feat!: Modularize identity and auth #751
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| // | ||
|
There was a problem hiding this comment. This was moved from aws-sdk-swift. |
||
| // Copyright Amazon.com Inc. or its affiliates. | ||
| // All Rights Reserved. | ||
| // | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| // | ||
|
|
||
| import class SmithyIdentity.CRTAWSCredentialIdentity | ||
| import enum SmithyHTTPAuthAPI.SigningAlgorithm | ||
| import enum SmithyHTTPAuthAPI.AWSSignedBodyHeader | ||
| import enum SmithyHTTPAuthAPI.AWSSignedBodyValue | ||
| import enum SmithyHTTPAuthAPI.AWSSignatureType | ||
| import protocol SmithyIdentity.AWSCredentialIdentityResolver | ||
| import struct Foundation.Date | ||
| import struct Foundation.Locale | ||
| import struct Foundation.TimeInterval | ||
| import struct SmithyHTTPAuthAPI.SigningFlags | ||
| import struct SmithyIdentity.AWSCredentialIdentity | ||
|
|
||
| public struct AWSSigningConfig { | ||
| public let credentials: AWSCredentialIdentity? | ||
| public let awsCredentialIdentityResolver: (any AWSCredentialIdentityResolver)? | ||
| public let expiration: TimeInterval | ||
| public let signedBodyHeader: AWSSignedBodyHeader | ||
| public let signedBodyValue: AWSSignedBodyValue | ||
| public let flags: SigningFlags | ||
| public let date: Date | ||
| public let service: String | ||
| public let region: String | ||
| public let shouldSignHeader: ((String) -> Bool)? | ||
| public let signatureType: AWSSignatureType | ||
| public let signingAlgorithm: SigningAlgorithm | ||
|
|
||
| public init( | ||
| credentials: AWSCredentialIdentity? = nil, | ||
| awsCredentialIdentityResolver: (any AWSCredentialIdentityResolver)? = nil, | ||
| expiration: TimeInterval = 0, | ||
| signedBodyHeader: AWSSignedBodyHeader = .none, | ||
| signedBodyValue: AWSSignedBodyValue, | ||
| flags: SigningFlags, | ||
| date: Date, | ||
| service: String, | ||
| region: String, | ||
| shouldSignHeader: ((String) -> Bool)? = nil, | ||
| signatureType: AWSSignatureType, | ||
| signingAlgorithm: SigningAlgorithm | ||
| ) { | ||
| self.credentials = credentials | ||
| self.awsCredentialIdentityResolver = awsCredentialIdentityResolver | ||
| self.expiration = expiration | ||
| self.signedBodyHeader = signedBodyHeader | ||
| self.signedBodyValue = signedBodyValue | ||
| self.flags = flags | ||
| self.date = date | ||
| self.service = service | ||
| self.region = region | ||
| self.shouldSignHeader = shouldSignHeader | ||
| self.signatureType = signatureType | ||
| self.signingAlgorithm = signingAlgorithm | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| // | ||
|
There was a problem hiding this comment. These are all adapter methods that convert types in |
||
| // Copyright Amazon.com Inc. or its affiliates. | ||
| // All Rights Reserved. | ||
| // | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| // | ||
|
|
||
| import enum AwsCommonRuntimeKit.SigningAlgorithmType | ||
| import enum AwsCommonRuntimeKit.SignedBodyHeaderType | ||
| import enum AwsCommonRuntimeKit.SignedBodyValue | ||
| import enum AwsCommonRuntimeKit.SignatureType | ||
| import struct AwsCommonRuntimeKit.SigningConfig | ||
|
|
||
| import enum SmithyHTTPAuthAPI.SigningAlgorithm | ||
| import enum SmithyHTTPAuthAPI.AWSSignedBodyHeader | ||
| import enum SmithyHTTPAuthAPI.AWSSignedBodyValue | ||
| import enum SmithyHTTPAuthAPI.AWSSignatureType | ||
|
|
||
| import struct Foundation.Locale | ||
| import class SmithyIdentity.CRTAWSCredentialIdentity | ||
|
|
||
| extension SigningAlgorithm { | ||
| /// Convert self to CRT SigningAlgorithmType | ||
| /// - Returns: SigningAlgorithmType | ||
| public func toCRTType() -> SigningAlgorithmType { | ||
| switch self { | ||
| case .sigv4: return .signingV4 | ||
| case .sigv4a: return .signingV4Asymmetric | ||
| } | ||
| } | ||
| } | ||
|
|
||
| extension AWSSignatureType { | ||
| public func toCRTType() -> SignatureType { | ||
| switch self { | ||
| case .requestChunk: return .requestChunk | ||
| case .requestHeaders: return .requestHeaders | ||
| case .requestQueryParams: return .requestQueryParams | ||
| case .requestTrailingHeaders: return .requestTrailingHeaders | ||
| case .requestEvent: return .requestEvent | ||
| } | ||
| } | ||
| } | ||
|
|
||
| extension AWSSignedBodyHeader { | ||
| func toCRTType() -> SignedBodyHeaderType { | ||
| switch self { | ||
| case .none: return .none | ||
| case .contentSha256: return .contentSha256 | ||
| } | ||
| } | ||
| } | ||
|
|
||
| extension AWSSignedBodyValue { | ||
| func toCRTType() -> SignedBodyValue { | ||
| switch self { | ||
| case .empty: return .empty | ||
| case .emptySha256: return .emptySha256 | ||
| case .unsignedPayload: return .unsignedPayload | ||
| case .streamingSha256Payload: return .streamingSha256Payload | ||
| case .streamingSha256Events: return .streamingSha256Events | ||
| case .streamingSha256PayloadTrailer: return .streamingSha256PayloadTrailer | ||
| case .streamingUnsignedPayloadTrailer: return .streamingUnSignedPayloadTrailer | ||
| } | ||
| } | ||
| } | ||
|
|
||
| extension AWSSigningConfig { | ||
| public func toCRTType() throws -> SigningConfig { | ||
| // Never include the Transfer-Encoding header in the signature, | ||
| // since older versions of URLSession will modify this header's value | ||
| // prior to sending a request. | ||
| // | ||
| // The Transfer-Encoding header does not affect the AWS operation being | ||
| // performed and is just there to coordinate the flow of data to the server. | ||
| // | ||
| // For all other headers, use the shouldSignHeaders block that was passed to | ||
| // determine if the header should be included in the signature. If the | ||
| // shouldSignHeaders block was not provided, then include all headers other | ||
| // than Transfer-Encoding. | ||
| let modifiedShouldSignHeader = { (name: String) in | ||
| guard name.lowercased(with: Locale(identifier: "en_US_POSIX")) != "transfer-encoding" else { return false } | ||
| return shouldSignHeader?(name) ?? true | ||
| } | ||
|
|
||
| return SigningConfig( | ||
| algorithm: signingAlgorithm.toCRTType(), | ||
| signatureType: signatureType.toCRTType(), | ||
| service: service, | ||
| region: region, | ||
| date: date, | ||
| credentials: try credentials.map { try CRTAWSCredentialIdentity(awsCredentialIdentity: $0) }, | ||
| credentialsProvider: try awsCredentialIdentityResolver?.getCRTAWSCredentialIdentityResolver(), | ||
| expiration: expiration, | ||
| signedBodyHeader: signedBodyHeader.toCRTType(), | ||
| signedBodyValue: signedBodyValue.toCRTType(), | ||
| shouldSignHeader: modifiedShouldSignHeader, | ||
| useDoubleURIEncode: flags.useDoubleURIEncode, | ||
| shouldNormalizeURIPath: flags.shouldNormalizeURIPath, | ||
| omitSessionToken: flags.omitSessionToken | ||
| ) | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| // | ||
|
There was a problem hiding this comment. This was moved from aws-sdk-swift to here. |
||
| // Copyright Amazon.com Inc. or its affiliates. | ||
| // All Rights Reserved. | ||
| // | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| // | ||
|
|
||
| import enum SmithyChecksumsAPI.ChecksumAlgorithm | ||
|
There was a problem hiding this comment. This should be a string / have no dependency on checksums There was a problem hiding this comment. Removed as pointed out |
||
| import struct Smithy.AttributeKey | ||
| import struct Foundation.TimeInterval | ||
|
|
||
| public enum SigningPropertyKeys { | ||
| public static let signingName = AttributeKey<String>(name: "SigningName") | ||
| public static let signingRegion = AttributeKey<String>(name: "SigningRegion") | ||
| // Keys used to store/retrieve AWSSigningConfig fields in/from signingProperties passed to AWSSigV4Signer | ||
| public static let bidirectionalStreaming = AttributeKey<Bool>(name: "BidirectionalStreaming") | ||
| public static let checksum = AttributeKey<ChecksumAlgorithm>(name: "checksum") | ||
| public static let expiration = AttributeKey<TimeInterval>(name: "Expiration") | ||
| public static let isChunkedEligibleStream = AttributeKey<Bool>(name: "isChunkedEligibleStream") | ||
| public static let omitSessionToken = AttributeKey<Bool>(name: "OmitSessionToken") | ||
| public static let shouldNormalizeURIPath = AttributeKey<Bool>(name: "ShouldNormalizeURIPath") | ||
| public static let signatureType = AttributeKey<AWSSignatureType>(name: "SignatureType") | ||
| public static let signedBodyHeader = AttributeKey<AWSSignedBodyHeader>(name: "SignedBodyHeader") | ||
| public static let signingAlgorithm = AttributeKey<SigningAlgorithm>(name: "signingAlgorithm") | ||
| public static let unsignedBody = AttributeKey<Bool>(name: "UnsignedBody") | ||
| public static let useDoubleURIEncode = AttributeKey<Bool>(name: "UseDoubleURIEncode") | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added 2 new modules:
SmithyIdentityandSmithyHTTPAuth.SmithyIdentityhas concrete implementation of theIdentityprotocol fromSmithyIdentityAPImodule, such asAWSCredentialIdentity. It also has non-AWS specific AWS credential identity resolver such asStaticAWSCredentialIdentityResolver.SmithyHTTPAuthhas SigV4 signing config things moved from aws-sdk-swift. Moving the actualSigV4Signerand the auth schemes (e.g.,SigV4AuthScheme) is on-hold for after HTTP modularization.