V4a async payload signing #6475
Conversation
dagnir
force-pushed
the
dongie/sra-chunk-encoding-pt2
branch
5 times, most recently
from
966149f to
ef5d53f
Compare
dagnir
changed the base branch from
dongie/sra-chunk-encoding-pt1
to
feature/master/sra-async-chunked-encoding
dagnir
force-pushed
the
dongie/sra-chunk-encoding-pt2
branch
from
ef5d53f to
d4f0f87
Compare
dagnir
force-pushed
the
dongie/sra-chunk-encoding-pt2
branch
from
d4f0f87 to
5ac3968
Compare
|
| import software.amazon.awssdk.utils.async.ByteBufferStoringSubscriber.TransferResult; | ||
|
|
||
| @SdkInternalApi | ||
| public final class CrtRequestBodyAdapter implements HttpRequestBodyStream { |
There was a problem hiding this comment.
Should we move this existing class https://github.com/aws/aws-sdk-java-v2/blob/master/http-clients/aws-crt-client/src/main/java/software/amazon/awssdk/http/crt/internal/request/CrtRequestBodyAdapter.java to crt-core and use it directly? I understand this means we'd need to make it protected APIs, but the API surface area seems small enough...
|
|
||
| @ParameterizedTest(name = "{index} {3}") | ||
| @MethodSource("streamingInputChecksumCalculationParams") | ||
| public void asyncStreamingInput_checksumCalculation(RequestChecksumCalculation requestChecksumCalculation, |
There was a problem hiding this comment.
Can we add an integ test as well?
| SdkHttpRequest.Builder request, Publisher<ByteBuffer> payload, String checksum) { | ||
|
|
||
| return SignerUtils.moveContentLength(request, payload) | ||
| .thenApply(p -> { |
There was a problem hiding this comment.
Question: is there any difference between sigv4a and sigv4 for this logic here?
There was a problem hiding this comment.
Nope, we can consolidate this.
There was a problem hiding this comment.
Actually nm, they're slightly different that it's a bit annoying to consolidate the two. The normal V4a version doesn't have a checksum parameter
...ava/software/amazon/awssdk/http/auth/aws/crt/internal/signer/AwsChunkedV4aPayloadSigner.java
Show resolved
Hide resolved
| .orElseThrow(() -> { | ||
| String msg = String.format("Expected header '%s' to be present", | ||
| X_AMZ_DECODED_CONTENT_LENGTH); | ||
| return new RuntimeException(msg); |
There was a problem hiding this comment.
Should this be a more specific exception?
There was a problem hiding this comment.
Hmm maybe IllegalArgumentException? Note we don't have access to SdkClientException from this module
|
|
||
| switch (checksum) { | ||
| case STREAMING_ECDSA_SIGNED_PAYLOAD: { | ||
| long extensionsLength = 161; // ;chunk-signature:<sigv4a-ecsda hex signature, 144 bytes> |
There was a problem hiding this comment.
Nit - make this is a constant
| SdkHttpRequest requestToSign = p.left().build(); | ||
| Publisher<ByteBuffer> payloadToSign = p.right().orElse(null); | ||
|
|
||
| // We disallow unknown content length no the async path |
3 participants
Motivation and Context
This PR adds support for async payload signing in the V4a signer. Note an important difference to the V4 implementation: This supports the fallback to signing the payload when the request is sent over
http. This is because calling thesignAsync()method previously always threwUnsupportedOperationException, so there is no risk of performance regression for existing users.Modifications
Testing
Screenshots (if appropriate)
Types of changes
Checklist
mvn installsucceedsscripts/new-changescript and following the instructions. Commit the new file created by the script in.changes/next-releasewith your changes.License