use of software.amazon.awssdk.crt.auth.signing.AwsSigningResult in project aws-crt-java by awslabs.
the class SigningTest method testTrailingHeadersSigv4Signing.
@Test
public void testTrailingHeadersSigv4Signing() throws Exception {
HttpRequest request = createChunkedTestRequest();
CompletableFuture<HttpRequest> result = AwsSigner.signRequest(request, createChunkedRequestSigningConfig());
HttpRequest signedRequest = result.get();
assertNotNull(signedRequest);
assertTrue(hasHeaderWithValue(signedRequest, "Authorization", EXPECTED_CHUNK_REQUEST_AUTHORIZATION_HEADER));
/*
* If the authorization header is equal then certainly we can assume the
* signature value
*/
byte[] signature = EXPECTED_REQUEST_SIGNATURE;
HttpRequestBodyStream chunk1 = createChunk1Stream();
CompletableFuture<AwsSigningResult> chunk1Result = AwsSigner.sign(chunk1, signature, createChunkSigningConfig());
signature = chunk1Result.get().getSignature();
assertTrue(Arrays.equals(signature, EXPECTED_FIRST_CHUNK_SIGNATURE));
HttpRequestBodyStream chunk2 = createChunk2Stream();
CompletableFuture<AwsSigningResult> chunk2Result = AwsSigner.sign(chunk2, signature, createChunkSigningConfig());
signature = chunk2Result.get().getSignature();
assertTrue(Arrays.equals(signature, EXPECTED_SECOND_CHUNK_SIGNATURE));
CompletableFuture<AwsSigningResult> finalChunkResult = AwsSigner.sign((HttpRequestBodyStream) null, signature, createChunkSigningConfig());
signature = finalChunkResult.get().getSignature();
assertTrue(Arrays.equals(signature, EXPECTED_FINAL_CHUNK_SIGNATURE));
List<HttpHeader> trailingHeaders = createTrailingHeaders();
AwsSigningConfig trailingHeadersSigningConfig = createTrailingHeadersSigningConfig();
CompletableFuture<AwsSigningResult> trailingHeadersResult = AwsSigner.sign(trailingHeaders, signature, trailingHeadersSigningConfig);
signature = trailingHeadersResult.get().getSignature();
assertTrue(Arrays.equals(signature, EXPECTED_TRAILING_HEADERS_SIGNATURE));
}
use of software.amazon.awssdk.crt.auth.signing.AwsSigningResult in project aws-crt-java by awslabs.
the class SigningTest method testTrailingHeadersSigv4aSigning.
@Test
public void testTrailingHeadersSigv4aSigning() throws Exception {
HttpRequest request = createChunkedTrailerTestRequest();
AwsSigningConfig chunkedRequestSigningConfig = createChunkedRequestSigningConfig();
chunkedRequestSigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_ASYMMETRIC);
chunkedRequestSigningConfig.setSignedBodyValue(AwsSigningConfig.AwsSignedBodyValue.STREAMING_AWS4_ECDSA_P256_SHA256_PAYLOAD_TRAILER);
CompletableFuture<AwsSigningResult> result = AwsSigner.sign(request, chunkedRequestSigningConfig);
HttpRequest signedRequest = result.get().getSignedRequest();
assertNotNull(signedRequest);
byte[] requestSignature = result.get().getSignature();
assertTrue(AwsSigningUtils.verifySigv4aEcdsaSignature(request, CHUNKED_TRAILER_SIGV4A_CANONICAL_REQUEST, chunkedRequestSigningConfig, requestSignature, CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
HttpRequestBodyStream chunk1 = createChunk1Stream();
AwsSigningConfig chunkSigningConfig = createChunkSigningConfig();
chunkSigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_ASYMMETRIC);
CompletableFuture<AwsSigningResult> chunk1Result = AwsSigner.sign(chunk1, requestSignature, chunkSigningConfig);
byte[] chunk1StringToSign = buildChunkStringToSign(requestSignature, CHUNK1_STS_POST_SIGNATURE);
assertTrue(AwsSigningUtils.verifyRawSha256EcdsaSignature(chunk1StringToSign, chunk1Result.get().getSignature(), CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
HttpRequestBodyStream chunk2 = createChunk2Stream();
CompletableFuture<AwsSigningResult> chunk2Result = AwsSigner.sign(chunk2, chunk1Result.get().getSignature(), chunkSigningConfig);
byte[] chunk2StringToSign = buildChunkStringToSign(chunk1Result.get().getSignature(), CHUNK2_STS_POST_SIGNATURE);
assertTrue(AwsSigningUtils.verifyRawSha256EcdsaSignature(chunk2StringToSign, chunk2Result.get().getSignature(), CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
CompletableFuture<AwsSigningResult> chunk3Result = AwsSigner.sign((HttpRequestBodyStream) null, chunk2Result.get().getSignature(), chunkSigningConfig);
byte[] chunk3StringToSign = buildChunkStringToSign(chunk2Result.get().getSignature(), CHUNK3_STS_POST_SIGNATURE);
assertTrue(AwsSigningUtils.verifyRawSha256EcdsaSignature(chunk3StringToSign, chunk3Result.get().getSignature(), CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
List<HttpHeader> trailingHeaders = createTrailingHeaders();
AwsSigningConfig trailingHeadersSigningConfig = createTrailingHeadersSigningConfig();
trailingHeadersSigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_ASYMMETRIC);
CompletableFuture<AwsSigningResult> trailingHeadersResult = AwsSigner.sign(trailingHeaders, chunk3Result.get().getSignature(), trailingHeadersSigningConfig);
byte[] trailingHeadersStringToSign = buildTrailingHeadersStringToSign(chunk3Result.get().getSignature(), TRAILING_HEADERS_STS_POST_SIGNATURE);
assertTrue(AwsSigningUtils.verifyRawSha256EcdsaSignature(trailingHeadersStringToSign, trailingHeadersResult.get().getSignature(), CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
}
use of software.amazon.awssdk.crt.auth.signing.AwsSigningResult in project aws-sdk-java-v2 by aws.
the class ChunkedEncodingFunctionalTest method calling_adapter_APIs_directly_creates_correct_signatures_for_trailer_headers.
@Test
public void calling_adapter_APIs_directly_creates_correct_signatures_for_trailer_headers() throws Exception {
SdkHttpFullRequest sdkHttpFullRequest = createChunkedTrailerTestRequest().build();
chunkedRequestSigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_ASYMMETRIC);
chunkedRequestSigningConfig.setSignedBodyValue(AwsSigningConfig.AwsSignedBodyValue.STREAMING_AWS4_ECDSA_P256_SHA256_PAYLOAD_TRAILER);
SdkSigningResult result = adapter.sign(sdkHttpFullRequest, chunkedRequestSigningConfig);
byte[] requestSignature = result.getSignature();
assertTrue(AwsSigningUtils.verifySigv4aEcdsaSignature(converter.requestToCrt(sdkHttpFullRequest), CHUNKED_TRAILER_SIGV4A_CANONICAL_REQUEST, chunkedRequestSigningConfig, requestSignature, CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
byte[] previousSignature = result.getSignature();
for (int i = 0; i < 3; i++) {
byte[] currentSignature = adapter.signChunk(getChunkData(i), previousSignature, chunkSigningConfig);
assertTrue(AwsSigningUtils.verifyRawSha256EcdsaSignature(createStringToSign(i, previousSignature), currentSignature, CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
previousSignature = currentSignature;
}
updateTrailerHeaderSigningConfig();
Map<String, List<String>> trailerHeader = getTrailerHeaderMap();
AwsSigningResult trailingHeadersStringToSignResult = adapter.signTrailerHeaders(trailerHeader, previousSignature, chunkedRequestSigningConfig);
byte[] trailingHeadersStringToSign = buildTrailingHeadersStringToSign(previousSignature, TRAILING_HEADERS_STS_POST_SIGNATURE);
assertTrue(AwsSigningUtils.verifyRawSha256EcdsaSignature(trailingHeadersStringToSign, trailingHeadersStringToSignResult.getSignature(), CHUNKED_SIGV4A_TEST_ECC_PUB_X, CHUNKED_SIGV4A_TEST_ECC_PUB_Y));
}
use of software.amazon.awssdk.crt.auth.signing.AwsSigningResult in project aws-sdk-java-v2 by aws.
the class AwsCrt4aSigningAdapter method signTrailerHeaders.
public AwsSigningResult signTrailerHeaders(Map<String, List<String>> headerMap, byte[] previousSignature, AwsSigningConfig signingConfig) {
List<HttpHeader> httpHeaderList = headerMap.entrySet().stream().map(entry -> new HttpHeader(entry.getKey(), String.join(",", entry.getValue()))).collect(Collectors.toList());
// All the config remains the same as signing config except the Signature Type.
AwsSigningConfig configCopy = signingConfig.clone();
configCopy.setSignatureType(AwsSigningConfig.AwsSignatureType.HTTP_REQUEST_TRAILING_HEADERS);
CompletableFuture<AwsSigningResult> future = AwsSigner.sign(httpHeaderList, previousSignature, configCopy);
try {
return future.get();
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw SdkClientException.create("The thread got interrupted while attempting to sign request: " + e.getMessage(), e);
} catch (Exception e) {
throw SdkClientException.create("Unable to sign request: " + e.getMessage(), e);
}
}
use of software.amazon.awssdk.crt.auth.signing.AwsSigningResult in project aws-sdk-java-v2 by aws.
the class AwsCrt4aSigningAdapter method sign.
public SdkSigningResult sign(SdkHttpFullRequest request, AwsSigningConfig signingConfig) {
HttpRequest crtRequest = requestConverter.requestToCrt(SigningUtils.sanitizeSdkRequestForCrtSigning(request));
CompletableFuture<AwsSigningResult> future = AwsSigner.sign(crtRequest, signingConfig);
try {
AwsSigningResult signingResult = future.get();
return requestConverter.crtResultToAws(request, signingResult);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw SdkClientException.create("The thread got interrupted while attempting to sign request: " + e.getMessage(), e);
} catch (Exception e) {
throw SdkClientException.create("Unable to sign request: " + e.getMessage(), e);
}
}
Aggregations