From c5deb2e14810a676b1ee93e29d7d7655eaaa4dc2 Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Thu, 28 Nov 2024 12:37:06 +0300
Subject: [PATCH] [#339] Drop unused and add link to source files
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
api/auth/signer/v4asdk2/credentials.go | 4 +
api/auth/signer/v4asdk2/credentials_test.go | 2 +
api/auth/signer/v4asdk2/error.go | 17 --
.../signer/v4asdk2/internal/crypto/compare.go | 2 +
.../v4asdk2/internal/crypto/compare_test.go | 2 +
.../signer/v4asdk2/internal/crypto/ecc.go | 2 +
.../v4asdk2/internal/crypto/ecc_test.go | 2 +
api/auth/signer/v4asdk2/internal/v4/const.go | 2 +
.../v4asdk2/internal/v4/header_rules.go | 2 +
.../signer/v4asdk2/internal/v4/headers.go | 4 +
api/auth/signer/v4asdk2/internal/v4/hmac.go | 2 +
api/auth/signer/v4asdk2/internal/v4/host.go | 2 +
api/auth/signer/v4asdk2/internal/v4/time.go | 2 +
api/auth/signer/v4asdk2/internal/v4/util.go | 2 +
.../signer/v4asdk2/internal/v4/util_test.go | 2 +
api/auth/signer/v4asdk2/middleware.go | 118 ----------
api/auth/signer/v4asdk2/middleware_test.go | 149 ------------
api/auth/signer/v4asdk2/presign_middleware.go | 116 ---------
.../signer/v4asdk2/presign_middleware_test.go | 222 ------------------
api/auth/signer/v4asdk2/shared_test.go | 18 --
api/auth/signer/v4asdk2/smithy.go | 85 -------
api/auth/signer/v4asdk2/stream.go | 2 +
api/auth/signer/v4asdk2/v4a.go | 6 +
api/auth/signer/v4asdk2/v4a_test.go | 2 +
.../signer/v4sdk2/signer/internal/v4/cache.go | 2 +
.../signer/v4sdk2/signer/internal/v4/const.go | 2 +
.../v4sdk2/signer/internal/v4/header_rules.go | 2 +
.../v4sdk2/signer/internal/v4/headers.go | 4 +
.../v4sdk2/signer/internal/v4/headers_test.go | 2 +
.../signer/v4sdk2/signer/internal/v4/hmac.go | 2 +
.../signer/v4sdk2/signer/internal/v4/host.go | 2 +
.../signer/v4sdk2/signer/internal/v4/scope.go | 2 +
.../signer/v4sdk2/signer/internal/v4/time.go | 2 +
.../signer/v4sdk2/signer/internal/v4/util.go | 2 +
.../v4sdk2/signer/internal/v4/util_test.go | 2 +
api/auth/signer/v4sdk2/signer/v4/stream.go | 2 +
api/auth/signer/v4sdk2/signer/v4/v4.go | 4 +
api/auth/signer/v4sdk2/signer/v4/v4_test.go | 2 +
38 files changed, 74 insertions(+), 725 deletions(-)
delete mode 100644 api/auth/signer/v4asdk2/error.go
delete mode 100644 api/auth/signer/v4asdk2/middleware.go
delete mode 100644 api/auth/signer/v4asdk2/middleware_test.go
delete mode 100644 api/auth/signer/v4asdk2/presign_middleware.go
delete mode 100644 api/auth/signer/v4asdk2/presign_middleware_test.go
delete mode 100644 api/auth/signer/v4asdk2/shared_test.go
delete mode 100644 api/auth/signer/v4asdk2/smithy.go
diff --git a/api/auth/signer/v4asdk2/credentials.go b/api/auth/signer/v4asdk2/credentials.go
index 152482da..04dbd38e 100644
--- a/api/auth/signer/v4asdk2/credentials.go
+++ b/api/auth/signer/v4asdk2/credentials.go
@@ -1,3 +1,7 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/credentials.go
+// with changes:
+// * use `time.Now()` instead of `sdk.NowTime()`
+
package v4a
import (
diff --git a/api/auth/signer/v4asdk2/credentials_test.go b/api/auth/signer/v4asdk2/credentials_test.go
index bc89ec33..2918eb26 100644
--- a/api/auth/signer/v4asdk2/credentials_test.go
+++ b/api/auth/signer/v4asdk2/credentials_test.go
@@ -1,3 +1,5 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/credentials_test.go
+
package v4a
import (
diff --git a/api/auth/signer/v4asdk2/error.go b/api/auth/signer/v4asdk2/error.go
deleted file mode 100644
index 380d1742..00000000
--- a/api/auth/signer/v4asdk2/error.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package v4a
-
-import "fmt"
-
-// SigningError indicates an error condition occurred while performing SigV4a signing
-type SigningError struct {
- Err error
-}
-
-func (e *SigningError) Error() string {
- return fmt.Sprintf("failed to sign request: %v", e.Err)
-}
-
-// Unwrap returns the underlying error cause
-func (e *SigningError) Unwrap() error {
- return e.Err
-}
diff --git a/api/auth/signer/v4asdk2/internal/crypto/compare.go b/api/auth/signer/v4asdk2/internal/crypto/compare.go
index 1d0f25f8..e928ed5a 100644
--- a/api/auth/signer/v4asdk2/internal/crypto/compare.go
+++ b/api/auth/signer/v4asdk2/internal/crypto/compare.go
@@ -1,3 +1,5 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/compare.go
+
package crypto
import "fmt"
diff --git a/api/auth/signer/v4asdk2/internal/crypto/compare_test.go b/api/auth/signer/v4asdk2/internal/crypto/compare_test.go
index 2bbdfdb9..f3d72d2b 100644
--- a/api/auth/signer/v4asdk2/internal/crypto/compare_test.go
+++ b/api/auth/signer/v4asdk2/internal/crypto/compare_test.go
@@ -1,3 +1,5 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/compare_test.go
+
package crypto
import (
diff --git a/api/auth/signer/v4asdk2/internal/crypto/ecc.go b/api/auth/signer/v4asdk2/internal/crypto/ecc.go
index 758c73fc..5bd7ebf2 100644
--- a/api/auth/signer/v4asdk2/internal/crypto/ecc.go
+++ b/api/auth/signer/v4asdk2/internal/crypto/ecc.go
@@ -1,3 +1,5 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/ecc.go
+
package crypto
import (
diff --git a/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go b/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go
index 72a5e8dc..77fe99d0 100644
--- a/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go
+++ b/api/auth/signer/v4asdk2/internal/crypto/ecc_test.go
@@ -1,3 +1,5 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/crypto/ecc_test.go
+
package crypto
import (
diff --git a/api/auth/signer/v4asdk2/internal/v4/const.go b/api/auth/signer/v4asdk2/internal/v4/const.go
index 89a76e2e..e6ea2b8e 100644
--- a/api/auth/signer/v4asdk2/internal/v4/const.go
+++ b/api/auth/signer/v4asdk2/internal/v4/const.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/const.go
+
package v4
const (
diff --git a/api/auth/signer/v4asdk2/internal/v4/header_rules.go b/api/auth/signer/v4asdk2/internal/v4/header_rules.go
index 7a9d415f..760efd8a 100644
--- a/api/auth/signer/v4asdk2/internal/v4/header_rules.go
+++ b/api/auth/signer/v4asdk2/internal/v4/header_rules.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/header_rules.go
+
package v4
import (
diff --git a/api/auth/signer/v4asdk2/internal/v4/headers.go b/api/auth/signer/v4asdk2/internal/v4/headers.go
index f6fc7f6f..f04baf3b 100644
--- a/api/auth/signer/v4asdk2/internal/v4/headers.go
+++ b/api/auth/signer/v4asdk2/internal/v4/headers.go
@@ -1,3 +1,7 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/header.go
+// with changes:
+// * drop User-Agent header from ignored
+
package v4
// IgnoredPresignedHeaders is a list of headers that are ignored during signing
diff --git a/api/auth/signer/v4asdk2/internal/v4/hmac.go b/api/auth/signer/v4asdk2/internal/v4/hmac.go
index e7fa7a1b..99bd3318 100644
--- a/api/auth/signer/v4asdk2/internal/v4/hmac.go
+++ b/api/auth/signer/v4asdk2/internal/v4/hmac.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/hmac.go
+
package v4
import (
diff --git a/api/auth/signer/v4asdk2/internal/v4/host.go b/api/auth/signer/v4asdk2/internal/v4/host.go
index bf93659a..7cf0a854 100644
--- a/api/auth/signer/v4asdk2/internal/v4/host.go
+++ b/api/auth/signer/v4asdk2/internal/v4/host.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/host.go
+
package v4
import (
diff --git a/api/auth/signer/v4asdk2/internal/v4/time.go b/api/auth/signer/v4asdk2/internal/v4/time.go
index 1de06a76..a4876fe2 100644
--- a/api/auth/signer/v4asdk2/internal/v4/time.go
+++ b/api/auth/signer/v4asdk2/internal/v4/time.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/time.go
+
package v4
import "time"
diff --git a/api/auth/signer/v4asdk2/internal/v4/util.go b/api/auth/signer/v4asdk2/internal/v4/util.go
index 741019b5..57990cf2 100644
--- a/api/auth/signer/v4asdk2/internal/v4/util.go
+++ b/api/auth/signer/v4asdk2/internal/v4/util.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/util.go
+
package v4
import (
diff --git a/api/auth/signer/v4asdk2/internal/v4/util_test.go b/api/auth/signer/v4asdk2/internal/v4/util_test.go
index c29c1fa8..000a098f 100644
--- a/api/auth/signer/v4asdk2/internal/v4/util_test.go
+++ b/api/auth/signer/v4asdk2/internal/v4/util_test.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/internal/v4/tuil_test.go
+
package v4
import (
diff --git a/api/auth/signer/v4asdk2/middleware.go b/api/auth/signer/v4asdk2/middleware.go
deleted file mode 100644
index e1b6612f..00000000
--- a/api/auth/signer/v4asdk2/middleware.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package v4a
-
-import (
- "context"
- "fmt"
- "net/http"
- "time"
-
- awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
- v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
- "github.com/aws/smithy-go/middleware"
- smithyhttp "github.com/aws/smithy-go/transport/http"
-)
-
-// HTTPSigner is SigV4a HTTP signer implementation
-type HTTPSigner interface {
- SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optfns ...func(*SignerOptions)) error
-}
-
-// SignHTTPRequestMiddlewareOptions is the middleware options for constructing a SignHTTPRequestMiddleware.
-type SignHTTPRequestMiddlewareOptions struct {
- Credentials CredentialsProvider
- Signer HTTPSigner
- LogSigning bool
-}
-
-// SignHTTPRequestMiddleware is a middleware for signing an HTTP request using SigV4a.
-type SignHTTPRequestMiddleware struct {
- credentials CredentialsProvider
- signer HTTPSigner
- logSigning bool
-}
-
-// NewSignHTTPRequestMiddleware constructs a SignHTTPRequestMiddleware using the given SignHTTPRequestMiddlewareOptions.
-func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *SignHTTPRequestMiddleware {
- return &SignHTTPRequestMiddleware{
- credentials: options.Credentials,
- signer: options.Signer,
- logSigning: options.LogSigning,
- }
-}
-
-// ID the middleware identifier.
-func (s *SignHTTPRequestMiddleware) ID() string {
- return "Signing"
-}
-
-// HandleFinalize signs an HTTP request using SigV4a.
-func (s *SignHTTPRequestMiddleware) HandleFinalize(
- ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
-) (
- out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
-) {
- if !hasCredentialProvider(s.credentials) {
- return next.HandleFinalize(ctx, in)
- }
-
- req, ok := in.Request.(*smithyhttp.Request)
- if !ok {
- return out, metadata, fmt.Errorf("unexpected request middleware type %T", in.Request)
- }
-
- signingName, signingRegion := awsmiddleware.GetSigningName(ctx), awsmiddleware.GetSigningRegion(ctx)
- payloadHash := v4.GetPayloadHash(ctx)
- if len(payloadHash) == 0 {
- return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")}
- }
-
- credentials, err := s.credentials.RetrievePrivateKey(ctx)
- if err != nil {
- return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
- }
-
- signerOptions := []func(o *SignerOptions){
- func(o *SignerOptions) {
- o.Logger = middleware.GetLogger(ctx)
- o.LogSigning = s.logSigning
- },
- }
-
- // existing DisableURIPathEscaping is equivalent in purpose
- // to authentication scheme property DisableDoubleEncoding
- //disableDoubleEncoding, overridden := internalauth.GetDisableDoubleEncoding(ctx) // internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
- //if overridden {
- // signerOptions = append(signerOptions, func(o *SignerOptions) {
- // o.DisableURIPathEscaping = disableDoubleEncoding
- // })
- //}
-
- err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, []string{signingRegion}, time.Now().UTC(), signerOptions...)
- if err != nil {
- return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
- }
-
- return next.HandleFinalize(ctx, in)
-}
-
-func hasCredentialProvider(p CredentialsProvider) bool {
- if p == nil {
- return false
- }
-
- return true
-}
-
-// RegisterSigningMiddleware registers the SigV4a signing middleware to the stack. If a signing middleware is already
-// present, this provided middleware will be swapped. Otherwise the middleware will be added at the tail of the
-// finalize step.
-func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignHTTPRequestMiddleware) (err error) {
- const signedID = "Signing"
- _, present := stack.Finalize.Get(signedID)
- if present {
- _, err = stack.Finalize.Swap(signedID, signingMiddleware)
- } else {
- err = stack.Finalize.Add(signingMiddleware, middleware.After)
- }
- return err
-}
diff --git a/api/auth/signer/v4asdk2/middleware_test.go b/api/auth/signer/v4asdk2/middleware_test.go
deleted file mode 100644
index 135a5c51..00000000
--- a/api/auth/signer/v4asdk2/middleware_test.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package v4a
-
-import (
- "bytes"
- "context"
- "errors"
- "fmt"
- "net/http"
- "strings"
- "testing"
- "time"
-
- awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
- v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
- "github.com/aws/smithy-go/logging"
- "github.com/aws/smithy-go/middleware"
- smithyhttp "github.com/aws/smithy-go/transport/http"
-)
-
-type stubCredentialsProviderFunc func(context.Context) (Credentials, error)
-
-func (f stubCredentialsProviderFunc) RetrievePrivateKey(ctx context.Context) (Credentials, error) {
- return f(ctx)
-}
-
-type httpSignerFunc func(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error
-
-func (f httpSignerFunc) SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error {
- return f(ctx, credentials, r, payloadHash, service, regionSet, signingTime, optFns...)
-}
-
-func TestSignHTTPRequestMiddleware(t *testing.T) {
- cases := map[string]struct {
- creds CredentialsProvider
- hash string
- logSigning bool
- expectedErr interface{}
- }{
- "success": {
- creds: stubCredentials,
- hash: "0123456789abcdef",
- },
- "error": {
- creds: stubCredentialsProviderFunc(func(ctx context.Context) (Credentials, error) {
- return Credentials{}, fmt.Errorf("credential error")
- }),
- hash: "",
- expectedErr: &SigningError{},
- },
- "nil creds": {
- creds: nil,
- },
- "with log signing": {
- creds: stubCredentials,
- hash: "0123456789abcdef",
- logSigning: true,
- },
- }
-
- const (
- signingName = "serviceId"
- signingRegion = "regionName"
- )
-
- for name, tt := range cases {
- t.Run(name, func(t *testing.T) {
- c := &SignHTTPRequestMiddleware{
- credentials: tt.creds,
- signer: httpSignerFunc(
- func(ctx context.Context,
- credentials Credentials, r *http.Request, payloadHash string,
- service string, regionSet []string, signingTime time.Time,
- optFns ...func(*SignerOptions),
- ) error {
- var options SignerOptions
- for _, fn := range optFns {
- fn(&options)
- }
- if options.Logger == nil {
- t.Errorf("expect logger, got none")
- }
- if options.LogSigning {
- options.Logger.Logf(logging.Debug, t.Name())
- }
-
- expectCreds, _ := tt.creds.RetrievePrivateKey(ctx)
- if diff := cmpDiff(expectCreds, credentials); len(diff) > 0 {
- t.Error(diff)
- }
- if e, a := tt.hash, payloadHash; e != a {
- t.Errorf("expected %v, got %v", e, a)
- }
- if e, a := signingName, service; e != a {
- t.Errorf("expected %v, got %v", e, a)
- }
- if diff := cmpDiff([]string{signingRegion}, regionSet); len(diff) > 0 {
- t.Error(diff)
- }
- return nil
- }),
- logSigning: tt.logSigning,
- }
-
- next := middleware.FinalizeHandlerFunc(func(ctx context.Context, in middleware.FinalizeInput) (out middleware.FinalizeOutput, metadata middleware.Metadata, err error) {
- return out, metadata, err
- })
-
- ctx := awsmiddleware.SetSigningRegion(
- awsmiddleware.SetSigningName(context.Background(), signingName),
- signingRegion)
-
- var loggerBuf bytes.Buffer
- logger := logging.NewStandardLogger(&loggerBuf)
- ctx = middleware.SetLogger(ctx, logger)
-
- if len(tt.hash) != 0 {
- ctx = v4.SetPayloadHash(ctx, tt.hash)
- }
-
- _, _, err := c.HandleFinalize(ctx, middleware.FinalizeInput{
- Request: &smithyhttp.Request{Request: &http.Request{}},
- }, next)
- if err != nil && tt.expectedErr == nil {
- t.Errorf("expected no error, got %v", err)
- } else if err != nil && tt.expectedErr != nil {
- e, a := tt.expectedErr, err
- if !errors.As(a, &e) {
- t.Errorf("expected error type %T, got %T", e, a)
- }
- } else if err == nil && tt.expectedErr != nil {
- t.Errorf("expected error, got nil")
- }
-
- if tt.logSigning {
- if e, a := t.Name(), loggerBuf.String(); !strings.Contains(a, e) {
- t.Errorf("expect %v logged in %v", e, a)
- }
- } else {
- if loggerBuf.Len() != 0 {
- t.Errorf("expect no log, got %v", loggerBuf.String())
- }
- }
- })
- }
-}
-
-var (
- _ middleware.FinalizeMiddleware = &SignHTTPRequestMiddleware{}
-)
diff --git a/api/auth/signer/v4asdk2/presign_middleware.go b/api/auth/signer/v4asdk2/presign_middleware.go
deleted file mode 100644
index ecb0f9eb..00000000
--- a/api/auth/signer/v4asdk2/presign_middleware.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package v4a
-
-import (
- "context"
- "fmt"
- "net/http"
- "time"
-
- awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
- v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
- "github.com/aws/smithy-go/middleware"
- smithyHTTP "github.com/aws/smithy-go/transport/http"
-)
-
-// HTTPPresigner is an interface to a SigV4a signer that can sign create a
-// presigned URL for a HTTP requests.
-type HTTPPresigner interface {
- PresignHTTP(
- ctx context.Context, credentials Credentials, r *http.Request,
- payloadHash string, service string, regionSet []string, signingTime time.Time,
- optFns ...func(*SignerOptions),
- ) (url string, signedHeader http.Header, err error)
-}
-
-// PresignHTTPRequestMiddlewareOptions is the options for the PresignHTTPRequestMiddleware middleware.
-type PresignHTTPRequestMiddlewareOptions struct {
- CredentialsProvider CredentialsProvider
- Presigner HTTPPresigner
- LogSigning bool
-}
-
-// PresignHTTPRequestMiddleware provides the Finalize middleware for creating a
-// presigned URL for an HTTP request.
-//
-// Will short circuit the middleware stack and not forward onto the next
-// Finalize handler.
-type PresignHTTPRequestMiddleware struct {
- credentialsProvider CredentialsProvider
- presigner HTTPPresigner
- logSigning bool
-}
-
-// NewPresignHTTPRequestMiddleware returns a new PresignHTTPRequestMiddleware
-// initialized with the presigner.
-func NewPresignHTTPRequestMiddleware(options PresignHTTPRequestMiddlewareOptions) *PresignHTTPRequestMiddleware {
- return &PresignHTTPRequestMiddleware{
- credentialsProvider: options.CredentialsProvider,
- presigner: options.Presigner,
- logSigning: options.LogSigning,
- }
-}
-
-// ID provides the middleware ID.
-func (*PresignHTTPRequestMiddleware) ID() string { return "PresignHTTPRequest" }
-
-// HandleFinalize will take the provided input and create a presigned url for
-// the http request using the SigV4 presign authentication scheme.
-func (s *PresignHTTPRequestMiddleware) HandleFinalize(
- ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
-) (
- out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
-) {
- req, ok := in.Request.(*smithyHTTP.Request)
- if !ok {
- return out, metadata, &SigningError{
- Err: fmt.Errorf("unexpected request middleware type %T", in.Request),
- }
- }
-
- httpReq := req.Build(ctx)
- if !hasCredentialProvider(s.credentialsProvider) {
- out.Result = &v4.PresignedHTTPRequest{
- URL: httpReq.URL.String(),
- Method: httpReq.Method,
- SignedHeader: http.Header{},
- }
-
- return out, metadata, nil
- }
-
- signingName := awsmiddleware.GetSigningName(ctx)
- signingRegion := awsmiddleware.GetSigningRegion(ctx)
- payloadHash := v4.GetPayloadHash(ctx)
- if len(payloadHash) == 0 {
- return out, metadata, &SigningError{
- Err: fmt.Errorf("computed payload hash missing from context"),
- }
- }
-
- credentials, err := s.credentialsProvider.RetrievePrivateKey(ctx)
- if err != nil {
- return out, metadata, &SigningError{
- Err: fmt.Errorf("failed to retrieve credentials: %w", err),
- }
- }
-
- u, h, err := s.presigner.PresignHTTP(ctx, credentials,
- httpReq, payloadHash, signingName, []string{signingRegion}, time.Now(),
- func(o *SignerOptions) {
- o.Logger = middleware.GetLogger(ctx)
- o.LogSigning = s.logSigning
- })
- if err != nil {
- return out, metadata, &SigningError{
- Err: fmt.Errorf("failed to sign http request, %w", err),
- }
- }
-
- out.Result = &v4.PresignedHTTPRequest{
- URL: u,
- Method: httpReq.Method,
- SignedHeader: h,
- }
-
- return out, metadata, nil
-}
diff --git a/api/auth/signer/v4asdk2/presign_middleware_test.go b/api/auth/signer/v4asdk2/presign_middleware_test.go
deleted file mode 100644
index ec83a817..00000000
--- a/api/auth/signer/v4asdk2/presign_middleware_test.go
+++ /dev/null
@@ -1,222 +0,0 @@
-package v4a
-
-import (
- "bytes"
- "context"
- "net/http"
- "net/url"
- "strings"
- "testing"
- "time"
-
- awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
- v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
- "github.com/aws/smithy-go/logging"
- "github.com/aws/smithy-go/middleware"
- smithyhttp "github.com/aws/smithy-go/transport/http"
-)
-
-type httpPresignerFunc func(
- ctx context.Context, credentials Credentials, r *http.Request,
- payloadHash string, service string, regionSet []string, signingTime time.Time,
- optFns ...func(*SignerOptions),
-) (url string, signedHeader http.Header, err error)
-
-func (f httpPresignerFunc) PresignHTTP(
- ctx context.Context, credentials Credentials, r *http.Request,
- payloadHash string, service string, regionSet []string, signingTime time.Time,
- optFns ...func(*SignerOptions),
-) (
- url string, signedHeader http.Header, err error,
-) {
- return f(ctx, credentials, r, payloadHash, service, regionSet, signingTime, optFns...)
-}
-
-func TestPresignHTTPRequestMiddleware(t *testing.T) {
- cases := map[string]struct {
- Request *http.Request
- Creds CredentialsProvider
- PayloadHash string
- LogSigning bool
- ExpectResult *v4.PresignedHTTPRequest
- ExpectErr string
- }{
- "success": {
- Request: &http.Request{
- URL: func() *url.URL {
- u, _ := url.Parse("https://example.aws/path?query=foo")
- return u
- }(),
- Header: http.Header{},
- },
- Creds: stubCredentials,
- PayloadHash: "0123456789abcdef",
- ExpectResult: &v4.PresignedHTTPRequest{
- URL: "https://example.aws/path?query=foo",
- SignedHeader: http.Header{},
- },
- },
- "error": {
- Request: func() *http.Request {
- return &http.Request{}
- }(),
- Creds: stubCredentials,
- PayloadHash: "",
- ExpectErr: "failed to sign request",
- },
- "anonymous creds": {
- Request: &http.Request{
- URL: func() *url.URL {
- u, _ := url.Parse("https://example.aws/path?query=foo")
- return u
- }(),
- Header: http.Header{},
- },
- Creds: stubCredentials,
- PayloadHash: "",
- ExpectErr: "failed to sign request",
- ExpectResult: &v4.PresignedHTTPRequest{
- URL: "https://example.aws/path?query=foo",
- SignedHeader: http.Header{},
- },
- },
- "nil creds": {
- Request: &http.Request{
- URL: func() *url.URL {
- u, _ := url.Parse("https://example.aws/path?query=foo")
- return u
- }(),
- Header: http.Header{},
- },
- Creds: nil,
- ExpectResult: &v4.PresignedHTTPRequest{
- URL: "https://example.aws/path?query=foo",
- SignedHeader: http.Header{},
- },
- },
- "with log signing": {
- Request: &http.Request{
- URL: func() *url.URL {
- u, _ := url.Parse("https://example.aws/path?query=foo")
- return u
- }(),
- Header: http.Header{},
- },
- Creds: stubCredentials,
- PayloadHash: "0123456789abcdef",
- ExpectResult: &v4.PresignedHTTPRequest{
- URL: "https://example.aws/path?query=foo",
- SignedHeader: http.Header{},
- },
-
- LogSigning: true,
- },
- }
-
- const (
- signingName = "serviceId"
- signingRegion = "regionName"
- )
-
- for name, tt := range cases {
- t.Run(name, func(t *testing.T) {
- m := &PresignHTTPRequestMiddleware{
- credentialsProvider: tt.Creds,
-
- presigner: httpPresignerFunc(func(
- ctx context.Context, credentials Credentials, r *http.Request,
- payloadHash string, service string, regionSet []string, signingTime time.Time,
- optFns ...func(*SignerOptions),
- ) (url string, signedHeader http.Header, err error) {
- var options SignerOptions
- for _, fn := range optFns {
- fn(&options)
- }
- if options.Logger == nil {
- t.Errorf("expect logger, got none")
- }
- if options.LogSigning {
- options.Logger.Logf(logging.Debug, t.Name())
- }
-
- if !hasCredentialProvider(tt.Creds) {
- t.Errorf("expect presigner not to be called for not credentials provider")
- }
-
- expectCreds, _ := tt.Creds.RetrievePrivateKey(context.Background())
- if diff := cmpDiff(expectCreds, credentials); len(diff) > 0 {
- t.Error(diff)
- }
- if e, a := tt.PayloadHash, payloadHash; e != a {
- t.Errorf("expected %v, got %v", e, a)
- }
- if e, a := signingName, service; e != a {
- t.Errorf("expected %v, got %v", e, a)
- }
- if diff := cmpDiff([]string{signingRegion}, regionSet); len(diff) > 0 {
- t.Error(diff)
- }
-
- return tt.ExpectResult.URL, tt.ExpectResult.SignedHeader, nil
- }),
- logSigning: tt.LogSigning,
- }
-
- next := middleware.FinalizeHandlerFunc(
- func(ctx context.Context, in middleware.FinalizeInput) (
- out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
- ) {
- t.Errorf("expect next handler not to be called")
- return out, metadata, err
- })
-
- ctx := awsmiddleware.SetSigningRegion(
- awsmiddleware.SetSigningName(context.Background(), signingName),
- signingRegion)
-
- var loggerBuf bytes.Buffer
- logger := logging.NewStandardLogger(&loggerBuf)
- ctx = middleware.SetLogger(ctx, logger)
-
- if len(tt.PayloadHash) != 0 {
- ctx = v4.SetPayloadHash(ctx, tt.PayloadHash)
- }
-
- result, _, err := m.HandleFinalize(ctx, middleware.FinalizeInput{
- Request: &smithyhttp.Request{
- Request: tt.Request,
- },
- }, next)
- if len(tt.ExpectErr) != 0 {
- if err == nil {
- t.Fatalf("expect error, got none")
- }
- if e, a := tt.ExpectErr, err.Error(); !strings.Contains(a, e) {
- t.Fatalf("expect error to contain %v, got %v", e, a)
- }
- return
- }
- if err != nil {
- t.Fatalf("expect no error, got %v", err)
- }
-
- if diff := cmpDiff(tt.ExpectResult, result.Result); len(diff) != 0 {
- t.Errorf("expect result match\n%v", diff)
- }
-
- if tt.LogSigning {
- if e, a := t.Name(), loggerBuf.String(); !strings.Contains(a, e) {
- t.Errorf("expect %v logged in %v", e, a)
- }
- } else {
- if loggerBuf.Len() != 0 {
- t.Errorf("expect no log, got %v", loggerBuf.String())
- }
- }
- })
- }
-}
-
-var (
- _ middleware.FinalizeMiddleware = &PresignHTTPRequestMiddleware{}
-)
diff --git a/api/auth/signer/v4asdk2/shared_test.go b/api/auth/signer/v4asdk2/shared_test.go
deleted file mode 100644
index 6c944008..00000000
--- a/api/auth/signer/v4asdk2/shared_test.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package v4a
-
-import (
- "bytes"
- "context"
- "crypto/ecdsa"
-)
-
-var stubCredentials = stubCredentialsProviderFunc(func(ctx context.Context) (Credentials, error) {
- stubKey, err := ecdsa.GenerateKey(p256, bytes.NewReader(bytes.Repeat([]byte{1}, 40)))
- if err != nil {
- return Credentials{}, err
- }
- return Credentials{
- Context: "STUB",
- PrivateKey: stubKey,
- }, nil
-})
diff --git a/api/auth/signer/v4asdk2/smithy.go b/api/auth/signer/v4asdk2/smithy.go
deleted file mode 100644
index 4ee4ca42..00000000
--- a/api/auth/signer/v4asdk2/smithy.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package v4a
-
-import (
- "context"
- "fmt"
- "time"
-
- v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
- "github.com/aws/smithy-go"
- "github.com/aws/smithy-go/auth"
- "github.com/aws/smithy-go/logging"
- smithyhttp "github.com/aws/smithy-go/transport/http"
-)
-
-// CredentialsAdapter adapts v4a.Credentials to smithy auth.Identity.
-type CredentialsAdapter struct {
- Credentials Credentials
-}
-
-var _ auth.Identity = (*CredentialsAdapter)(nil)
-
-// Expiration returns the time of expiration for the credentials.
-func (v *CredentialsAdapter) Expiration() time.Time {
- return v.Credentials.Expires
-}
-
-// CredentialsProviderAdapter adapts v4a.CredentialsProvider to
-// auth.IdentityResolver.
-type CredentialsProviderAdapter struct {
- Provider CredentialsProvider
-}
-
-var _ (auth.IdentityResolver) = (*CredentialsProviderAdapter)(nil)
-
-// GetIdentity retrieves v4a credentials using the underlying provider.
-func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) (
- auth.Identity, error,
-) {
- creds, err := v.Provider.RetrievePrivateKey(ctx)
- if err != nil {
- return nil, fmt.Errorf("get credentials: %w", err)
- }
-
- return &CredentialsAdapter{Credentials: creds}, nil
-}
-
-// SignerAdapter adapts v4a.HTTPSigner to smithy http.Signer.
-type SignerAdapter struct {
- Signer HTTPSigner
- Logger logging.Logger
- LogSigning bool
-}
-
-var _ (smithyhttp.Signer) = (*SignerAdapter)(nil)
-
-// SignRequest signs the request with the provided identity.
-func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error {
- ca, ok := identity.(*CredentialsAdapter)
- if !ok {
- return fmt.Errorf("unexpected identity type: %T", identity)
- }
-
- name, ok := smithyhttp.GetSigV4SigningName(&props)
- if !ok {
- return fmt.Errorf("sigv4a signing name is required")
- }
-
- regions, ok := smithyhttp.GetSigV4ASigningRegions(&props)
- if !ok {
- return fmt.Errorf("sigv4a signing region is required")
- }
-
- hash := v4.GetPayloadHash(ctx)
- err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, regions, time.Now(), func(o *SignerOptions) {
- o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
-
- o.Logger = v.Logger
- o.LogSigning = v.LogSigning
- })
- if err != nil {
- return fmt.Errorf("sign http: %w", err)
- }
-
- return nil
-}
diff --git a/api/auth/signer/v4asdk2/stream.go b/api/auth/signer/v4asdk2/stream.go
index b168c6c7..93988f9c 100644
--- a/api/auth/signer/v4asdk2/stream.go
+++ b/api/auth/signer/v4asdk2/stream.go
@@ -1,3 +1,5 @@
+// This file is adopting https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/stream.go for sigv4a.
+
package v4a
import (
diff --git a/api/auth/signer/v4asdk2/v4a.go b/api/auth/signer/v4asdk2/v4a.go
index f257ab53..5eaf72db 100644
--- a/api/auth/signer/v4asdk2/v4a.go
+++ b/api/auth/signer/v4asdk2/v4a.go
@@ -1,3 +1,9 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/v4a.go
+// with changes:
+// * adding exported VerifySignature methods
+// * using different ignore headers for sing/presign requests
+// * don't duplicate content-length as signed header
+
package v4a
import (
diff --git a/api/auth/signer/v4asdk2/v4a_test.go b/api/auth/signer/v4asdk2/v4a_test.go
index a67ca203..40c68830 100644
--- a/api/auth/signer/v4asdk2/v4a_test.go
+++ b/api/auth/signer/v4asdk2/v4a_test.go
@@ -1,3 +1,5 @@
+// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/v4a_test.go
+
package v4a
import (
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/cache.go b/api/auth/signer/v4sdk2/signer/internal/v4/cache.go
index cbf22f1d..b1cf0478 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/cache.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/cache.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/cache.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/const.go b/api/auth/signer/v4sdk2/signer/internal/v4/const.go
index a23cb003..9652f671 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/const.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/const.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/const.go
+
package v4
// Signature Version 4 (SigV4) Constants
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go b/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go
index 76fa34b1..9036792d 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/header_rules.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/header_rules.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/headers.go b/api/auth/signer/v4sdk2/signer/internal/v4/headers.go
index f2a77665..46e220ce 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/headers.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/headers.go
@@ -1,3 +1,7 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/header.go
+// with changes:
+// * drop User-Agent header from ignored
+
package v4
// IgnoredPresignedHeaders is a list of headers that are ignored during signing
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go b/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go
index 6405ea97..bb386599 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/headers_test.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/header_test.go
+
package v4
import "testing"
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go b/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go
index e7fa7a1b..04534d78 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/hmac.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/hmac.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/host.go b/api/auth/signer/v4sdk2/signer/internal/v4/host.go
index bf93659a..b5fdbbd9 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/host.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/host.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/host.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/scope.go b/api/auth/signer/v4sdk2/signer/internal/v4/scope.go
index fc788790..d913a159 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/scope.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/scope.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/scope.go
+
package v4
import "strings"
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/time.go b/api/auth/signer/v4sdk2/signer/internal/v4/time.go
index 1de06a76..6dd31cfc 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/time.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/time.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/time.go
+
package v4
import "time"
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/util.go b/api/auth/signer/v4sdk2/signer/internal/v4/util.go
index d025dbaa..5340a925 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/util.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/util.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/util.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go b/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go
index a38ef2d7..9f873b6a 100644
--- a/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go
+++ b/api/auth/signer/v4sdk2/signer/internal/v4/util_test.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/internal/v4/util_test.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/v4/stream.go b/api/auth/signer/v4sdk2/signer/v4/stream.go
index aa233879..9cf060f6 100644
--- a/api/auth/signer/v4sdk2/signer/v4/stream.go
+++ b/api/auth/signer/v4sdk2/signer/v4/stream.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/stream.go
+
package v4
import (
diff --git a/api/auth/signer/v4sdk2/signer/v4/v4.go b/api/auth/signer/v4sdk2/signer/v4/v4.go
index 11a2b3ae..afcd4641 100644
--- a/api/auth/signer/v4sdk2/signer/v4/v4.go
+++ b/api/auth/signer/v4sdk2/signer/v4/v4.go
@@ -1,3 +1,7 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/v4.go
+// with changes:
+// * using different headers for sign/presign
+
// Package v4 implements the AWS signature version 4 algorithm (commonly known
// as SigV4).
//
diff --git a/api/auth/signer/v4sdk2/signer/v4/v4_test.go b/api/auth/signer/v4sdk2/signer/v4/v4_test.go
index 420afd9c..fb7b7d10 100644
--- a/api/auth/signer/v4sdk2/signer/v4/v4_test.go
+++ b/api/auth/signer/v4sdk2/signer/v4/v4_test.go
@@ -1,3 +1,5 @@
+// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/v4_test.go
+
package v4
import (