Skip to content

Support for payload signing + chunked encoding in DefaultAwsV4HttpSigner #6466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Support for payload signing + chunked encoding in DefaultAwsV4HttpSigner #6466

wants to merge 10 commits into from

Conversation

dagnir
Copy link
Contributor

@dagnir dagnir commented Oct 7, 2025
edited
Loading

Motivation and Context

Add support for payload signing of async streaming requests signed with SigV4 using default AwsV4HttpSigner (using AwsV4HttpSigner.create()). Note, requests using the http URI scheme will not be signed regardless of the value of AwsV4FamilyHttpSigner.PAYLOAD_SIGNING_ENABLED to remain consistent with existing behavior. This may change in a future release.

Modifications

Testing

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

dagnir added 5 commits August 5, 2025 14:14
@dagnir
Support async V4 payload signing
7c7941c 
This commit adds support for SigV4 signing of async request payloads.

In addition this commit moves the support for trailing checksums from
HttpChecksumStage to the V4 signer implementation; this puts it in line
with how sync chunked bodies are already handled.
@dagnir
Review comments
a222719 
 - Rename to computeAndMoveContentLength
 - Rename variable to chunkedPayload
 - Fix javadocs
 - Sign payload only if non-null
@dagnir
Combine chunking + encoding
1d15408 
Combine these two steps to improve performance by reducing memory
allocations.
@dagnir
Merge remote-tracking branch 'origin/master' into dongie/sra-chunk-en…
3d1d896 
…coding-rebase
@dagnir
Merge remote-tracking branch 'origin/master' into dongie/sra-chunk-en…
119cfbf 
…coding-pt1
@dagnir dagnir force-pushed the dongie/sra-chunk-encoding-pt1 branch from fcda677 to 488b723 Compare October 7, 2025 22:18
@dagnir dagnir force-pushed the dongie/sra-chunk-encoding-pt1 branch from 3a9cb34 to e52ea62 Compare October 8, 2025 21:30
@dagnir dagnir marked this pull request as ready for review October 8, 2025 21:40
@dagnir dagnir requested a review from a team as a code owner October 8, 2025 21:40
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Oct 9, 2025

Quality Gate Passed Quality Gate passed

Issues
18 New issues
0 Accepted issues

Measures
0 Security Hotspots
93.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

zoewangg
zoewangg reviewed Oct 10, 2025
View reviewed changes
@dagnir dagnir mentioned this pull request Oct 10, 2025
Closed
12 tasks
zoewangg
zoewangg reviewed Oct 10, 2025
View reviewed changes
...ava/software/amazon/awssdk/http/auth/aws/crt/internal/signer/AwsChunkedV4aPayloadSigner.java
* and/or trailers representing trailing headers with their signature at the end.
*/
@SdkInternalApi
public final class AwsChunkedV4aPayloadSigner implements V4aPayloadSigner {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we need to support signAsync in this class as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but I will follow up with a separate PR for that; same for DefaultAwsCrtV4aHttpSigner.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha, but as soon as we remove the switching logic in HttpChecksumStage.java, sigv4a streaming operations will be broken, right? since it doesn't do AWS chunked encoding for async

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦‍♂️ Ah I think you are right. In that case I can merge this back to the feature branch, and follow up with that. This PR is big enough as it is

dagnir added 2 commits October 10, 2025 12:22
@dagnir
Review comments
0a236dc 
 - Update variable naming
 - Throw if decoded content length not present
 - Throw if input request doesn't have content-length header
@dagnir
Additional test for no content-length
d480132
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zoewangg zoewangg zoewangg left review comments

@Fred1155 Fred1155 Fred1155 left review comments

@RanVaknin RanVaknin RanVaknin left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dagnir @zoewangg @Fred1155 @RanVaknin