Update sigv4 to allow applying signature to http1x URIs (#3366) (e9abec67) · Commits · Public Repositories / Smithy Rust

CHANGELOG.next.toml

+6 −0

Original line number	Diff line number	Diff line
		@@ -34,3 +34,9 @@ message = "Fix bug where overriding the credentials at the operation level faile
		references = ["aws-sdk-rust#901", "smithy-rs#3363"]
		meta = { "breaking" = false, "bug" = true, "tada" = false }
		author = "rcoh"

		[[aws-sdk-rust]]
		message = "Add `apply_to_request_http1x` to `aws-sigv4` to enable signing http = 1.0 requests."
		references = ["aws-sdk-rust#1041", "smithy-rs#3366"]
		meta = { "breaking" = false, "bug" = false, "tada" = true }
		author = "rcoh"

aws/rust-runtime/aws-sigv4/Cargo.toml

+6 −4

Original line number	Diff line number	Diff line
		@@ -9,9 +9,10 @@ license = "Apache-2.0"
		repository = "https://github.com/smithy-lang/smithy-rs"

		[features]
		default = ["sign-http"]
		http0-compat = ["dep:http"]
		sign-http = ["dep:http", "dep:percent-encoding", "dep:form_urlencoded"]
		default = ["sign-http", "http1"]
		http0-compat = ["dep:http0"]
		http1 = ["dep:http"]
		sign-http = ["dep:http0", "dep:percent-encoding", "dep:form_urlencoded"]
		sign-eventstream = ["dep:aws-smithy-eventstream"]
		sigv4a = ["dep:p256", "dep:crypto-bigint", "dep:subtle", "dep:zeroize", "dep:ring"]

		@@ -25,7 +26,8 @@ bytes = "1"
		form_urlencoded = { version = "1.0", optional = true }
		hex = "0.4"
		hmac = "0.12"
		http = { version = "0.2", optional = true }
		http0 = { version = "0.2", optional = true, package = "http" }
		http = { version = "1", optional = true }
		num-bigint = { version = "0.4.2", optional = true }
		once_cell = "1.8"
		p256 = { version = "0.11", features = ["ecdsa"], optional = true }

aws/rust-runtime/aws-sigv4/src/http_request.rs

+4 −3

Original line number	Diff line number	Diff line
		@@ -13,14 +13,15 @@
		//! # use aws_credential_types::Credentials;
		//! use aws_smithy_runtime_api::client::identity::Identity;
		//! # use aws_sigv4::http_request::SignableBody;
		//! #[cfg(feature = "http0-compat")]
		//! #[cfg(feature = "http1")]
		//! fn test() -> Result<(), aws_sigv4::http_request::SigningError> {
		//! use aws_sigv4::http_request::{sign, SigningSettings, SigningParams, SignableRequest};
		//! use aws_sigv4::sign::v4;
		//! use http;
		//! use http0;
		//! use std::time::SystemTime;
		//!
		//! // Set up information and settings for the signing
		//! // You can obtain credentials from `SdkConfig`.
		//! let identity = Credentials::new(
		//! "AKIDEXAMPLE",
		//! "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
		@@ -49,7 +50,7 @@
		//! let mut my_req = http::Request::new("...");
		//! // Sign and then apply the signature to the request
		//! let (signing_instructions, _signature) = sign(signable_request, &signing_params)?.into_parts();
		//! signing_instructions.apply_to_request_http0x(&mut my_req);
		//! signing_instructions.apply_to_request_http1x(&mut my_req);
		//! # Ok(())
		//! # }
		//! ```

aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs

+8 −8

Original line number	Diff line number	Diff line
		@@ -15,8 +15,8 @@ use crate::http_request::{PayloadChecksumKind, SignableBody, SignatureLocation,
		use crate::sign::v4::sha256_hex_string;
		use crate::SignatureVersion;
		use aws_smithy_http::query_writer::QueryWriter;
		use http::header::{AsHeaderName, HeaderName, HOST};
		use http::{HeaderMap, HeaderValue, Uri};
		use http0::header::{AsHeaderName, HeaderName, HOST};
		use http0::{HeaderMap, HeaderValue, Uri};
		use std::borrow::Cow;
		use std::cmp::Ordering;
		use std::convert::TryFrom;
		@@ -626,7 +626,7 @@ mod tests {
		use aws_credential_types::Credentials;
		use aws_smithy_http::query_writer::QueryWriter;
		use aws_smithy_runtime_api::client::identity::Identity;
		use http::{HeaderValue, Uri};
		use http0::{HeaderValue, Uri};
		use pretty_assertions::assert_eq;
		use proptest::{prelude::*, proptest};
		use std::borrow::Cow;
		@@ -794,7 +794,7 @@ mod tests {

		#[test]
		fn test_tilde_in_uri() {
		let req = http::Request::builder()
		let req = http0::Request::builder()
		.uri("https://s3.us-east-1.amazonaws.com/my-bucket?list-type=2&prefix=~objprefix&single&k=&unreserved=-_.~").body("").unwrap().into();
		let req = SignableRequest::from(&req);
		let identity = Credentials::for_tests().into();
		@@ -815,7 +815,7 @@ mod tests {
		query_writer.insert("list-type", "2");
		query_writer.insert("prefix", &all_printable_ascii_chars);

		let req = http::Request::builder()
		let req = http0::Request::builder()
		.uri(query_writer.build_uri())
		.body("")
		.unwrap()
		@@ -863,7 +863,7 @@ mod tests {
		// It should exclude authorization, user-agent, x-amzn-trace-id headers from presigning
		#[test]
		fn non_presigning_header_exclusion() {
		let request = http::Request::builder()
		let request = http0::Request::builder()
		.uri("https://some-endpoint.some-region.amazonaws.com")
		.header("authorization", "test-authorization")
		.header("content-type", "application/xml")
		@@ -895,7 +895,7 @@ mod tests {
		// It should exclude authorization, user-agent, x-amz-user-agent, x-amzn-trace-id headers from presigning
		#[test]
		fn presigning_header_exclusion() {
		let request = http::Request::builder()
		let request = http0::Request::builder()
		.uri("https://some-endpoint.some-region.amazonaws.com")
		.header("authorization", "test-authorization")
		.header("content-type", "application/xml")
		@@ -944,7 +944,7 @@ mod tests {
		valid_input,
		)
		) {
		let mut request_builder = http::Request::builder()
		let mut request_builder = http0::Request::builder()
		.uri("https://some-endpoint.some-region.amazonaws.com")
		.header("content-type", "application/xml")
		.header("content-length", "0");

aws/rust-runtime/aws-sigv4/src/http_request/error.rs

+2 −2

Original line number	Diff line number	Diff line
		@@ -3,8 +3,8 @@
		* SPDX-License-Identifier: Apache-2.0
		*/

		use http::header::{InvalidHeaderName, InvalidHeaderValue};
		use http::uri::InvalidUri;
		use http0::header::{InvalidHeaderName, InvalidHeaderValue};
		use http0::uri::InvalidUri;
		use std::error::Error;
		use std::fmt;