Skip to content

V4a async payload signing #6475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

V4a async payload signing #6475

wants to merge 2 commits into from
+895 −105

Conversation

dagnir
Copy link
Contributor

@dagnir dagnir commented Oct 14, 2025
edited
Loading

Motivation and Context

This PR adds support for async payload signing in the V4a signer. Note an important difference to the V4 implementation: This supports the fallback to signing the payload when the request is sent over http. This is because calling the signAsync() method previously always threw UnsupportedOperationException, so there is no risk of performance regression for existing users.

Modifications

Testing

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@dagnir dagnir force-pushed the dongie/sra-chunk-encoding-pt2 branch 5 times, most recently from 966149f to ef5d53f Compare October 16, 2025 18:42
@dagnir dagnir changed the base branch from dongie/sra-chunk-encoding-pt1 to feature/master/sra-async-chunked-encoding October 16, 2025 18:59
@dagnir dagnir force-pushed the dongie/sra-chunk-encoding-pt2 branch 2 times, most recently from d4f0f87 to 5ac3968 Compare October 17, 2025 14:00
@dagnir dagnir changed the title [WIP] V4a async payload signing V4a async payload signing Oct 17, 2025
zoewangg
zoewangg reviewed Oct 17, 2025
View reviewed changes
...ain/java/software/amazon/awssdk/http/auth/aws/crt/internal/signer/CrtRequestBodyAdapter.java
import software.amazon.awssdk.utils.async.ByteBufferStoringSubscriber.TransferResult;

@SdkInternalApi
public final class CrtRequestBodyAdapter implements HttpRequestBodyStream {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we move this existing class https://github.com/aws/aws-sdk-java-v2/blob/master/http-clients/aws-crt-client/src/main/java/software/amazon/awssdk/http/crt/internal/request/CrtRequestBodyAdapter.java to crt-core and use it directly? I understand this means we'd need to make it protected APIs, but the API surface area seems small enough...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah makes sense!

...a/software/amazon/awssdk/services/s3/functionaltests/MultiRegionAccessPointChecksumTest.java

@ParameterizedTest(name = "{index} {3}")
@MethodSource("streamingInputChecksumCalculationParams")
public void asyncStreamingInput_checksumCalculation(RequestChecksumCalculation requestChecksumCalculation,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add an integ test as well?

...ava/software/amazon/awssdk/http/auth/aws/crt/internal/signer/AwsChunkedV4aPayloadSigner.java
SdkHttpRequest.Builder request, Publisher<ByteBuffer> payload, String checksum) {

return SignerUtils.moveContentLength(request, payload)
.thenApply(p -> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: is there any difference between sigv4a and sigv4 for this logic here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, we can consolidate this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually nm, they're slightly different that it's a bit annoying to consolidate the two. The normal V4a version doesn't have a checksum parameter

@dagnir dagnir marked this pull request as ready for review October 21, 2025 19:19
@dagnir dagnir requested a review from a team as a code owner October 21, 2025 19:19
@dagnir dagnir changed the base branch from feature/master/sra-async-chunked-encoding to master October 22, 2025 21:06
@dagnir dagnir force-pushed the dongie/sra-chunk-encoding-pt2 branch from 5ac3968 to 802f635 Compare October 22, 2025 21:10
@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
51 New issues
0 Accepted issues

Measures
0 Security Hotspots
90.0% Coverage on New Code
0.3% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zoewangg zoewangg zoewangg left review comments

@alextwoods alextwoods alextwoods left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dagnir @zoewangg @alextwoods