chore：add rds connect

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: sdk-liuzhaoliang

volcengine-java-sdk-core/src/main/java/com/volcengine/feature/rds/auth/ConnectUtils.java

@@ -0,0 +1,98 @@
+package com.volcengine.feature.rds.auth;
+
+import com.volcengine.sign.Credentials;
+import com.volcengine.sign.VolcstackSign;
+
+import org.apache.commons.lang.StringUtils;
+
+
+import java.util.*;
+
+/**
+ * RDS MySQL database connection utility class
+ */
+public class ConnectUtils {
+
+    private static final String SERVICE_NAME = "rds_mysql";
+    private static final String ACTION = "ConnectDatabase";
+    private static final String VERSION = "2022-01-01";
+    private static final int DEFAULT_EXPIRES_SECONDS = 900; // 15 minutes
+
+    /**
+     * Generate an authorization token for database connection (used as password)
+     *
+     * @param credentials Credentials containing AccessKey and SecretKey for signing
+     * @param region      Region, e.g., "cn-beijing"
+     * @param dbUser      Database user account
+     * @param instanceId  Database instance ID
+     * @param expires     Expiration time in seconds, defaults to 900 seconds (15 minutes) if <= 0
+     * @return Presigned URL string that can be used as the authorization token for database connection
+     * @throws Exception if parameters are invalid or signing fails
+     */
+    public static String buildAuthToken(
+            Credentials credentials,
+            String region,
+            String dbUser,
+            String instanceId,
+            int expires
+    ) throws Exception {
+        // Parameter validation
+        if (credentials == null ||
+                StringUtils.isEmpty(credentials.getAccessKey()) ||
+                StringUtils.isEmpty(credentials.getSecretKey())) {
+            throw new IllegalArgumentException("credentials must not be null and must contain valid access key and secret key");
+        }
+
+        if (StringUtils.isEmpty(region)) {
+            throw new IllegalArgumentException("region must not be empty");
+        }
+
+        if (StringUtils.isEmpty(dbUser) || StringUtils.isEmpty(instanceId)) {
+            throw new IllegalArgumentException("dbUser or instanceId must not be empty");
+        }
+
+        // Build query parameters
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("Action", ACTION);
+        queryParams.put("Version", VERSION);
+        queryParams.put("X-Expires", expires > 0 ? String.valueOf(expires) : String.valueOf(DEFAULT_EXPIRES_SECONDS));
+        queryParams.put("DBUser", dbUser);
+        queryParams.put("InstanceId", instanceId);
+
+        // Create signature object
+        VolcstackSign sign = new VolcstackSign(credentials);
+        sign.setRegion(region);
+        sign.setService(SERVICE_NAME);
+        sign.setMethod("GET");
+
+        // Generate presigned URL
+        Map<String, String> presignedParams = sign.presign(queryParams);
+
+        // Build complete URL
+        return buildUrl(presignedParams);
+    }
+
+    /**
+     * Build complete URL
+     *
+     * @param presignedParams Presigned query parameters
+     * @return Complete URL string
+     */
+    private static String buildUrl(Map<String, String> presignedParams) {
+        StringBuilder url = new StringBuilder();
+        // Sort parameter keys
+        List<String> keys = new ArrayList<>(presignedParams.keySet());
+        Collections.sort(keys);
+
+        for (int i = 0; i < keys.size(); i++) {
+            String key = keys.get(i);
+            String value = presignedParams.get(key);
+            url.append(key).append("=").append(value);
+            if (i < keys.size() - 1) {
+                url.append("&");
+            }
+        }
+
+        return url.toString();
+    }
+}

volcengine-java-sdk-core/src/main/java/com/volcengine/sign/VolcstackSign.java

@@ -61,7 +61,7 @@ public void applyToParams(List<Pair> queryParams, Map<String, String> headerPara
         SDK_CORE_LOGGER.debugSign("VolcstackSign start...");
 
         try {
-            sign(params, headerParams,payload);
+            sign(params, headerParams, payload);
         } catch (Exception e) {
             SDK_CORE_LOGGER.error(()->"VolcstackSign exception: ", e);
         }
@@ -123,7 +123,7 @@ private List<String> sortHeaderKeys(Map<String, String> headerParams) {
         return listHeaderKeys;
     }
 
-    private void buildCredentialScope(Map<String, String> headerParams,SignRequest signRequest){
+    private void buildCredentialScope(Map<String, String> headerParams, SignRequest signRequest) {
         StringBuilder credentialScope = new StringBuilder("");
         credentialScope.append(headerParams.get("X-Date").substring(0, 8));
         credentialScope.append("/");
@@ -135,7 +135,7 @@ private void buildCredentialScope(Map<String, String> headerParams,SignRequest s
         SDK_CORE_LOGGER.debugSign("credentialScope: " + signRequest.credentialScope);
     }
 
-    private void buildStringToSign(Map<String, String> headerParams,SignRequest signRequest)throws Exception{
+    private void buildStringToSign(Map<String, String> headerParams, SignRequest signRequest) throws Exception {
         StringBuilder stringToSign = new StringBuilder("");
         stringToSign.append("HMAC-SHA256");
         stringToSign.append("\n");
@@ -148,7 +148,7 @@ private void buildStringToSign(Map<String, String> headerParams,SignRequest sign
         SDK_CORE_LOGGER.debugSign("stringToSign: "  + signRequest.stringToSign);
     }
 
-    private void buildAuthorization(Map<String, String> headerParams,SignRequest signRequest)throws Exception{
+    private void buildAuthorization(Map<String, String> headerParams, SignRequest signRequest) throws Exception {
         byte[] signingkeyByte = getHmacSHA256("request", getHmacSHA256(
                 service, getHmacSHA256(
                         region, getHmacSHA256(
@@ -186,7 +186,7 @@ private void buildSignedHeaders(Map<String, String> headerParams, SignRequest si
         StringBuilder canonicalHeaders = new StringBuilder("");
         StringBuilder signedHeaders = new StringBuilder("");
         for (String key : listHeaderKeys) {
-            if (!key.equalsIgnoreCase("x-date")){
+            if (!key.equalsIgnoreCase("x-date")) {
                 continue;
             }
             canonicalHeaders.append(key.toLowerCase());
@@ -203,9 +203,9 @@ private void buildSignedHeaders(Map<String, String> headerParams, SignRequest si
         SDK_CORE_LOGGER.debugSign("signedHeaders: " + signRequest.signedHeaders);
     }
 
-    private void initHeaders(Map<String,String> headerParams){
-        if (!StringUtils.isEmpty(credentials.getSessionToken())){
-            headerParams.put("X-Security-Token",credentials.getSessionToken());
+    private void initHeaders(Map<String, String> headerParams) {
+        if (!StringUtils.isEmpty(credentials.getSessionToken())) {
+            headerParams.put("X-Security-Token", credentials.getSessionToken());
         }
         if (!headerParams.containsKey("X-Date")) {
             SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
@@ -247,17 +247,17 @@ private void sign(Map<String, String> queryParams, Map<String, String> headerPar
         // step 1
         SDK_CORE_LOGGER.debugSign("step 1: buildCanonicalRequest start");
         buildCanonicalRequest(queryParams, signRequest);
-        buildSignedHeaders(headerParams,signRequest);
-        buildPayload(signRequest,payload);
+        buildSignedHeaders(headerParams, signRequest);
+        buildPayload(signRequest, payload);
 
         // step 2
         SDK_CORE_LOGGER.debugSign("step 2: buildCredentialScope and buildStringToSign start");
-        buildCredentialScope(headerParams,signRequest);
-        buildStringToSign(headerParams,signRequest);
+        buildCredentialScope(headerParams, signRequest);
+        buildStringToSign(headerParams, signRequest);
 
         // step 3
         SDK_CORE_LOGGER.debugSign("step 3: buildAuthorization start");
-        buildAuthorization(headerParams,signRequest);
+        buildAuthorization(headerParams, signRequest);
 
     }
 
@@ -324,5 +324,100 @@ public VolcstackSign copy() {
         return copySign;
     }
 
+
+
+    /**
+     * Generate presigned URL query parameters
+     *
+     * @param queryParams Original query parameters
+     * @return Complete query parameters Map containing all signature information
+     */
+    public Map<String, String> presign(Map<String, String> queryParams) throws Exception {
+        Map<String, String> presignedParams = new HashMap<>(queryParams);
+
+        // Generate timestamp
+        SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
+        sdf.setTimeZone(TimeZone.getTimeZone("GMT"));
+        String xDate = sdf.format(new Date());
+        String dateStamp = xDate.substring(0, 8);
+
+        // Build credential scope
+        String credentialScope = dateStamp + "/" + region + "/" + service + "/request";
+
+        // Add required query parameters for presigning
+        presignedParams.put("X-Date", xDate);
+        presignedParams.put("X-NotSignBody", "");
+        presignedParams.put("X-Credential", credentials.getAccessKey() + "/" + credentialScope);
+        presignedParams.put("X-Algorithm", "HMAC-SHA256");
+        presignedParams.put("X-SignedHeaders", "");
+        presignedParams.put("X-SignedQueries", ""); // Set to empty first, will be updated later
+
+        // Collect all query parameter keys (excluding X-Security-Token), sort and update X-SignedQueries
+        List<String> queryKeys = new ArrayList<>(presignedParams.keySet());
+        Collections.sort(queryKeys);
+        presignedParams.put("X-SignedQueries", String.join(";", queryKeys));
+
+        // Important: X-Security-Token must be added after X-SignedQueries calculation is complete
+        if (!StringUtils.isEmpty(credentials.getSessionToken())) {
+            presignedParams.put("X-Security-Token", credentials.getSessionToken());
+        }
+
+        // Re-collect all parameter keys (including X-Security-Token) to build canonical request
+        List<String> allKeys = new ArrayList<>(presignedParams.keySet());
+        Collections.sort(allKeys);
+
+        // Build canonical request
+        StringBuilder canonicalRequest = new StringBuilder();
+        canonicalRequest.append(this.method);
+        canonicalRequest.append("\n");
+        canonicalRequest.append("/");
+        canonicalRequest.append("\n");
+
+        // Canonical Query String - concatenate all parameters after sorting
+        StringBuilder canonicalQueryString = new StringBuilder();
+        for (String key : allKeys) {
+            canonicalQueryString.append(signStringEncoder(key));
+            canonicalQueryString.append("=");
+            canonicalQueryString.append(signStringEncoder(presignedParams.get(key)));
+            canonicalQueryString.append("&");
+        }
+        canonicalRequest.append(canonicalQueryString.substring(0, canonicalQueryString.length() - 1));
+        canonicalRequest.append("\n");
+
+        // Canonical Headers - empty (because X-SignedHeaders is empty)
+        canonicalRequest.append("\n");
+
+        // Signed Headers - empty
+        canonicalRequest.append("");
+        canonicalRequest.append("\n");
+
+        // Extra newline before Payload Hash (required by volcstack presigning specification)
+        canonicalRequest.append("\n");
+
+        // Payload Hash - use hash value of X-NotSignBody (empty string)
+        canonicalRequest.append(getSHA256(""));
+
+        // Build string to sign
+        StringBuilder stringToSign = new StringBuilder();
+        stringToSign.append("HMAC-SHA256");
+        stringToSign.append("\n");
+        stringToSign.append(xDate);
+        stringToSign.append("\n");
+        stringToSign.append(credentialScope);
+        stringToSign.append("\n");
+        stringToSign.append(getSHA256(canonicalRequest.toString()));
+
+        // Calculate signature
+        byte[] signingKey = getHmacSHA256("request",
+                getHmacSHA256(service,
+                        getHmacSHA256(region,
+                                getHmacSHA256(dateStamp, credentials.getSecretKey().getBytes(StandardCharsets.UTF_8)))));
+        String signature = getHmacSHA256Hex(stringToSign.toString(), signingKey);
+
+        // Add signature to query parameters
+        presignedParams.put("X-Signature", signature);
+
+        return presignedParams;
+    }
 }