Add flexible checksum support for non-streaming cases #4376
Conversation
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32CChecksum.java
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32Checksum.java
Show resolved
Hide resolved
...h-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Md5Checksum.java
Outdated
Show resolved
Hide resolved
...h-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/SdkChecksum.java
Show resolved
Hide resolved
...-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Sha1Checksum.java
Outdated
Show resolved
Hide resolved
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Sha256Checksum.java
Outdated
Show resolved
Hide resolved
...oftware/amazon/awssdk/http/auth/aws/internal/checksums/factory/CrtBasedChecksumProvider.java
Outdated
Show resolved
Hide resolved
.../src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/factory/SdkCrc32.java
Outdated
Show resolved
Hide resolved
...src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/factory/SdkCrc32C.java
Outdated
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/io/SdkDigestInputStream.java
Outdated
Show resolved
Hide resolved
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/PrecomputedChecksummer.java
Outdated
Show resolved
Hide resolved
core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/signer/Checksummer.java
Show resolved
Hide resolved
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/signer/Checksummer.java
Show resolved
Hide resolved
core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/signer/Checksummer.java
Outdated
Show resolved
Hide resolved
haydenbaker
force-pushed
the
haydenbaker/sra-ia-awssigners-flexible-checksums
branch
from
9de4aef
to
eb70caa
Compare
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32CChecksum.java
Outdated
Show resolved
Hide resolved
...st/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSignerTest.java
Outdated
Show resolved
Hide resolved
...st/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSignerTest.java
Outdated
Show resolved
Hide resolved
...st/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSignerTest.java
Show resolved
Hide resolved
...-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/util/ChecksumUtil.java
Outdated
Show resolved
Hide resolved
| import software.amazon.awssdk.http.auth.aws.internal.checksums.Sha256Checksum; | ||
|
|
||
| @SdkInternalApi | ||
| public final class ChecksumUtil { |
There was a problem hiding this comment.
Can we add unit tests for this class?
| */ | ||
| String checksum(ContentStreamProvider payload); | ||
| void checksum(ContentStreamProvider payload, SdkHttpRequest.Builder request); |
There was a problem hiding this comment.
Why did we make this change?
There was a problem hiding this comment.
Before flexible checksums, the checksummer only ever returned the checksum as a value. Now, the checksummer has to be able to do multiple things (i.e. compute a checksum, add it to the request, compute another checksum, add it to the request somewhere else).
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
haydenbaker
force-pushed
the
haydenbaker/sra-ia-awssigners-flexible-checksums
branch
from
eb70caa
to
3124558
Compare
| * Implementation of {@link SdkChecksum} to provide a constant checksum. | ||
| */ | ||
| @SdkInternalApi | ||
| public class ConstantChecksum implements SdkChecksum { |
There was a problem hiding this comment.
What's the use-case for this?
There was a problem hiding this comment.
Touched upon here: #4376 (comment)
|
|
||
| private final Collection<Checksum> checksums = new ArrayList<>(); | ||
|
|
||
| public ChecksumInputStream(InputStream stream, Collection<? extends Checksum> checksums) { |
There was a problem hiding this comment.
Is there any reason this takes a list of checksums? From the checksum spec, only one checksum algorithm is allowed on the request.
There was a problem hiding this comment.
Yep! It takes multiple because multiple "checksums" are computed when a flexible checksum is specified in the signing request - the "flexible"checksum and the sha-256 content hash (or one of the pre-defined constant values, which is why we need the ConstantChecksum)
There was a problem hiding this comment.
Do you have any use cases defined in tests for these variants?
There was a problem hiding this comment.
Yep. The ChecksumInputStreamTest and FlexibleChecksummerTest should test multiple checksums being configured.
...h-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/io/ChecksumSubscriber.java
Show resolved
Hide resolved
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
| private static boolean hasTrailer(SignRequest<?, ? extends AwsCredentialsIdentity> request) { | ||
| // Flexible checksums dictates adding a trailer when signing, but there may be existing trailers on | ||
| // the request (in the future) | ||
| return request.hasProperty(CHECKSUM_ALGORITHM) || request.request().firstMatchingHeader(X_AMZ_TRAILER).isPresent(); |
There was a problem hiding this comment.
Why request.hasProperty(CHECKSUM_ALGORITHM) means it has trailer? Nit: can we move the comment to the javadoc? Comments sometimes clutter the code imo.
There was a problem hiding this comment.
I can see how this would be confusing. Changing.
...ws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32CChecksum.java
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/checksums/Crc32Checksum.java
Show resolved
Hide resolved
...oftware/amazon/awssdk/http/auth/aws/internal/checksums/factory/CrtBasedChecksumProvider.java
Outdated
Show resolved
Hide resolved
| public class ChecksumInputStreamTest { | ||
|
|
||
| @Test | ||
| public void test_computesCorrectSha256() { |
There was a problem hiding this comment.
nit, we don't really use "test" as part of test name since it's unnecessary. The patterns we've established are methodToTest_when_expectedBehavior or given_when_then
.../src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/FlexibleChecksummer.java
Show resolved
Hide resolved
| * The default implementation of a checksummer. By default, this will calculate the SHA256 checksum of a payload and add it as the | ||
| * value for the 'x-amz-content-sha256' header on the request. | ||
| */ | ||
| @SdkInternalApi |
There was a problem hiding this comment.
Do we need this class? Since technically, this is covered in FlexibleChecksummer by passing just SHA256
There was a problem hiding this comment.
Nope, you're right, it can be removed.
| * the cases where the checksum is a pre-defined value that dictates specific behavior by the signer, and flexible checksums is | ||
| * not enabled for the request (such as aws-chunked payload signing without trailers, unsigned streaming without trailers, etc.). | ||
| */ | ||
| @SdkInternalApi | ||
| public final class PrecomputedChecksummer implements Checksummer { |
There was a problem hiding this comment.
Do we need this class? It seems like we can use FlexibleChecksummer and pass ConstantChecksumAlgorithm right?
There was a problem hiding this comment.
This is an optimization, using this class means it doesn't need to read the stream like it does with Flexible.
There was a problem hiding this comment.
Can we rename it to PrecomputedSha256Checksummer to make it more clear?
| /** | ||
| * Gets the SdkChecksum object based on the given ChecksumAlgorithm. | ||
| */ | ||
| public static SdkChecksum fromChecksumAlgorithm(ChecksumAlgorithm checksumAlgorithm) { |
There was a problem hiding this comment.
We may want to create a map for this to make it easier to maintain and may be a micro performance improvement Map<ChecksumAlgorithm, Supplier<SdkChecksum>>
There was a problem hiding this comment.
We can do this for the most, we can't for ConstantChecksum, since it takes a value as part of construction. Updating for this case.
.../src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/FlexibleChecksummer.java
Show resolved
Hide resolved
| * the cases where the checksum is a pre-defined value that dictates specific behavior by the signer, and flexible checksums is | ||
| * not enabled for the request (such as aws-chunked payload signing without trailers, unsigned streaming without trailers, etc.). | ||
| */ | ||
| @SdkInternalApi | ||
| public final class PrecomputedChecksummer implements Checksummer { |
There was a problem hiding this comment.
Can we rename it to PrecomputedSha256Checksummer to make it more clear?
| * Get a flexible checksummer that performs two checksums: the given checksum-algorithm and a precomputed checksum from the | ||
| * given checksum string. | ||
| */ | ||
| static Checksummer create(String checksum, ChecksumAlgorithm checksumAlgorithm) { |
There was a problem hiding this comment.
Suggesting static Checksummer forFlexibleChecksum(String preComputedSha256, ChecksumAlgorithm checksumAlgorithm)
| */ | ||
| @SdkInternalApi | ||
| public final class FlexibleChecksummer implements Checksummer { | ||
| private final Map<String, SdkChecksum> checksumMap; |
There was a problem hiding this comment.
Nit: Map<SdkChecksum, String> seems to be more intuitive. Can we rename it to checksumToHeader or headerToChecksum if you want to keep it as is.
| * given checksum string. | ||
| */ | ||
| static Checksummer create(String checksum, ChecksumAlgorithm checksumAlgorithm) { | ||
| if (checksumAlgorithm != null) { |
There was a problem hiding this comment.
Can we require chekcsumAlgorithm to be not null
| /** | ||
| * Get a precomputed checksummer that results the given checksum string. | ||
| */ | ||
| static Checksummer create(String checksum) { |
There was a problem hiding this comment.
Suggesting static Checksummer forPrecomputed256Checksum(String preComputedSha256)
| * Given a payload, calculate a checksum and return it as a string. | ||
| * Get a flexible checksummer that performs two checksums: the given checksum-algorithm and the default (sha256). | ||
| */ | ||
| static Checksummer create(ChecksumAlgorithm checksumAlgorithm) { |
There was a problem hiding this comment.
Suggesting static Checksummer forFlexibleChecksum(ChecksumAlgorithm checksumAlgorithm) and requiring checksumAlgorithims to be not null.
haydenbaker
merged commit 53c7b3b
into
feature/master/sra-identity-auth
haydenbaker
deleted the
haydenbaker/sra-ia-awssigners-flexible-checksums
branch
|
SonarCloud Quality Gate failed.
|
Motivation and Context
Modifications
SdkChecksumand related code fromsdk-coreto use internally without importingsdk-coreTesting
Types of changes
Checklist
mvn installsucceedsscripts/new-changescript and following the instructions. Commit the new file created by the script in.changes/next-releasewith your changes.License