Signing fixes

Author: alextwoods

codegen/core/src/main/java/software/amazon/smithy/python/codegen/ClientGenerator.java

@@ -536,7 +536,6 @@ await sleep(retry_token.retry_delay)
 
         writer.pushState(new SignRequestSection());
         if (context.applicationProtocol().isHttpProtocol() && supportsAuth) {
-            writer.addStdlibImport("binascii", "hexlify");
             writer.addStdlibImport("re");
             writer.write("""
                             # Step 7i: sign the request
@@ -557,12 +556,12 @@ await sleep(retry_token.retry_delay)
                                 logger.debug("Signed HTTP request: %s", context.transport_request)
 
                                 # TODO - Move this to separate resolution/population function
-                                fields = context._transport_request.fields
+                                fields = context.transport_request.fields
                                 auth_value = fields["Authorization"].as_string()  # type: ignore
                                 signature = re.split("Signature=", auth_value)[-1]  # type: ignore
-                                context._properties["signature"] = hexlify(signature.encode('utf-8'))  # type: ignore
-                                context._properties["identity"] = identity
-                                context._properties["signer_properties"] = auth_option.signer_properties
+                                context.properties["signature"] = signature.encode('utf-8')
+                                context.properties["identity"] = identity
+                                context.properties["signer_properties"] = auth_option.signer_properties
                     """);
         }
         writer.popState();

codegen/core/src/main/java/software/amazon/smithy/python/codegen/integrations/RestJsonProtocolGenerator.java

@@ -7,6 +7,7 @@
 import java.util.List;
 import java.util.Set;
 import software.amazon.smithy.aws.traits.protocols.RestJson1Trait;
+import software.amazon.smithy.model.knowledge.EventStreamIndex;
 import software.amazon.smithy.model.knowledge.HttpBinding;
 import software.amazon.smithy.model.node.ArrayNode;
 import software.amazon.smithy.model.node.ObjectNode;
@@ -156,6 +157,21 @@ protected void serializeDocumentBody(
         writer.popState();
     }
 
+    @Override
+    protected void writeDefaultHeaders(GenerationContext context, PythonWriter writer, OperationShape operation) {
+        var eventStreamIndex = EventStreamIndex.of(context.model());
+        if (eventStreamIndex.getInputInfo(operation).isPresent()) {
+            writer.addImport("smithy_http", "Field");
+            writer.write(
+                    "Field(name=\"Content-Type\", values=[$S]),",
+                    "application/vnd.amazon.eventstream");
+            writer.write(
+                    "Field(name=\"X-Amz-Content-SHA256\", values=[$S]),",
+                    "STREAMING-AWS4-HMAC-SHA256-EVENTS\"");
+        }
+    }
+
+
     @Override
     protected void serializePayloadBody(
             GenerationContext context,

packages/aws-sdk-signers/src/aws_sdk_signers/signers.py

@@ -744,6 +744,9 @@ async def _format_canonical_payload(
         request: AWSRequest,
         signing_properties: SigV4SigningProperties,
     ) -> str:
+        if "X-Amz-Content-SHA256" in request.fields and len(request.fields["X-Amz-Content-SHA256"].values) == 1:
+            return request.fields["X-Amz-Content-SHA256"].values[0]
+
         payload_hash = await self._compute_payload_hash(
             request=request, signing_properties=signing_properties
         )
@@ -819,23 +822,26 @@ async def sign_event(
             new_signing_properties = SigV4SigningProperties(  # type: ignore
                 **self._signing_properties
             )
+            # TODO: If date is in properties, parse a datetime from it.
+            date_obj = datetime.datetime.now(datetime.UTC)
             if "date" not in new_signing_properties:
-                date_obj = datetime.datetime.now(datetime.UTC)
                 new_signing_properties["date"] = date_obj.strftime(
                     SIGV4_TIMESTAMP_FORMAT
                 )
 
             timestamp = new_signing_properties["date"]
-            headers: dict[str, str | bytes] = {":date": timestamp}
+            headers: dict[str, str | bytes] = {":date": date_obj}
             encoder = event_encoder_cls()
-            encoder.encode_headers(event_message.headers)
+            encoder.encode_headers(headers)
             encoded_headers = encoder.get_result()
 
+            payload = event_message.encode()
+
             string_to_sign = await self._event_string_to_sign(
                 timestamp=timestamp,
                 scope=self._scope(new_signing_properties),
                 encoded_headers=encoded_headers,
-                payload=event_message.payload,
+                payload=payload,
                 prior_signature=self._prior_signature,
             )
             event_signature = await self._sign_event(
@@ -844,10 +850,12 @@ async def sign_event(
                 signing_properties=new_signing_properties,
             )
             headers[":chunk-signature"] = event_signature
-            event_message.headers.update(headers)  # type: ignore
+
+            event_message.headers = headers
+            event_message.payload = payload
 
             # set new prior signature before releasing the lock
-            self._prior_signature = event_signature
+            self._prior_signature = hexlify(event_signature)
 
         return event_message
 
@@ -861,10 +869,10 @@ async def _event_string_to_sign(
         prior_signature: bytes,
     ) -> str:
         return (
-            "AWS-HMAC-SHA256-PAYLOAD\n"
+            "AWS4-HMAC-SHA256-PAYLOAD\n"
             f"{timestamp}\n"
             f"{scope}\n"
-            f"{hexlify(prior_signature).decode('utf-8')}\n"
+            f"{prior_signature.decode('utf-8')}\n"
             f"{sha256(encoded_headers).hexdigest()}\n"
             f"{sha256(payload).hexdigest()}"
         )