From c5deb2e14810a676b1ee93e29d7d7655eaaa4dc2 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Thu, 28 Nov 2024 12:37:06 +0300 Subject: [PATCH] [#339] Drop unused and add link to source files Signed-off-by: Denis Kirillov --- api/auth/signer/v4asdk2/credentials.go | 4 + api/auth/signer/v4asdk2/credentials_test.go | 2 + api/auth/signer/v4asdk2/error.go | 17 -- .../signer/v4asdk2/internal/crypto/compare.go | 2 + .../v4asdk2/internal/crypto/compare_test.go | 2 + .../signer/v4asdk2/internal/crypto/ecc.go | 2 + .../v4asdk2/internal/crypto/ecc_test.go | 2 + api/auth/signer/v4asdk2/internal/v4/const.go | 2 + .../v4asdk2/internal/v4/header_rules.go | 2 + .../signer/v4asdk2/internal/v4/headers.go | 4 + api/auth/signer/v4asdk2/internal/v4/hmac.go | 2 + api/auth/signer/v4asdk2/internal/v4/host.go | 2 + api/auth/signer/v4asdk2/internal/v4/time.go | 2 + api/auth/signer/v4asdk2/internal/v4/util.go | 2 + .../signer/v4asdk2/internal/v4/util_test.go | 2 + api/auth/signer/v4asdk2/middleware.go | 118 ---------- api/auth/signer/v4asdk2/middleware_test.go | 149 ------------ api/auth/signer/v4asdk2/presign_middleware.go | 116 --------- .../signer/v4asdk2/presign_middleware_test.go | 222 ------------------ api/auth/signer/v4asdk2/shared_test.go | 18 -- api/auth/signer/v4asdk2/smithy.go | 85 ------- api/auth/signer/v4asdk2/stream.go | 2 + api/auth/signer/v4asdk2/v4a.go | 6 + api/auth/signer/v4asdk2/v4a_test.go | 2 + .../signer/v4sdk2/signer/internal/v4/cache.go | 2 + .../signer/v4sdk2/signer/internal/v4/const.go | 2 + .../v4sdk2/signer/internal/v4/header_rules.go | 2 + .../v4sdk2/signer/internal/v4/headers.go | 4 + .../v4sdk2/signer/internal/v4/headers_test.go | 2 + .../signer/v4sdk2/signer/internal/v4/hmac.go | 2 + .../signer/v4sdk2/signer/internal/v4/host.go | 2 + .../signer/v4sdk2/signer/internal/v4/scope.go | 2 + .../signer/v4sdk2/signer/internal/v4/time.go | 2 + .../signer/v4sdk2/signer/internal/v4/util.go | 2 + .../v4sdk2/signer/internal/v4/util_test.go | 2 + api/auth/signer/v4sdk2/signer/v4/stream.go | 2 + api/auth/signer/v4sdk2/signer/v4/v4.go | 4 + api/auth/signer/v4sdk2/signer/v4/v4_test.go | 2 + 38 files changed, 74 insertions(+), 725 deletions(-) delete mode 100644 api/auth/signer/v4asdk2/error.go delete mode 100644 api/auth/signer/v4asdk2/middleware.go delete mode 100644 api/auth/signer/v4asdk2/middleware_test.go delete mode 100644 api/auth/signer/v4asdk2/presign_middleware.go delete mode 100644 api/auth/signer/v4asdk2/presign_middleware_test.go delete mode 100644 api/auth/signer/v4asdk2/shared_test.go delete mode 100644 api/auth/signer/v4asdk2/smithy.go diff --git a/api/auth/signer/v4asdk2/credentials.go b/api/auth/signer/v4asdk2/credentials.go index 152482da..04dbd38e 100644 --- a/api/auth/signer/v4asdk2/credentials.go +++ b/api/auth/signer/v4asdk2/credentials.go @@ -1,3 +1,7 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/credentials.go +// with changes: +// * use `time.Now()` instead of `sdk.NowTime()` + package v4a import ( diff --git a/api/auth/signer/v4asdk2/credentials_test.go b/api/auth/signer/v4asdk2/credentials_test.go index bc89ec33..2918eb26 100644 --- a/api/auth/signer/v4asdk2/credentials_test.go +++ b/api/auth/signer/v4asdk2/credentials_test.go @@ -1,3 +1,5 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/credentials_test.go + package v4a import ( diff --git a/api/auth/signer/v4asdk2/error.go b/api/auth/signer/v4asdk2/error.go deleted file mode 100644 index 380d1742..00000000 --- a/api/auth/signer/v4asdk2/error.go +++ /dev/null @@ -1,17 +0,0 @@ -package v4a - -import "fmt" - -// SigningError indicates an error condition occurred while performing SigV4a signing -type SigningError struct { - Err error -} - -func (e *SigningError) Error() string { - return fmt.Sprintf("failed to sign request: %v", e.Err) -} - -// Unwrap returns the underlying error cause -func (e *SigningError) Unwrap() error { - return e.Err -} diff --git a/api/auth/signer/v4asdk2/internal/crypto/compare.go b/api/auth/signer/v4asdk2/internal/crypto/compare.go index 1d0f25f8..e928ed5a 100644 --- a/api/auth/signer/v4asdk2/internal/crypto/compare.go +++ b/api/auth/signer/v4asdk2/internal/crypto/compare.go @@ -1,3 +1,5 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/compare.go + package crypto import "fmt" diff --git a/api/auth/signer/v4asdk2/internal/crypto/compare_test.go b/api/auth/signer/v4asdk2/internal/crypto/compare_test.go index 2bbdfdb9..f3d72d2b 100644 --- a/api/auth/signer/v4asdk2/internal/crypto/compare_test.go +++ b/api/auth/signer/v4asdk2/internal/crypto/compare_test.go @@ -1,3 +1,5 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/compare_test.go + package crypto import ( diff --git a/api/auth/signer/v4asdk2/internal/crypto/ecc.go b/api/auth/signer/v4asdk2/internal/crypto/ecc.go index 758c73fc..5bd7ebf2 100644 --- a/api/auth/signer/v4asdk2/internal/crypto/ecc.go +++ b/api/auth/signer/v4asdk2/internal/crypto/ecc.go @@ -1,3 +1,5 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/ecc.go + package crypto import ( diff --git a/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go b/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go index 72a5e8dc..77fe99d0 100644 --- a/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go +++ b/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go @@ -1,3 +1,5 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/ecc_test.go + package crypto import ( diff --git a/api/auth/signer/v4asdk2/internal/v4/const.go b/api/auth/signer/v4asdk2/internal/v4/const.go index 89a76e2e..e6ea2b8e 100644 --- a/api/auth/signer/v4asdk2/internal/v4/const.go +++ b/api/auth/signer/v4asdk2/internal/v4/const.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/const.go + package v4 const ( diff --git a/api/auth/signer/v4asdk2/internal/v4/header_rules.go b/api/auth/signer/v4asdk2/internal/v4/header_rules.go index 7a9d415f..760efd8a 100644 --- a/api/auth/signer/v4asdk2/internal/v4/header_rules.go +++ b/api/auth/signer/v4asdk2/internal/v4/header_rules.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/header_rules.go + package v4 import ( diff --git a/api/auth/signer/v4asdk2/internal/v4/headers.go b/api/auth/signer/v4asdk2/internal/v4/headers.go index f6fc7f6f..f04baf3b 100644 --- a/api/auth/signer/v4asdk2/internal/v4/headers.go +++ b/api/auth/signer/v4asdk2/internal/v4/headers.go @@ -1,3 +1,7 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/header.go +// with changes: +// * drop User-Agent header from ignored + package v4 // IgnoredPresignedHeaders is a list of headers that are ignored during signing diff --git a/api/auth/signer/v4asdk2/internal/v4/hmac.go b/api/auth/signer/v4asdk2/internal/v4/hmac.go index e7fa7a1b..99bd3318 100644 --- a/api/auth/signer/v4asdk2/internal/v4/hmac.go +++ b/api/auth/signer/v4asdk2/internal/v4/hmac.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/hmac.go + package v4 import ( diff --git a/api/auth/signer/v4asdk2/internal/v4/host.go b/api/auth/signer/v4asdk2/internal/v4/host.go index bf93659a..7cf0a854 100644 --- a/api/auth/signer/v4asdk2/internal/v4/host.go +++ b/api/auth/signer/v4asdk2/internal/v4/host.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/host.go + package v4 import ( diff --git a/api/auth/signer/v4asdk2/internal/v4/time.go b/api/auth/signer/v4asdk2/internal/v4/time.go index 1de06a76..a4876fe2 100644 --- a/api/auth/signer/v4asdk2/internal/v4/time.go +++ b/api/auth/signer/v4asdk2/internal/v4/time.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/time.go + package v4 import "time" diff --git a/api/auth/signer/v4asdk2/internal/v4/util.go b/api/auth/signer/v4asdk2/internal/v4/util.go index 741019b5..57990cf2 100644 --- a/api/auth/signer/v4asdk2/internal/v4/util.go +++ b/api/auth/signer/v4asdk2/internal/v4/util.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/util.go + package v4 import ( diff --git a/api/auth/signer/v4asdk2/internal/v4/util_test.go b/api/auth/signer/v4asdk2/internal/v4/util_test.go index c29c1fa8..000a098f 100644 --- a/api/auth/signer/v4asdk2/internal/v4/util_test.go +++ b/api/auth/signer/v4asdk2/internal/v4/util_test.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/tuil_test.go + package v4 import ( diff --git a/api/auth/signer/v4asdk2/middleware.go b/api/auth/signer/v4asdk2/middleware.go deleted file mode 100644 index e1b6612f..00000000 --- a/api/auth/signer/v4asdk2/middleware.go +++ /dev/null @@ -1,118 +0,0 @@ -package v4a - -import ( - "context" - "fmt" - "net/http" - "time" - - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" - v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" - "github.com/aws/smithy-go/middleware" - smithyhttp "github.com/aws/smithy-go/transport/http" -) - -// HTTPSigner is SigV4a HTTP signer implementation -type HTTPSigner interface { - SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optfns ...func(*SignerOptions)) error -} - -// SignHTTPRequestMiddlewareOptions is the middleware options for constructing a SignHTTPRequestMiddleware. -type SignHTTPRequestMiddlewareOptions struct { - Credentials CredentialsProvider - Signer HTTPSigner - LogSigning bool -} - -// SignHTTPRequestMiddleware is a middleware for signing an HTTP request using SigV4a. -type SignHTTPRequestMiddleware struct { - credentials CredentialsProvider - signer HTTPSigner - logSigning bool -} - -// NewSignHTTPRequestMiddleware constructs a SignHTTPRequestMiddleware using the given SignHTTPRequestMiddlewareOptions. -func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *SignHTTPRequestMiddleware { - return &SignHTTPRequestMiddleware{ - credentials: options.Credentials, - signer: options.Signer, - logSigning: options.LogSigning, - } -} - -// ID the middleware identifier. -func (s *SignHTTPRequestMiddleware) ID() string { - return "Signing" -} - -// HandleFinalize signs an HTTP request using SigV4a. -func (s *SignHTTPRequestMiddleware) HandleFinalize( - ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, -) ( - out middleware.FinalizeOutput, metadata middleware.Metadata, err error, -) { - if !hasCredentialProvider(s.credentials) { - return next.HandleFinalize(ctx, in) - } - - req, ok := in.Request.(*smithyhttp.Request) - if !ok { - return out, metadata, fmt.Errorf("unexpected request middleware type %T", in.Request) - } - - signingName, signingRegion := awsmiddleware.GetSigningName(ctx), awsmiddleware.GetSigningRegion(ctx) - payloadHash := v4.GetPayloadHash(ctx) - if len(payloadHash) == 0 { - return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")} - } - - credentials, err := s.credentials.RetrievePrivateKey(ctx) - if err != nil { - return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)} - } - - signerOptions := []func(o *SignerOptions){ - func(o *SignerOptions) { - o.Logger = middleware.GetLogger(ctx) - o.LogSigning = s.logSigning - }, - } - - // existing DisableURIPathEscaping is equivalent in purpose - // to authentication scheme property DisableDoubleEncoding - //disableDoubleEncoding, overridden := internalauth.GetDisableDoubleEncoding(ctx) // internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" - //if overridden { - // signerOptions = append(signerOptions, func(o *SignerOptions) { - // o.DisableURIPathEscaping = disableDoubleEncoding - // }) - //} - - err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, []string{signingRegion}, time.Now().UTC(), signerOptions...) - if err != nil { - return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)} - } - - return next.HandleFinalize(ctx, in) -} - -func hasCredentialProvider(p CredentialsProvider) bool { - if p == nil { - return false - } - - return true -} - -// RegisterSigningMiddleware registers the SigV4a signing middleware to the stack. If a signing middleware is already -// present, this provided middleware will be swapped. Otherwise the middleware will be added at the tail of the -// finalize step. -func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignHTTPRequestMiddleware) (err error) { - const signedID = "Signing" - _, present := stack.Finalize.Get(signedID) - if present { - _, err = stack.Finalize.Swap(signedID, signingMiddleware) - } else { - err = stack.Finalize.Add(signingMiddleware, middleware.After) - } - return err -} diff --git a/api/auth/signer/v4asdk2/middleware_test.go b/api/auth/signer/v4asdk2/middleware_test.go deleted file mode 100644 index 135a5c51..00000000 --- a/api/auth/signer/v4asdk2/middleware_test.go +++ /dev/null @@ -1,149 +0,0 @@ -package v4a - -import ( - "bytes" - "context" - "errors" - "fmt" - "net/http" - "strings" - "testing" - "time" - - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" - v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" - "github.com/aws/smithy-go/logging" - "github.com/aws/smithy-go/middleware" - smithyhttp "github.com/aws/smithy-go/transport/http" -) - -type stubCredentialsProviderFunc func(context.Context) (Credentials, error) - -func (f stubCredentialsProviderFunc) RetrievePrivateKey(ctx context.Context) (Credentials, error) { - return f(ctx) -} - -type httpSignerFunc func(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error - -func (f httpSignerFunc) SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error { - return f(ctx, credentials, r, payloadHash, service, regionSet, signingTime, optFns...) -} - -func TestSignHTTPRequestMiddleware(t *testing.T) { - cases := map[string]struct { - creds CredentialsProvider - hash string - logSigning bool - expectedErr interface{} - }{ - "success": { - creds: stubCredentials, - hash: "0123456789abcdef", - }, - "error": { - creds: stubCredentialsProviderFunc(func(ctx context.Context) (Credentials, error) { - return Credentials{}, fmt.Errorf("credential error") - }), - hash: "", - expectedErr: &SigningError{}, - }, - "nil creds": { - creds: nil, - }, - "with log signing": { - creds: stubCredentials, - hash: "0123456789abcdef", - logSigning: true, - }, - } - - const ( - signingName = "serviceId" - signingRegion = "regionName" - ) - - for name, tt := range cases { - t.Run(name, func(t *testing.T) { - c := &SignHTTPRequestMiddleware{ - credentials: tt.creds, - signer: httpSignerFunc( - func(ctx context.Context, - credentials Credentials, r *http.Request, payloadHash string, - service string, regionSet []string, signingTime time.Time, - optFns ...func(*SignerOptions), - ) error { - var options SignerOptions - for _, fn := range optFns { - fn(&options) - } - if options.Logger == nil { - t.Errorf("expect logger, got none") - } - if options.LogSigning { - options.Logger.Logf(logging.Debug, t.Name()) - } - - expectCreds, _ := tt.creds.RetrievePrivateKey(ctx) - if diff := cmpDiff(expectCreds, credentials); len(diff) > 0 { - t.Error(diff) - } - if e, a := tt.hash, payloadHash; e != a { - t.Errorf("expected %v, got %v", e, a) - } - if e, a := signingName, service; e != a { - t.Errorf("expected %v, got %v", e, a) - } - if diff := cmpDiff([]string{signingRegion}, regionSet); len(diff) > 0 { - t.Error(diff) - } - return nil - }), - logSigning: tt.logSigning, - } - - next := middleware.FinalizeHandlerFunc(func(ctx context.Context, in middleware.FinalizeInput) (out middleware.FinalizeOutput, metadata middleware.Metadata, err error) { - return out, metadata, err - }) - - ctx := awsmiddleware.SetSigningRegion( - awsmiddleware.SetSigningName(context.Background(), signingName), - signingRegion) - - var loggerBuf bytes.Buffer - logger := logging.NewStandardLogger(&loggerBuf) - ctx = middleware.SetLogger(ctx, logger) - - if len(tt.hash) != 0 { - ctx = v4.SetPayloadHash(ctx, tt.hash) - } - - _, _, err := c.HandleFinalize(ctx, middleware.FinalizeInput{ - Request: &smithyhttp.Request{Request: &http.Request{}}, - }, next) - if err != nil && tt.expectedErr == nil { - t.Errorf("expected no error, got %v", err) - } else if err != nil && tt.expectedErr != nil { - e, a := tt.expectedErr, err - if !errors.As(a, &e) { - t.Errorf("expected error type %T, got %T", e, a) - } - } else if err == nil && tt.expectedErr != nil { - t.Errorf("expected error, got nil") - } - - if tt.logSigning { - if e, a := t.Name(), loggerBuf.String(); !strings.Contains(a, e) { - t.Errorf("expect %v logged in %v", e, a) - } - } else { - if loggerBuf.Len() != 0 { - t.Errorf("expect no log, got %v", loggerBuf.String()) - } - } - }) - } -} - -var ( - _ middleware.FinalizeMiddleware = &SignHTTPRequestMiddleware{} -) diff --git a/api/auth/signer/v4asdk2/presign_middleware.go b/api/auth/signer/v4asdk2/presign_middleware.go deleted file mode 100644 index ecb0f9eb..00000000 --- a/api/auth/signer/v4asdk2/presign_middleware.go +++ /dev/null @@ -1,116 +0,0 @@ -package v4a - -import ( - "context" - "fmt" - "net/http" - "time" - - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" - v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" - "github.com/aws/smithy-go/middleware" - smithyHTTP "github.com/aws/smithy-go/transport/http" -) - -// HTTPPresigner is an interface to a SigV4a signer that can sign create a -// presigned URL for a HTTP requests. -type HTTPPresigner interface { - PresignHTTP( - ctx context.Context, credentials Credentials, r *http.Request, - payloadHash string, service string, regionSet []string, signingTime time.Time, - optFns ...func(*SignerOptions), - ) (url string, signedHeader http.Header, err error) -} - -// PresignHTTPRequestMiddlewareOptions is the options for the PresignHTTPRequestMiddleware middleware. -type PresignHTTPRequestMiddlewareOptions struct { - CredentialsProvider CredentialsProvider - Presigner HTTPPresigner - LogSigning bool -} - -// PresignHTTPRequestMiddleware provides the Finalize middleware for creating a -// presigned URL for an HTTP request. -// -// Will short circuit the middleware stack and not forward onto the next -// Finalize handler. -type PresignHTTPRequestMiddleware struct { - credentialsProvider CredentialsProvider - presigner HTTPPresigner - logSigning bool -} - -// NewPresignHTTPRequestMiddleware returns a new PresignHTTPRequestMiddleware -// initialized with the presigner. -func NewPresignHTTPRequestMiddleware(options PresignHTTPRequestMiddlewareOptions) *PresignHTTPRequestMiddleware { - return &PresignHTTPRequestMiddleware{ - credentialsProvider: options.CredentialsProvider, - presigner: options.Presigner, - logSigning: options.LogSigning, - } -} - -// ID provides the middleware ID. -func (*PresignHTTPRequestMiddleware) ID() string { return "PresignHTTPRequest" } - -// HandleFinalize will take the provided input and create a presigned url for -// the http request using the SigV4 presign authentication scheme. -func (s *PresignHTTPRequestMiddleware) HandleFinalize( - ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, -) ( - out middleware.FinalizeOutput, metadata middleware.Metadata, err error, -) { - req, ok := in.Request.(*smithyHTTP.Request) - if !ok { - return out, metadata, &SigningError{ - Err: fmt.Errorf("unexpected request middleware type %T", in.Request), - } - } - - httpReq := req.Build(ctx) - if !hasCredentialProvider(s.credentialsProvider) { - out.Result = &v4.PresignedHTTPRequest{ - URL: httpReq.URL.String(), - Method: httpReq.Method, - SignedHeader: http.Header{}, - } - - return out, metadata, nil - } - - signingName := awsmiddleware.GetSigningName(ctx) - signingRegion := awsmiddleware.GetSigningRegion(ctx) - payloadHash := v4.GetPayloadHash(ctx) - if len(payloadHash) == 0 { - return out, metadata, &SigningError{ - Err: fmt.Errorf("computed payload hash missing from context"), - } - } - - credentials, err := s.credentialsProvider.RetrievePrivateKey(ctx) - if err != nil { - return out, metadata, &SigningError{ - Err: fmt.Errorf("failed to retrieve credentials: %w", err), - } - } - - u, h, err := s.presigner.PresignHTTP(ctx, credentials, - httpReq, payloadHash, signingName, []string{signingRegion}, time.Now(), - func(o *SignerOptions) { - o.Logger = middleware.GetLogger(ctx) - o.LogSigning = s.logSigning - }) - if err != nil { - return out, metadata, &SigningError{ - Err: fmt.Errorf("failed to sign http request, %w", err), - } - } - - out.Result = &v4.PresignedHTTPRequest{ - URL: u, - Method: httpReq.Method, - SignedHeader: h, - } - - return out, metadata, nil -} diff --git a/api/auth/signer/v4asdk2/presign_middleware_test.go b/api/auth/signer/v4asdk2/presign_middleware_test.go deleted file mode 100644 index ec83a817..00000000 --- a/api/auth/signer/v4asdk2/presign_middleware_test.go +++ /dev/null @@ -1,222 +0,0 @@ -package v4a - -import ( - "bytes" - "context" - "net/http" - "net/url" - "strings" - "testing" - "time" - - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" - v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" - "github.com/aws/smithy-go/logging" - "github.com/aws/smithy-go/middleware" - smithyhttp "github.com/aws/smithy-go/transport/http" -) - -type httpPresignerFunc func( - ctx context.Context, credentials Credentials, r *http.Request, - payloadHash string, service string, regionSet []string, signingTime time.Time, - optFns ...func(*SignerOptions), -) (url string, signedHeader http.Header, err error) - -func (f httpPresignerFunc) PresignHTTP( - ctx context.Context, credentials Credentials, r *http.Request, - payloadHash string, service string, regionSet []string, signingTime time.Time, - optFns ...func(*SignerOptions), -) ( - url string, signedHeader http.Header, err error, -) { - return f(ctx, credentials, r, payloadHash, service, regionSet, signingTime, optFns...) -} - -func TestPresignHTTPRequestMiddleware(t *testing.T) { - cases := map[string]struct { - Request *http.Request - Creds CredentialsProvider - PayloadHash string - LogSigning bool - ExpectResult *v4.PresignedHTTPRequest - ExpectErr string - }{ - "success": { - Request: &http.Request{ - URL: func() *url.URL { - u, _ := url.Parse("https://example.aws/path?query=foo") - return u - }(), - Header: http.Header{}, - }, - Creds: stubCredentials, - PayloadHash: "0123456789abcdef", - ExpectResult: &v4.PresignedHTTPRequest{ - URL: "https://example.aws/path?query=foo", - SignedHeader: http.Header{}, - }, - }, - "error": { - Request: func() *http.Request { - return &http.Request{} - }(), - Creds: stubCredentials, - PayloadHash: "", - ExpectErr: "failed to sign request", - }, - "anonymous creds": { - Request: &http.Request{ - URL: func() *url.URL { - u, _ := url.Parse("https://example.aws/path?query=foo") - return u - }(), - Header: http.Header{}, - }, - Creds: stubCredentials, - PayloadHash: "", - ExpectErr: "failed to sign request", - ExpectResult: &v4.PresignedHTTPRequest{ - URL: "https://example.aws/path?query=foo", - SignedHeader: http.Header{}, - }, - }, - "nil creds": { - Request: &http.Request{ - URL: func() *url.URL { - u, _ := url.Parse("https://example.aws/path?query=foo") - return u - }(), - Header: http.Header{}, - }, - Creds: nil, - ExpectResult: &v4.PresignedHTTPRequest{ - URL: "https://example.aws/path?query=foo", - SignedHeader: http.Header{}, - }, - }, - "with log signing": { - Request: &http.Request{ - URL: func() *url.URL { - u, _ := url.Parse("https://example.aws/path?query=foo") - return u - }(), - Header: http.Header{}, - }, - Creds: stubCredentials, - PayloadHash: "0123456789abcdef", - ExpectResult: &v4.PresignedHTTPRequest{ - URL: "https://example.aws/path?query=foo", - SignedHeader: http.Header{}, - }, - - LogSigning: true, - }, - } - - const ( - signingName = "serviceId" - signingRegion = "regionName" - ) - - for name, tt := range cases { - t.Run(name, func(t *testing.T) { - m := &PresignHTTPRequestMiddleware{ - credentialsProvider: tt.Creds, - - presigner: httpPresignerFunc(func( - ctx context.Context, credentials Credentials, r *http.Request, - payloadHash string, service string, regionSet []string, signingTime time.Time, - optFns ...func(*SignerOptions), - ) (url string, signedHeader http.Header, err error) { - var options SignerOptions - for _, fn := range optFns { - fn(&options) - } - if options.Logger == nil { - t.Errorf("expect logger, got none") - } - if options.LogSigning { - options.Logger.Logf(logging.Debug, t.Name()) - } - - if !hasCredentialProvider(tt.Creds) { - t.Errorf("expect presigner not to be called for not credentials provider") - } - - expectCreds, _ := tt.Creds.RetrievePrivateKey(context.Background()) - if diff := cmpDiff(expectCreds, credentials); len(diff) > 0 { - t.Error(diff) - } - if e, a := tt.PayloadHash, payloadHash; e != a { - t.Errorf("expected %v, got %v", e, a) - } - if e, a := signingName, service; e != a { - t.Errorf("expected %v, got %v", e, a) - } - if diff := cmpDiff([]string{signingRegion}, regionSet); len(diff) > 0 { - t.Error(diff) - } - - return tt.ExpectResult.URL, tt.ExpectResult.SignedHeader, nil - }), - logSigning: tt.LogSigning, - } - - next := middleware.FinalizeHandlerFunc( - func(ctx context.Context, in middleware.FinalizeInput) ( - out middleware.FinalizeOutput, metadata middleware.Metadata, err error, - ) { - t.Errorf("expect next handler not to be called") - return out, metadata, err - }) - - ctx := awsmiddleware.SetSigningRegion( - awsmiddleware.SetSigningName(context.Background(), signingName), - signingRegion) - - var loggerBuf bytes.Buffer - logger := logging.NewStandardLogger(&loggerBuf) - ctx = middleware.SetLogger(ctx, logger) - - if len(tt.PayloadHash) != 0 { - ctx = v4.SetPayloadHash(ctx, tt.PayloadHash) - } - - result, _, err := m.HandleFinalize(ctx, middleware.FinalizeInput{ - Request: &smithyhttp.Request{ - Request: tt.Request, - }, - }, next) - if len(tt.ExpectErr) != 0 { - if err == nil { - t.Fatalf("expect error, got none") - } - if e, a := tt.ExpectErr, err.Error(); !strings.Contains(a, e) { - t.Fatalf("expect error to contain %v, got %v", e, a) - } - return - } - if err != nil { - t.Fatalf("expect no error, got %v", err) - } - - if diff := cmpDiff(tt.ExpectResult, result.Result); len(diff) != 0 { - t.Errorf("expect result match\n%v", diff) - } - - if tt.LogSigning { - if e, a := t.Name(), loggerBuf.String(); !strings.Contains(a, e) { - t.Errorf("expect %v logged in %v", e, a) - } - } else { - if loggerBuf.Len() != 0 { - t.Errorf("expect no log, got %v", loggerBuf.String()) - } - } - }) - } -} - -var ( - _ middleware.FinalizeMiddleware = &PresignHTTPRequestMiddleware{} -) diff --git a/api/auth/signer/v4asdk2/shared_test.go b/api/auth/signer/v4asdk2/shared_test.go deleted file mode 100644 index 6c944008..00000000 --- a/api/auth/signer/v4asdk2/shared_test.go +++ /dev/null @@ -1,18 +0,0 @@ -package v4a - -import ( - "bytes" - "context" - "crypto/ecdsa" -) - -var stubCredentials = stubCredentialsProviderFunc(func(ctx context.Context) (Credentials, error) { - stubKey, err := ecdsa.GenerateKey(p256, bytes.NewReader(bytes.Repeat([]byte{1}, 40))) - if err != nil { - return Credentials{}, err - } - return Credentials{ - Context: "STUB", - PrivateKey: stubKey, - }, nil -}) diff --git a/api/auth/signer/v4asdk2/smithy.go b/api/auth/signer/v4asdk2/smithy.go deleted file mode 100644 index 4ee4ca42..00000000 --- a/api/auth/signer/v4asdk2/smithy.go +++ /dev/null @@ -1,85 +0,0 @@ -package v4a - -import ( - "context" - "fmt" - "time" - - v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" - "github.com/aws/smithy-go" - "github.com/aws/smithy-go/auth" - "github.com/aws/smithy-go/logging" - smithyhttp "github.com/aws/smithy-go/transport/http" -) - -// CredentialsAdapter adapts v4a.Credentials to smithy auth.Identity. -type CredentialsAdapter struct { - Credentials Credentials -} - -var _ auth.Identity = (*CredentialsAdapter)(nil) - -// Expiration returns the time of expiration for the credentials. -func (v *CredentialsAdapter) Expiration() time.Time { - return v.Credentials.Expires -} - -// CredentialsProviderAdapter adapts v4a.CredentialsProvider to -// auth.IdentityResolver. -type CredentialsProviderAdapter struct { - Provider CredentialsProvider -} - -var _ (auth.IdentityResolver) = (*CredentialsProviderAdapter)(nil) - -// GetIdentity retrieves v4a credentials using the underlying provider. -func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) ( - auth.Identity, error, -) { - creds, err := v.Provider.RetrievePrivateKey(ctx) - if err != nil { - return nil, fmt.Errorf("get credentials: %w", err) - } - - return &CredentialsAdapter{Credentials: creds}, nil -} - -// SignerAdapter adapts v4a.HTTPSigner to smithy http.Signer. -type SignerAdapter struct { - Signer HTTPSigner - Logger logging.Logger - LogSigning bool -} - -var _ (smithyhttp.Signer) = (*SignerAdapter)(nil) - -// SignRequest signs the request with the provided identity. -func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error { - ca, ok := identity.(*CredentialsAdapter) - if !ok { - return fmt.Errorf("unexpected identity type: %T", identity) - } - - name, ok := smithyhttp.GetSigV4SigningName(&props) - if !ok { - return fmt.Errorf("sigv4a signing name is required") - } - - regions, ok := smithyhttp.GetSigV4ASigningRegions(&props) - if !ok { - return fmt.Errorf("sigv4a signing region is required") - } - - hash := v4.GetPayloadHash(ctx) - err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, regions, time.Now(), func(o *SignerOptions) { - o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props) - - o.Logger = v.Logger - o.LogSigning = v.LogSigning - }) - if err != nil { - return fmt.Errorf("sign http: %w", err) - } - - return nil -} diff --git a/api/auth/signer/v4asdk2/stream.go b/api/auth/signer/v4asdk2/stream.go index b168c6c7..93988f9c 100644 --- a/api/auth/signer/v4asdk2/stream.go +++ b/api/auth/signer/v4asdk2/stream.go @@ -1,3 +1,5 @@ +// This file is adopting https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/stream.go for sigv4a. + package v4a import ( diff --git a/api/auth/signer/v4asdk2/v4a.go b/api/auth/signer/v4asdk2/v4a.go index f257ab53..5eaf72db 100644 --- a/api/auth/signer/v4asdk2/v4a.go +++ b/api/auth/signer/v4asdk2/v4a.go @@ -1,3 +1,9 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/v4a.go +// with changes: +// * adding exported VerifySignature methods +// * using different ignore headers for sing/presign requests +// * don't duplicate content-length as signed header + package v4a import ( diff --git a/api/auth/signer/v4asdk2/v4a_test.go b/api/auth/signer/v4asdk2/v4a_test.go index a67ca203..40c68830 100644 --- a/api/auth/signer/v4asdk2/v4a_test.go +++ b/api/auth/signer/v4asdk2/v4a_test.go @@ -1,3 +1,5 @@ +// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/v4a_test.go + package v4a import ( diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/cache.go b/api/auth/signer/v4sdk2/signer/internal/v4/cache.go index cbf22f1d..b1cf0478 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/cache.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/cache.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/cache.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/const.go b/api/auth/signer/v4sdk2/signer/internal/v4/const.go index a23cb003..9652f671 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/const.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/const.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/const.go + package v4 // Signature Version 4 (SigV4) Constants diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go b/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go index 76fa34b1..9036792d 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/header_rules.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/headers.go b/api/auth/signer/v4sdk2/signer/internal/v4/headers.go index f2a77665..46e220ce 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/headers.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/headers.go @@ -1,3 +1,7 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/header.go +// with changes: +// * drop User-Agent header from ignored + package v4 // IgnoredPresignedHeaders is a list of headers that are ignored during signing diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go b/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go index 6405ea97..bb386599 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/header_test.go + package v4 import "testing" diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go b/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go index e7fa7a1b..04534d78 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/hmac.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/host.go b/api/auth/signer/v4sdk2/signer/internal/v4/host.go index bf93659a..b5fdbbd9 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/host.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/host.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/host.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/scope.go b/api/auth/signer/v4sdk2/signer/internal/v4/scope.go index fc788790..d913a159 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/scope.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/scope.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/scope.go + package v4 import "strings" diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/time.go b/api/auth/signer/v4sdk2/signer/internal/v4/time.go index 1de06a76..6dd31cfc 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/time.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/time.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/time.go + package v4 import "time" diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/util.go b/api/auth/signer/v4sdk2/signer/internal/v4/util.go index d025dbaa..5340a925 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/util.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/util.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/util.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go b/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go index a38ef2d7..9f873b6a 100644 --- a/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go +++ b/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/util_test.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/v4/stream.go b/api/auth/signer/v4sdk2/signer/v4/stream.go index aa233879..9cf060f6 100644 --- a/api/auth/signer/v4sdk2/signer/v4/stream.go +++ b/api/auth/signer/v4sdk2/signer/v4/stream.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/stream.go + package v4 import ( diff --git a/api/auth/signer/v4sdk2/signer/v4/v4.go b/api/auth/signer/v4sdk2/signer/v4/v4.go index 11a2b3ae..afcd4641 100644 --- a/api/auth/signer/v4sdk2/signer/v4/v4.go +++ b/api/auth/signer/v4sdk2/signer/v4/v4.go @@ -1,3 +1,7 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/v4.go +// with changes: +// * using different headers for sign/presign + // Package v4 implements the AWS signature version 4 algorithm (commonly known // as SigV4). // diff --git a/api/auth/signer/v4sdk2/signer/v4/v4_test.go b/api/auth/signer/v4sdk2/signer/v4/v4_test.go index 420afd9c..fb7b7d10 100644 --- a/api/auth/signer/v4sdk2/signer/v4/v4_test.go +++ b/api/auth/signer/v4sdk2/signer/v4/v4_test.go @@ -1,3 +1,5 @@ +// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/v4_test.go + package v4 import (