-
Notifications
You must be signed in to change notification settings - Fork 840
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add flexible checksum support for non-streaming cases #4376
Add flexible checksum support for non-streaming cases #4376
Conversation
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32CChecksum.java
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32Checksum.java
Show resolved
Hide resolved
...h-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Md5Checksum.java
Outdated
Show resolved
Hide resolved
...h-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/SdkChecksum.java
Show resolved
Hide resolved
...-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Sha1Checksum.java
Outdated
Show resolved
Hide resolved
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Sha256Checksum.java
Outdated
Show resolved
Hide resolved
...oftware/amazon/awssdk/http/auth/aws/internal/checksums/factory/CrtBasedChecksumProvider.java
Outdated
Show resolved
Hide resolved
.../src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/factory/SdkCrc32.java
Outdated
Show resolved
Hide resolved
...src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/factory/SdkCrc32C.java
Outdated
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/io/SdkDigestInputStream.java
Outdated
Show resolved
Hide resolved
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/PrecomputedChecksummer.java
Outdated
Show resolved
Hide resolved
core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/signer/Checksummer.java
Show resolved
Hide resolved
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/signer/Checksummer.java
Show resolved
Hide resolved
core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/signer/Checksummer.java
Outdated
Show resolved
Hide resolved
9de4aef
to
eb70caa
Compare
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32CChecksum.java
Outdated
Show resolved
Hide resolved
...st/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSignerTest.java
Outdated
Show resolved
Hide resolved
...st/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSignerTest.java
Outdated
Show resolved
Hide resolved
...st/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSignerTest.java
Show resolved
Hide resolved
...-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/util/ChecksumUtil.java
Outdated
Show resolved
Hide resolved
import software.amazon.awssdk.http.auth.aws.internal.checksums.Sha256Checksum; | ||
|
||
@SdkInternalApi | ||
public final class ChecksumUtil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add unit tests for this class?
*/ | ||
String checksum(ContentStreamProvider payload); | ||
void checksum(ContentStreamProvider payload, SdkHttpRequest.Builder request); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did we make this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before flexible checksums, the checksummer only ever returned the checksum as a value. Now, the checksummer has to be able to do multiple things (i.e. compute a checksum, add it to the request, compute another checksum, add it to the request somewhere else).
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
eb70caa
to
3124558
Compare
* Implementation of {@link SdkChecksum} to provide a constant checksum. | ||
*/ | ||
@SdkInternalApi | ||
public class ConstantChecksum implements SdkChecksum { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the use-case for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Touched upon here: #4376 (comment)
|
||
private final Collection<Checksum> checksums = new ArrayList<>(); | ||
|
||
public ChecksumInputStream(InputStream stream, Collection<? extends Checksum> checksums) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any reason this takes a list of checksums? From the checksum spec, only one checksum algorithm is allowed on the request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep! It takes multiple because multiple "checksums" are computed when a flexible checksum is specified in the signing request - the "flexible"checksum and the sha-256 content hash (or one of the pre-defined constant values, which is why we need the ConstantChecksum
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any use cases defined in tests for these variants?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. The ChecksumInputStreamTest
and FlexibleChecksummerTest
should test multiple checksums being configured.
...h-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/io/ChecksumSubscriber.java
Show resolved
Hide resolved
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
private static boolean hasTrailer(SignRequest<?, ? extends AwsCredentialsIdentity> request) { | ||
// Flexible checksums dictates adding a trailer when signing, but there may be existing trailers on | ||
// the request (in the future) | ||
return request.hasProperty(CHECKSUM_ALGORITHM) || request.request().firstMatchingHeader(X_AMZ_TRAILER).isPresent(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why request.hasProperty(CHECKSUM_ALGORITHM)
means it has trailer? Nit: can we move the comment to the javadoc? Comments sometimes clutter the code imo.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can see how this would be confusing. Changing.
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32CChecksum.java
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32Checksum.java
Show resolved
Hide resolved
...oftware/amazon/awssdk/http/auth/aws/internal/checksums/factory/CrtBasedChecksumProvider.java
Outdated
Show resolved
Hide resolved
public class ChecksumInputStreamTest { | ||
|
||
@Test | ||
public void test_computesCorrectSha256() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, we don't really use "test" as part of test name since it's unnecessary. The patterns we've established are methodToTest_when_expectedBehavior
or given_when_then
.../src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/FlexibleChecksummer.java
Show resolved
Hide resolved
* The default implementation of a checksummer. By default, this will calculate the SHA256 checksum of a payload and add it as the | ||
* value for the 'x-amz-content-sha256' header on the request. | ||
*/ | ||
@SdkInternalApi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this class? Since technically, this is covered in FlexibleChecksummer by passing just SHA256
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, you're right, it can be removed.
* the cases where the checksum is a pre-defined value that dictates specific behavior by the signer, and flexible checksums is | ||
* not enabled for the request (such as aws-chunked payload signing without trailers, unsigned streaming without trailers, etc.). | ||
*/ | ||
@SdkInternalApi | ||
public final class PrecomputedChecksummer implements Checksummer { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this class? It seems like we can use FlexibleChecksummer
and pass ConstantChecksumAlgorithm
right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an optimization, using this class means it doesn't need to read the stream like it does with Flexible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we rename it to PrecomputedSha256Checksummer
to make it more clear?
/** | ||
* Gets the SdkChecksum object based on the given ChecksumAlgorithm. | ||
*/ | ||
public static SdkChecksum fromChecksumAlgorithm(ChecksumAlgorithm checksumAlgorithm) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may want to create a map for this to make it easier to maintain and may be a micro performance improvement Map<ChecksumAlgorithm, Supplier<SdkChecksum>>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can do this for the most, we can't for ConstantChecksum, since it takes a value as part of construction. Updating for this case.
.../src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/FlexibleChecksummer.java
Show resolved
Hide resolved
* the cases where the checksum is a pre-defined value that dictates specific behavior by the signer, and flexible checksums is | ||
* not enabled for the request (such as aws-chunked payload signing without trailers, unsigned streaming without trailers, etc.). | ||
*/ | ||
@SdkInternalApi | ||
public final class PrecomputedChecksummer implements Checksummer { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we rename it to PrecomputedSha256Checksummer
to make it more clear?
* Get a flexible checksummer that performs two checksums: the given checksum-algorithm and a precomputed checksum from the | ||
* given checksum string. | ||
*/ | ||
static Checksummer create(String checksum, ChecksumAlgorithm checksumAlgorithm) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggesting static Checksummer forFlexibleChecksum(String preComputedSha256, ChecksumAlgorithm checksumAlgorithm)
*/ | ||
@SdkInternalApi | ||
public final class FlexibleChecksummer implements Checksummer { | ||
private final Map<String, SdkChecksum> checksumMap; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Map<SdkChecksum, String>
seems to be more intuitive. Can we rename it to checksumToHeader
or headerToChecksum
if you want to keep it as is.
* given checksum string. | ||
*/ | ||
static Checksummer create(String checksum, ChecksumAlgorithm checksumAlgorithm) { | ||
if (checksumAlgorithm != null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we require chekcsumAlgorithm to be not null
/** | ||
* Get a precomputed checksummer that results the given checksum string. | ||
*/ | ||
static Checksummer create(String checksum) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggesting static Checksummer forPrecomputed256Checksum(String preComputedSha256)
* Given a payload, calculate a checksum and return it as a string. | ||
* Get a flexible checksummer that performs two checksums: the given checksum-algorithm and the default (sha256). | ||
*/ | ||
static Checksummer create(ChecksumAlgorithm checksumAlgorithm) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggesting static Checksummer forFlexibleChecksum(ChecksumAlgorithm checksumAlgorithm)
and requiring checksumAlgorithims to be not null.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feel free to merge once require chekcsumAlgorithm thing is fixed.
53c7b3b
into
feature/master/sra-identity-auth
SonarCloud Quality Gate failed. 3 Bugs 0.0% Coverage Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
Motivation and Context
Modifications
SdkChecksum
and related code fromsdk-core
to use internally without importingsdk-core
Testing
Types of changes
Checklist
mvn install
succeedsscripts/new-change
script and following the instructions. Commit the new file created by the script in.changes/next-release
with your changes.License