Skip to content

Auth revamp #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bretambrose merged 15 commits into from
Jun 14, 2020
Merged

Auth revamp #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
259c83a
Revamp of Auth interface
bretambrose Apr 28, 2020
3220844
Revert timeout change
bretambrose May 4, 2020
5b92772
Revamp of Auth interface
bretambrose Apr 28, 2020
c74b61b
Revert timeout change
bretambrose May 4, 2020
b3a11ca
Dependencies
bretambrose May 18, 2020
eb1dbd3
Merge branch 'AuthRevamp' of github.com:awslabs/aws-crt-java into Aut…
bretambrose May 18, 2020
e4bef42
Harmless but embarrassing enum mixup
bretambrose May 18, 2020
531635c
Update to new body signing controls
bretambrose May 27, 2020
d481ad0
member rename
bretambrose May 27, 2020
9ecf4b8
Change signed body value default
bretambrose May 28, 2020
eee2f8a
Flags + decouple session token param skip from header signing
bretambrose Jun 7, 2020
2866223
Dependency updates
bretambrose Jun 10, 2020
52b1e59
Tweak session token control
bretambrose Jun 10, 2020
b70dd94
Merge branch 'master' into AuthRevamp
bretambrose Jun 14, 2020
7e4b741
Submodule update
bretambrose Jun 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion aws-common-runtime/aws-c-auth
Open in desktop
Submodule aws-c-auth updated 45 files
+67 −0 README.md
+12 −0 include/aws/auth/auth.h
+255 −0 include/aws/auth/aws_imds_client.h
+47 −66 include/aws/auth/credentials.h
+7 −2 include/aws/auth/private/aws_signing.h
+1 −1 include/aws/auth/private/credentials_utils.h
+23 −2 include/aws/auth/signable.h
+28 −4 include/aws/auth/signing.h
+153 −40 include/aws/auth/signing_config.h
+37 −0 source/auth.c
+1,612 −0 source/aws_imds_client.c
+3 −2 source/aws_profile.c
+326 −202 source/aws_signing.c
+134 −64 source/credentials.c
+41 −27 source/credentials_provider_cached.c
+16 −6 source/credentials_provider_chain.c
+24 −7 source/credentials_provider_ecs.c
+23 −26 source/credentials_provider_environment.c
+95 −851 source/credentials_provider_imds.c
+13 −2 source/credentials_provider_process.c
+10 −2 source/credentials_provider_profile.c
+4 −11 source/credentials_provider_static.c
+61 −40 source/credentials_provider_sts.c
+218 −163 source/credentials_provider_sts_web_identity.c
+26 −7 source/credentials_provider_x509.c
+43 −43 source/credentials_utils.c
+3 −5 source/signable.c
+95 −58 source/signing.c
+50 −10 source/signing_config.c
+125 −17 source/sigv4_http_request.c
+1 −1 source/xml_parser.c
+19 −2 tests/CMakeLists.txt
+1,391 −0 tests/aws_imds_client_test.c
+20 −38 tests/credentials_provider_ecs_tests.c
+57 −98 tests/credentials_provider_imds_tests.c
+23 −25 tests/credentials_provider_process_tests.c
+30 −31 tests/credentials_provider_sts_tests.c
+114 −161 tests/credentials_provider_sts_web_identity_tests.c
+9 −8 tests/credentials_provider_utils.c
+2 −1 tests/credentials_provider_utils.h
+19 −38 tests/credentials_provider_x509_tests.c
+65 −85 tests/credentials_tests.c
+42 −65 tests/sigv4_tests.c
+332 −0 tests/test_chunked_signing.c
+10 −14 tests/test_signable.c
2 changes: 1 addition & 1 deletion aws-common-runtime/aws-c-cal
Open in desktop
Submodule aws-c-cal updated 3 files
+9 −10 .github/workflows/ci.yml
+3 −12 builder.json
+0 −4 source/ecc.c
2 changes: 1 addition & 1 deletion aws-common-runtime/aws-c-common
Open in desktop
Submodule aws-c-common updated 36 files
+27 −11 CMakeLists.txt
+7 −9 README.md
+9 −0 cmake/AwsFeatureTests.cmake
+0 −30 cmake/AwsSIMD.cmake
+14 −0 cmake/AwsTestHarness.cmake
+68 −53 include/aws/common/bigint.h
+40 −0 include/aws/common/byte_buf.h
+37 −0 include/aws/common/cpuid.h
+18 −0 include/aws/common/encoding.h
+38 −0 include/aws/common/encoding.inl
+14 −6 include/aws/common/math.fallback.inl
+88 −0 include/aws/common/math.gcc_builtin.inl
+0 −54 include/aws/common/math.gcc_overflow.inl
+0 −54 include/aws/common/math.gcc_x64_asm.inl
+4 −0 include/aws/common/math.inl
+1 −1 include/aws/common/string.inl
+0 −91 source/arch/cpuid.c
+25 −0 source/arch/generic/cpuid.c
+39 −0 source/arch/intel/asm/cpuid.c
+111 −0 source/arch/intel/cpuid.c
+0 −0 source/arch/intel/encoding_avx2.c
+22 −0 source/arch/intel/msvc/cpuid.c
+478 −415 source/bigint.c
+35 −0 source/byte_buf.c
+31 −31 source/date_time.c
+5 −5 source/posix/system_info.c
+25 −9 tests/CMakeLists.txt
+480 −450 tests/bigint_test.c
+135 −0 tests/byte_buf_test.c
+7 −11 tests/cursor_test.c
+117 −0 tests/encoding_test.c
+1 −1 tests/process_test.c
+1 −0 tests/resources/ascii.txt
+ tests/resources/utf16be.txt
+ tests/resources/utf16le.txt
+1 −0 tests/resources/utf8.txt
2 changes: 1 addition & 1 deletion aws-common-runtime/aws-c-http
Open in desktop
Submodule aws-c-http updated 14 files
+51 −3 include/aws/http/connection.h
+19 −0 include/aws/http/http.h
+3 −0 include/aws/http/private/h2_connection.h
+4 −23 include/aws/http/private/h2_frames.h
+49 −20 source/h2_connection.c
+22 −22 source/h2_decoder.c
+18 −18 source/h2_frames.c
+14 −14 source/h2_stream.c
+1 −1 source/hpack.c
+13 −14 tests/CMakeLists.txt
+4 −4 tests/h2_test_helper.h
+1 −1 tests/test_connection_manager.c
+228 −44 tests/test_h2_client.c
+39 −39 tests/test_h2_decoder.c
2 changes: 1 addition & 1 deletion aws-common-runtime/aws-c-io
Open in desktop
Submodule aws-c-io updated 10 files
+1 −1 .github/workflows/ci.yml
+7 −0 include/aws/io/tls_channel_handler.h
+1 −1 source/pki_utils.c
+8 −4 source/posix/socket.c
+6 −0 source/tls_channel_handler.c
+3 −3 source/uri.c
+12 −3 source/windows/iocp/socket.c
+1 −0 tests/CMakeLists.txt
+29 −2 tests/socket_test.c
+2 −1 tests/tls_handler_test.c
2 changes: 1 addition & 1 deletion aws-common-runtime/aws-c-mqtt
Open in desktop
Submodule aws-c-mqtt updated 1 files
+3 −2 include/aws/mqtt/client.h
160 changes: 129 additions & 31 deletions src/main/java/software/amazon/awssdk/crt/auth/signing/AwsSigningConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import java.util.HashMap;
import java.util.Map;

import software.amazon.awssdk.crt.auth.credentials.Credentials;
import software.amazon.awssdk.crt.auth.credentials.CredentialsProvider;
import software.amazon.awssdk.crt.CrtResource;

Expand All @@ -27,8 +28,7 @@
public class AwsSigningConfig extends CrtResource {

public enum AwsSigningAlgorithm {
SIGV4_HEADER(0),
SIGV4_QUERY_PARAM(1);
SIGV4(0);

AwsSigningAlgorithm(int nativeValue) {
this.nativeValue = nativeValue;
Expand All @@ -47,8 +47,7 @@ public static AwsSigningAlgorithm getEnumValueFromInteger(int value) {

private static Map<Integer, AwsSigningAlgorithm> buildEnumMapping() {
Map<Integer, AwsSigningAlgorithm> enumMapping = new HashMap<Integer, AwsSigningAlgorithm>();
enumMapping.put(SIGV4_HEADER.getNativeValue(), SIGV4_HEADER);
enumMapping.put(SIGV4_QUERY_PARAM.getNativeValue(), SIGV4_QUERY_PARAM);
enumMapping.put(SIGV4.getNativeValue(), SIGV4);

return enumMapping;
}
Expand All @@ -58,64 +57,146 @@ private static Map<Integer, AwsSigningAlgorithm> buildEnumMapping() {
private static Map<Integer, AwsSigningAlgorithm> enumMapping = buildEnumMapping();
}

public enum AwsBodySigningConfigType {
AWS_BODY_SIGNING_OFF(0),
AWS_BODY_SIGNING_ON(1),
AWS_BODY_SIGNING_UNSIGNED_PAYLOAD(2);
public enum AwsSignatureType {
HTTP_REQUEST_VIA_HEADERS(0),
HTTP_REQUEST_VIA_QUERY_PARAMS(1),
HTTP_REQUEST_CHUNK(2),
HTTP_REQUEST_EVENT(3);

AwsBodySigningConfigType(int nativeValue) {
AwsSignatureType(int nativeValue) {
this.nativeValue = nativeValue;
}

public int getNativeValue() { return nativeValue; }

public static AwsBodySigningConfigType getEnumValueFromInteger(int value) {
AwsBodySigningConfigType enumValue = enumMapping.get(value);
public static AwsSignatureType getEnumValueFromInteger(int value) {
AwsSignatureType enumValue = enumMapping.get(value);
if (enumValue != null) {
return enumValue;
}

throw new RuntimeException("Illegal body signing config type value in signing configuration");
throw new RuntimeException("Illegal signature type value in signing configuration");
}

private static Map<Integer, AwsBodySigningConfigType> buildEnumMapping() {
Map<Integer, AwsBodySigningConfigType> enumMapping = new HashMap<Integer, AwsBodySigningConfigType>();
enumMapping.put(AWS_BODY_SIGNING_OFF.getNativeValue(), AWS_BODY_SIGNING_OFF);
enumMapping.put(AWS_BODY_SIGNING_ON.getNativeValue(), AWS_BODY_SIGNING_ON);
enumMapping.put(AWS_BODY_SIGNING_UNSIGNED_PAYLOAD.getNativeValue(), AWS_BODY_SIGNING_UNSIGNED_PAYLOAD);
private static Map<Integer, AwsSignatureType> buildEnumMapping() {
Map<Integer, AwsSignatureType> enumMapping = new HashMap<Integer, AwsSignatureType>();
enumMapping.put(HTTP_REQUEST_VIA_HEADERS.getNativeValue(), HTTP_REQUEST_VIA_HEADERS);
enumMapping.put(HTTP_REQUEST_VIA_QUERY_PARAMS.getNativeValue(), HTTP_REQUEST_VIA_QUERY_PARAMS);
enumMapping.put(HTTP_REQUEST_CHUNK.getNativeValue(), HTTP_REQUEST_CHUNK);
enumMapping.put(HTTP_REQUEST_EVENT.getNativeValue(), HTTP_REQUEST_EVENT);

return enumMapping;
}

private int nativeValue;

private static Map<Integer, AwsBodySigningConfigType> enumMapping = buildEnumMapping();
private static Map<Integer, AwsSignatureType> enumMapping = buildEnumMapping();
}

private int signingAlgorithm = AwsSigningAlgorithm.SIGV4_HEADER.getNativeValue();
public enum AwsSignedBodyValueType {
EMPTY(0),
PAYLOAD(1),
UNSIGNED_PAYLOAD(2),
STREAMING_AWS4_HMAC_SHA256_PAYLOAD(3),
STREAMING_AWS4_HMAC_SHA256_EVENTS(4);

AwsSignedBodyValueType(int nativeValue) {
this.nativeValue = nativeValue;
}

public int getNativeValue() { return nativeValue; }

public static AwsSignedBodyValueType getEnumValueFromInteger(int value) {
AwsSignedBodyValueType enumValue = enumMapping.get(value);
if (enumValue != null) {
return enumValue;
}

throw new RuntimeException("Illegal signed body value type value in signing configuration");
}

private static Map<Integer, AwsSignedBodyValueType> buildEnumMapping() {
Map<Integer, AwsSignedBodyValueType> enumMapping = new HashMap<Integer, AwsSignedBodyValueType>();
enumMapping.put(EMPTY.getNativeValue(), EMPTY);
enumMapping.put(PAYLOAD.getNativeValue(), PAYLOAD);
enumMapping.put(UNSIGNED_PAYLOAD.getNativeValue(), UNSIGNED_PAYLOAD);
enumMapping.put(STREAMING_AWS4_HMAC_SHA256_PAYLOAD.getNativeValue(), STREAMING_AWS4_HMAC_SHA256_PAYLOAD);
enumMapping.put(STREAMING_AWS4_HMAC_SHA256_EVENTS.getNativeValue(), STREAMING_AWS4_HMAC_SHA256_EVENTS);

return enumMapping;
}

private int nativeValue;

private static Map<Integer, AwsSignedBodyValueType> enumMapping = buildEnumMapping();
}

public enum AwsSignedBodyHeaderType {
NONE(0),
X_AMZ_CONTENT_SHA256(1);

AwsSignedBodyHeaderType(int nativeValue) {
this.nativeValue = nativeValue;
}

public int getNativeValue() { return nativeValue; }

public static AwsSignedBodyHeaderType getEnumValueFromInteger(int value) {
AwsSignedBodyHeaderType enumValue = enumMapping.get(value);
if (enumValue != null) {
return enumValue;
}

throw new RuntimeException("Illegal signed body header value in signing configuration");
}

private static Map<Integer, AwsSignedBodyHeaderType> buildEnumMapping() {
Map<Integer, AwsSignedBodyHeaderType> enumMapping = new HashMap<Integer, AwsSignedBodyHeaderType>();
enumMapping.put(NONE.getNativeValue(), NONE);
enumMapping.put(X_AMZ_CONTENT_SHA256.getNativeValue(), X_AMZ_CONTENT_SHA256);

return enumMapping;
}

private int nativeValue;

private static Map<Integer, AwsSignedBodyHeaderType> enumMapping = buildEnumMapping();
}

private int algorithm = AwsSigningAlgorithm.SIGV4.getNativeValue();
private int signatureType = AwsSignatureType.HTTP_REQUEST_VIA_HEADERS.getNativeValue();
private String region;
private String service;
private long time = System.currentTimeMillis();
private CredentialsProvider credentialsProvider;
private Predicate<String> shouldSignParameter;
private Credentials credentials;
private Predicate<String> shouldSignHeader;
private boolean useDoubleUriEncode = true;
private boolean shouldNormalizeUriPath = true;
private int signBody = AwsBodySigningConfigType.AWS_BODY_SIGNING_OFF.getNativeValue();
private boolean omitSessionToken = false;
private int signedBodyValue = AwsSignedBodyValueType.PAYLOAD.getNativeValue();
private int signedBodyHeader = AwsSignedBodyHeaderType.NONE.getNativeValue();
private long expirationInSeconds = 0;

public AwsSigningConfig() {}

public AwsSigningConfig clone() {
try (AwsSigningConfig clone = new AwsSigningConfig()) {

clone.setSigningAlgorithm(getSigningAlgorithm());
clone.setAlgorithm(getAlgorithm());
clone.setSignatureType(getSignatureType());
clone.setRegion(getRegion());
clone.setService(getService());
clone.setTime(getTime());
clone.setCredentialsProvider(getCredentialsProvider());
clone.setShouldSignParameter(getShouldSignParameter());
clone.setCredentials(getCredentials());
clone.setShouldSignHeader(getShouldSignHeader());
clone.setUseDoubleUriEncode(getUseDoubleUriEncode());
clone.setShouldNormalizeUriPath(getShouldNormalizeUriPath());
clone.setSignBody(getSignBody());
clone.setOmitSessionToken(getOmitSessionToken());
clone.setSignedBodyValue(getSignedBodyValue());
clone.setSignedBodyHeader(getSignedBodyHeader());
clone.setExpirationInSeconds(getExpirationInSeconds());

// success, bump up the ref count so we can escape the try-with-resources block
clone.addRef();
Expand All @@ -137,9 +218,14 @@ protected void releaseNativeHandle() {}
@Override
protected boolean canReleaseReferencesImmediately() { return true; }

public void setSigningAlgorithm(AwsSigningAlgorithm algorithm) { this.signingAlgorithm = algorithm.getNativeValue(); }
public AwsSigningAlgorithm getSigningAlgorithm() {
return AwsSigningAlgorithm.getEnumValueFromInteger(signingAlgorithm);
public void setAlgorithm(AwsSigningAlgorithm algorithm) { this.algorithm = algorithm.getNativeValue(); }
public AwsSigningAlgorithm getAlgorithm() {
return AwsSigningAlgorithm.getEnumValueFromInteger(algorithm);
}

public void setSignatureType(AwsSignatureType signatureType) { this.signatureType = signatureType.getNativeValue(); }
public AwsSignatureType getSignatureType() {
return AwsSignatureType.getEnumValueFromInteger(signatureType);
}

public void setRegion(String region) { this.region = region; }
Expand All @@ -158,17 +244,29 @@ public void setCredentialsProvider(CredentialsProvider credentialsProvider) {

public CredentialsProvider getCredentialsProvider() { return credentialsProvider; }

public void setShouldSignParameter(Predicate<String> shouldSignParameter) { this.shouldSignParameter = shouldSignParameter; }
public Predicate<String> getShouldSignParameter() { return shouldSignParameter; }
public void setCredentials(Credentials credentials) { this.credentials = credentials; }
public Credentials getCredentials() { return credentials; }

public void setShouldSignHeader(Predicate<String> shouldSignHeader) { this.shouldSignHeader = shouldSignHeader; }
public Predicate<String> getShouldSignHeader() { return shouldSignHeader; }

public void setUseDoubleUriEncode(boolean useDoubleUriEncode) { this.useDoubleUriEncode = useDoubleUriEncode; }
public boolean getUseDoubleUriEncode() { return useDoubleUriEncode; }

public void setShouldNormalizeUriPath(boolean shouldNormalizeUriPath) { this.shouldNormalizeUriPath = shouldNormalizeUriPath; }
public boolean getShouldNormalizeUriPath() { return shouldNormalizeUriPath; }

public void setSignBody(AwsBodySigningConfigType signBody) { this.signBody = signBody.getNativeValue(); }
public AwsBodySigningConfigType getSignBody() { return AwsBodySigningConfigType.getEnumValueFromInteger(signBody); }
public void setOmitSessionToken(boolean omitSessionToken) { this.omitSessionToken = omitSessionToken; }
public boolean getOmitSessionToken() { return omitSessionToken; }

public void setSignedBodyValue(AwsSignedBodyValueType signedBodyValue) { this.signedBodyValue = signedBodyValue.getNativeValue(); }
public AwsSignedBodyValueType getSignedBodyValue() { return AwsSignedBodyValueType.getEnumValueFromInteger(signedBodyValue); }

public void setSignedBodyHeader(AwsSignedBodyHeaderType signedBodyHeader) { this.signedBodyHeader = signedBodyHeader.getNativeValue(); }
public AwsSignedBodyHeaderType getSignedBodyHeader() { return AwsSignedBodyHeaderType.getEnumValueFromInteger(signedBodyHeader); }

public void setExpirationInSeconds(long expirationInSeconds) { this.expirationInSeconds = expirationInSeconds; }
public long getExpirationInSeconds() { return expirationInSeconds; }
}


Expand Down
Loading