fix(rt): import signing test suite

aws-runtime/aws-signing/build.gradle.kts

@@ -9,6 +9,8 @@ extra["moduleName"] = "aws.sdk.kotlin.runtime.auth.signing"
 
 val smithyKotlinVersion: String by project
 val kotestVersion: String by project
+val ktorVersion: String by project
+val kotlinxSerializationVersion: String by project
 
 kotlin {
     sourceSets {
@@ -30,6 +32,11 @@ kotlin {
         commonTest {
             dependencies {
                 implementation(project(":aws-runtime:testing"))
+
+                // sigv4 test suite
+                implementation("io.ktor:ktor-utils:$ktorVersion")
+                implementation("io.ktor:ktor-http-cio:$ktorVersion")
+                implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:$kotlinxSerializationVersion")
             }
         }
 

aws-runtime/aws-signing/common/src/aws/sdk/kotlin/runtime/auth/signing/AwsSigV4SigningMiddleware.kt

@@ -18,11 +18,14 @@ import aws.smithy.kotlin.runtime.http.operation.SdkHttpOperation
 import aws.smithy.kotlin.runtime.http.operation.withContext
 import aws.smithy.kotlin.runtime.logging.Logger
 import aws.smithy.kotlin.runtime.util.get
+import kotlin.time.Duration
+import kotlin.time.ExperimentalTime
 
 /**
  * HTTP request pipeline middleware that signs outgoing requests
  */
 @InternalSdkApi
+@OptIn(ExperimentalTime::class)
 public class AwsSigV4SigningMiddleware internal constructor(private val config: Config) : Feature {
 
     public class Config {
@@ -71,6 +74,13 @@ public class AwsSigV4SigningMiddleware internal constructor(private val config:
          * Most services do not require this additional header.
          */
         public var signedBodyHeaderType: AwsSignedBodyHeaderType = AwsSignedBodyHeaderType.NONE
+
+        /**
+         * If non-zero and the signing transform is query param, then signing will add X-Amz-Expires to the query
+         * string, equal to the value specified here.  If this value is zero or if header signing is being used then
+         * this parameter has no effect.
+         */
+        public var expiresAfter: Duration? = null
     }
 
     public companion object Feature : HttpClientFeatureFactory<Config, AwsSigV4SigningMiddleware> {
@@ -132,6 +142,7 @@ public class AwsSigV4SigningMiddleware internal constructor(private val config:
                 omitSessionToken = config.omitSessionToken
                 normalizeUriPath = config.normalizeUriPath
                 useDoubleUriEncode = config.useDoubleUriEncode
+                expiresAfter = config.expiresAfter
 
                 signedBodyHeader = config.signedBodyHeaderType
                 signedBodyValue = when {

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/README.md

@@ -0,0 +1,38 @@
+Where did the files in this directory come from?
+================================================
+
+These test files were taken from the [aws-c-auth test suite](https://github.com/awslabs/aws-c-auth/tree/main/tests/aws-signing-test-suite).
+The original test suite comes from the (now defunct) Signature Version 4 Test Suite documentation
+from the [AWS General Reference](https://docs.aws.amazon.com/general/latest/gr/Welcome.html).
+
+Signature Version 4 Test Suite
+------------------------------
+
+To assist you in the development of an AWS client that supports Signature Version 4, you can use the
+files in the test suite to ensure your code is performing each step of the signing process correctly.
+
+Each test group contains files that you can use to validate each of the tasks described in
+Signature Version 4 Signing Process. The following list describes the contents of each file.
+
+- request.txt - the request to be signed.
+- context.json - signing configuration
+- header-canonical-request.txt - the resulting canonical request
+- header-string-to-sign.txt - the resulting string to sign.
+- header-signature.txt - the signature
+- header-signed-request.txt - the signed request
+
+There may also be `query-*` versions of each which have the same meaning but are used when signing via query instead
+of headers.
+
+The examples in the test suite use the following credential scope by default:
+
+```
+AKIDEXAMPLE/20150830/us-east-1/service/aws4_request
+```
+
+The example secret key used for signing is:
+
+```
+wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY
+```
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/context.json

@@ -0,0 +1,12 @@
+{
+    "credentials": {
+        "access_key_id": "AKIDEXAMPLE",
+        "secret_access_key": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
+    },
+    "expiration_in_seconds": 3600,
+    "normalize": true,
+    "region": "us-east-1",
+    "service": "service",
+    "sign_body": false,
+    "timestamp": "2015-08-30T12:36:00Z"
+}

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/header-canonical-request.txt

@@ -0,0 +1,9 @@
+GET
+/
+
+host:example.amazonaws.com
+my-header1:value2,value2,value1
+x-amz-date:20150830T123600Z
+
+host;my-header1;x-amz-date
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/header-signature.txt

@@ -0,0 +1 @@
+c9d5ea9f3f72853aea855b47ea873832890dbdd183b4468f858259531a5138ea

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/header-signed-request.txt

@@ -0,0 +1,8 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value2
+My-Header1:value2
+My-Header1:value1
+X-Amz-Date:20150830T123600Z
+Authorization:AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=c9d5ea9f3f72853aea855b47ea873832890dbdd183b4468f858259531a5138ea
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/header-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+dc7f04a3abfde8d472b0ab1a418b741b7c67174dad1551b4117b15527fbe966c

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/query-canonical-request.txt

@@ -0,0 +1,8 @@
+GET
+/
+X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host%3Bmy-header1
+host:example.amazonaws.com
+my-header1:value2,value2,value1
+
+host;my-header1
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/query-signature.txt

@@ -0,0 +1 @@
+3349ee0b81b4b589da0ff28a395c3591e04de515651dd74f298fa992d1507a97

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/query-signed-request.txt

@@ -0,0 +1,6 @@
+GET /?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-SignedHeaders=host%3Bmy-header1&X-Amz-Expires=3600&X-Amz-Signature=3349ee0b81b4b589da0ff28a395c3591e04de515651dd74f298fa992d1507a97 HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value2
+My-Header1:value2
+My-Header1:value1
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/query-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+fe8b58fb44117d598520befc07c144a5699c661a8db78f9ce4caee1655dec813

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-key-duplicate/request.txt

@@ -0,0 +1,5 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value2
+My-Header1:value2
+My-Header1:value1

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/context.json

@@ -0,0 +1,12 @@
+{
+    "credentials": {
+        "access_key_id": "AKIDEXAMPLE",
+        "secret_access_key": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
+    },
+    "expiration_in_seconds": 3600,
+    "normalize": true,
+    "region": "us-east-1",
+    "service": "service",
+    "sign_body": false,
+    "timestamp": "2015-08-30T12:36:00Z"
+}

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/header-canonical-request.txt

@@ -0,0 +1,9 @@
+GET
+/
+
+host:example.amazonaws.com
+my-header1:value1 value2 value3
+x-amz-date:20150830T123600Z
+
+host;my-header1;x-amz-date
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/header-signature.txt

@@ -0,0 +1 @@
+cfd34249e4b1c8d6b91ef74165d41a32e5fab3306300901bb65a51a73575eefd

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/header-signed-request.txt

@@ -0,0 +1,8 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value1
+  value2
+     value3
+X-Amz-Date:20150830T123600Z
+Authorization:AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=cfd34249e4b1c8d6b91ef74165d41a32e5fab3306300901bb65a51a73575eefd
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/header-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+e99419459a677bc11de234014be3c4e72c1ea5b454ceb58b613061f5d7a162e8

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/query-canonical-request.txt

@@ -0,0 +1,8 @@
+GET
+/
+X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host%3Bmy-header1
+host:example.amazonaws.com
+my-header1:value1 value2 value3
+
+host;my-header1
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/query-signature.txt

@@ -0,0 +1 @@
+e6f5def831211aca02987a44b96826706278c7bc078112ae0263659c5b2f2d56

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/query-signed-request.txt

@@ -0,0 +1,6 @@
+GET /?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-SignedHeaders=host%3Bmy-header1&X-Amz-Expires=3600&X-Amz-Signature=e6f5def831211aca02987a44b96826706278c7bc078112ae0263659c5b2f2d56 HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value1
+  value2
+     value3
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/query-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+0e73c10e35324b4d215da4bb70be61d13a3d30d569be4ed6e8fd8948965341ca

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-multiline/request.txt

@@ -0,0 +1,5 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value1
+  value2
+     value3

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/context.json

@@ -0,0 +1,12 @@
+{
+    "credentials": {
+        "access_key_id": "AKIDEXAMPLE",
+        "secret_access_key": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
+    },
+    "expiration_in_seconds": 3600,
+    "normalize": true,
+    "region": "us-east-1",
+    "service": "service",
+    "sign_body": false,
+    "timestamp": "2015-08-30T12:36:00Z"
+}

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/header-canonical-request.txt

@@ -0,0 +1,9 @@
+GET
+/
+
+host:example.amazonaws.com
+my-header1:value4,value1,value3,value2
+x-amz-date:20150830T123600Z
+
+host;my-header1;x-amz-date
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/header-signature.txt

@@ -0,0 +1 @@
+08c7e5a9acfcfeb3ab6b2185e75ce8b1deb5e634ec47601a50643f830c755c01

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/header-signed-request.txt

@@ -0,0 +1,9 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value4
+My-Header1:value1
+My-Header1:value3
+My-Header1:value2
+X-Amz-Date:20150830T123600Z
+Authorization:AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;x-amz-date, Signature=08c7e5a9acfcfeb3ab6b2185e75ce8b1deb5e634ec47601a50643f830c755c01
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/header-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+31ce73cd3f3d9f66977ad3dd957dc47af14df92fcd8509f59b349e9137c58b86

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/query-canonical-request.txt

@@ -0,0 +1,8 @@
+GET
+/
+X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host%3Bmy-header1
+host:example.amazonaws.com
+my-header1:value4,value1,value3,value2
+
+host;my-header1
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/query-signature.txt

@@ -0,0 +1 @@
+313720e71ca6202fdcfa9b20f88de01a4eb0638a83c833b1c184359a4eda864e

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/query-signed-request.txt

@@ -0,0 +1,7 @@
+GET /?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-SignedHeaders=host%3Bmy-header1&X-Amz-Expires=3600&X-Amz-Signature=313720e71ca6202fdcfa9b20f88de01a4eb0638a83c833b1c184359a4eda864e HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value4
+My-Header1:value1
+My-Header1:value3
+My-Header1:value2
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/query-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+f4d3f13084ba7664111670ce26458291d3e0c620acd9384f8cd6b60d8e83423e

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-order/request.txt

@@ -0,0 +1,6 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1:value4
+My-Header1:value1
+My-Header1:value3
+My-Header1:value2

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/context.json

@@ -0,0 +1,12 @@
+{
+    "credentials": {
+        "access_key_id": "AKIDEXAMPLE",
+        "secret_access_key": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
+    },
+    "expiration_in_seconds": 3600,
+    "normalize": true,
+    "region": "us-east-1",
+    "service": "service",
+    "sign_body": false,
+    "timestamp": "2015-08-30T12:36:00Z"
+}

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/header-canonical-request.txt

@@ -0,0 +1,10 @@
+GET
+/
+
+host:example.amazonaws.com
+my-header1:value1
+my-header2:"a b c"
+x-amz-date:20150830T123600Z
+
+host;my-header1;my-header2;x-amz-date
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/header-signature.txt

@@ -0,0 +1 @@
+acc3ed3afb60bb290fc8d2dd0098b9911fcaa05412b367055dee359757a9c736

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/header-signed-request.txt

@@ -0,0 +1,7 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1: value1
+My-Header2: "a   b   c"
+X-Amz-Date:20150830T123600Z
+Authorization:AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/service/aws4_request, SignedHeaders=host;my-header1;my-header2;x-amz-date, Signature=acc3ed3afb60bb290fc8d2dd0098b9911fcaa05412b367055dee359757a9c736
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/header-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+a726db9b0df21c14f559d0a978e563112acb1b9e05476f0a6a1c7d68f28605c7

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/query-canonical-request.txt

@@ -0,0 +1,9 @@
+GET
+/
+X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host%3Bmy-header1%3Bmy-header2
+host:example.amazonaws.com
+my-header1:value1
+my-header2:"a b c"
+
+host;my-header1;my-header2
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/query-signature.txt

@@ -0,0 +1 @@
+e7bb0fd515e125e1aec2ecc4c0c17484fb06f6846b927c35e46005dd3df3acd4

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/query-signed-request.txt

@@ -0,0 +1,5 @@
+GET /?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fservice%2Faws4_request&X-Amz-Date=20150830T123600Z&X-Amz-SignedHeaders=host%3Bmy-header1%3Bmy-header2&X-Amz-Expires=3600&X-Amz-Signature=e7bb0fd515e125e1aec2ecc4c0c17484fb06f6846b927c35e46005dd3df3acd4 HTTP/1.1
+Host:example.amazonaws.com
+My-Header1: value1
+My-Header2: "a   b   c"
+

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/query-string-to-sign.txt

@@ -0,0 +1,4 @@
+AWS4-HMAC-SHA256
+20150830T123600Z
+20150830/us-east-1/service/aws4_request
+84c9e353b6161b689210977f93b93e6a7182f9ecb2ceae8af8c3d86b080a88ae

aws-runtime/aws-signing/common/test-resources/aws-signing-test-suite/v4/get-header-value-trim/request.txt

@@ -0,0 +1,4 @@
+GET / HTTP/1.1
+Host:example.amazonaws.com
+My-Header1: value1
+My-Header2: "a   b   c"