AWS SDK

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/src/http_request/canonical_request.rs

@@ -346,346 +412,423 @@

             params.push((Cow::Borrowed(k), Cow::Borrowed(v)));
-347
+        }
-348
         if let SignatureValues::QueryParams(values) = values {
             add_param(&mut params, param::X_AMZ_DATE, &values.date_time);
             add_param(&mut params, param::X_AMZ_EXPIRES, &values.expires);
-352
             #[cfg(feature = "sigv4a")]
             if let Some(regions) = values.region_set {
                 add_param(&mut params, sigv4a::param::X_AMZ_REGION_SET, regions);
-356
+            }
-357
             add_param(&mut params, param::X_AMZ_ALGORITHM, values.algorithm);
             add_param(&mut params, param::X_AMZ_CREDENTIAL, &values.credential);
             add_param(
                 &mut params,
                 param::X_AMZ_SIGNED_HEADERS,
                 values.signed_headers.as_str(),
             );
-365

             if let Some(security_token) = values.security_token {
                 add_param(
                     &mut params,
                     settings
                         .session_token_name_override
                         .unwrap_or(param::X_AMZ_SECURITY_TOKEN),
                     security_token,
                 );
-374
+            }
-375
+        }
         // Sort by param name, and then by param value
-+
         // Sort on the _encoded_ key/value pairs
         let mut params: Vec<(String, String)> = params
             .into_iter()
             .map(|x| {
                 use aws_smithy_http::query::fmt_string;
                 let enc_k = fmt_string(&x.0);
                 let enc_v = fmt_string(&x.1);
                 (enc_k, enc_v)
             })
             .collect();
-+
         params.sort();
-389
         let mut query = QueryWriter::new(uri);
         query.clear_params();
         for (key, value) in params {
             query.insert(&key, &value);
             query.insert_encoded(&key, &value);
-394
+        }
-395
         let query = query.build_query();
         if query.is_empty() {
             None
         } else {
             Some(query)
-401
+        }
-402
+    }
-403

↧ Expand context

     fn insert_host_header(
         canonical_headers: &mut HeaderMap<HeaderValue>,
         uri: &Uri,
     ) -> HeaderValue {
         match canonical_headers.get(&HOST) {
             Some(header) => header.clone(),
             None => {
                 let port = uri.port();
                 let scheme = uri.scheme();
                 let authority = uri
                     .authority()
                     .expect("request uri authority must be set for signing")
                     .as_str();
                 let host = uri
                     .host()
                     .expect("request uri host must be set for signing");
-420
                 // Check if port is default (80 for HTTP, 443 for HTTPS) and if so exclude it from the
                 // Host header when signing since RFC 2616 indicates that the default port should not be
                 // sent in the Host header (and Hyper strips default ports if they are present)

@@ -642,653 +951,972 @@

↥ Expand context

             service,
             hashed_creq,
             signature_version: SignatureVersion::V4a,
-656
+        }
-657
+    }
-658
+}
-659
 impl fmt::Display for StringToSign<'_> {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(
             f,
             "{}\n{}\n{}\n{}",
             self.algorithm,
             format_date_time(self.time),
             match self.signature_version {
                 SignatureVersion::V4 => self.scope.to_string(),
                 SignatureVersion::V4a => self.scope.v4a_display(),
             },
             self.hashed_creq
-672
+        )

-673
+    }
-674
+}
-675
 #[cfg(test)]
 mod tests {
     use crate::date_time::test_parsers::parse_date_time;
     use crate::http_request::canonical_request::{
         normalize_header_value, trim_all, CanonicalRequest, SigningScope, StringToSign,
     };
     use crate::http_request::test;
     use crate::http_request::test::SigningSuiteTest;
     use crate::http_request::{
         PayloadChecksumKind, SessionTokenMode, SignableBody, SignableRequest, SignatureLocation,
         SigningParams, SigningSettings,
     };
     use crate::sign::v4;
     use crate::sign::v4::sha256_hex_string;
     use aws_credential_types::Credentials;
     use aws_smithy_http::query_writer::QueryWriter;
     use aws_smithy_runtime_api::client::identity::Identity;
     use http0::{HeaderValue, Uri};
     use pretty_assertions::assert_eq;
     use proptest::{prelude::*, proptest};
     use std::borrow::Cow;
     use std::time::Duration;
-698
     fn signing_params(identity: &Identity, settings: SigningSettings) -> SigningParams<'_> {
         v4::signing_params::Builder::default()
             .identity(identity)
             .region("test-region")
             .name("testservicename")
             .time(parse_date_time("20210511T154045Z").unwrap())
             .settings(settings)
             .build()
             .unwrap()
             .into()
-709
+    }
-710
     #[test]
     fn test_repeated_header() {
         let mut req = test::v4::test_request("get-vanilla-query-order-key-case");
         let test = test::SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let mut req = test.request();
         req.headers.push((
             "x-amz-object-attributes".to_string(),
             "Checksum".to_string(),
         ));
         req.headers.push((
             "x-amz-object-attributes".to_string(),
             "ObjectSize".to_string(),
         ));
         let req = SignableRequest::from(&req);
         let settings = SigningSettings {
             payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
             session_token_mode: SessionTokenMode::Exclude,
             ..Default::default()
         };
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, settings);
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
-732
         assert_eq!(
             creq.values.signed_headers().to_string(),
             "host;x-amz-content-sha256;x-amz-date;x-amz-object-attributes"
         );
         assert_eq!(
             creq.header_values_for("x-amz-object-attributes"),
             "Checksum,ObjectSize",
         );
-741
+    }
-742
     #[test]
     fn test_host_header_properly_handles_ports() {
         fn host_header_test_setup(endpoint: String) -> String {
             let mut req = test::v4::test_request("get-vanilla");
             let test = SigningSuiteTest::v4("get-vanilla");
             let mut req = test.request();
             req.uri = endpoint;
             let req = SignableRequest::from(&req);
             let settings = SigningSettings {
                 payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
                 session_token_mode: SessionTokenMode::Exclude,
                 ..Default::default()
             };
             let identity = Credentials::for_tests().into();
             let signing_params = signing_params(&identity, settings);
             let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
             creq.header_values_for("host")
-759
+        }
-760
         // HTTP request with 80 port should not be signed with that port
         let http_80_host_header = host_header_test_setup("http://localhost:80".into());
         assert_eq!(http_80_host_header, "localhost",);
-764
         // HTTP request with non-80 port should be signed with that port
         let http_1234_host_header = host_header_test_setup("http://localhost:1234".into());
         assert_eq!(http_1234_host_header, "localhost:1234",);
-768
         // HTTPS request with 443 port should not be signed with that port
         let https_443_host_header = host_header_test_setup("https://localhost:443".into());
         assert_eq!(https_443_host_header, "localhost",);
-772
         // HTTPS request with non-443 port should be signed with that port
         let https_1234_host_header = host_header_test_setup("https://localhost:1234".into());
         assert_eq!(https_1234_host_header, "localhost:1234",);
-776
+    }
-777
     #[test]
     fn test_set_xamz_sha_256() {
         let req = test::v4::test_request("get-vanilla-query-order-key-case");
         let test = SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let req = test.request();
         let req = SignableRequest::from(&req);
         let settings = SigningSettings {
             payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
             session_token_mode: SessionTokenMode::Exclude,
             ..Default::default()
         };
         let identity = Credentials::for_tests().into();
         let mut signing_params = signing_params(&identity, settings);
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(
             creq.values.content_sha256(),
             "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
         );
         // assert that the sha256 header was added
         assert_eq!(
             creq.values.signed_headers().as_str(),
             "host;x-amz-content-sha256;x-amz-date"
         );
-800
         signing_params.set_payload_checksum_kind(PayloadChecksumKind::NoHeader);
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(creq.values.signed_headers().as_str(), "host;x-amz-date");
-804
+    }
-805
     #[test]
     fn test_unsigned_payload() {
         let mut req = test::v4::test_request("get-vanilla-query-order-key-case");
         let test = SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let mut req = test.request();
         req.set_body(SignableBody::UnsignedPayload);
         let req: SignableRequest<'_> = SignableRequest::from(&req);
-812
         let settings = SigningSettings {
             payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
             ..Default::default()
         };
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, settings);
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(creq.values.content_sha256(), "UNSIGNED-PAYLOAD");
         assert!(creq.to_string().ends_with("UNSIGNED-PAYLOAD"));
-822
+    }
-823
     #[test]
     fn test_precomputed_payload() {
         let payload_hash = "44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072";
         let mut req = test::v4::test_request("get-vanilla-query-order-key-case");
         let test = SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let mut req = test.request();
         req.set_body(SignableBody::Precomputed(String::from(payload_hash)));
         let req = SignableRequest::from(&req);
         let settings = SigningSettings {
             payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
             ..Default::default()
         };
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, settings);
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(creq.values.content_sha256(), payload_hash);
         assert!(creq.to_string().ends_with(payload_hash));
-840
+    }
-841
     #[test]
     fn test_generate_scope() {
         let expected = "20150830/us-east-1/iam/aws4_request\n";
         let scope = SigningScope {
             time: parse_date_time("20150830T123600Z").unwrap(),
             region: "us-east-1",
             service: "iam",
         };
         assert_eq!(format!("{}\n", scope), expected);
-851
+    }
-852
     #[test]
     fn test_string_to_sign() {
         let time = parse_date_time("20150830T123600Z").unwrap();
         let creq = test::v4::test_canonical_request("get-vanilla-query-order-key-case");
         let expected_sts = test::v4::test_sts("get-vanilla-query-order-key-case");
         let test = SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let creq = test.canonical_request(SignatureLocation::Headers);
         let expected_sts = test.string_to_sign(SignatureLocation::Headers);
         let encoded = sha256_hex_string(creq.as_bytes());
-860
         let actual = StringToSign::new_v4(time, "us-east-1", "service", &encoded);
         assert_eq!(expected_sts, actual.to_string());
-863
+    }
-864
     #[test]
     fn test_digest_of_canonical_request() {
         let creq = test::v4::test_canonical_request("get-vanilla-query-order-key-case");
         let test = SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let creq = test.canonical_request(SignatureLocation::Headers);
         let expected = "816cd5b414d056048ba4f7c5386d6e0533120fb1fcfa93762cf0fc39e2cf19e0";
         let actual = sha256_hex_string(creq.as_bytes());
         assert_eq!(expected, actual);
-872
+    }
-873
     #[test]
     fn test_double_url_encode_path() {
         let req = test::v4::test_request("double-encode-path");
         let test = SigningSuiteTest::v4("double-encode-path");
         let req = test.request();
         let req = SignableRequest::from(&req);
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, SigningSettings::default());
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
-882
         let expected = test::v4::test_canonical_request("double-encode-path");
         let expected = test.canonical_request(SignatureLocation::Headers);
         let actual = format!("{}", creq);
         assert_eq!(actual, expected);
-886
+    }
-887
     #[test]
     fn test_double_url_encode() {
         let req = test::v4::test_request("double-url-encode");
         let test = SigningSuiteTest::v4("double-url-encode");
         let req = test.request();
         let req = SignableRequest::from(&req);
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, SigningSettings::default());
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
--
         let expected = test::v4::test_canonical_request("double-url-encode");
         let expected = test.canonical_request(SignatureLocation::Headers);
         let actual = format!("{}", creq);
         assert_eq!(actual, expected);
-899
+    }
-900
     #[test]
     fn test_tilde_in_uri() {
         let req = http0::Request::builder()
             .uri("https://s3.us-east-1.amazonaws.com/my-bucket?list-type=2&prefix=~objprefix&single&k=&unreserved=-_.~").body("").unwrap().into();
         let req = SignableRequest::from(&req);
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, SigningSettings::default());
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(
             Some("k=&list-type=2&prefix=~objprefix&single=&unreserved=-_.~"),
             creq.params.as_deref(),
         );
-913
+    }
-914
     #[test]
     fn test_signing_urls_with_percent_encoded_query_strings() {
         let all_printable_ascii_chars: String = (32u8..127).map(char::from).collect();
         let uri = Uri::from_static("https://s3.us-east-1.amazonaws.com/my-bucket");
-919
         let mut query_writer = QueryWriter::new(&uri);
         query_writer.insert("list-type", "2");
         query_writer.insert("prefix", &all_printable_ascii_chars);
-923
         let req = http0::Request::builder()
             .uri(query_writer.build_uri())
             .body("")
             .unwrap()
             .into();
         let req = SignableRequest::from(&req);
         let identity = Credentials::for_tests().into();
         let signing_params = signing_params(&identity, SigningSettings::default());
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
-933
         let expected = "list-type=2&prefix=%20%21%22%23%24%25%26%27%28%29%2A%2B%2C-.%2F0123456789%3A%3B%3C%3D%3E%3F%40ABCDEFGHIJKLMNOPQRSTUVWXYZ%5B%5C%5D%5E_%60abcdefghijklmnopqrstuvwxyz%7B%7C%7D~";
         let actual = creq.params.unwrap();
         assert_eq!(expected, actual);
-937
+    }
-938
     #[test]
     fn test_omit_session_token() {
         let req = test::v4::test_request("get-vanilla-query-order-key-case");
         let test = SigningSuiteTest::v4("get-vanilla-query-order-key-case");
         let req = test.request();
         let req = SignableRequest::from(&req);
         let settings = SigningSettings {
             session_token_mode: SessionTokenMode::Include,
             ..Default::default()
         };
         let identity = Credentials::for_tests_with_session_token().into();
         let mut signing_params = signing_params(&identity, settings);
-950
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(

↧ Expand context

             creq.values.signed_headers().as_str(),
             "host;x-amz-date;x-amz-security-token"
         );
         assert_eq!(
             creq.headers.get("x-amz-security-token").unwrap(),
             "notarealsessiontoken"
         );
-960
         signing_params.set_session_token_mode(SessionTokenMode::Exclude);
         let creq = CanonicalRequest::from(&req, &signing_params).unwrap();
         assert_eq!(
             creq.headers.get("x-amz-security-token").unwrap(),
             "notarealsessiontoken"
         );
         assert_eq!(creq.values.signed_headers().as_str(), "host;x-amz-date");
-968
+    }
-969
     // It should exclude authorization, user-agent, x-amzn-trace-id, and transfer-encoding headers from presigning
     #[test]
     fn non_presigning_header_exclusion() {

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/src/http_request/sign.rs

@@ -478,478 +913,801 @@

↥ Expand context

         sensitive,
     });
-480
+}
-481
 // add signature to authorization header
 // Authorization: algorithm Credential=access key ID/credential scope, SignedHeaders=SignedHeaders, Signature=signature
 fn build_authorization_header(
     access_key: &str,
     creq: &CanonicalRequest<'_>,
     sts: StringToSign<'_>,
     signature: &str,
     signature_version: SignatureVersion,
 ) -> String {
     let scope = match signature_version {
         SignatureVersion::V4 => sts.scope.to_string(),
         SignatureVersion::V4a => sts.scope.v4a_display(),
     };
     format!(
         "{} Credential={}/{}, SignedHeaders={}, Signature={}",
         sts.algorithm,

         access_key,
         scope,
         creq.values.signed_headers().as_str(),
         signature
-502
+    )
-503
+}
 #[cfg(test)]
 mod tests {
     use crate::date_time::test_parsers::parse_date_time;
     use crate::http_request::sign::{add_header, SignableRequest};
     use crate::http_request::test::SigningSuiteTest;
     use crate::http_request::{
         sign, test, SessionTokenMode, SignableBody, SignatureLocation, SigningInstructions,
         sign, SessionTokenMode, SignableBody, SignatureLocation, SigningInstructions,
         SigningSettings,
     };
     use crate::sign::v4;
     use aws_credential_types::Credentials;
     use http0::{HeaderValue, Request};
     use pretty_assertions::assert_eq;
     use proptest::proptest;
     use std::borrow::Cow;
     use std::iter;
     use std::time::Duration;
-520
     macro_rules! assert_req_eq {
         (http: $expected:expr, $actual:expr) => {
             let mut expected = ($expected).map(|_b|"body");
             let mut actual = ($actual).map(|_b|"body");
             make_headers_comparable(&mut expected);
             make_headers_comparable(&mut actual);
             assert_eq!(format!("{:?}", expected), format!("{:?}", actual));
         };
         ($expected:tt, $actual:tt) => {
             assert_req_eq!(http: ($expected).as_http_request(), $actual);
         };
-532
+    }
-533
     pub(crate) fn make_headers_comparable<B>(request: &mut Request<B>) {
         for (_name, value) in request.headers_mut() {
             value.set_sensitive(false);
-537
+        }
-538
+    }
-539
     #[test]
     fn test_sign_vanilla_with_headers() {
         let settings = SigningSettings::default();
         let identity = &Credentials::for_tests().into();
         let params = v4::SigningParams {
             identity,
             region: "us-east-1",
             name: "service",
             time: parse_date_time("20150830T123600Z").unwrap(),
             settings,
--
+        }
         .into();
--
         let original = test::v4::test_request("get-vanilla-query-order-key-case");
         let signable = SignableRequest::from(&original);
         let out = sign(signable, &params).unwrap();
         assert_eq!(
             "5557820e7380d585310524bd93d51a08d7757fb5efd7344ee12088f2b0860947",
             out.signature
         );
--
         let mut signed = original.as_http_request();
         out.output.apply_to_request_http0x(&mut signed);
--
         let expected = test::v4::test_signed_request("get-vanilla-query-order-key-case");
         assert_req_eq!(expected, signed);
--
+    }
--
     // Sigv4A suite tests
     #[cfg(feature = "sigv4a")]
     mod sigv4a_tests {
         use super::*;
         use crate::http_request::canonical_request::{CanonicalRequest, StringToSign};
         use crate::http_request::{sign, test, SigningParams};
         use crate::sign::v4a;
         use p256::ecdsa::signature::{Signature, Verifier};
         use p256::ecdsa::{DerSignature, SigningKey};
         use pretty_assertions::assert_eq;
--
         fn new_v4a_signing_params_from_context(
             test_context: &'_ test::v4a::TestContext,
             signature_location: SignatureLocation,
         ) -> SigningParams<'_> {
             let mut params = v4a::SigningParams::from(test_context);
             params.settings.signature_location = signature_location;
--
             params.into()
--
+        }
--
         fn run_v4a_test_suite(test_name: &str, signature_location: SignatureLocation) {
             let tc = test::v4a::test_context(test_name);
             let params = new_v4a_signing_params_from_context(&tc, signature_location);
--
             let req = test::v4a::test_request(test_name);
             let expected_creq = test::v4a::test_canonical_request(test_name, signature_location);
             let signable_req = SignableRequest::from(&req);
             let actual_creq = CanonicalRequest::from(&signable_req, &params).unwrap();
--
             assert_eq!(expected_creq, actual_creq.to_string(), "creq didn't match");
--
             let expected_string_to_sign =
                 test::v4a::test_string_to_sign(test_name, signature_location);
             let hashed_creq = &v4::sha256_hex_string(actual_creq.to_string().as_bytes());
             let actual_string_to_sign = StringToSign::new_v4a(
                 *params.time(),
                 params.region_set().unwrap(),
                 params.name(),
                 hashed_creq,
--
+            )
             .to_string();
--
             assert_eq!(
                 expected_string_to_sign, actual_string_to_sign,
                 "'string to sign' didn't match"
             );
     mod v4a_suite {
         use crate::http_request::test::v4a::run_test_suite_v4a;
-544
             let out = sign(signable_req, &params).unwrap();
             // Sigv4a signatures are non-deterministic, so we can't compare the signature directly.
             out.output
                 .apply_to_request_http0x(&mut req.as_http_request());
--
             let creds = params.credentials().unwrap();
             let signing_key =
                 v4a::generate_signing_key(creds.access_key_id(), creds.secret_access_key());
             let sig = DerSignature::from_bytes(&hex::decode(out.signature).unwrap()).unwrap();
             let sig = sig
                 .try_into()
                 .expect("DER-style signatures are always convertible into fixed-size signatures");
--
             let signing_key = SigningKey::from_bytes(signing_key.as_ref()).unwrap();
             let peer_public_key = signing_key.verifying_key();
             let sts = actual_string_to_sign.as_bytes();
             peer_public_key.verify(sts, &sig).unwrap();
         #[test]
         fn test_get_header_key_duplicate() {
             run_test_suite_v4a("get-header-key-duplicate")
-548
+        }
-549
         #[test]
         fn test_get_header_key_duplicate() {
             run_v4a_test_suite("get-header-key-duplicate", SignatureLocation::Headers);
         #[ignore = "httpparse doesn't support parsing multiline headers since they are deprecated in RFC7230"]
         fn test_get_header_value_multiline() {
             run_test_suite_v4a("get-header-value-multiline")
-554
+        }
-555
         #[test]
         fn test_get_header_value_order() {
             run_v4a_test_suite("get-header-value-order", SignatureLocation::Headers);
             run_test_suite_v4a("get-header-value-order")
-559
+        }
-560
         #[test]
         fn test_get_header_value_trim() {
             run_v4a_test_suite("get-header-value-trim", SignatureLocation::Headers);
             run_test_suite_v4a("get-header-value-trim");
-564
+        }
-565
         #[test]
         fn test_get_relative_normalized() {
             run_v4a_test_suite("get-relative-normalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-relative-normalized");
-569
+        }
-570
         #[test]
         fn test_get_relative_relative_normalized() {
             run_v4a_test_suite(
                 "get-relative-relative-normalized",
                 SignatureLocation::Headers,
             );
             run_test_suite_v4a("get-relative-relative-normalized");
-574
+        }
-575
         #[test]
         fn test_get_relative_relative_unnormalized() {
             run_v4a_test_suite(
                 "get-relative-relative-unnormalized",
                 SignatureLocation::Headers,
             );
             run_test_suite_v4a("get-relative-relative-unnormalized");
-579
+        }
-580
         #[test]
         fn test_get_relative_unnormalized() {
             run_v4a_test_suite("get-relative-unnormalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-relative-unnormalized");
-584
+        }
-585
         #[test]
         fn test_get_slash_dot_slash_normalized() {
             run_v4a_test_suite("get-slash-dot-slash-normalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-slash-dot-slash-normalized");
-589
+        }
-590
         #[test]
         fn test_get_slash_dot_slash_unnormalized() {
             run_v4a_test_suite(
                 "get-slash-dot-slash-unnormalized",
                 SignatureLocation::Headers,
             );
             run_test_suite_v4a("get-slash-dot-slash-unnormalized");
-594
+        }
-595
         #[test]
         fn test_get_slash_normalized() {
             run_v4a_test_suite("get-slash-normalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-slash-normalized");
-599
+        }
-600
         #[test]
         fn test_get_slash_pointless_dot_normalized() {
             run_v4a_test_suite(
                 "get-slash-pointless-dot-normalized",
                 SignatureLocation::Headers,
             );
             run_test_suite_v4a("get-slash-pointless-dot-normalized");
-604
+        }
-605
         #[test]
         fn test_get_slash_pointless_dot_unnormalized() {
             run_v4a_test_suite(
                 "get-slash-pointless-dot-unnormalized",
                 SignatureLocation::Headers,
             );
             run_test_suite_v4a("get-slash-pointless-dot-unnormalized");
-609
+        }
-610
         #[test]
         fn test_get_slash_unnormalized() {
             run_v4a_test_suite("get-slash-unnormalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-slash-unnormalized");
-614
+        }
-615
         #[test]
         fn test_get_slashes_normalized() {
             run_v4a_test_suite("get-slashes-normalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-slashes-normalized");
-619
+        }
-620
         #[test]
         fn test_get_slashes_unnormalized() {
             run_v4a_test_suite("get-slashes-unnormalized", SignatureLocation::Headers);
             run_test_suite_v4a("get-slashes-unnormalized");
-+
+        }
-+
         #[test]
         #[ignore = "relies on single encode of path segments"]
         // rely on single encoding of path segments, i.e. string-to-sign contains %20 for spaces rather than %25%20 as it should.
         // skipped until we add control over double_uri_encode in context.json
         fn test_get_space_normalized() {
             run_test_suite_v4a("get-space-normalized");
-+
+        }
-+
         #[test]
         #[ignore = "httpparse fails on unencoded spaces in path"]
         // the input request has unencoded space ' ' in the path which fails to parse
         fn test_get_space_unnormalized() {
             run_test_suite_v4a("get-space-unnormalized");
-639
+        }
-640
         #[test]
         fn test_get_unreserved() {
             run_v4a_test_suite("get-unreserved", SignatureLocation::Headers);
             run_test_suite_v4a("get-unreserved");
-+
+        }
-+
         #[test]
         #[ignore = "httparse fails on invalid uri character"]
         // relies on /ሴ canonicalized as /%E1%88%B4 when it should be /%25%E1%25%88%25%B4
         fn test_get_utf8() {
             run_test_suite_v4a("get-utf8");
-651
+        }
-652
         #[test]
         fn test_get_vanilla() {
             run_v4a_test_suite("get-vanilla", SignatureLocation::Headers);
             run_test_suite_v4a("get-vanilla");
-656
+        }
-657
         #[test]
         fn test_get_vanilla_empty_query_key() {
             run_v4a_test_suite(
                 "get-vanilla-empty-query-key",
                 SignatureLocation::QueryParams,
             );
             run_test_suite_v4a("get-vanilla-empty-query-key");
-661
+        }
-662
         #[test]
         fn test_get_vanilla_query() {
             run_v4a_test_suite("get-vanilla-query", SignatureLocation::QueryParams);
             run_test_suite_v4a("get-vanilla-query");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_query_order_encoded() {
             run_test_suite_v4a("get-vanilla-query-order-encoded");
-671
+        }
-672
         #[test]
         fn test_get_vanilla_query_order_key_case() {
             run_v4a_test_suite(
                 "get-vanilla-query-order-key-case",
                 SignatureLocation::QueryParams,
             );
             run_test_suite_v4a("get-vanilla-query-order-key-case");
-676
+        }
-677
         #[test]
         fn test_get_vanilla_query_unreserved() {
             run_v4a_test_suite(
                 "get-vanilla-query-unreserved",
                 SignatureLocation::QueryParams,
             );
             run_test_suite_v4a("get-vanilla-query-unreserved");
-+
+        }
-+
         #[test]
         #[ignore = "httparse fails on invalid uri character"]
         // relies on /ሴ canonicalized as /%E1%88%B4 when it should be /%25%E1%25%88%25%B4
         fn test_get_vanilla_utf8_query() {
             run_test_suite_v4a("get-vanilla-utf8-query");
-688
+        }
-689
         #[test]
         fn test_get_vanilla_with_session_token() {
             run_v4a_test_suite("get-vanilla-with-session-token", SignatureLocation::Headers);
             run_test_suite_v4a("get-vanilla-with-session-token")
-693
+        }
-694
         #[test]
         fn test_post_header_key_case() {
             run_v4a_test_suite("post-header-key-case", SignatureLocation::Headers);
             run_test_suite_v4a("post-header-key-case");
-698
+        }
-699
         #[test]
         fn test_post_header_key_sort() {
             run_v4a_test_suite("post-header-key-sort", SignatureLocation::Headers);
             run_test_suite_v4a("post-header-key-sort");
-703
+        }
-704
         #[test]
         fn test_post_header_value_case() {
             run_v4a_test_suite("post-header-value-case", SignatureLocation::Headers);
             run_test_suite_v4a("post-header-value-case");
-708
+        }
-709
         #[test]
         fn test_post_sts_header_after() {
             run_v4a_test_suite("post-sts-header-after", SignatureLocation::Headers);
             run_test_suite_v4a("post-sts-header-after");
-713
+        }
-714
         #[test]
         fn test_post_sts_header_before() {
             run_v4a_test_suite("post-sts-header-before", SignatureLocation::Headers);
             run_test_suite_v4a("post-sts-header-before");
-718
+        }
-719
         #[test]
         fn test_post_vanilla() {
             run_v4a_test_suite("post-vanilla", SignatureLocation::Headers);
             run_test_suite_v4a("post-vanilla");
-723
+        }
-724
         #[test]
         fn test_post_vanilla_empty_query_value() {
             run_v4a_test_suite(
                 "post-vanilla-empty-query-value",
                 SignatureLocation::QueryParams,
             );
             run_test_suite_v4a("post-vanilla-empty-query-value");
-728
+        }
-729
         #[test]
         fn test_post_vanilla_query() {
             run_v4a_test_suite("post-vanilla-query", SignatureLocation::QueryParams);
             run_test_suite_v4a("post-vanilla-query");
-733
+        }
-734
         #[test]
         fn test_post_x_www_form_urlencoded() {
             run_v4a_test_suite("post-x-www-form-urlencoded", SignatureLocation::Headers);
             run_test_suite_v4a("post-x-www-form-urlencoded");
-738
+        }
-739
         #[test]
         fn test_post_x_www_form_urlencoded_parameters() {
             run_v4a_test_suite(
                 "post-x-www-form-urlencoded-parameters",
                 SignatureLocation::QueryParams,
             );
             run_test_suite_v4a("post-x-www-form-urlencoded-parameters");
-743
+        }
-744
+    }
-745
     #[test]
     fn test_sign_url_escape() {
         let test = "double-encode-path";
         let test = SigningSuiteTest::v4("double-encode-path");
         let settings = SigningSettings::default();
         let identity = &Credentials::for_tests().into();
         let params = v4::SigningParams {
             identity,
             region: "us-east-1",
             name: "service",
             time: parse_date_time("20150830T123600Z").unwrap(),
             settings,
-757
+        }
         .into();
-759
         let original = test::v4::test_request(test);
         let original = test.request();
         let signable = SignableRequest::from(&original);
         let out = sign(signable, &params).unwrap();
         assert_eq!(
             "57d157672191bac40bae387e48bbe14b15303c001fdbb01f4abf295dccb09705",
             out.signature
         );
-767
         let mut signed = original.as_http_request();
         out.output.apply_to_request_http0x(&mut signed);
-770
         let expected = test::v4::test_signed_request(test);
         assert_req_eq!(expected, signed);
--
+    }
--
     #[test]
     fn test_sign_vanilla_with_query_params() {
         let settings = SigningSettings {
             signature_location: SignatureLocation::QueryParams,
             expires_in: Some(Duration::from_secs(35)),
             ..Default::default()
         };
         let identity = &Credentials::for_tests().into();
         let params = v4::SigningParams {
             identity,
             region: "us-east-1",
             name: "service",
             time: parse_date_time("20150830T123600Z").unwrap(),
             settings,
--
+        }
         .into();
--
         let original = test::v4::test_request("get-vanilla-query-order-key-case");
         let signable = SignableRequest::from(&original);
         let out = sign(signable, &params).unwrap();
         assert_eq!(
             "ecce208e4b4f7d7e3a4cc22ced6acc2ad1d170ee8ba87d7165f6fa4b9aff09ab",
             out.signature
         );
--
         let mut signed = original.as_http_request();
         out.output.apply_to_request_http0x(&mut signed);
--
         let expected =
             test::v4::test_signed_request_query_params("get-vanilla-query-order-key-case");
         let expected = test.signed_request(SignatureLocation::Headers);
         assert_req_eq!(expected, signed);
-773
+    }
-774
     #[test]
     fn test_sign_headers_utf8() {
         let settings = SigningSettings::default();
         let identity = &Credentials::for_tests().into();
         let params = v4::SigningParams {
             identity,
             region: "us-east-1",

↧ Expand context

             name: "service",
             time: parse_date_time("20150830T123600Z").unwrap(),
             settings,
-785
+        }
         .into();
-787
         let original = http0::Request::builder()
             .uri("https://some-endpoint.some-region.amazonaws.com")
             .header("some-header", HeaderValue::from_str("テスト").unwrap())
             .body("")
             .unwrap()
             .into();
         let signable = SignableRequest::from(&original);
         let out = sign(signable, &params).unwrap();
         assert_eq!(
             "55e16b31f9bde5fd04f9d3b780dd2b5e5f11a5219001f91a8ca9ec83eaf1618f",
             out.signature
         );
-800
         let mut signed = original.as_http_request();

@@ -1138,1026 +1168,1261 @@

↥ Expand context

         let mut request = http::Request::builder()
             .uri("https://some-endpoint.some-region.amazonaws.com/some/path")
             .body("")
             .unwrap();
-1030
         instructions.apply_to_request_http1x(&mut request);
-1032
         assert_eq!(
             "/some/path?some-param=f%26o%3Fo&some-other-param%3F=bar",
             request.uri().path_and_query().unwrap().to_string()
         );
-1037
+    }
-1038
     #[test]
     fn test_debug_signable_body() {
         let sut = SignableBody::Bytes(b"hello signable body");
         assert_eq!(
             "Bytes(\"** REDACTED **. To print 19 bytes of raw data, set environment variable `LOG_SIGNABLE_BODY=true`\")",
             format!("{sut:?}")
         );

-1046
         let sut = SignableBody::UnsignedPayload;
         assert_eq!("UnsignedPayload", format!("{sut:?}"));
-1049
         let sut = SignableBody::Precomputed("precomputed".to_owned());
         assert_eq!("Precomputed(\"precomputed\")", format!("{sut:?}"));
-1052
         let sut = SignableBody::StreamingUnsignedPayloadTrailer;
         assert_eq!("StreamingUnsignedPayloadTrailer", format!("{sut:?}"));
-1055
+    }
-+
     // v4 test suite
     mod v4_suite {
         use crate::http_request::test::run_test_suite_v4;
-+
         #[test]
         fn test_get_header_key_duplicate() {
             run_test_suite_v4("get-header-key-duplicate");
-+
+        }
-+
         #[test]
         #[ignore = "httpparse doesn't support parsing multiline headers since they are deprecated in RFC7230"]
         fn test_get_header_value_multiline() {
             run_test_suite_v4("get-header-value-multiline");
-+
+        }
-+
         #[test]
         fn test_get_header_value_order() {
             run_test_suite_v4("get-header-value-order");
-+
+        }
-+
         #[test]
         fn test_get_header_value_trim() {
             run_test_suite_v4("get-header-value-trim");
-+
+        }
-+
         #[test]
         fn test_get_relative_normalized() {
             run_test_suite_v4("get-relative-normalized");
-+
+        }
-+
         #[test]
         fn test_get_relative_relative_normalized() {
             run_test_suite_v4("get-relative-relative-normalized");
-+
+        }
-+
         #[test]
         fn test_get_relative_relative_unnormalized() {
             run_test_suite_v4("get-relative-relative-unnormalized");
-+
+        }
-+
         #[test]
         fn test_get_relative_unnormalized() {
             run_test_suite_v4("get-relative-unnormalized");
-+
+        }
-+
         #[test]
         fn test_get_slash_dot_slash_normalized() {
             run_test_suite_v4("get-slash-dot-slash-normalized");
-+
+        }
-+
         #[test]
         fn test_get_slash_dot_slash_unnormalized() {
             run_test_suite_v4("get-slash-dot-slash-unnormalized");
-+
+        }
-+
         #[test]
         fn test_get_slash_normalized() {
             run_test_suite_v4("get-slash-normalized");
-+
+        }
-+
         #[test]
         fn test_get_slash_pointless_dot_normalized() {
             run_test_suite_v4("get-slash-pointless-dot-normalized");
-+
+        }
-+
         #[test]
         fn test_get_slash_pointless_dot_unnormalized() {
             run_test_suite_v4("get-slash-pointless-dot-unnormalized");
-+
+        }
-+
         #[test]
         fn test_get_slash_unnormalized() {
             run_test_suite_v4("get-slash-unnormalized");
-+
+        }
-+
         #[test]
         fn test_get_slashes_normalized() {
             run_test_suite_v4("get-slashes-normalized");
-+
+        }
-+
         #[test]
         fn test_get_slashes_unnormalized() {
             run_test_suite_v4("get-slashes-unnormalized");
-+
+        }
-+
         #[test]
         #[ignore = "relies on single encode of path segments"]
         // rely on single encoding of path segments, i.e. string-to-sign contains %20 for spaces rather than %25%20 as it should.
         // skipped until we add control over double_uri_encode in context.json
         fn test_get_space_normalized() {
             run_test_suite_v4("get-space-normalized");
-+
+        }
-+
         #[test]
         #[ignore = "httpparse fails on unencoded spaces in path"]
         // the input request has unencoded space ' ' in the path which fails to parse
         fn test_get_space_unnormalized() {
             run_test_suite_v4("get-space-unnormalized");
-+
+        }
-+
         #[test]
         fn test_get_unreserved() {
             run_test_suite_v4("get-unreserved");
-+
+        }
-+
         #[test]
         #[ignore = "httparse fails on invalid uri character"]
         // relies on /ሴ canonicalized as /%E1%88%B4 when it should be /%25%E1%25%88%25%B4
         fn test_get_utf8() {
             run_test_suite_v4("get-utf8");
-+
+        }
-+
         #[test]
         fn test_get_vanilla() {
             run_test_suite_v4("get-vanilla");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_empty_query_key() {
             run_test_suite_v4("get-vanilla-empty-query-key");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_query() {
             run_test_suite_v4("get-vanilla-query");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_query_order_encoded() {
             run_test_suite_v4("get-vanilla-query-order-encoded");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_query_order_key_case() {
             run_test_suite_v4("get-vanilla-query-order-key-case");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_query_unreserved() {
             run_test_suite_v4("get-vanilla-query-unreserved");
-+
+        }
-+
         #[test]
         #[ignore = "httparse fails on invalid uri character"]
         // relies on /ሴ canonicalized as /%E1%88%B4 when it should be /%25%E1%25%88%25%B4
         fn test_get_vanilla_utf8_query() {
             run_test_suite_v4("get-vanilla-utf8-query");
-+
+        }
-+
         #[test]
         fn test_get_vanilla_with_session_token() {
             run_test_suite_v4("get-vanilla-with-session-token");
-+
+        }
-+
         #[test]
         fn test_post_header_key_case() {
             run_test_suite_v4("post-header-key-case");
-+
+        }
-+
         #[test]
         fn test_post_header_key_sort() {
             run_test_suite_v4("post-header-key-sort");
-+
+        }
-+
         #[test]
         fn test_post_header_value_case() {
             run_test_suite_v4("post-header-value-case");
-+
+        }
-+
         #[test]
         fn test_post_sts_header_after() {
             run_test_suite_v4("post-sts-header-after");
-+
+        }
-+
         #[test]
         fn test_post_sts_header_before() {
             run_test_suite_v4("post-sts-header-before");
-+
+        }
-+
         #[test]
         fn test_post_vanilla() {
             run_test_suite_v4("post-vanilla");
-+
+        }
-+
         #[test]
         fn test_post_vanilla_empty_query_value() {
             run_test_suite_v4("post-vanilla-empty-query-value");
-+
+        }
-+
         #[test]
         fn test_post_vanilla_query() {
             run_test_suite_v4("post-vanilla-query");
-+
+        }
-+
         #[test]
         fn test_post_x_www_form_urlencoded() {
             run_test_suite_v4("post-x-www-form-urlencoded");
-+
+        }
-+
         #[test]
         fn test_post_x_www_form_urlencoded_parameters() {
             run_test_suite_v4("post-x-www-form-urlencoded-parameters");
-+
+        }
-+
+    }
-1261
+}

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/src/http_request/test.rs

@@ -1,1 +242,453 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-5
 //! Functions shared between the tests of several modules.
-7
 use crate::http_request::{SignableBody, SignableRequest};
 use crate::http_request::canonical_request::{CanonicalRequest, StringToSign};
 use crate::http_request::{
     PayloadChecksumKind, SessionTokenMode, SignableBody, SignableRequest, SignatureLocation,
     SigningSettings,
 };
 use aws_credential_types::Credentials;
 use aws_smithy_runtime_api::client::identity::Identity;
 use http0::{Method, Uri};
 use std::borrow::Cow;
 use std::error::Error as StdError;
 use std::time::{Duration, SystemTime};
 use time::format_description::well_known::Rfc3339;
 use time::OffsetDateTime;
-+
 /// Common test suite collection
 #[derive(Debug, Clone, Copy, Eq, PartialEq)]
 enum Collection {
     V4,
     V4A,
-+
+}
-28
 pub(crate) mod v4 {
     use super::*;
 /// A test from the common CRT test suite
 #[derive(Debug, Clone)]
 pub(crate) struct SigningSuiteTest {
     test_name: &'static str,
     collection: Collection,
-+
+}
-35
     fn path(name: &str, ext: &str) -> String {
         format!("aws-sig-v4-test-suite/{}/{}.{}", name, name, ext)
 impl SigningSuiteTest {
     /// Create a new test from the V4 test suite
     pub(crate) fn v4(test_name: &'static str) -> Self {
         Self {
             test_name,
             collection: Collection::V4,
-+
+        }
-43
+    }
-44
     pub(crate) fn test_canonical_request(name: &str) -> String {
         // Tests fail if there's a trailing newline in the file, and pre-commit requires trailing newlines
         read(&path(name, "creq")).trim().to_string()
     /// Create a new test from the V4a test suite
     pub(crate) fn v4a(test_name: &'static str) -> Self {
         Self {
             test_name,
             collection: Collection::V4A,
-+
+        }
-51
+    }
-52
     pub(crate) fn test_sts(name: &str) -> String {
         read(&path(name, "sts"))
     /// Get the path to a file in this test suite directory
     fn path(&self, filename: &str) -> String {
         let dir = match self.collection {
             Collection::V4 => "v4",
             Collection::V4A => "v4a",
         };
         format!("aws-signing-test-suite/{dir}/{}/{filename}", self.test_name)
-60
+    }
-61
     pub(crate) fn test_request(name: &str) -> TestRequest {
         test_parsed_request(name, "req")
     /// Get the HTTP request for the test
     pub(crate) fn request(&self) -> TestRequest {
         test_parsed_request(&self.path("request.txt"))
-65
+    }
-66
     pub(crate) fn test_signed_request(name: &str) -> TestRequest {
         test_parsed_request(name, "sreq")
     /// Get the signed HTTP request for the test
     pub(crate) fn signed_request(&self, signature_location: SignatureLocation) -> TestRequest {
         match signature_location {
             SignatureLocation::QueryParams => {
                 test_parsed_request(&self.path("query-signed-request.txt"))
-+
+            }
             SignatureLocation::Headers => {
                 test_parsed_request(&self.path("header-signed-request.txt"))
-+
+            }
-+
+        }
-77
+    }
-78
     pub(crate) fn test_signed_request_query_params(name: &str) -> TestRequest {
         test_parsed_request(name, "qpsreq")
     /// Get the canonical request for the test
     pub(crate) fn canonical_request(&self, signature_location: SignatureLocation) -> String {
         match signature_location {
             SignatureLocation::QueryParams => read(&self.path("query-canonical-request.txt")),
             SignatureLocation::Headers => read(&self.path("header-canonical-request.txt")),
-+
+        }
-85
+    }
-86
     fn test_parsed_request(name: &str, ext: &str) -> TestRequest {
         let path = path(name, ext);
         match parse_request(read(&path).as_bytes()) {
             Ok(parsed) => parsed,
             Err(err) => panic!("Failed to parse {}: {}", path, err),
     /// Get the string to sign for the test
     pub(crate) fn string_to_sign(&self, signature_location: SignatureLocation) -> String {
         match signature_location {
             SignatureLocation::QueryParams => read(&self.path("query-string-to-sign.txt")),
             SignatureLocation::Headers => read(&self.path("header-string-to-sign.txt")),
-92
+        }
-93
+    }
-94
     #[test]
     fn test_parse() {
         test_request("post-header-key-case");
     /// Get the signature for the test
     pub(crate) fn signature(&self, signature_location: SignatureLocation) -> String {
         match signature_location {
             SignatureLocation::QueryParams => read(&self.path("query-signature.txt")),
             SignatureLocation::Headers => read(&self.path("header-signature.txt")),
-+
+        }
-101
+    }
-102
     #[test]
     fn test_read_query_params() {
         test_request("get-vanilla-query-order-key-case");
     /// Get the test context for the test
     pub(crate) fn context(&self) -> TestContext {
         let context = read(&self.path("context.json"));
         let tc_builder: TestContextBuilder = serde_json::from_str(&context).unwrap();
         tc_builder.build()
-108
+    }
-109
+}
-110
 #[cfg(feature = "sigv4a")]
 pub(crate) mod v4a {
     use super::*;
     use crate::http_request::{
         PayloadChecksumKind, SessionTokenMode, SignatureLocation, SigningSettings,
     };
     use aws_credential_types::Credentials;
     use aws_smithy_runtime_api::client::identity::Identity;
     use serde_derive::Deserialize;
     use std::time::{Duration, SystemTime};
     use time::format_description::well_known::Rfc3339;
     use time::OffsetDateTime;
--
     fn path(test_name: &str, definition_name: &str) -> String {
         format!("aws-sig-v4a-test-suite/{test_name}/{definition_name}.txt")
 fn test_parsed_request(path: &str) -> TestRequest {
     match parse_request(read(path).as_bytes()) {
         Ok(parsed) => parsed,
         Err(err) => panic!("Failed to parse {}: {}", path, err),
-115
+    }
-+
+}
-117
     pub(crate) fn test_request(name: &str) -> TestRequest {
         test_parsed_request(&path(name, "request"))
--
+    }
 fn new_v4_signing_params_from_context(
     test_context: &'_ TestContext,
     signature_location: SignatureLocation,
 ) -> crate::http_request::SigningParams<'_> {
     let mut params = crate::sign::v4::SigningParams::from(test_context);
     params.settings.signature_location = signature_location;
     params.into()
-+
+}
-126
     pub(crate) fn test_canonical_request(
         name: &str,
         signature_location: SignatureLocation,
     ) -> String {
         match signature_location {
             SignatureLocation::QueryParams => read(&path(name, "query-canonical-request")),
             SignatureLocation::Headers => read(&path(name, "header-canonical-request")),
 /// Run the given test from the v4 suite for both header and query
 /// signature locations
 pub(crate) fn run_test_suite_v4(test_name: &'static str) {
     run_v4_test(test_name, SignatureLocation::Headers);
     run_v4_test(test_name, SignatureLocation::QueryParams);
-+
+}
-+
 fn assert_uri_eq(expected: &Uri, actual: &Uri) {
     assert_eq!(expected.scheme(), actual.scheme());
     assert_eq!(expected.authority(), actual.authority());
     assert_eq!(expected.path(), actual.path());
-+
     // query params may be out of order
     let mut expected_params: Vec<(Cow<'_, str>, Cow<'_, str>)> =
         form_urlencoded::parse(expected.query().unwrap_or_default().as_bytes()).collect();
     expected_params.sort();
-+
     let mut actual_params: Vec<(Cow<'_, str>, Cow<'_, str>)> =
         form_urlencoded::parse(actual.query().unwrap_or_default().as_bytes()).collect();
     actual_params.sort();
-+
     assert_eq!(expected_params, actual_params);
-+
+}
-+
 fn assert_requests_eq(expected: TestRequest, actual: http0::Request<&str>) {
     let expected = expected.as_http_request();
     let actual = actual;
     assert_eq!(expected.method(), actual.method());
     assert_eq!(
         expected.headers().len(),
         actual.headers().len(),
         "extra or missing headers"
     );
     assert_eq!(expected.headers(), actual.headers(), "headers mismatch");
     assert_uri_eq(expected.uri(), actual.uri());
     assert_eq!(*expected.body(), *actual.body(), "body mismatch");
-+
+}
-+
 /// Run the given test from the v4 suite for the given signature location
 pub(crate) fn run_v4_test(test_name: &'static str, signature_location: SignatureLocation) {
     let test = SigningSuiteTest::v4(test_name);
     let tc = test.context();
     let params = new_v4_signing_params_from_context(&tc, signature_location);
-+
     let req = test.request();
     let expected_creq = test.canonical_request(signature_location);
     let signable_req = SignableRequest::from(&req);
     let actual_creq = CanonicalRequest::from(&signable_req, &params).unwrap();
-+
     // check canonical request
     assert_eq!(
         expected_creq,
         actual_creq.to_string(),
         "canonical request didn't match (signature location: {signature_location:?})"
     );
-+
     let expected_string_to_sign = test.string_to_sign(signature_location);
     let hashed_creq = &crate::sign::v4::sha256_hex_string(actual_creq.to_string().as_bytes());
     let actual_string_to_sign = StringToSign::new_v4(
         *params.time(),
         params.region().unwrap(),
         params.name(),
         hashed_creq,
-+
+    )
     .to_string();
-+
     // check string to sign
     assert_eq!(
         expected_string_to_sign, actual_string_to_sign,
         "'string to sign' didn't match (signature location: {signature_location:?})"
     );
-+
     let out = crate::http_request::sign(signable_req, &params).unwrap();
     let mut signed = req.as_http_request();
     out.output.apply_to_request_http0x(&mut signed);
-+
     // check signature
     assert_eq!(
         test.signature(signature_location),
         out.signature,
         "signature didn't match (signature location: {signature_location:?})"
     );
-+
     let expected = test.signed_request(signature_location);
     assert_requests_eq(expected, signed);
-+
+}
-+
 /// Test suite context.json
 pub(crate) struct TestContext {
     pub(crate) identity: Identity,
     pub(crate) expiration_in_seconds: u64,
     pub(crate) normalize: bool,
     pub(crate) region: String,
     pub(crate) service: String,
     pub(crate) timestamp: String,
     pub(crate) omit_session_token: bool,
     pub(crate) sign_body: bool,
-+
+}
-+
 // Serde has limitations requiring this odd workaround.
 // See https://github.com/serde-rs/serde/issues/368 for more info.
 fn return_true() -> bool {
     true
-+
+}
-+
 #[derive(serde_derive::Deserialize)]
 pub(crate) struct TestContextBuilder {
     credentials: TestContextCreds,
     expiration_in_seconds: u64,
     normalize: bool,
     region: String,
     service: String,
     timestamp: String,
     #[serde(default)]
     omit_session_token: bool,
     #[serde(default = "return_true")]
     sign_body: bool,
-+
+}
-+
 impl TestContextBuilder {
     pub(crate) fn build(self) -> TestContext {
         let identity = Identity::new(
             Credentials::from_keys(
                 &self.credentials.access_key_id,
                 &self.credentials.secret_access_key,
                 self.credentials.token.clone(),
             ),
             Some(SystemTime::UNIX_EPOCH + Duration::from_secs(self.expiration_in_seconds)),
         );
-+
         TestContext {
             identity,
             expiration_in_seconds: self.expiration_in_seconds,
             normalize: self.normalize,
             region: self.region,
             service: self.service,
             timestamp: self.timestamp,
             omit_session_token: self.omit_session_token,
             sign_body: self.sign_body,
-266
+        }
-267
+    }
-+
+}
-269
     pub(crate) fn test_string_to_sign(name: &str, signature_location: SignatureLocation) -> String {
         match signature_location {
             SignatureLocation::QueryParams => read(&path(name, "query-string-to-sign")),
             SignatureLocation::Headers => read(&path(name, "header-string-to-sign")),
 #[derive(serde_derive::Deserialize)]
 pub(crate) struct TestContextCreds {
     access_key_id: String,
     secret_access_key: String,
     token: Option<String>,
-+
+}
-+
 impl<'a> From<&'a TestContext> for crate::sign::v4::SigningParams<'a, SigningSettings> {
     fn from(tc: &'a TestContext) -> Self {
         crate::sign::v4::SigningParams {
             identity: &tc.identity,
             region: &tc.region,
             name: &tc.service,
             time: OffsetDateTime::parse(&tc.timestamp, &Rfc3339)
                 .unwrap()
                 .into(),
             settings: SigningSettings {
                 // payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
                 expires_in: Some(Duration::from_secs(tc.expiration_in_seconds)),
                 uri_path_normalization_mode: tc.normalize.into(),
                 session_token_mode: if tc.omit_session_token {
                     SessionTokenMode::Exclude
                 } else {
                     SessionTokenMode::Include
                 },
                 payload_checksum_kind: if tc.sign_body {
                     PayloadChecksumKind::XAmzSha256
                 } else {
                     PayloadChecksumKind::NoHeader
                 },
                 ..Default::default()
             },
-302
+        }
-303
+    }
-+
+}
-305
     fn test_parsed_request(path: &str) -> TestRequest {
         match parse_request(read(path).as_bytes()) {
             Ok(parsed) => parsed,
             Err(err) => panic!("Failed to parse {}: {}", path, err),
--
+        }
 #[cfg(feature = "sigv4a")]
 pub(crate) mod v4a {
     use super::*;
     use crate::http_request::{
         sign, PayloadChecksumKind, SessionTokenMode, SignatureLocation, SigningSettings,
     };
     use crate::sign::v4a;
     use p256::ecdsa::signature::{Signature, Verifier};
     use p256::ecdsa::{DerSignature, SigningKey};
     use std::time::Duration;
     use time::format_description::well_known::Rfc3339;
     use time::OffsetDateTime;
-+
     fn new_v4a_signing_params_from_context(
         test_context: &'_ TestContext,
         signature_location: SignatureLocation,
     ) -> crate::http_request::SigningParams<'_> {
         let mut params = crate::sign::v4a::SigningParams::from(test_context);
         params.settings.signature_location = signature_location;
         params.into()
-326
+    }
-327
     pub(crate) fn test_context(test_name: &str) -> TestContext {
         let path = format!("aws-sig-v4a-test-suite/{test_name}/context.json");
         let context = read(&path);
         let tc_builder: TestContextBuilder = serde_json::from_str(&context).unwrap();
         tc_builder.build()
     pub(crate) fn run_test_suite_v4a(test_name: &'static str) {
         run_v4a_test(test_name, SignatureLocation::Headers);
         run_v4a_test(test_name, SignatureLocation::QueryParams);
-331
+    }
-332
     pub(crate) struct TestContext {
         pub(crate) identity: Identity,
         pub(crate) expiration_in_seconds: u64,
         pub(crate) normalize: bool,
         pub(crate) region: String,
         pub(crate) service: String,
         pub(crate) timestamp: String,
         pub(crate) omit_session_token: bool,
         pub(crate) sign_body: bool,
     pub(crate) fn run_v4a_test(test_name: &'static str, signature_location: SignatureLocation) {
         let test = SigningSuiteTest::v4a(test_name);
         let tc = test.context();
         let params = new_v4a_signing_params_from_context(&tc, signature_location);
-+
         let req = test.request();
         let expected_creq = test.canonical_request(signature_location);
         let signable_req = SignableRequest::from(&req);
         let actual_creq = CanonicalRequest::from(&signable_req, &params).unwrap();
-+
         assert_eq!(
             expected_creq,
             actual_creq.to_string(),
             "canonical request didn't match (signature location: {signature_location:?})"
         );
-+
         let expected_string_to_sign = test.string_to_sign(signature_location);
         let hashed_creq = &crate::sign::v4::sha256_hex_string(actual_creq.to_string().as_bytes());
         let actual_string_to_sign = StringToSign::new_v4a(
             *params.time(),
             params.region_set().unwrap(),
             params.name(),
             hashed_creq,
-+
+        )
         .to_string();
-+
         assert_eq!(
             expected_string_to_sign, actual_string_to_sign,
             "'string to sign' didn't match (signature location: {signature_location:?})"
         );
-+
         let out = sign(signable_req, &params).unwrap();
         // Sigv4a signatures are non-deterministic, so we can't compare the signature directly.
         out.output
             .apply_to_request_http0x(&mut req.as_http_request());
-+
         let creds = params.credentials().unwrap();
         let signing_key =
             v4a::generate_signing_key(creds.access_key_id(), creds.secret_access_key());
         let sig = DerSignature::from_bytes(&hex::decode(out.signature).unwrap()).unwrap();
         let sig = sig
             .try_into()
             .expect("DER-style signatures are always convertible into fixed-size signatures");
-+
         let signing_key = SigningKey::from_bytes(signing_key.as_ref()).unwrap();
         let peer_public_key = signing_key.verifying_key();
         let sts = actual_string_to_sign.as_bytes();
         peer_public_key.verify(sts, &sig).unwrap();
         // TODO(sigv4a) - use public.key.json as verifying key?
-382
+    }
-383
     impl<'a> From<&'a TestContext> for crate::sign::v4a::SigningParams<'a, SigningSettings> {
         fn from(tc: &'a TestContext) -> Self {
             crate::sign::v4a::SigningParams {
                 identity: &tc.identity,
                 region_set: &tc.region,
                 name: &tc.service,
                 time: OffsetDateTime::parse(&tc.timestamp, &Rfc3339)
                     .unwrap()
                     .into(),
                 settings: SigningSettings {
                     // payload_checksum_kind: PayloadChecksumKind::XAmzSha256,
                     expires_in: Some(Duration::from_secs(tc.expiration_in_seconds)),
                     uri_path_normalization_mode: tc.normalize.into(),
                     session_token_mode: if tc.omit_session_token {
                         SessionTokenMode::Exclude
                     } else {
                         SessionTokenMode::Include
                     },
                     payload_checksum_kind: if tc.sign_body {
                         PayloadChecksumKind::XAmzSha256
                     } else {
                         PayloadChecksumKind::NoHeader
                     },
                     ..Default::default()
                 },
-409
+            }
-410
+        }
-411
+    }
-412
     // Serde has limitations requiring this odd workaround.
     // See https://github.com/serde-rs/serde/issues/368 for more info.
     fn return_true() -> bool {
         true
--
+    }
--
     #[derive(Deserialize)]
     pub(crate) struct TestContextBuilder {
         credentials: TestContextCreds,
         expiration_in_seconds: u64,
         normalize: bool,
         region: String,
         service: String,
         timestamp: String,
         #[serde(default)]
         omit_session_token: bool,
         #[serde(default = "return_true")]
         sign_body: bool,
--
+    }
--
     impl TestContextBuilder {
         pub(crate) fn build(self) -> TestContext {
             let identity = Identity::new(
                 Credentials::from_keys(
                     &self.credentials.access_key_id,
                     &self.credentials.secret_access_key,
                     self.credentials.token.clone(),
                 ),
                 Some(SystemTime::UNIX_EPOCH + Duration::from_secs(self.expiration_in_seconds)),
             );
--
             TestContext {
                 identity,
                 expiration_in_seconds: self.expiration_in_seconds,
                 normalize: self.normalize,
                 region: self.region,
                 service: self.service,
                 timestamp: self.timestamp,
                 omit_session_token: self.omit_session_token,
                 sign_body: self.sign_body,
--
+            }
--
+        }
--
+    }
--
     #[derive(Deserialize)]
     pub(crate) struct TestContextCreds {
         access_key_id: String,
         secret_access_key: String,
         token: Option<String>,
--
+    }
--
     #[test]
     fn test_parse() {
         let req = test_request("post-header-key-case");
         let req = SigningSuiteTest::v4a("post-header-key-case").request();
         assert_eq!(req.method, "POST");
         assert_eq!(req.uri, "https://example.amazonaws.com/");
         assert!(req.headers.is_empty());
-419
+    }
-420
     #[test]
     fn test_read_query_params() {
         let req = test_request("get-header-value-trim");
         let req = SigningSuiteTest::v4a("get-header-value-trim").request();
         assert_eq!(req.method, "GET");
         assert_eq!(req.uri, "https://example.amazonaws.com/");
         assert!(!req.headers.is_empty());
-427
+    }
-428
+}
-429
 fn read(path: &str) -> String {
     println!("Loading `{}` for test case...", path);
     let v = {
         match std::fs::read_to_string(path) {

↧ Expand context

             // This replacement is necessary for tests to pass on Windows, as reading the
             // test snapshots from the file system results in CRLF line endings being inserted.
             Ok(value) => value.replace("\r\n", "\n"),
             Err(err) => {
                 panic!("failed to load test case `{}`: {}", path, err);
-439
+            }
-440
+        }
     };
-442
     v.trim().to_string()
-444
+}
-445
 pub(crate) struct TestRequest {
     pub(crate) uri: String,
     pub(crate) method: String,
     pub(crate) headers: Vec<(String, String)>,
     pub(crate) body: TestSignedBody,
-451
+}
-452
 pub(crate) enum TestSignedBody {

@@ -290,501 +368,587 @@

↥ Expand context

                         String::from_utf8(v.as_bytes().to_vec()).unwrap(),
-502
+                    )
                 })
                 .collect::<Vec<_>>(),
             body: TestSignedBody::Bytes(value.body().as_ref().to_vec()),
-506
+        }
-507
+    }
-508
+}
-509
 impl<'a> From<&'a TestRequest> for SignableRequest<'a> {
     fn from(request: &'a TestRequest) -> SignableRequest<'a> {
         SignableRequest::new(
             &request.method,
             &request.uri,
             request
                 .headers
                 .iter()
                 .map(|(k, v)| (k.as_str(), v.as_str())),
             request.body.as_signable_body(),
-520
+        )

         .expect("URI MUST be valid")
-522
+    }
-523
+}
-524
 fn parse_request(s: &[u8]) -> Result<TestRequest, Box<dyn StdError + Send + Sync + 'static>> {
     let mut headers = [httparse::EMPTY_HEADER; 64];
     // httparse 1.5 requires two trailing newlines to head the header section.
     let mut with_newline = Vec::from(s);
     with_newline.push(b'\n');
     let mut req = httparse::Request::new(&mut headers);
     let _ = req.parse(&with_newline).unwrap();
     let status = req.parse(&with_newline).unwrap();
-+
     let body = if status.is_complete() {
         let body_offset = status.unwrap();
         // ignore the newline we added, take from original
         &s[body_offset..]
     } else {
         &[]
     };
-540
     let mut uri_builder = Uri::builder().scheme("https");
     if let Some(path) = req.path {
         uri_builder = uri_builder.path_and_query(path);
-544
+    }
-545
     let mut headers = vec![];
     for header in req.headers {
         let name = header.name.to_lowercase();
         if name == "host" {
             uri_builder = uri_builder.authority(header.value);
         } else if !name.is_empty() {
             headers.push((
                 header.name.to_string(),
                 std::str::from_utf8(header.value)?.to_string(),
             ));
-556
+        }
-557
+    }
-558
     Ok(TestRequest {
         uri: uri_builder.build()?.to_string(),
         method: req.method.unwrap().to_string(),
         headers,
         body: TestSignedBody::Bytes(vec![]),
         body: TestSignedBody::Bytes(Vec::from(body)),
     })
-565
+}
-566
 #[test]
 fn test_parse_headers() {
     let buf = b"Host:example.amazonaws.com\nX-Amz-Date:20150830T123600Z\n\nblah blah";
     let mut headers = [httparse::EMPTY_HEADER; 4];
     assert_eq!(
         httparse::parse_headers(buf, &mut headers),
         Ok(httparse::Status::Complete((

↧ Expand context

 ,
             &[
                 httparse::Header {
                     name: "Host",
                     value: b"example.amazonaws.com",
                 },
                 httparse::Header {
                     name: "X-Amz-Date",
                     value: b"20150830T123600Z",
-583
+                }
             ][..]
         )))
     );
-587
+}

 AWS4-ECDSA-P256-SHA256
 20150830T123600Z
 20150830/service/aws4_request
 e4122984d30d13170a298ece62cc30f8da12578fb3b482616b1f11036b13934
 e4122984d30d13170a298ece62cc30f8da12578fb3b482616b1f11036b13934

AWS SDK

Files changed:

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/aws-signing-test-suite/v4a/post-x-www-form-urlencoded/query-signed-request.txt

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/aws-signing-test-suite/v4a/post-x-www-form-urlencoded/query-string-to-sign.txt

Renamed from tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/aws-sig-v4a-test-suite/post-x-www-form-urlencoded/query-string-to-sign.txt

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/aws-signing-test-suite/v4a/post-x-www-form-urlencoded/request.txt

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/src/http_request/canonical_request.rs

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/src/http_request/sign.rs

tmp-codegen-diff/aws-sdk/sdk/aws-sigv4/src/http_request/test.rs

 POST /?X-Amz-Algorithm=AWS4-ECDSA-P256-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-SignedHeaders=content-length%3Bcontent-type%3Bhost&X-Amz-Expires=3600&X-Amz-Region-Set=us-east-1&X-Amz-Signature=30450221008d8a6aa0bc3f651e6c14c52e9e24dbca58964641c9cb6e55169f9dc74766ae3d022016126756ce1523ac972f66f6bf6e981f44572d3c8916f1f43d428fb2caa0e1ea HTTP/1.1
 Content-Type:application/x-www-form-urlencoded
 Host:example.amazonaws.com
 Content-Length:13
-+
 Param1=value1