smithy-lang
diff --git a/‎Package.swift‎
Lines changed: 24 additions & 1 deletion b/‎Package.swift‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎Sources/ClientRuntime/Networking/Http/Middlewares/ContentMD5Middleware.swift‎
Lines changed: 1 addition & 1 deletion b/‎Sources/ClientRuntime/Networking/Http/Middlewares/ContentMD5Middleware.swift‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Sources/Smithy/Stream.swift‎
Lines changed: 24 additions & 0 deletions b/‎Sources/Smithy/Stream.swift‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎Sources/SmithyChecksums/ChunkedReader.swift‎
Lines changed: 3 additions & 3 deletions b/‎Sources/SmithyChecksums/ChunkedReader.swift‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Sources/SmithyChecksums/Stream+Chunks.swift‎
Lines changed: 0 additions & 32 deletions b/‎Sources/SmithyChecksums/Stream+Chunks.swift‎
Lines changed: 0 additions & 32 deletions
diff --git a/‎Sources/SmithyHTTPAuth/SigV4AuthScheme.swift‎
Lines changed: 72 additions & 0 deletions b/‎Sources/SmithyHTTPAuth/SigV4AuthScheme.swift‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎Sources/SmithyHTTPAuth/SigV4Signer.swift‎
Lines changed: 163 additions & 0 deletions b/‎Sources/SmithyHTTPAuth/SigV4Signer.swift‎
Lines changed: 163 additions & 0 deletions
diff --git a/‎Sources/SmithyHTTPAuth/Headers+Extension.swift‎ renamed to ‎Sources/SmithyHTTPClient/Headers+Extension.swift‎ b/‎Sources/SmithyHTTPAuth/Headers+Extension.swift‎ renamed to ‎Sources/SmithyHTTPClient/Headers+Extension.swift‎
@@ -40,6 +40,7 @@ let package = Package(
         .library(name: "SmithyIdentity", targets: ["SmithyIdentity"]),
         .library(name: "SmithyIdentityAPI", targets: ["SmithyIdentityAPI"]),
         .library(name: "SmithyHTTPAPI", targets: ["SmithyHTTPAPI"]),
+        .library(name: "SmithyHTTPClient", targets: ["SmithyHTTPClient"]),
         .library(name: "SmithyHTTPAuth", targets: ["SmithyHTTPAuth"]),
         .library(name: "SmithyHTTPAuthAPI", targets: ["SmithyHTTPAuthAPI"]),
         .library(name: "SmithyEventStreamsAPI", targets: ["SmithyEventStreamsAPI"]),
@@ -74,6 +75,7 @@ let package = Package(
                 "SmithyIdentity",
                 "SmithyIdentityAPI",
                 "SmithyHTTPAPI",
+                "SmithyHTTPClient",
                 "SmithyHTTPAuth",
                 "SmithyHTTPAuthAPI",
                 "SmithyEventStreamsAPI",
@@ -147,13 +149,24 @@ let package = Package(
             name: "SmithyHTTPAPI",
             dependencies: ["Smithy"]
         ),
+        .target(
+            name: "SmithyHTTPClient",
+            dependencies: [
+                "Smithy",
+                "SmithyHTTPAPI",
+                "SmithyStreams",
+                .product(name: "AwsCommonRuntimeKit", package: "aws-crt-swift")
+            ]
+        ),
         .target(
             name: "SmithyHTTPAuth",
             dependencies: [
                 "Smithy",
                 "SmithyHTTPAuthAPI",
                 "SmithyIdentity",
                 "SmithyIdentityAPI",
+                "SmithyChecksumsAPI",
+                "SmithyHTTPClient",
                 .product(name: "AwsCommonRuntimeKit", package: "aws-crt-swift")
             ]
         ),
@@ -196,7 +209,7 @@ let package = Package(
                 "Smithy",
                 "SmithyChecksumsAPI",
                 "SmithyStreams",
-                "SmithyHTTPAuth",
+                "SmithyHTTPClient",
                 .product(name: "AwsCommonRuntimeKit", package: "aws-crt-swift")
             ]
         ),
@@ -208,6 +221,16 @@ let package = Package(
             dependencies: ["ClientRuntime", "SmithyTestUtil", "SmithyStreams"],
             resources: [ .process("Resources") ]
         ),
+        .testTarget(
+            name: "SmithyHTTPClientTests",
+            dependencies: [
+                "SmithyHTTPClient",
+                "SmithyHTTPAPI",
+                "Smithy",
+                "SmithyTestUtil",
+                .product(name: "AwsCommonRuntimeKit", package: "aws-crt-swift")
+            ]
+        ),
         .testTarget(
             name: "SmithyXMLTests",
             dependencies: ["SmithyXML", "ClientRuntime"]
 
@@ -1,7 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0.
 
-import class Smithy.Context
+import Smithy
 import enum SmithyChecksumsAPI.ChecksumAlgorithm
 import AwsCommonRuntimeKit
 import SmithyChecksums
 
@@ -72,3 +72,27 @@ extension Stream {
         }
     }
 }
+
+/*
+ * Default chunk size
+ */
+public let CHUNK_SIZE_BYTES: Int = 65_536
+
+/*
+ * The minimum size of a streaming body before the SDK will chunk
+ * (such as setting aws-chunked content encoding)
+ */
+public let CHUNKED_THRESHOLD = CHUNK_SIZE_BYTES * 16
+
+public extension Stream {
+    /*
+     * Return a Bool representing if the ByteStream (request body) is large enough to send in chunks
+     */
+    var isEligibleForChunkedStreaming: Bool {
+        if let length = self.length, length >= CHUNKED_THRESHOLD {
+            return true
+        } else {
+            return false
+        }
+    }
+}
@@ -7,11 +7,11 @@
 
 import protocol SmithyChecksumsAPI.Checksum
 import enum SmithyChecksumsAPI.ChecksumAlgorithm
-import protocol Smithy.ReadableStream
 import struct SmithyHTTPAPI.Headers
 import AwsCommonRuntimeKit
-import SmithyHTTPAuth
+import SmithyHTTPClient
 import struct Foundation.Data
+import Smithy
 
 public class ChunkedReader {
     private var stream: ReadableStream
@@ -110,7 +110,7 @@ public class ChunkedReader {
     }
 
     private func getUnsignedChunk(from stream: ReadableStream) async throws -> Data? {
-        let chunk = try await stream.readAsync(upToCount: SmithyChecksums.CHUNK_SIZE_BYTES) ?? Data()
+        let chunk = try await stream.readAsync(upToCount: CHUNK_SIZE_BYTES) ?? Data()
 
         self.chunkBody = chunk
 
 
@@ -0,0 +1,72 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import class Smithy.Context
+import enum SmithyHTTPAuthAPI.AWSSignedBodyHeader
+import enum SmithyHTTPAuthAPI.SigningPropertyKeys
+import protocol SmithyHTTPAuthAPI.AuthScheme
+import protocol SmithyHTTPAuthAPI.Signer
+import struct Smithy.Attributes
+import SmithyChecksumsAPI
+
+public struct SigV4AuthScheme: AuthScheme {
+    public let schemeID: String = "aws.auth#sigv4"
+    public let signer: Signer = SigV4Signer()
+
+    public init() {}
+
+    public func customizeSigningProperties(
+        signingProperties: Smithy.Attributes,
+        context: Smithy.Context
+    ) throws -> Smithy.Attributes {
+        var updatedSigningProperties = signingProperties
+
+        // Set signing algorithm flag
+        updatedSigningProperties.set(key: SigningPropertyKeys.signingAlgorithm, value: .sigv4)
+
+        // Set bidirectional streaming flag
+        updatedSigningProperties.set(
+            key: SigningPropertyKeys.bidirectionalStreaming,
+            value: context.isBidirectionalStreamingEnabled
+        )
+
+        // Set signing name and signing region flags
+        updatedSigningProperties.set(key: SigningPropertyKeys.signingName, value: context.signingName)
+        updatedSigningProperties.set(key: SigningPropertyKeys.signingRegion, value: context.signingRegion)
+
+        // Set expiration flag
+        //
+        // Expiration is only used for presigning (presign request flow or presign URL flow).
+        updatedSigningProperties.set(key: SigningPropertyKeys.expiration, value: context.expiration)
+
+        // Set signature type flag
+        //
+        // AWSSignatureType.requestQueryParams is only used for presign URL flow.
+        // Out of the AWSSignatureType enum cases, only two are used. .requestHeaders and .requestQueryParams.
+        // .requestHeaders is the deafult signing used for AWS operations.
+        let isPresignURLFlow = context.getFlowType() == .PRESIGN_URL
+        updatedSigningProperties.set(
+            key: SigningPropertyKeys.signatureType,
+            value: isPresignURLFlow ? .requestQueryParams : .requestHeaders
+        )
+
+        // Set unsignedBody to true IFF operation had unsigned payload trait.
+        let unsignedBody = context.hasUnsignedPayloadTrait()
+        updatedSigningProperties.set(key: SigningPropertyKeys.unsignedBody, value: unsignedBody)
+
+        // Set default values.
+        updatedSigningProperties.set(key: SigningPropertyKeys.signedBodyHeader, value: AWSSignedBodyHeader.none)
+        updatedSigningProperties.set(key: SigningPropertyKeys.useDoubleURIEncode, value: true)
+        updatedSigningProperties.set(key: SigningPropertyKeys.shouldNormalizeURIPath, value: true)
+        updatedSigningProperties.set(key: SigningPropertyKeys.omitSessionToken, value: false)
+
+        // Copy checksum from middleware context to signing properties
+        updatedSigningProperties.set(key: SigningPropertyKeys.checksum, value: context.checksumString)
+
+        return updatedSigningProperties
+    }
+}
@@ -0,0 +1,163 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import class AwsCommonRuntimeKit.HTTPRequestBase
+import class AwsCommonRuntimeKit.Signer
+import class SmithyHTTPAPI.HTTPRequest
+import class SmithyHTTPAPI.HTTPRequestBuilder
+import enum AwsCommonRuntimeKit.CommonRunTimeError
+import enum Smithy.ClientError
+import enum SmithyHTTPAuthAPI.AWSSignedBodyHeader
+import enum SmithyHTTPAuthAPI.AWSSignedBodyValue
+import enum SmithyHTTPAuthAPI.AWSSignatureType
+import enum SmithyHTTPAuthAPI.SigningAlgorithm
+import enum SmithyHTTPAuthAPI.SigningPropertyKeys
+import protocol SmithyIdentity.AWSCredentialIdentityResolver
+import protocol SmithyIdentityAPI.Identity
+import protocol SmithyHTTPAuthAPI.Signer
+import struct AwsCommonRuntimeKit.SigningConfig
+import struct Smithy.AttributeKey
+import struct Smithy.Attributes
+import struct Smithy.SwiftLogger
+import struct SmithyIdentity.AWSCredentialIdentity
+import struct SmithyHTTPAuthAPI.SigningFlags
+import struct Foundation.Date
+import struct Foundation.TimeInterval
+import struct Foundation.URL
+import SmithyHTTPClient
+
+public class SigV4Signer: SmithyHTTPAuthAPI.Signer {
+    public init() {}
+
+    public func signRequest<IdentityT>(
+        requestBuilder: SmithyHTTPAPI.HTTPRequestBuilder,
+        identity: IdentityT,
+        signingProperties: Smithy.Attributes
+    ) async throws -> SmithyHTTPAPI.HTTPRequestBuilder where IdentityT: SmithyIdentityAPI.Identity {
+        guard let isBidirectionalStreamingEnabled = signingProperties.get(
+            key: SigningPropertyKeys.bidirectionalStreaming
+        ) else {
+            throw Smithy.ClientError.authError(
+                "Signing properties passed to the AWSSigV4Signer must contain T/F flag for bidirectional streaming."
+            )
+        }
+
+        guard let identity = identity as? AWSCredentialIdentity else {
+            throw Smithy.ClientError.authError(
+                "Identity passed to the AWSSigV4Signer must be of type Credentials."
+            )
+        }
+
+        var signingConfig = try constructSigningConfig(identity: identity, signingProperties: signingProperties)
+
+        let unsignedRequest = requestBuilder.build()
+        let crtUnsignedRequest: HTTPRequestBase = isBidirectionalStreamingEnabled ?
+            try unsignedRequest.toHttp2Request() :
+            try unsignedRequest.toHttpRequest()
+
+        let crtSigningConfig = try signingConfig.toCRTType()
+
+        let crtSignedRequest = try await Signer.signRequest(
+            request: crtUnsignedRequest,
+            config: crtSigningConfig
+        )
+
+        let sdkSignedRequest = requestBuilder.update(from: crtSignedRequest, originalRequest: unsignedRequest)
+
+        // Return signed request
+        return sdkSignedRequest
+    }
+
+    private func constructSigningConfig(
+        identity: AWSCredentialIdentity,
+        signingProperties: Smithy.Attributes
+    ) throws -> AWSSigningConfig {
+        guard let unsignedBody = signingProperties.get(key: SigningPropertyKeys.unsignedBody) else {
+            throw Smithy.ClientError.authError(
+                "Signing properties passed to the AWSSigV4Signer must contain T/F flag for unsigned body."
+            )
+        }
+        guard let signingName = signingProperties.get(key: SigningPropertyKeys.signingName) else {
+            throw Smithy.ClientError.authError(
+                "Signing properties passed to the AWSSigV4Signer must contain signing name."
+            )
+        }
+        guard let signingRegion = signingProperties.get(key: SigningPropertyKeys.signingRegion) else {
+            throw Smithy.ClientError.authError(
+                "Signing properties passed to the AWSSigV4Signer must contain signing region."
+            )
+        }
+        guard let signingAlgorithm = signingProperties.get(key: SigningPropertyKeys.signingAlgorithm) else {
+            throw Smithy.ClientError.authError(
+                "Signing properties passed to the AWSSigV4Signer must contain signing algorithm."
+            )
+        }
+
+        let expiration: TimeInterval = signingProperties.get(key: SigningPropertyKeys.expiration) ?? 0
+        let signedBodyHeader: AWSSignedBodyHeader =
+            signingProperties.get(key: SigningPropertyKeys.signedBodyHeader) ?? .none
+
+        // Determine signed body value
+        let checksumIsPresent = signingProperties.get(key: SigningPropertyKeys.checksum) != nil
+        let isChunkedEligibleStream = signingProperties.get(key: SigningPropertyKeys.isChunkedEligibleStream) ?? false
+        let preComputedSha256 = signingProperties.get(key: AttributeKey<String>(name: "SignedBodyValue"))
+
+        let signedBodyValue: AWSSignedBodyValue = determineSignedBodyValue(
+            checksumIsPresent: checksumIsPresent,
+            isChunkedEligbleStream: isChunkedEligibleStream,
+            isUnsignedBody: unsignedBody,
+            preComputedSha256: preComputedSha256
+        )
+
+        let flags: SigningFlags = SigningFlags(
+            useDoubleURIEncode: signingProperties.get(key: SigningPropertyKeys.useDoubleURIEncode) ?? true,
+            shouldNormalizeURIPath: signingProperties.get(key: SigningPropertyKeys.shouldNormalizeURIPath) ?? true,
+            omitSessionToken: signingProperties.get(key: SigningPropertyKeys.omitSessionToken) ?? false
+        )
+        let signatureType: AWSSignatureType =
+            signingProperties.get(key: SigningPropertyKeys.signatureType) ?? .requestHeaders
+
+        return AWSSigningConfig(
+            credentials: identity,
+            expiration: expiration,
+            signedBodyHeader: signedBodyHeader,
+            signedBodyValue: signedBodyValue,
+            flags: flags,
+            date: Date(),
+            service: signingName,
+            region: signingRegion,
+            signatureType: signatureType,
+            signingAlgorithm: signingAlgorithm
+        )
+    }
+
+    private func determineSignedBodyValue(
+        checksumIsPresent: Bool,
+        isChunkedEligbleStream: Bool,
+        isUnsignedBody: Bool,
+        preComputedSha256: String?
+    ) -> AWSSignedBodyValue {
+        if !isChunkedEligbleStream {
+            // Normal Payloads, Event Streams, etc.
+            if isUnsignedBody {
+                return .unsignedPayload
+            } else if let sha256 = preComputedSha256 {
+                return .precomputed(sha256)
+            } else {
+                return .empty
+            }
+        }
+
+        // streaming + eligible for chunked transfer
+        if !checksumIsPresent {
+            return isUnsignedBody ? .unsignedPayload : .streamingSha256Payload
+        } else {
+            // checksum is present
+            return isUnsignedBody ? .streamingUnsignedPayloadTrailer : .streamingSha256PayloadTrailer
+        }
+    }
+}