Updates

dagnir · dagnir · commit 3a9cb34c01e3 · 2025-10-08T13:38:00.000-07:00
diff --git a/core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java b/core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
@@ -204,14 +204,15 @@ private static V4PayloadSigner v4PayloadAsyncSigner(
             throw new UnsupportedOperationException("Unsigned payload is not supported with event-streaming.");
         }
 
-        // Note: this check is done after we check if the request is eventstreaming, during which we just use the normal logic
-        // as sync to determine if the body should be signed. If it's not eventstreaming, hen async needs to treat this request
-        // as unsigned to maintain current behavior re: plain HTTP requests.
+        // Note: this check is done after we check if the request is eventstreaming, during which we just use the same logic
+        // as sync to determine if the body should be signed. If it's not eventstreaming, then async needs to treat this
+        // request differently to maintain current behavior re: plain HTTP requests.
+        boolean nonEvenstreamingPayloadSigning = isPayloadSigning;
         if (asyncShouldTreatAsUnsigned(request)) {
-            isPayloadSigning = false;
+            nonEvenstreamingPayloadSigning = false;
         }
 
-        if (useChunkEncoding(isPayloadSigning, isChunkEncoding, isTrailing || isFlexible)) {
+        if (useChunkEncoding(nonEvenstreamingPayloadSigning, isChunkEncoding, isTrailing || isFlexible)) {
             return AwsChunkedV4PayloadSigner.builder()
                                             .credentialScope(properties.getCredentialScope())
                                             .chunkSize(DEFAULT_CHUNK_SIZE_IN_BYTES)
diff --git a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AsyncSigningStage.java b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AsyncSigningStage.java
@@ -43,6 +43,8 @@
 import software.amazon.awssdk.http.auth.spi.signer.AsyncSignedRequest;
 import software.amazon.awssdk.http.auth.spi.signer.BaseSignedRequest;
 import software.amazon.awssdk.http.auth.spi.signer.HttpSigner;
+import software.amazon.awssdk.http.auth.spi.signer.PayloadChecksumStore;
+import software.amazon.awssdk.http.auth.spi.signer.SdkInternalHttpSignerProperty;
 import software.amazon.awssdk.http.auth.spi.signer.SignRequest;
 import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
 import software.amazon.awssdk.identity.spi.Identity;
@@ -88,11 +90,15 @@ public CompletableFuture<SdkHttpFullRequest> execute(SdkHttpFullRequest request,
     private <T extends Identity> CompletableFuture<SdkHttpFullRequest> sraSignRequest(SdkHttpFullRequest request,
                                                                                       RequestExecutionContext context,
                                                                                       SelectedAuthScheme<T> selectedAuthScheme) {
+        // Should not be null, added by HttpChecksumStage for SRA signed requests
+        PayloadChecksumStore payloadChecksumStore =
+            context.executionAttributes().getAttribute(SdkInternalExecutionAttribute.CHECKSUM_STORE);
+
         adjustForClockSkew(context.executionAttributes());
         CompletableFuture<? extends T> identityFuture = selectedAuthScheme.identity();
         return identityFuture.thenCompose(identity -> {
             CompletableFuture<SdkHttpFullRequest> signedRequestFuture = MetricUtils.reportDuration(
-                () -> doSraSign(request, context, selectedAuthScheme, identity),
+                () -> doSraSign(request, context, selectedAuthScheme, identity, payloadChecksumStore),
                 context.attemptMetricCollector(),
                 CoreMetric.SIGNING_DURATION);
 
@@ -106,14 +112,16 @@ private <T extends Identity> CompletableFuture<SdkHttpFullRequest> sraSignReques
     private <T extends Identity> CompletableFuture<SdkHttpFullRequest> doSraSign(SdkHttpFullRequest request,
                                                                                  RequestExecutionContext context,
                                                                                  SelectedAuthScheme<T> selectedAuthScheme,
-                                                                                 T identity) {
+                                                                                 T identity,
+                                                                                 PayloadChecksumStore payloadChecksumStore) {
         AuthSchemeOption authSchemeOption = selectedAuthScheme.authSchemeOption();
         HttpSigner<T> signer = selectedAuthScheme.signer();
 
         if (context.requestProvider() == null) {
             SignRequest.Builder<T> signRequestBuilder = SignRequest
                 .builder(identity)
                 .putProperty(HttpSigner.SIGNING_CLOCK, signingClock())
+                .putProperty(SdkInternalHttpSignerProperty.CHECKSUM_STORE, payloadChecksumStore)
                 .request(request)
                 .payload(request.contentStreamProvider().orElse(null));
             authSchemeOption.forEachSignerProperty(signRequestBuilder::putProperty);
@@ -125,8 +133,10 @@ private <T extends Identity> CompletableFuture<SdkHttpFullRequest> doSraSign(Sdk
         AsyncSignRequest.Builder<T> signRequestBuilder = AsyncSignRequest
             .builder(identity)
             .putProperty(HttpSigner.SIGNING_CLOCK, signingClock())
+            .putProperty(SdkInternalHttpSignerProperty.CHECKSUM_STORE, payloadChecksumStore)
             .request(request)
             .payload(context.requestProvider());
+
         authSchemeOption.forEachSignerProperty(signRequestBuilder::putProperty);
 
         CompletableFuture<AsyncSignedRequest> signedRequestFuture = signer.signAsync(signRequestBuilder.build());
