diff --git a/services/s3/src/test/java/software/amazon/awssdk/services/s3/PayloadSigningDisabledTest.java b/services/s3/src/test/java/software/amazon/awssdk/services/s3/PayloadSigningDisabledTest.java index 0ac8d0eec1bb..ce0ac81a0b4a 100644 --- a/services/s3/src/test/java/software/amazon/awssdk/services/s3/PayloadSigningDisabledTest.java +++ b/services/s3/src/test/java/software/amazon/awssdk/services/s3/PayloadSigningDisabledTest.java @@ -17,6 +17,9 @@ import static org.assertj.core.api.Assertions.assertThat; +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; import org.junit.jupiter.api.Test; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; @@ -24,7 +27,13 @@ import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; import software.amazon.awssdk.http.HttpExecuteResponse; import software.amazon.awssdk.http.SdkHttpResponse; +import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme; +import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme; +import software.amazon.awssdk.http.auth.aws.signer.AwsV4FamilyHttpSigner; +import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption; import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeParams; +import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeProvider; import software.amazon.awssdk.testutils.service.http.MockAsyncHttpClient; import software.amazon.awssdk.testutils.service.http.MockSyncHttpClient; @@ -78,6 +87,26 @@ public void asyncPayloadSigningIsDisabled() { @Test public void syncPayloadSigningCanBeEnabled() { + try (MockSyncHttpClient httpClient = new MockSyncHttpClient(); + S3Client s3 = S3Client.builder() + .region(Region.US_WEST_2) + .credentialsProvider(CREDENTIALS) + .httpClient(httpClient) + .authSchemeProvider(new PayloadSigningEnabledS3AuthSchemeProvider()) + .build()) { + httpClient.stubNextResponse(HttpExecuteResponse.builder() + .response(SdkHttpResponse.builder().statusCode(200).build()) + .build()); + + s3.createBucket(r -> r.bucket("foo")); + + assertThat(httpClient.getLastRequest().firstMatchingHeader("x-amz-content-sha256")) + .hasValue("a40ef303139635de59992f34c1c7da763f89200f2d55b71016f7c156527d63a0"); + } + } + + @Test + public void syncPayloadSigningCanBeEnabledUsingExecutionAttribute() { try (MockSyncHttpClient httpClient = new MockSyncHttpClient(); S3Client s3 = S3Client.builder() .region(Region.US_WEST_2) @@ -103,7 +132,7 @@ public void asyncPayloadSigningCanBeEnabled() { .region(Region.US_WEST_2) .credentialsProvider(CREDENTIALS) .httpClient(httpClient) - .overrideConfiguration(ENABLE_PAYLOAD_SIGNING_CONFIG) + .authSchemeProvider(new PayloadSigningEnabledS3AuthSchemeProvider()) .build()) { httpClient.stubNextResponse(HttpExecuteResponse.builder() .response(SdkHttpResponse.builder().statusCode(200).build()) @@ -115,4 +144,46 @@ public void asyncPayloadSigningCanBeEnabled() { .hasValue("a40ef303139635de59992f34c1c7da763f89200f2d55b71016f7c156527d63a0"); } } + + @Test + public void asyncPayloadSigningCanBeEnabledUsingExecutionAttribute() { + try (MockAsyncHttpClient httpClient = new MockAsyncHttpClient(); + S3AsyncClient s3 = S3AsyncClient.builder() + .region(Region.US_WEST_2) + .credentialsProvider(CREDENTIALS) + .httpClient(httpClient) + .overrideConfiguration(ENABLE_PAYLOAD_SIGNING_CONFIG) + .build()) { + httpClient.stubNextResponse(HttpExecuteResponse.builder() + .response(SdkHttpResponse.builder().statusCode(200).build()) + .build()); + + s3.createBucket(r -> r.bucket("foo")).join(); + + assertThat(httpClient.getLastRequest().firstMatchingHeader("x-amz-content-sha256")) + .hasValue("a40ef303139635de59992f34c1c7da763f89200f2d55b71016f7c156527d63a0"); + } + } + + private static class PayloadSigningEnabledS3AuthSchemeProvider implements S3AuthSchemeProvider { + private static final List SIGV4_SCHEMES = Arrays.asList( + AwsV4AuthScheme.SCHEME_ID, AwsV4aAuthScheme.SCHEME_ID); + private S3AuthSchemeProvider defaultS3AuthSchemeProvider = S3AuthSchemeProvider.defaultProvider(); + + @Override + public List resolveAuthScheme(S3AuthSchemeParams authSchemeParams) { + return defaultS3AuthSchemeProvider + .resolveAuthScheme(authSchemeParams) + .stream() + .map(authSchemeOption -> { + if (SIGV4_SCHEMES.contains(authSchemeOption.schemeId())) { + return authSchemeOption.toBuilder() + .putSignerProperty(AwsV4FamilyHttpSigner.PAYLOAD_SIGNING_ENABLED, true) + .build(); + } + return authSchemeOption; + }) + .collect(Collectors.toList()); + } + } }