1 /* 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"). 5 * You may not use this file except in compliance with the License. 6 * A copy of the License is located at 7 * 8 * http://aws.amazon.com/apache2.0 9 * 10 * or in the "license" file accompanying this file. This file is distributed 11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 * express or implied. See the License for the specific language governing 13 * permissions and limitations under the License. 14 */ 15 16 package software.amazon.awssdk.auth.signer; 17 18 import java.util.concurrent.CompletableFuture; 19 import software.amazon.awssdk.annotations.SdkProtectedApi; 20 import software.amazon.awssdk.core.SelectedAuthScheme; 21 import software.amazon.awssdk.core.interceptor.ExecutionAttribute; 22 import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute; 23 import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute; 24 import software.amazon.awssdk.http.auth.aws.signer.AwsV4FamilyHttpSigner; 25 import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption; 26 import software.amazon.awssdk.http.auth.spi.signer.AsyncSignRequest; 27 import software.amazon.awssdk.http.auth.spi.signer.AsyncSignedRequest; 28 import software.amazon.awssdk.http.auth.spi.signer.HttpSigner; 29 import software.amazon.awssdk.http.auth.spi.signer.SignRequest; 30 import software.amazon.awssdk.http.auth.spi.signer.SignedRequest; 31 import software.amazon.awssdk.identity.spi.Identity; 32 import software.amazon.awssdk.utils.CompletableFutureUtils; 33 34 /** 35 * S3-specific signing attributes attached to the execution. 36 * 37 * @deprecated Signer execution attributes have been deprecated in favor of signer properties, set on the auth scheme's signer 38 * option. 39 */ 40 @SdkProtectedApi 41 @Deprecated 42 public final class S3SignerExecutionAttribute extends SdkExecutionAttribute { 43 /** 44 * The key to specify whether to enable chunked encoding or not 45 * 46 * @deprecated This is a protected class that is internal to the SDK, so you shouldn't be using it. If you are using it 47 * from execution interceptors, you should instead be overriding the chunk encoding setting via the {@code AuthSchemeProvider} 48 * that is configured on the SDK client builder. If you're using it to call the SDK's signers, you should migrate to a 49 * subtype of {@code HttpSigner}. 50 */ 51 @Deprecated 52 public static final ExecutionAttribute<Boolean> ENABLE_CHUNKED_ENCODING = 53 ExecutionAttribute.derivedBuilder("ChunkedEncoding", 54 Boolean.class, 55 SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME) 56 .readMapping(S3SignerExecutionAttribute::enableChunkedEncodingReadMapping) 57 .writeMapping(S3SignerExecutionAttribute::enableChunkedEncodingWriteMapping) 58 .build(); 59 60 61 /** 62 * The key to specify whether to enable payload signing or not 63 * 64 * @deprecated This is a protected class that is internal to the SDK, so you shouldn't be using it. If you are using it 65 * from execution interceptors, you should instead be overriding the payload signing setting via the {@code 66 * AuthSchemeProvider} that is configured on the SDK client builder. If you're using it to call the SDK's signers, you 67 * should migrate to a subtype of {@code HttpSigner}. 68 */ 69 @Deprecated 70 public static final ExecutionAttribute<Boolean> ENABLE_PAYLOAD_SIGNING = 71 ExecutionAttribute.derivedBuilder("PayloadSigning", 72 Boolean.class, 73 SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME) 74 .readMapping(S3SignerExecutionAttribute::enablePayloadSigningReadMapping) 75 .writeMapping(S3SignerExecutionAttribute::enablePayloadSigningWriteMapping) 76 .build(); 77 S3SignerExecutionAttribute()78 private S3SignerExecutionAttribute() { 79 } 80 enableChunkedEncodingReadMapping(SelectedAuthScheme<?> authScheme)81 private static Boolean enableChunkedEncodingReadMapping(SelectedAuthScheme<?> authScheme) { 82 if (authScheme == null) { 83 return null; 84 } 85 AuthSchemeOption authOption = authScheme.authSchemeOption(); 86 return authOption.signerProperty(AwsV4FamilyHttpSigner.CHUNK_ENCODING_ENABLED); 87 } 88 enableChunkedEncodingWriteMapping(SelectedAuthScheme<T> authScheme, Boolean enableChunkedEncoding)89 private static <T extends Identity> SelectedAuthScheme<?> enableChunkedEncodingWriteMapping(SelectedAuthScheme<T> authScheme, 90 Boolean enableChunkedEncoding) { 91 if (authScheme == null) { 92 // This is an unusual use-case. 93 // Let's assume they're setting chunked-encoding so that they can call the signer directly. If that's true, then it 94 // doesn't really matter what we store other than chunked-encoding. 95 return new SelectedAuthScheme<>(CompletableFuture.completedFuture(new UnsetIdentity()), 96 new UnsetHttpSigner(), 97 AuthSchemeOption.builder() 98 .schemeId("unset") 99 .putSignerProperty(AwsV4FamilyHttpSigner.CHUNK_ENCODING_ENABLED, 100 enableChunkedEncoding) 101 .build()); 102 } 103 104 return new SelectedAuthScheme<>(authScheme.identity(), 105 authScheme.signer(), 106 authScheme.authSchemeOption() 107 .copy(o -> o.putSignerProperty(AwsV4FamilyHttpSigner.CHUNK_ENCODING_ENABLED, 108 enableChunkedEncoding))); 109 } 110 enablePayloadSigningReadMapping(SelectedAuthScheme<?> authScheme)111 private static Boolean enablePayloadSigningReadMapping(SelectedAuthScheme<?> authScheme) { 112 if (authScheme == null) { 113 return null; 114 } 115 return authScheme.authSchemeOption().signerProperty(AwsV4FamilyHttpSigner.PAYLOAD_SIGNING_ENABLED); 116 } 117 enablePayloadSigningWriteMapping(SelectedAuthScheme<T> authScheme, Boolean payloadSigningEnabled)118 private static <T extends Identity> SelectedAuthScheme<?> enablePayloadSigningWriteMapping(SelectedAuthScheme<T> authScheme, 119 Boolean payloadSigningEnabled) { 120 if (authScheme == null) { 121 // This is an unusual use-case. 122 // Let's assume they're configuring payload signing so that they can call the signer directly. If that's true, then it 123 // doesn't really matter what we store other than the payload signing setting. 124 return new SelectedAuthScheme<>(CompletableFuture.completedFuture(new UnsetIdentity()), 125 new UnsetHttpSigner(), 126 AuthSchemeOption.builder() 127 .schemeId("unset") 128 .putSignerProperty(AwsV4FamilyHttpSigner.PAYLOAD_SIGNING_ENABLED, 129 payloadSigningEnabled) 130 .build()); 131 } 132 133 return new SelectedAuthScheme<>(authScheme.identity(), 134 authScheme.signer(), 135 authScheme.authSchemeOption() 136 .copy(o -> o.putSignerProperty(AwsV4FamilyHttpSigner.PAYLOAD_SIGNING_ENABLED, 137 payloadSigningEnabled)) 138 ); 139 } 140 141 private static class UnsetIdentity implements Identity { 142 } 143 144 private static class UnsetHttpSigner implements HttpSigner<UnsetIdentity> { 145 @Override sign(SignRequest<? extends UnsetIdentity> request)146 public SignedRequest sign(SignRequest<? extends UnsetIdentity> request) { 147 throw new IllegalStateException("A signer was not configured."); 148 } 149 150 @Override signAsync(AsyncSignRequest<? extends UnsetIdentity> request)151 public CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends UnsetIdentity> request) { 152 return CompletableFutureUtils.failedFuture(new IllegalStateException("A signer was not configured.")); 153 } 154 } 155 } 156