Support async V4 payload signing #6314
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dagnir
force-pushed
the
dongie/chunked-encoded-sigv4-async
branch
2 times, most recently
from
4085d5e to
8a30699
Compare
dagnir
changed the title
dagnir
force-pushed
the
dongie/chunked-encoded-sigv4-async
branch
4 times, most recently
from
f80adb0 to
9fa0bad
Compare
dagnir
commented
Aug 5, 2025
Comment on lines
-187
to
-189
| "4000" + CRLF + contentString.substring(0, 16 * KB) + CRLF | ||
| + "4000" + CRLF + contentString.substring(16 * KB, 32 * KB) + CRLF | ||
| + "1400" + CRLF + contentString.substring(32 * KB) + CRLF |
There was a problem hiding this comment.
FYI this is because we use the default chunk size in DefaultAwsV4HttpSigner now, which is 128 KiB, so the 37KiB payload fits in a single chunk:
dagnir
commented
Aug 5, 2025
| if (protocol == Protocol.HTTP && clientType == ClientType.SYNC) { | ||
| void verifyPutObjectHeaders(Protocol protocol, ChecksumAlgorithm checksumAlgorithm) { | ||
| String streamingSha256; | ||
| if (protocol == Protocol.HTTP) { |
There was a problem hiding this comment.
Fallback to body content signing now works for async requests
dagnir
force-pushed
the
dongie/chunked-encoded-sigv4-async
branch
from
9fa0bad to
395a9cb
Compare
This commit adds support for SigV4 signing of async request payloads. In addition this commit moves the support for trailing checksums from HttpChecksumStage to the V4 signer implementation; this puts it in line with how sync chunked bodies are already handled.
dagnir
force-pushed
the
dongie/chunked-encoded-sigv4-async
branch
from
395a9cb to
7c7941c
Compare
alextwoods
reviewed
Aug 6, 2025
...c/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/DefaultAwsV4HttpSigner.java
Show resolved
Hide resolved
...tware/amazon/awssdk/http/auth/aws/internal/signer/chunkedencoding/ChunkedEncodedPayload.java
Show resolved
Hide resolved
...ain/java/software/amazon/awssdk/http/auth/aws/internal/signer/AwsChunkedV4PayloadSigner.java
Outdated
Show resolved
Hide resolved
...ain/java/software/amazon/awssdk/http/auth/aws/internal/signer/AwsChunkedV4PayloadSigner.java
Show resolved
Hide resolved
...va/software/amazon/awssdk/http/auth/aws/internal/signer/io/UnbufferedChecksumSubscriber.java
Outdated
Show resolved
Hide resolved
...aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/util/SignerUtils.java
Outdated
Show resolved
Hide resolved
Yes, this is probably true, but this is a functionality gap rather than a feature, so I think this is okay. I don't have concrete numbers, but I will start some long running tests to see. |
alextwoods
reviewed
Aug 6, 2025
...tware/amazon/awssdk/http/auth/aws/internal/signer/chunkedencoding/ChunkedEncodedPayload.java
Outdated
Show resolved
Hide resolved
- Rename to computeAndMoveContentLength - Rename variable to chunkedPayload - Fix javadocs - Sign payload only if non-null
dagnir
force-pushed
the
dongie/chunked-encoded-sigv4-async
branch
from
0a7ec87 to
a222719
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation and Context
This commit adds support for SigV4 signing of async request payloads.
In addition this commit moves the support for trailing checksums from HttpChecksumStage to the V4 signer implementation; this puts it in line with how sync chunked bodies are already handled.
This fills a gap in our signing logic where payloads that would normally be signed are not.
Modifications
HttpChecksumStage; trailing checksums taken care of inAwsChunkedV4PayloadSigner, same as for sync payloadsAwsChunkedV4PayloadSignerAwschunkedV4PayloadSignerto reduce code duplicationTesting
Screenshots (if appropriate)
Types of changes
Checklist
mvn installsucceedsscripts/new-changescript and following the instructions. Commit the new file created by the script in.changes/next-releasewith your changes.License