form-urlencoded"}
	httpClient := &http.Client{}

	httpResponse, err := hookDo(httpClient.Do)(httpRequest)
	if err != nil {
		return
	}

	defer httpResponse.Body.Close()

	responseBody, err := ioutil.ReadAll(httpResponse.Body)
	if err != nil {
		return
	}

	if httpResponse.StatusCode != http.StatusOK {
		message := "refresh temp ak failed"
		err = errors.NewServerError(httpResponse.StatusCode, string(responseBody), message)
		return
	}

	var data generateSessionAccessKeyResponse
	err = json.Unmarshal(responseBody, &data)
	if err != nil {
		err = fmt.Errorf("refresh temp ak err, json.Unmarshal fail: %s", err.Error())
		return
	}

	if data.SessionAccessKey == nil {
		err = fmt.Errorf("refresh temp ak token err, fail to get credentials")
		return
	}

	if data.SessionAccessKey.SessionAccessKeyId == nil || data.SessionAccessKey.SessionAccessKeySecret == nil {
		err = fmt.Errorf("refresh temp ak token err, fail to get credentials")
		return
	}

	sessionAK = data.SessionAccessKey
	return
}