Fix composite checksums

0marperez · 0marperez · commit 1157f265ca6c · 2024-12-18T21:37:10.000-05:00
diff --git a/runtime/auth/aws-signing-common/common/src/aws/smithy/kotlin/runtime/auth/awssigning/AwsSigningConfig.kt b/runtime/auth/aws-signing-common/common/src/aws/smithy/kotlin/runtime/auth/awssigning/AwsSigningConfig.kt
@@ -174,6 +174,7 @@ public class AwsSigningConfig(builder: Builder) {
 
     /**
      * Determines the checksum to add to the canonical request query parameters before signing.
+     * The first element of the pair represents the checksum name, the second represents the checksum value.
      */
     public val checksum: Pair<String, String>? = builder.checksum
 
diff --git a/runtime/protocol/http-client/common/src/aws/smithy/kotlin/runtime/http/interceptors/FlexibleChecksumsResponseInterceptor.kt b/runtime/protocol/http-client/common/src/aws/smithy/kotlin/runtime/http/interceptors/FlexibleChecksumsResponseInterceptor.kt
@@ -44,38 +44,33 @@ internal val CHECKSUM_HEADER_VALIDATION_PRIORITY_LIST: List<String> = listOf(
  * @param responseChecksumValidation Configuration option that determines when checksum validation should be done.
  */
 @InternalApi
-public class FlexibleChecksumsResponseInterceptor<I>(
+public open class FlexibleChecksumsResponseInterceptor(
     private val responseValidationRequired: Boolean,
     private val responseChecksumValidation: HttpChecksumConfigOption?,
 ) : HttpInterceptor {
-
-    // FIXME: Remove in next minor version bump
-    @Deprecated("Old constructor is no longer used but it's kept for backwards compatibility")
-    public constructor(
-        shouldValidateResponseChecksumInitializer: (input: I) -> Boolean,
-    ) : this(
-        false,
-        HttpChecksumConfigOption.WHEN_REQUIRED,
-    )
-
     @InternalApi
     public companion object {
         // The name of the checksum header which was validated. If `null`, validation was not performed.
         public val ChecksumHeaderValidated: AttributeKey<String> = AttributeKey("ChecksumHeaderValidated")
     }
 
     override suspend fun modifyBeforeDeserialization(context: ProtocolResponseInterceptorContext<Any, HttpRequest, HttpResponse>): HttpResponse {
-        val logger = coroutineContext.logger<FlexibleChecksumsResponseInterceptor<I>>()
+        val logger = coroutineContext.logger<FlexibleChecksumsResponseInterceptor>()
 
-        val forcedToVerifyChecksum = responseValidationRequired || responseChecksumValidation == HttpChecksumConfigOption.WHEN_SUPPORTED
-        if (!forcedToVerifyChecksum) return context.protocolResponse
+        val configuredToVerifyChecksum = responseValidationRequired || responseChecksumValidation == HttpChecksumConfigOption.WHEN_SUPPORTED
+        if (!configuredToVerifyChecksum) return context.protocolResponse
 
         val checksumHeader = CHECKSUM_HEADER_VALIDATION_PRIORITY_LIST
             .firstOrNull { context.protocolResponse.headers.contains(it) } ?: run {
-            logger.warn { "Checksum validation was requested but the response headers didn't contain a valid checksum." }
+                logger.warn { "Checksum validation was requested but the response headers didn't contain a valid checksum." }
+                return context.protocolResponse
+            }
+
+        val serviceChecksumValue = context.protocolResponse.headers[checksumHeader]!!
+        if (ignoreChecksum(serviceChecksumValue)) {
+            logger.warn { "Checksum detected but validation was skipped." }
             return context.protocolResponse
         }
-        val serviceChecksumValue = context.protocolResponse.headers[checksumHeader]!!
 
         context.executionContext[ChecksumHeaderValidated] = checksumHeader
 
@@ -111,6 +106,11 @@ public class FlexibleChecksumsResponseInterceptor<I>(
             else -> throw IllegalStateException("HTTP body type '$bodyType' is not supported for flexible checksums.")
         }
     }
+
+    /**
+     * Additional check on the checksum itself to see if it should be validated
+     */
+    public open fun ignoreChecksum(checksum: String): Boolean = false
 }
 
 public class ChecksumMismatchException(message: String?) : ClientException(message)
diff --git a/runtime/runtime-core/common/src/aws/smithy/kotlin/runtime/hashing/HashFunction.kt b/runtime/runtime-core/common/src/aws/smithy/kotlin/runtime/hashing/HashFunction.kt
@@ -73,20 +73,29 @@ public fun String.toHashFunction(): HashFunction? = when (this.lowercase()) {
 }
 
 /**
- * Return the [HashFunction] which is represented by this string, or an exception if none match.
+ * @return The [HashFunction] which is represented by this string, or an exception if none match.
  */
 @InternalApi
 public fun String.toHashFunctionOrThrow(): HashFunction =
     toHashFunction() ?: throw ClientException("Checksum algorithm is not supported: $this")
 
 /**
- * @return if the [HashFunction] is supported by flexible checksums
+ * @return If the [HashFunction] is supported by flexible checksums
  */
 @InternalApi
-public val HashFunction.isSupportedForFlexibleChecksums: Boolean get() = when (this) {
-    is Crc32, is Crc32c, is Sha256, is Sha1 -> true
-    else -> false
-}
+public val HashFunction.isSupportedForFlexibleChecksums: Boolean get() =
+    algorithmsSupportedForFlexibleChecksums.contains(this::class.simpleName)
+
+/**
+ * The class names of checksum algorithms supported for flexible checksums
+ */
+// This is shown to users in exception messages to let them know which algorithms are supported
+public val algorithmsSupportedForFlexibleChecksums: Set<String> = setOf(
+    "Crc32",
+    "Crc32c",
+    "Sha1",
+    "Sha256",
+)
 
 /**
  * @return The checksum algorithm header used depending on the checksum algorithm name
