Add SigV4aSignatureCalculatorTest

Author: lauzadis

runtime/auth/aws-signing-default/build.gradle.kts

@@ -18,6 +18,7 @@ kotlin {
             dependencies {
                 implementation(project(":runtime:auth:aws-signing-tests"))
                 implementation(libs.kotlinx.coroutines.test)
+                implementation(libs.kotlinx.serialization.json)
             }
         }
 

runtime/auth/aws-signing-default/common/test/aws/smithy/kotlin/runtime/auth/awssigning/SigV4aSignatureCalculatorTest.kt

@@ -0,0 +1,111 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package aws.smithy.kotlin.runtime.auth.awssigning
+
+import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
+import aws.smithy.kotlin.runtime.time.Instant
+import aws.smithy.kotlin.runtime.util.PlatformProvider
+import kotlinx.coroutines.test.runTest
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.jsonObject
+import kotlin.test.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertTrue
+
+private const val SIGV4A_RESOURCES_BASE = "common/test/resources/sigv4a"
+
+/**
+ * Tests which are defined in resources/sigv4a
+ */
+private val TESTS = listOf(
+    "get-header-key-duplicate",
+    "get-header-value-multiline",
+    "get-header-value-order",
+    "get-header-value-trim",
+    "get-relative-normalized",
+    "get-relative-relative-normalized",
+    "get-relative-relative-unnormalized",
+    "get-relative-unnormalized",
+    "get-slash-dot-slash-normalized",
+    "get-slash-dot-slash-unnormalized",
+    "get-slash-normalized",
+    "get-slash-pointless-dot-normalized",
+    "get-slash-pointless-dot-unnormalized",
+    "get-slash-unnormalized",
+    "get-slashes-normalized",
+    "get-slashes-unnormalized",
+    "get-space-normalized",
+    "get-space-unnormalized",
+    "get-unreserved",
+    "get-utf8",
+    "get-vanilla",
+    "get-vanilla-empty-query-key",
+    "get-vanilla-query",
+    "get-vanilla-query-order-encoded",
+    "get-vanilla-query-order-key-case",
+    "get-vanilla-query-unreserved",
+    "get-vanilla-utf8-query",
+    "get-vanilla-with-session-token",
+    "post-header-key-case",
+    "post-header-key-sort",
+    "post-header-value-case",
+    "post-sts-header-after",
+    "post-sts-header-before",
+    "post-vanilla",
+    "post-vanilla-empty-query-value",
+    "post-vanilla-query",
+    "post-x-www-form-urlencoded",
+    "post-x-www-form-urlencoded-parameters",
+)
+
+class SigV4aSignatureCalculatorTest {
+    @Test
+    fun testStringToSign() = TESTS.forEach { testId ->
+        runTest {
+            val testDir = "$SIGV4A_RESOURCES_BASE/$testId/"
+            assertTrue(PlatformProvider.System.fileExists(testDir), "Failed to find test directory for $testId")
+
+            val context = Json.parseToJsonElement(testDir.fileContents("context.json")).jsonObject
+            val signingConfig = context.parseAwsSigningConfig()
+
+            val expectedStringToSign = testDir.fileContents("header-string-to-sign.txt")
+            val canonicalRequest = testDir.fileContents("header-canonical-request.txt")
+            val actualStringToSign = SignatureCalculator.SigV4a.stringToSign(canonicalRequest, signingConfig)
+
+            assertEquals(expectedStringToSign, actualStringToSign)
+        }
+    }
+
+    private fun JsonObject.parseAwsSigningConfig(): AwsSigningConfig {
+        fun JsonObject.getStringValue(key: String): String {
+            val value = checkNotNull(get(key)) { "Failed to find key $key in JSON object $this" }
+            return value.toString().replace("\"", "")
+        }
+
+        val contextCredentials = checkNotNull(get("credentials")?.jsonObject) { "credentials unexpectedly null" }
+
+        val credentials = Credentials(
+            contextCredentials.getStringValue("access_key_id"),
+            contextCredentials.getStringValue("secret_access_key"),
+        )
+
+        val region = getStringValue("region")
+        val service = getStringValue("service")
+        val signingDate = Instant.fromIso8601(getStringValue("timestamp"))
+
+        return AwsSigningConfig {
+            algorithm = AwsSigningAlgorithm.SIGV4_ASYMMETRIC
+            this.credentials = credentials
+            this.region = region
+            this.service = service
+            this.signingDate = signingDate
+        }
+    }
+
+    private suspend fun String.fileContents(path: String): String = checkNotNull(PlatformProvider.System.readFileOrNull(this + path)?.decodeToString()) {
+        "Unable to read contents at ${this + path}"
+    }
+}

runtime/auth/aws-signing-default/common/test/resources/sigv4a/README.md

@@ -0,0 +1,2 @@
+Copied directly from https://github.com/awslabs/aws-c-auth/tree/e8360a65e0f3337d4ac827945e00c3b55a641a5f/tests/aws-signing-test-suite/v4a.
+get-vanilla-query-order-key and get-vanilla-query-order-value were deleted since they are not complete tests.

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/context.json

@@ -0,0 +1,12 @@
+{
+    "credentials": {
+        "access_key_id": "AKIDEXAMPLE",
+        "secret_access_key": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
+    },
+    "expiration_in_seconds": 3600,
+    "normalize": true,
+    "region": "us-east-1",
+    "service": "service",
+    "sign_body": false,
+    "timestamp": "2015-08-30T12:36:00Z"
+}

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/header-canonical-request.txt

@@ -0,0 +1,10 @@
+GET
+/
+
+host:example.amazonaws.com
+my-header1:value2,value2,value1
+x-amz-date:20150830T123600Z
+x-amz-region-set:us-east-1
+
+host;my-header1;x-amz-date;x-amz-region-set
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/header-signature.txt

@@ -0,0 +1 @@
+304502204862ad283a21f883fc12f1156a6f3fcdbba13d1847e58aa5eb37c666477ea06b022100ee439fac0a975c9a6605b1fa44ad7b654a1f8ac6e868e4e1069a1b3aa35d8113

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/header-signed-request.txt

@@ -0,0 +1,9 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value2
+My-Header1:value2
+My-Header1:value1
+X-Amz-Date:20150830T123600Z
+X-Amz-Region-Set:us-east-1
+Authorization:AWS4-ECDSA-P256-SHA256 Credential=AKIDEXAMPLE/20150830/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date;x-amz-region-set, Signature=30450220331da6dfebb0d19e5e161b1efa389ccb83cadb60bc71f6791ef71ac6054c44de0221008588b7d5c9f7a79ca9c02a02efbd0f540cda242a64ca1452aa914e050b517724
+

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/header-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-ECDSA-P256-SHA256
+20150830T123600Z
+20150830/service/aws4_request
+30f1f7b639b7fd5982a0f700e6d23bf7bb24f2f1d9e1314005bf22130da61cdf

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/public-key.json

@@ -0,0 +1,4 @@
+{
+  "X":"b6618f6a65740a99e650b33b6b4b5bd0d43b176d721a3edfea7e7d2d56d936b1",
+  "Y":"865ed22a7eadc9c5cb9d2cbaca1b3699139fedc5043dc6661864218330c8e518"
+}

runtime/auth/aws-signing-default/common/test/resources/sigv4a/get-header-key-duplicate/query-canonical-request.txt

@@ -0,0 +1,8 @@
+GET
+/
+X-Amz-Algorithm=AWS4-ECDSA-P256-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-Expires=3600&X-Amz-Region-Set=us-east-1&X-Amz-SignedHeaders=host%3Bmy-header1
+host:example.amazonaws.com
+my-header1:value2,value2,value1
+
+host;my-header1
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855