Auth revamp

src/main/java/software/amazon/awssdk/crt/auth/signing/AwsSigningConfig.java

@@ -18,6 +18,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import software.amazon.awssdk.crt.auth.credentials.Credentials;
 import software.amazon.awssdk.crt.auth.credentials.CredentialsProvider;
 import software.amazon.awssdk.crt.CrtResource;
 
@@ -27,8 +28,7 @@
 public class AwsSigningConfig extends CrtResource {
 
     public enum AwsSigningAlgorithm {
-        SIGV4_HEADER(0),
-        SIGV4_QUERY_PARAM(1);
+        SIGV4(0);
 
         AwsSigningAlgorithm(int nativeValue) {
             this.nativeValue = nativeValue;
@@ -47,8 +47,7 @@ public static AwsSigningAlgorithm getEnumValueFromInteger(int value) {
 
         private static Map<Integer, AwsSigningAlgorithm> buildEnumMapping() {
             Map<Integer, AwsSigningAlgorithm> enumMapping = new HashMap<Integer, AwsSigningAlgorithm>();
-            enumMapping.put(SIGV4_HEADER.getNativeValue(), SIGV4_HEADER);
-            enumMapping.put(SIGV4_QUERY_PARAM.getNativeValue(), SIGV4_QUERY_PARAM);
+            enumMapping.put(SIGV4.getNativeValue(), SIGV4);
 
             return enumMapping;
         }
@@ -58,6 +57,38 @@ private static Map<Integer, AwsSigningAlgorithm> buildEnumMapping() {
         private static Map<Integer, AwsSigningAlgorithm> enumMapping = buildEnumMapping();
     }
 
+    public enum AwsRequestSigningTransform {
+        HEADER(0),
+        QUERY_PARAM(1);
+
+        AwsRequestSigningTransform(int nativeValue) {
+            this.nativeValue = nativeValue;
+        }
+
+        public int getNativeValue() { return nativeValue; }
+
+        public static AwsRequestSigningTransform getEnumValueFromInteger(int value) {
+            AwsRequestSigningTransform enumValue = enumMapping.get(value);
+            if (enumValue != null) {
+                return enumValue;
+            }
+
+            throw new RuntimeException("Illegal request signing transform value in signing configuration");
+        }
+
+        private static Map<Integer, AwsRequestSigningTransform> buildEnumMapping() {
+            Map<Integer, AwsRequestSigningTransform> enumMapping = new HashMap<Integer, AwsRequestSigningTransform>();
+            enumMapping.put(HEADER.getNativeValue(), HEADER);
+            enumMapping.put(QUERY_PARAM.getNativeValue(), QUERY_PARAM);
+
+            return enumMapping;
+        }
+
+        private int nativeValue;
+
+        private static Map<Integer, AwsRequestSigningTransform> enumMapping = buildEnumMapping();
+    }
+
     public enum AwsBodySigningConfigType {
         AWS_BODY_SIGNING_OFF(0),
         AWS_BODY_SIGNING_ON(1),
@@ -92,30 +123,36 @@ private static Map<Integer, AwsBodySigningConfigType> buildEnumMapping() {
         private static Map<Integer, AwsBodySigningConfigType> enumMapping = buildEnumMapping();
     }
 
-    private int signingAlgorithm = AwsSigningAlgorithm.SIGV4_HEADER.getNativeValue();
+    private int algorithm = AwsSigningAlgorithm.SIGV4.getNativeValue();
+    private int transform = AwsRequestSigningTransform.HEADER.getNativeValue();
     private String region;
     private String service;
     private long time = System.currentTimeMillis();
     private CredentialsProvider credentialsProvider;
+    private Credentials credentials;
     private Predicate<String> shouldSignParameter;
     private boolean useDoubleUriEncode = true;
     private boolean shouldNormalizeUriPath = true;
     private int signBody = AwsBodySigningConfigType.AWS_BODY_SIGNING_OFF.getNativeValue();
+    private long expirationInSeconds = 0;
 
     public AwsSigningConfig() {}
 
     public AwsSigningConfig clone() {
         try (AwsSigningConfig clone = new AwsSigningConfig()) {
 
-            clone.setSigningAlgorithm(getSigningAlgorithm());
+            clone.setAlgorithm(getAlgorithm());
+            clone.setTransform(getTransform());
             clone.setRegion(getRegion());
             clone.setService(getService());
             clone.setTime(getTime());
             clone.setCredentialsProvider(getCredentialsProvider());
+            clone.setCredentials(getCredentials());
             clone.setShouldSignParameter(getShouldSignParameter());
             clone.setUseDoubleUriEncode(getUseDoubleUriEncode());
             clone.setShouldNormalizeUriPath(getShouldNormalizeUriPath());
             clone.setSignBody(getSignBody());
+            clone.setExpirationInSeconds(getExpirationInSeconds());
 
             // success, bump up the ref count so we can escape the try-with-resources block
             clone.addRef();
@@ -137,9 +174,14 @@ protected void releaseNativeHandle() {}
     @Override
     protected boolean canReleaseReferencesImmediately() { return true; }
 
-    public void setSigningAlgorithm(AwsSigningAlgorithm algorithm) { this.signingAlgorithm = algorithm.getNativeValue(); }
-    public AwsSigningAlgorithm getSigningAlgorithm() {
-        return AwsSigningAlgorithm.getEnumValueFromInteger(signingAlgorithm);
+    public void setAlgorithm(AwsSigningAlgorithm algorithm) { this.algorithm = algorithm.getNativeValue(); }
+    public AwsSigningAlgorithm getAlgorithm() {
+        return AwsSigningAlgorithm.getEnumValueFromInteger(algorithm);
+    }
+
+    public void setTransform(AwsRequestSigningTransform transform) { this.transform = transform.getNativeValue(); }
+    public AwsRequestSigningTransform getTransform() {
+        return AwsRequestSigningTransform.getEnumValueFromInteger(transform);
     }
 
     public void setRegion(String region) { this.region = region; }
@@ -158,6 +200,9 @@ public void setCredentialsProvider(CredentialsProvider credentialsProvider) {
 
     public CredentialsProvider getCredentialsProvider() { return credentialsProvider; }
 
+    public void setCredentials(Credentials credentials) { this.credentials = credentials; }
+    public Credentials getCredentials() { return credentials; }
+
     public void setShouldSignParameter(Predicate<String> shouldSignParameter) { this.shouldSignParameter = shouldSignParameter; }
     public Predicate<String> getShouldSignParameter() { return shouldSignParameter; }
 
@@ -169,6 +214,9 @@ public void setCredentialsProvider(CredentialsProvider credentialsProvider) {
 
     public void setSignBody(AwsBodySigningConfigType signBody) { this.signBody = signBody.getNativeValue(); }
     public AwsBodySigningConfigType getSignBody() { return AwsBodySigningConfigType.getEnumValueFromInteger(signBody); }
+
+    public void setExpirationInSeconds(long expirationInSeconds) { this.expirationInSeconds = expirationInSeconds; }
+    public long getExpirationInSeconds() { return expirationInSeconds; }
 }
 
 

src/native/aws_signing.c

@@ -14,6 +14,8 @@
  */
 
 #include "crt.h"
+
+#include "credentials.h"
 #include "http_request_utils.h"
 #include "java_class_ids.h"
 
@@ -47,6 +49,7 @@ struct s_aws_sign_request_callback_data {
     struct aws_signable *original_message_signable;
     struct aws_string *region;
     struct aws_string *service;
+    struct aws_credentials *credentials;
 };
 
 static void s_cleanup_callback_data(struct s_aws_sign_request_callback_data *callback_data) {
@@ -68,6 +71,10 @@ static void s_cleanup_callback_data(struct s_aws_sign_request_callback_data *cal
         aws_signable_destroy(callback_data->original_message_signable);
     }
 
+    if (callback_data->credentials) {
+        aws_credentials_release(callback_data->credentials);
+    }
+
     aws_string_destroy(callback_data->region);
     aws_string_destroy(callback_data->service);
 
@@ -185,6 +192,8 @@ static int s_build_signing_config(
     config->config_type = AWS_SIGNING_CONFIG_AWS;
     config->algorithm = (enum aws_signing_algorithm)(*env)->GetIntField(
         env, java_config, aws_signing_config_properties.algorithm_field_id);
+    config->transform = (enum aws_signing_request_transform)(*env)->GetIntField(
+        env, java_config, aws_signing_config_properties.transform_field_id);
 
     jstring region = (jstring)(*env)->GetObjectField(env, java_config, aws_signing_config_properties.region_field_id);
     callback_data->region = aws_jni_new_string_from_jstring(env, region);
@@ -215,8 +224,19 @@ static int s_build_signing_config(
 
     jobject provider =
         (*env)->GetObjectField(env, java_config, aws_signing_config_properties.credentials_provider_field_id);
-    config->credentials_provider =
-        (void *)(*env)->CallLongMethod(env, provider, crt_resource_properties.get_native_handle_method_id);
+    if (provider != NULL) {
+        config->credentials_provider =
+            (void *)(*env)->CallLongMethod(env, provider, crt_resource_properties.get_native_handle_method_id);
+    }
+
+    jobject credentials = (*env)->GetObjectField(env, java_config, aws_signing_config_properties.credentials_field_id);
+    if (credentials != NULL) {
+        callback_data->credentials = aws_credentials_new_from_java_credentials(env, credentials);
+        config->credentials = callback_data->credentials;
+    }
+
+    config->expiration_in_seconds =
+        (uint64_t)(*env)->GetLongField(env, java_config, aws_signing_config_properties.expiration_in_seconds_field_id);
 
     if ((*env)->ExceptionCheck(env)) {
         return aws_raise_error(AWS_ERROR_HTTP_CALLBACK_FAILURE);
@@ -259,9 +279,8 @@ void JNICALL Java_software_amazon_awssdk_crt_auth_signing_AwsSigner_awsSignerSig
     AWS_ZERO_STRUCT(signing_config);
 
     if (s_build_signing_config(env, callback_data, java_signing_config, &signing_config)) {
-        aws_jni_throw_runtime_exception(env, "Failed to allocated sign request callback data");
-        s_cleanup_callback_data(callback_data);
-        return;
+        aws_jni_throw_runtime_exception(env, "Failed to create signing configuration");
+        goto on_error;
     }
 
     jobject java_http_request_body_stream =
@@ -271,15 +290,13 @@ void JNICALL Java_software_amazon_awssdk_crt_auth_signing_AwsSigner_awsSignerSig
         aws_http_request_new_from_java_http_request(env, marshalled_request, java_http_request_body_stream);
     if (callback_data->native_request == NULL) {
         aws_jni_throw_runtime_exception(env, "Failed to create native http request from Java HttpRequest");
-        s_cleanup_callback_data(callback_data);
-        return;
+        goto on_error;
     }
 
     callback_data->original_message_signable = aws_signable_new_http_request(allocator, callback_data->native_request);
     if (callback_data->original_message_signable == NULL) {
         aws_jni_throw_runtime_exception(env, "Failed to create signable from http request");
-        s_cleanup_callback_data(callback_data);
-        return;
+        goto on_error;
     }
 
     /* Sign the native request */
@@ -290,8 +307,14 @@ void JNICALL Java_software_amazon_awssdk_crt_auth_signing_AwsSigner_awsSignerSig
             s_aws_signing_complete,
             callback_data)) {
         aws_jni_throw_runtime_exception(env, "Failed to initiate signing process for HttpRequest");
-        s_cleanup_callback_data(callback_data);
+        goto on_error;
     }
+
+    return;
+
+on_error:
+
+    s_cleanup_callback_data(callback_data);
 }
 
 #if UINTPTR_MAX == 0xffffffff

src/native/credentials.c

@@ -0,0 +1,79 @@
+/*
+ * Copyright 2010-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include "crt.h"
+#include "java_class_ids.h"
+
+#include <aws/auth/credentials.h>
+
+/* on 32-bit platforms, casting pointers to longs throws a warning we don't need */
+#if UINTPTR_MAX == 0xffffffff
+#    if defined(_MSC_VER)
+#        pragma warning(push)
+#        pragma warning(disable : 4305) /* 'type cast': truncation from 'jlong' to 'jni_tls_ctx_options *' */
+#    else
+#        pragma GCC diagnostic push
+#        pragma GCC diagnostic ignored "-Wpointer-to-int-cast"
+#        pragma GCC diagnostic ignored "-Wint-to-pointer-cast"
+#    endif
+#endif
+
+struct aws_credentials *aws_credentials_new_from_java_credentials(JNIEnv *env, jobject java_credentials) {
+    if (java_credentials == NULL) {
+        return NULL;
+    }
+
+    jbyteArray access_key_id =
+        (*env)->GetObjectField(env, java_credentials, credentials_properties.access_key_id_field_id);
+    jbyteArray secret_access_key =
+        (*env)->GetObjectField(env, java_credentials, credentials_properties.secret_access_key_field_id);
+    jbyteArray session_token =
+        (*env)->GetObjectField(env, java_credentials, credentials_properties.session_token_field_id);
+
+    if (access_key_id == NULL || secret_access_key == NULL) {
+        return NULL;
+    }
+
+    struct aws_credentials *credentials = NULL;
+
+    struct aws_byte_cursor access_key_id_cursor = aws_jni_byte_cursor_from_jbyteArray_acquire(env, access_key_id);
+    struct aws_byte_cursor secret_access_key_cursor =
+        aws_jni_byte_cursor_from_jbyteArray_acquire(env, secret_access_key);
+
+    struct aws_byte_cursor session_token_cursor;
+    AWS_ZERO_STRUCT(session_token_cursor);
+    if (session_token != NULL) {
+        session_token_cursor = aws_jni_byte_cursor_from_jbyteArray_acquire(env, session_token);
+    }
+
+    credentials = aws_credentials_new(
+        aws_jni_get_allocator(), access_key_id_cursor, secret_access_key_cursor, session_token_cursor, UINT64_MAX);
+
+    aws_jni_byte_cursor_from_jbyteArray_release(env, access_key_id, access_key_id_cursor);
+    aws_jni_byte_cursor_from_jbyteArray_release(env, secret_access_key, secret_access_key_cursor);
+    if (session_token != NULL) {
+        aws_jni_byte_cursor_from_jbyteArray_release(env, session_token, session_token_cursor);
+    }
+
+    return credentials;
+}
+
+#if UINTPTR_MAX == 0xffffffff
+#    if defined(_MSC_VER)
+#        pragma warning(pop)
+#    else
+#        pragma GCC diagnostic pop
+#    endif
+#endif

src/native/credentials.h

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2010-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#ifndef AWS_JNI_CRT_CREDENTIALS_H
+#define AWS_JNI_CRT_CREDENTIALS_H
+
+#include <jni.h>
+
+struct aws_credentials;
+
+struct aws_credentials *aws_credentials_new_from_java_credentials(JNIEnv *env, jobject java_credentials);
+
+#endif /* AWS_JNI_CRT_CREDENTIALS_H */

src/native/credentials_provider.c

@@ -257,7 +257,8 @@ struct aws_credentials_provider_get_credentials_callback_data {
     jobject java_credentials_future;
 };
 
-static void s_on_get_credentials_callback(struct aws_credentials *credentials, void *user_data) {
+static void s_on_get_credentials_callback(struct aws_credentials *credentials, int error_code, void *user_data) {
+    (void)error_code;
     struct aws_credentials_provider_get_credentials_callback_data *callback_data = user_data;
 
     JNIEnv *env = aws_jni_get_thread_env(callback_data->jvm);
@@ -271,15 +272,14 @@ static void s_on_get_credentials_callback(struct aws_credentials *credentials, v
         java_credentials = (*env)->NewObject(
             env, credentials_properties.credentials_class, credentials_properties.constructor_method_id);
         if (java_credentials != NULL) {
-            struct aws_byte_cursor access_key_id_cursor = aws_byte_cursor_from_string(credentials->access_key_id);
+            struct aws_byte_cursor access_key_id_cursor = aws_credentials_get_access_key_id(credentials);
             access_key_id = aws_jni_byte_array_from_cursor(env, &access_key_id_cursor);
 
-            struct aws_byte_cursor secret_access_key_cursor =
-                aws_byte_cursor_from_string(credentials->secret_access_key);
+            struct aws_byte_cursor secret_access_key_cursor = aws_credentials_get_secret_access_key(credentials);
             secret_access_key = aws_jni_byte_array_from_cursor(env, &secret_access_key_cursor);
 
-            if (credentials->session_token != NULL) {
-                struct aws_byte_cursor session_token_cursor = aws_byte_cursor_from_string(credentials->session_token);
+            struct aws_byte_cursor session_token_cursor = aws_credentials_get_session_token(credentials);
+            if (session_token_cursor.len > 0) {
                 session_token = aws_jni_byte_array_from_cursor(env, &session_token_cursor);
             }