From d799977e451e730a7005255deac7bb8eee572d93 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 02:58:59 +0000
Subject: [PATCH 1/2] HSEARCH-5179 Bump software.amazon.awssdk:auth from 2.25.2
 to 2.26.4

Bumps software.amazon.awssdk:auth from 2.25.2 to 2.26.4.

---
updated-dependencies:
- dependency-name: software.amazon.awssdk:auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build/parents/build/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/parents/build/pom.xml b/build/parents/build/pom.xml
index 06501ccd9c0..46ce07928db 100644
--- a/build/parents/build/pom.xml
+++ b/build/parents/build/pom.xml
@@ -81,7 +81,7 @@
         <documentation.org.opensearch.url>https://opensearch.org/docs/${parsed-version.org.opensearch.compatible.main.majorVersion}.${parsed-version.org.opensearch.compatible.main.minorVersion}</documentation.org.opensearch.url>
 
         <version.com.google.code.gson>2.11.0</version.com.google.code.gson>
-        <version.software.amazon.awssdk>2.25.2</version.software.amazon.awssdk>
+        <version.software.amazon.awssdk>2.26.4</version.software.amazon.awssdk>
         <!-- Jackson: used by the Elasticsearch REST client, by Avro, by the AWS SDK and in tests (wiremock, ...) -->
         <version.com.fasterxml.jackson>2.17.1</version.com.fasterxml.jackson>
         <!-- slf4j: used by the AWS SDK -->

From f06fe4a02ff9d38a0e4a78b117a704b3c72c3084 Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Tue, 18 Jun 2024 11:22:30 +0200
Subject: [PATCH 2/2] HSEARCH-5179 Replace deprecated request signer

---
 .../impl/AwsSigningRequestInterceptor.java    | 24 +++++++++----------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/backend/elasticsearch-aws/src/main/java/org/hibernate/search/backend/elasticsearch/aws/impl/AwsSigningRequestInterceptor.java b/backend/elasticsearch-aws/src/main/java/org/hibernate/search/backend/elasticsearch/aws/impl/AwsSigningRequestInterceptor.java
index d8767030ae7..44c7bd6d37b 100644
--- a/backend/elasticsearch-aws/src/main/java/org/hibernate/search/backend/elasticsearch/aws/impl/AwsSigningRequestInterceptor.java
+++ b/backend/elasticsearch-aws/src/main/java/org/hibernate/search/backend/elasticsearch/aws/impl/AwsSigningRequestInterceptor.java
@@ -27,24 +27,24 @@
 import org.apache.http.protocol.HttpCoreContext;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-import software.amazon.awssdk.auth.signer.Aws4Signer;
-import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
 import software.amazon.awssdk.http.ContentStreamProvider;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.http.auth.aws.signer.AwsV4HttpSigner;
+import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
 import software.amazon.awssdk.regions.Region;
 
 class AwsSigningRequestInterceptor implements HttpRequestInterceptor {
 
 	private static final Log log = LoggerFactory.make( Log.class, MethodHandles.lookup() );
 
-	private final Aws4Signer signer;
+	private final AwsV4HttpSigner signer;
 	private final Region region;
 	private final String service;
 	private final AwsCredentialsProvider credentialsProvider;
 
 	AwsSigningRequestInterceptor(Region region, String service, AwsCredentialsProvider credentialsProvider) {
-		this.signer = Aws4Signer.create();
+		this.signer = AwsV4HttpSigner.create();
 		this.region = region;
 		this.service = service;
 		this.credentialsProvider = credentialsProvider;
@@ -68,18 +68,16 @@ private void sign(HttpRequest request, HttpContext context, HttpEntityContentStr
 		AwsCredentials credentials = credentialsProvider.resolveCredentials();
 		log.tracef( "AWS credentials: %s", credentials );
 
-		Aws4SignerParams signerParams = Aws4SignerParams.builder()
-				.awsCredentials( credentials )
-				.signingRegion( region )
-				.signingName( service )
-				.build();
-
-		awsRequest = signer.sign( awsRequest, signerParams );
+		SignedRequest signedRequest = signer.sign( r -> r.identity( credentials )
+				.request( awsRequest )
+				.payload( awsRequest.contentStreamProvider().orElse( null ) )
+				.putProperty( AwsV4HttpSigner.SERVICE_SIGNING_NAME, service )
+				.putProperty( AwsV4HttpSigner.REGION_NAME, region.id() ) );
 
 		// The AWS SDK added some headers.
 		// Let's just override the existing headers with whatever the AWS SDK came up with.
 		// We don't expect signing to affect anything else (path, query, content, ...).
-		for ( Map.Entry<String, List<String>> header : awsRequest.headers().entrySet() ) {
+		for ( Map.Entry<String, List<String>> header : signedRequest.request().headers().entrySet() ) {
 			String name = header.getKey();
 			boolean first = true;
 			for ( String value : header.getValue() ) {
@@ -94,7 +92,7 @@ private void sign(HttpRequest request, HttpContext context, HttpEntityContentStr
 		}
 
 		if ( log.isTraceEnabled() ) {
-			log.tracef( "AWS request (after signing): %s", awsRequest );
+			log.tracef( "AWS request (after signing): %s", signedRequest );
 			log.tracef( "HTTP request (after signing): %s", request );
 		}
 	}