feat: Glacier Checksums Customization (#421)

Author: kneekey23

AWSClientRuntime/Sources/Middlewares/Sha256TreeHashMiddleware.swift

@@ -0,0 +1,107 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0.
+
+import AwsCommonRuntimeKit
+import ClientRuntime
+import AwsCCal
+
+public struct Sha256TreeHashMiddleware<OperationStackOutput: HttpResponseBinding,
+                                       OperationStackError: HttpResponseBinding>: Middleware {
+    public let id: String = "Sha256TreeHash"
+    
+    private let X_AMZ_SHA256_TREE_HASH_HEADER_NAME = "X-Amz-Sha256-Tree-Hash"
+    
+    private let X_AMZ_CONTENT_SHA256_HEADER_NAME = "X-Amz-Content-Sha256"
+    
+    public init() {}
+    
+    public func handle<H>(context: Context,
+                          input: MInput,
+                          next: H) -> Result<MOutput, MError>
+    where H: Handler,
+          Self.MInput == H.Input,
+          Self.MOutput == H.Output,
+          Self.Context == H.Context,
+          Self.MError == H.MiddlewareError {
+              let request = input.build()
+              
+              switch request.body {
+              case .data(let data):
+                  guard let data = data else {
+                      return next.handle(context: context, input: input)
+                  }
+                  if !request.headers.exists(name: X_AMZ_CONTENT_SHA256_HEADER_NAME) {
+                      let sha256 = ByteBuffer(data: data).sha256().encodeToHexString()
+                      input.withHeader(name: X_AMZ_CONTENT_SHA256_HEADER_NAME, value: sha256)
+                  }
+              case .stream(let stream):
+                  let streamBytes = stream.toBytes()
+                  guard streamBytes.length > 0 else {
+                      return next.handle(context: context, input: input)
+                  }
+                  let (linearHash, treeHash) = computeHashes(bytes: streamBytes)
+                  if let treeHash = treeHash, let linearHash = linearHash {
+                      input.withHeader(name: X_AMZ_SHA256_TREE_HASH_HEADER_NAME, value: treeHash)
+                      input.withHeader(name: X_AMZ_CONTENT_SHA256_HEADER_NAME, value: linearHash)
+                  }
+              case .empty, .none:
+                  break
+              }
+              
+              return next.handle(context: context, input: input)
+          }
+    
+    /// Computes the tree-hash and linear hash of a `ByteBuffer`.
+    /// See http://docs.aws.amazon.com/amazonglacier/latest/dev/checksum-calculations.html for more information.
+    private func computeHashes(bytes: ByteBuffer) -> (String?, String?) {
+        let bufferSize = 1024 * 1024
+        var hashes = [[UInt8]]()
+        
+        while true {
+            var oneMbTempBuffer = ByteBuffer(size: bufferSize)
+            let bytesRead = bytes.readIntoBuffer(buffer: &oneMbTempBuffer)
+            if bytesRead == 0 {
+                break
+            }
+            let hash = oneMbTempBuffer.sha256()
+            hashes.append(hash.toByteArray())
+        }
+        
+        return (bytes.sha256().encodeToHexString(), computeTreeHash(hashes: hashes))
+    }
+    
+    /// Builds a tree hash root node given a slice of hashes. Glacier tree hash to be derived from SHA256 hashes of 1MB chunks of the data.
+    /// See http://docs.aws.amazon.com/amazonglacier/latest/dev/checksum-calculations.html for more information.
+    private func computeTreeHash(hashes: [[UInt8]]) -> String? {
+        guard !hashes.isEmpty else {
+            return nil
+        }
+        var previousLevelHashes = hashes
+        while previousLevelHashes.count > 1 {
+            var currentLevelHashes = [[UInt8]]()
+            for index in stride(from: 0, to: previousLevelHashes.count, by: 2) {
+                if previousLevelHashes.count - index > 1 {
+                    var concatenatedLevelHash = [UInt8]()
+                    concatenatedLevelHash.append(contentsOf: previousLevelHashes[index])
+                    concatenatedLevelHash.append(contentsOf: previousLevelHashes[index + 1])
+                    let concatenatedLevelHashByteBuffer = ByteBuffer(bytes: concatenatedLevelHash)
+                    
+                    let md = concatenatedLevelHashByteBuffer.sha256()
+                    currentLevelHashes.append(md.toByteArray())
+                    
+                } else {
+                    currentLevelHashes.append(previousLevelHashes[index])
+                }
+            }
+            previousLevelHashes = currentLevelHashes
+        }
+        
+        let byteBuf = ByteBuffer(bytes: previousLevelHashes[0])
+        return byteBuf.encodeToHexString()
+    }
+    
+    public typealias MInput = SdkHttpRequestBuilder
+    public typealias MOutput = OperationOutput<OperationStackOutput>
+    public typealias Context = HttpContext
+    public typealias MError = SdkError<OperationStackError>
+}

AWSClientRuntime/Tests/Middlewares/Sha256TreeHashMiddlewareTests.swift

@@ -0,0 +1,51 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import XCTest
+import ClientRuntime
+import AwsCommonRuntimeKit
+import SmithyTestUtil
+@testable import AWSClientRuntime
+
+class Sha256TreeHashMiddlewareTests: XCTestCase {
+    override func setUp() {
+        #if os(Linux)
+        AwsCommonRuntimeKit.initialize()
+        #endif
+    }
+    
+    override func tearDown() {
+        #if os(Linux)
+        AwsCommonRuntimeKit.cleanUp()
+        #endif
+    }
+    
+    func testTreeHashAllZeroes() throws {
+        let context = HttpContextBuilder().build()
+        let expectation = XCTestExpectation(description: "closure was run")
+        let bytesIn5_5MB: Int = Int(1024 * 1024 * 5.5)
+        let byteArray: [UInt8] = Array(repeating: 0, count: bytesIn5_5MB)
+        let byteBuffer = ByteBuffer(bytes: byteArray)
+        let streamInput = MockStreamInput(body: ByteStream.buffer(byteBuffer))
+        var stack = OperationStack<MockStreamInput, MockOutput, MockMiddlewareError>(id: "TreeHashMiddlewareTestStack")
+        stack.serializeStep.intercept(position: .before, middleware: MockSerializeStreamMiddleware())
+        let mockHttpResponse = HttpResponse(body: HttpBody.none, statusCode: .accepted)
+        let mockOutput = try MockOutput(httpResponse: mockHttpResponse, decoder: nil)
+        let output = OperationOutput<MockOutput>(httpResponse: mockHttpResponse, output: mockOutput)
+        stack.finalizeStep.intercept(position: .after, middleware: Sha256TreeHashMiddleware())
+        _ = stack.handleMiddleware(context: context, input: streamInput, next: MockHandler(handleCallback: { context, input in
+            let linear = input.headers.value(for: "X-Amz-Content-Sha256")
+            XCTAssertEqual(linear, "733cf513448ce6b20ad1bc5e50eb27c06aefae0c320713a5dd99f4e51bc1ca60")
+            let treeHash = input.headers.value(for: "X-Amz-Sha256-Tree-Hash")
+            XCTAssertEqual(treeHash, "a3a82dbe3644dd6046be472f2e3ec1f8ef47f8f3adb86d0de4de7a254f255455")
+            expectation.fulfill()
+            return .success(output)
+        }))
+        
+        wait(for: [expectation], timeout: 3.0)
+    }
+}

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSClientRuntimeTypes.kt

@@ -49,6 +49,7 @@ object AWSClientRuntimeTypes {
         val UnknownAWSHttpServiceError = runtimeSymbol("UnknownAWSHttpServiceError")
         val AWSHttpServiceError = runtimeSymbol("AWSHttpServiceError")
         val RegionResolver = runtimeSymbol("RegionResolver")
+        val Sha256TreeHashMiddleware = runtimeSymbol("Sha256TreeHashMiddleware")
     }
 }
 

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHttpBindingProtocolGenerator.kt

@@ -44,10 +44,12 @@ abstract class AWSHttpBindingProtocolGenerator : HttpBindingProtocolGenerator()
     override val shouldRenderCodingKeysForEncodable = true
 
     override fun generateProtocolUnitTests(ctx: ProtocolGenerator.GenerationContext): Int {
+        // TODO: enable these tests once this PR is merged/released into Smithy: https://github.com/awslabs/smithy/pull/930
         val ignoredTests = setOf(
             "GlacierChecksums", // aws-sdk-swift#208
             "GlacierMultipartChecksums", // aws-sdk-swift#208
         )
+        val imports = listOf(AWSSwiftDependency.AWS_CLIENT_RUNTIME.target)
         return HttpProtocolTestGenerator(
             ctx,
             requestTestBuilder,
@@ -56,6 +58,7 @@ abstract class AWSHttpBindingProtocolGenerator : HttpBindingProtocolGenerator()
             httpProtocolCustomizable,
             operationMiddleware,
             serdeContext,
+            imports,
             ignoredTests
         ).generateProtocolTests()
     }

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/glacier/GlacierChecksum.kt

@@ -0,0 +1,42 @@
+package software.amazon.smithy.aws.swift.codegen.customization.glacier
+
+import software.amazon.smithy.aws.swift.codegen.middleware.AWSSigningMiddleware
+import software.amazon.smithy.aws.swift.codegen.middleware.Sha256TreeHashMiddleware
+import software.amazon.smithy.aws.swift.codegen.sdkId
+import software.amazon.smithy.aws.traits.auth.UnsignedPayloadTrait
+import software.amazon.smithy.model.Model
+import software.amazon.smithy.model.shapes.OperationShape
+import software.amazon.smithy.model.shapes.ServiceShape
+import software.amazon.smithy.swift.codegen.SwiftSettings
+import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator
+import software.amazon.smithy.swift.codegen.integration.SwiftIntegration
+import software.amazon.smithy.swift.codegen.middleware.MiddlewareStep
+import software.amazon.smithy.swift.codegen.middleware.OperationMiddleware
+import software.amazon.smithy.swift.codegen.model.expectShape
+import software.amazon.smithy.swift.codegen.model.hasTrait
+import java.util.Locale
+
+/**
+ * Adds a middleware for Glacier to add checksum headers needed for payloads
+ * See: https://github.com/awslabs/aws-sdk-swift/issues/208
+ * See also: https://docs.aws.amazon.com/amazonglacier/latest/dev/checksum-calculations.html
+ */
+class GlacierChecksum : SwiftIntegration {
+    override fun enabledForService(model: Model, settings: SwiftSettings) =
+        model.expectShape<ServiceShape>(settings.service).sdkId.lowercase(Locale.getDefault()) == "glacier"
+
+    override fun customizeMiddleware(
+        ctx: ProtocolGenerator.GenerationContext,
+        operationShape: OperationShape,
+        operationMiddleware: OperationMiddleware
+    ) {
+        operationMiddleware.removeMiddleware(operationShape, MiddlewareStep.FINALIZESTEP, "AWSSigningMiddleware")
+        operationMiddleware.appendMiddleware(operationShape, AWSSigningMiddleware(::middlewareParamsString))
+        operationMiddleware.appendMiddleware(operationShape, Sha256TreeHashMiddleware())
+    }
+
+    private fun middlewareParamsString(op: OperationShape): String {
+        val hasUnsignedPayload = op.hasTrait<UnsignedPayloadTrait>()
+        return "signedBodyHeader: .contentSha256, unsignedBody: $hasUnsignedPayload"
+    }
+}

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/middleware/Sha256TreeHashMiddleware.kt

@@ -0,0 +1,20 @@
+package software.amazon.smithy.aws.swift.codegen.middleware
+
+import software.amazon.smithy.aws.swift.codegen.AWSClientRuntimeTypes
+import software.amazon.smithy.model.shapes.OperationShape
+import software.amazon.smithy.swift.codegen.SwiftWriter
+import software.amazon.smithy.swift.codegen.middleware.MiddlewarePosition
+import software.amazon.smithy.swift.codegen.middleware.MiddlewareRenderable
+import software.amazon.smithy.swift.codegen.middleware.MiddlewareStep
+
+class Sha256TreeHashMiddleware : MiddlewareRenderable {
+    override val name = "Sha256TreeHashMiddleware"
+
+    override val middlewareStep = MiddlewareStep.FINALIZESTEP
+
+    override val position = MiddlewarePosition.AFTER
+
+    override fun render(writer: SwiftWriter, op: OperationShape, operationStackName: String) {
+        writer.write("$operationStackName.${middlewareStep.stringValue()}.intercept(position: ${position.stringValue()}, middleware: \$N())", AWSClientRuntimeTypes.Core.Sha256TreeHashMiddleware)
+    }
+}

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/restxml/RestXmlProtocolGenerator.kt

@@ -81,6 +81,7 @@ class RestXmlProtocolGenerator : AWSHttpBindingProtocolGenerator() {
             httpProtocolCustomizable,
             operationMiddleware,
             serdeContext,
+            listOf(),
             testsToIgnore
         ).generateProtocolTests()
     }

codegen/smithy-aws-swift-codegen/src/main/resources/META-INF/services/software.amazon.smithy.swift.codegen.integration.SwiftIntegration

@@ -4,6 +4,7 @@ software.amazon.smithy.aws.swift.codegen.customization.s3.S3ErrorIntegration
 software.amazon.smithy.aws.swift.codegen.customization.apigateway.ApiGatewayAddAcceptHeader
 software.amazon.smithy.aws.swift.codegen.customization.glacier.GlacierAddVersionHeader
 software.amazon.smithy.aws.swift.codegen.customization.glacier.GlacierAccountIdDefault
+software.amazon.smithy.aws.swift.codegen.customization.glacier.GlacierChecksum
 software.amazon.smithy.aws.swift.codegen.customization.BoxServices
 software.amazon.smithy.aws.swift.codegen.customization.PresignableModelIntegration
 software.amazon.smithy.aws.swift.codegen.customization.polly.PollyGetPresignerIntegration