aws
diff --git a/‎core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/AwsChunkedV4aPayloadSigner.java‎
Lines changed: 156 additions & 1 deletion b/‎core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/AwsChunkedV4aPayloadSigner.java‎
Lines changed: 156 additions & 1 deletion
diff --git a/‎core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/CrtRequestBodyAdapter.java‎
Lines changed: 54 additions & 0 deletions b/‎core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/CrtRequestBodyAdapter.java‎
Lines changed: 54 additions & 0 deletions
@@ -20,13 +20,19 @@
 import static software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant.STREAMING_ECDSA_SIGNED_PAYLOAD;
 import static software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant.STREAMING_ECDSA_SIGNED_PAYLOAD_TRAILER;
 import static software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant.STREAMING_UNSIGNED_PAYLOAD_TRAILER;
+import static software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant.X_AMZ_DECODED_CONTENT_LENGTH;
 import static software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerConstant.X_AMZ_TRAILER;
+import static software.amazon.awssdk.http.auth.aws.internal.signer.util.SignerUtils.computeAndMoveContentLength;
 
 import java.io.InputStream;
+import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import org.reactivestreams.Publisher;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.checksums.SdkChecksum;
 import software.amazon.awssdk.checksums.spi.ChecksumAlgorithm;
@@ -35,8 +41,11 @@
 import software.amazon.awssdk.http.SdkHttpRequest;
 import software.amazon.awssdk.http.auth.aws.internal.signer.CredentialScope;
 import software.amazon.awssdk.http.auth.aws.internal.signer.NoOpPayloadChecksumStore;
+import software.amazon.awssdk.http.auth.aws.internal.signer.chunkedencoding.AsyncChunkEncodedPayload;
 import software.amazon.awssdk.http.auth.aws.internal.signer.chunkedencoding.ChecksumTrailerProvider;
 import software.amazon.awssdk.http.auth.aws.internal.signer.chunkedencoding.ChunkedEncodedInputStream;
+import software.amazon.awssdk.http.auth.aws.internal.signer.chunkedencoding.ChunkedEncodedPayload;
+import software.amazon.awssdk.http.auth.aws.internal.signer.chunkedencoding.ChunkedEncodedPublisher;
 import software.amazon.awssdk.http.auth.aws.internal.signer.chunkedencoding.TrailerProvider;
 import software.amazon.awssdk.http.auth.aws.internal.signer.io.ChecksumInputStream;
 import software.amazon.awssdk.http.auth.aws.internal.signer.io.ResettableContentStreamProvider;
@@ -112,10 +121,66 @@ public ContentStreamProvider sign(ContentStreamProvider payload, V4aRequestSigni
  return new ResettableContentStreamProvider(chunkedEncodedInputStreamBuilder::build);
  }
 
+ /**
+ * Given a payload and result of request signing, sign the payload via the SigV4 process.
+ */
+ @Override
+ public Publisher<ByteBuffer> signAsync(Publisher<ByteBuffer> payload, V4aRequestSigningResult requestSigningResult) {
+ ChunkedEncodedPublisher.Builder chunkedStreamBuilder = ChunkedEncodedPublisher.builder()
+ .publisher(payload)
+ .chunkSize(chunkSize)
+ .addEmptyTrailingChunk(true);
+ AsyncChunkEncodedPayload chunkedPayload = new AsyncChunkEncodedPayload(chunkedStreamBuilder);
+
+ signCommon(chunkedPayload, requestSigningResult);
+
+ return chunkedStreamBuilder.build();
+ }
+
+ private ChunkedEncodedPayload signCommon(ChunkedEncodedPayload payload, V4aRequestSigningResult requestSigningResult) {
+ SdkHttpRequest.Builder request = requestSigningResult.getSignedRequest();
+
+ payload.decodedContentLength(request.firstMatchingHeader(X_AMZ_DECODED_CONTENT_LENGTH)
+ .map(Long::parseLong)
+ .orElseThrow(() -> {
+ String msg = String.format("Expected header '%s' to be present",
+ X_AMZ_DECODED_CONTENT_LENGTH);
+ return new RuntimeException(msg);
+ }));
+
+ preExistingTrailers.forEach(trailer -> payload.addTrailer(() -> trailer));
+
+ switch (requestSigningResult.getSigningConfig().getSignedBodyValue()) {
+ case STREAMING_ECDSA_SIGNED_PAYLOAD: {
+ RollingSigner rollingSigner = new RollingSigner(requestSigningResult.getSignature(),
+ requestSigningResult.getSigningConfig());
+ payload.addExtension(new SigV4aChunkExtensionProvider(rollingSigner, credentialScope));
+ break;
+ }
+ case STREAMING_UNSIGNED_PAYLOAD_TRAILER:
+ setupChecksumTrailerIfNeeded(payload);
+ break;
+ case STREAMING_ECDSA_SIGNED_PAYLOAD_TRAILER: {
+ RollingSigner rollingSigner = new RollingSigner(requestSigningResult.getSignature(),
+ requestSigningResult.getSigningConfig());
+ payload.addExtension(new SigV4aChunkExtensionProvider(rollingSigner, credentialScope));
+ setupChecksumTrailerIfNeeded(payload);
+ payload.addTrailer(
+ new SigV4aTrailerProvider(payload.trailers(), rollingSigner, credentialScope)
+ );
+ break;
+ }
+ default:
+ throw new UnsupportedOperationException();
+ }
+
+ return payload;
+ }
+
  @Override
  public void beforeSigning(SdkHttpRequest.Builder request, ContentStreamProvider payload, String checksum) {
  long encodedContentLength = 0;
- long contentLength = SignerUtils.computeAndMoveContentLength(request, payload);
+ long contentLength = computeAndMoveContentLength(request, payload);
  setupPreExistingTrailers(request);
 
  // pre-existing trailers
@@ -157,6 +222,72 @@ public void beforeSigning(SdkHttpRequest.Builder request, ContentStreamProvider
  // CRT-signed request doesn't expect 'aws-chunked' Content-Encoding, so we don't add it
  }
 
+ @Override
+ public CompletableFuture<Pair<SdkHttpRequest.Builder, Optional<Publisher<ByteBuffer>>>> beforeSigningAsync(
+ SdkHttpRequest.Builder request, Publisher<ByteBuffer> payload, String checksum) {
+
+ return SignerUtils.moveContentLength(request, payload)
+ .thenApply(p -> {
+ SdkHttpRequest.Builder requestBuilder = p.left();
+ setupPreExistingTrailers(requestBuilder);
+
+ long decodedContentLength =
+ requestBuilder.firstMatchingHeader(X_AMZ_DECODED_CONTENT_LENGTH)
+ .map(Long::parseLong)
+ // should not happen, this header is added by
+ // moveContentLength
+ .orElseThrow(() -> new RuntimeException(
+ X_AMZ_DECODED_CONTENT_LENGTH + " header not present"));
+
+ long encodedContentLength = calculateEncodedContentLength(request, decodedContentLength, checksum);
+
+ if (checksumAlgorithm != null) {
+ String checksumHeaderName = checksumHeaderName(checksumAlgorithm);
+ request.appendHeader(X_AMZ_TRAILER, checksumHeaderName);
+ }
+ request.putHeader(Header.CONTENT_LENGTH, Long.toString(encodedContentLength));
+
+ return Pair.of(requestBuilder, p.right());
+ });
+ }
+
+ private long calculateEncodedContentLength(SdkHttpRequest.Builder requestBuilder, long decodedContentLength,
+ String checksum) {
+ long encodedContentLength = 0;
+
+ encodedContentLength += calculateExistingTrailersLength();
+
+ switch (checksum) {
+ case STREAMING_ECDSA_SIGNED_PAYLOAD: {
+ long extensionsLength = 161; // ;chunk-signature:<sigv4a-ecsda hex signature, 144 bytes>
+ encodedContentLength += calculateChunksLength(decodedContentLength, extensionsLength);
+ break;
+ }
+ case STREAMING_UNSIGNED_PAYLOAD_TRAILER:
+ if (checksumAlgorithm != null) {
+ encodedContentLength += calculateChecksumTrailerLength(checksumHeaderName(checksumAlgorithm));
+ }
+ encodedContentLength += calculateChunksLength(decodedContentLength, 0);
+ break;
+ case STREAMING_ECDSA_SIGNED_PAYLOAD_TRAILER: {
+ long extensionsLength = 161; // ;chunk-signature:<sigv4a-ecsda hex signature, 144 bytes>
+ encodedContentLength += calculateChunksLength(decodedContentLength, extensionsLength);
+ if (checksumAlgorithm != null) {
+ encodedContentLength += calculateChecksumTrailerLength(checksumHeaderName(checksumAlgorithm));
+ }
+ encodedContentLength += 170; // x-amz-trailer-signature:<sigv4a-ecsda hex signature, 144 bytes>\r\n
+ break;
+ }
+ default:
+ throw new UnsupportedOperationException();
+ }
+
+ // terminating \r\n
+ encodedContentLength += 2;
+
+ return encodedContentLength;
+ }
+
  /**
  * Set up a map of pre-existing trailer (headers) for the given request to be used when chunk-encoding the payload.
  * <p>
@@ -270,6 +401,30 @@ private void setupChecksumTrailerIfNeeded(ChunkedEncodedInputStream.Builder buil
  builder.inputStream(checksumInputStream).addTrailer(checksumTrailer);
  }
 
+ private void setupChecksumTrailerIfNeeded(ChunkedEncodedPayload payload) {
+ if (checksumAlgorithm == null) {
+ return;
+ }
+ String checksumHeaderName = checksumHeaderName(checksumAlgorithm);
+
+ String cachedChecksum = getCachedChecksum();
+
+ if (cachedChecksum != null) {
+ LOG.debug(() -> String.format("Cached payload checksum available for algorithm %s: %s. Using cached value",
+ checksumAlgorithm.algorithmId(), checksumHeaderName));
+ payload.addTrailer(() -> Pair.of(checksumHeaderName, Collections.singletonList(cachedChecksum)));
+ return;
+ }
+
+ SdkChecksum sdkChecksum = fromChecksumAlgorithm(checksumAlgorithm);
+ payload.checksumPayload(sdkChecksum);
+
+ TrailerProvider checksumTrailer =
+ new ChecksumTrailerProvider(sdkChecksum, checksumHeaderName, checksumAlgorithm, payloadChecksumStore);
+
+ payload.addTrailer(checksumTrailer);
+ }
+
  private String getCachedChecksum() {
  byte[] checksumBytes = payloadChecksumStore.getChecksumValue(checksumAlgorithm);
  if (checksumBytes != null) {
 
@@ -0,0 +1,54 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.auth.aws.crt.internal.signer;
+
+import java.nio.ByteBuffer;
+import org.reactivestreams.Publisher;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.crt.http.HttpRequestBodyStream;
+import software.amazon.awssdk.utils.async.ByteBufferStoringSubscriber;
+import software.amazon.awssdk.utils.async.ByteBufferStoringSubscriber.TransferResult;
+
+@SdkInternalApi
+public final class CrtRequestBodyAdapter implements HttpRequestBodyStream {
+ private static final int BUFFER_SIZE = 4 * 1024 * 1024; // 4 MB
+ private final Publisher<ByteBuffer> requestPublisher;
+ private final long contentLength;
+ private ByteBufferStoringSubscriber requestBodySubscriber;
+
+ public CrtRequestBodyAdapter(Publisher<ByteBuffer> requestPublisher, long contentLength) {
+ this.requestPublisher = requestPublisher;
+ this.contentLength = contentLength;
+ this.requestBodySubscriber = new ByteBufferStoringSubscriber(BUFFER_SIZE);
+ }
+
+ @Override
+ public boolean sendRequestBody(ByteBuffer bodyBytesOut) {
+ return requestBodySubscriber.transferTo(bodyBytesOut) == TransferResult.END_OF_STREAM;
+ }
+
+ @Override
+ public boolean resetPosition() {
+ requestBodySubscriber = new ByteBufferStoringSubscriber(BUFFER_SIZE);
+ requestPublisher.subscribe(requestBodySubscriber);
+ return true;
+ }
+
+ @Override
+ public long getLength() {
+ return contentLength;
+ }
+}