switch to unsigned payload as func

aws · Sep 25, 2024 · 8859372 · 8859372
1 parent 1481751
commit 8859372
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 11 deletions.
diff --git a/aws-http-auth/internal/v4/signer.go b/aws-http-auth/internal/v4/signer.go
@@ -91,7 +91,7 @@ func (s *Signer) resolvePayloadHash() error {
 
 	rs, ok := s.Request.Body.(io.ReadSeeker)
 	if !ok || s.Options.DisableImplicitPayloadHashing {
-		s.PayloadHash = []byte(v4.UnsignedPayload)
+		s.PayloadHash = v4.UnsignedPayload()
 		return nil
 	}
 

diff --git a/aws-http-auth/internal/v4/signer_test.go b/aws-http-auth/internal/v4/signer_test.go
@@ -153,7 +153,7 @@ func TestBuildCanonicalRequest_SortQuery(t *testing.T) {
 	req.Header.Set("Host", "service.region.amazonaws.com")
 	s := &Signer{
 		Request:     req,
-		PayloadHash: []byte(v4.UnsignedPayload),
+		PayloadHash: v4.UnsignedPayload(),
 		Options: v4.SignerOptions{
 			HeaderRules: defaultHeaderRules{},
 		},
@@ -186,7 +186,7 @@ func TestBuildCanonicalRequest_EmptyQuery(t *testing.T) {
 	req.Header.Set("Host", "service.region.amazonaws.com")
 	s := &Signer{
 		Request:     req,
-		PayloadHash: []byte(v4.UnsignedPayload),
+		PayloadHash: v4.UnsignedPayload(),
 		Options: v4.SignerOptions{
 			HeaderRules: defaultHeaderRules{},
 		},

diff --git a/aws-http-auth/sigv4/sigv4_test.go b/aws-http-auth/sigv4/sigv4_test.go
@@ -116,7 +116,7 @@ func TestSignRequest(t *testing.T) {
 		"explicit unsigned payload": {
 			Input: &SignRequestInput{
 				Request:     newRequest(seekable("{}")),
-				PayloadHash: []byte(v4.UnsignedPayload),
+				PayloadHash: v4.UnsignedPayload(),
 				Credentials: credsSession,
 				Service:     "dynamodb",
 				Region:      "us-east-1",

diff --git a/aws-http-auth/sigv4a/e2e_test.go b/aws-http-auth/sigv4a/e2e_test.go
@@ -150,7 +150,7 @@ func signV4(signer *sigv4.Signer, creds credentials.Credentials, region string)
 func signV4A(signer *Signer, creds credentials.Credentials, isUnsignedPayload bool) func(*http.Request) error {
 	var payloadHash []byte
 	if isUnsignedPayload {
-		payloadHash = []byte(v4.UnsignedPayload)
+		payloadHash = v4.UnsignedPayload()
 	}
 	return func(r *http.Request) error {
 		err := signer.SignRequest(&SignRequestInput{

diff --git a/aws-http-auth/sigv4a/sigv4a_test.go b/aws-http-auth/sigv4a/sigv4a_test.go
@@ -184,7 +184,7 @@ func TestSignRequest(t *testing.T) {
 		"explicit unsigned payload": {
 			Input: &SignRequestInput{
 				Request:     newRequest(seekable("{}")),
-				PayloadHash: []byte(v4.UnsignedPayload),
+				PayloadHash: v4.UnsignedPayload(),
 				Credentials: credsSession,
 				Service:     "dynamodb",
 				RegionSet:   []string{"us-east-1"},
@@ -395,7 +395,7 @@ func TestSignRequest_SignStringError(t *testing.T) {
 
 	err := s.SignRequest(&SignRequestInput{
 		Request:     newRequest(http.NoBody),
-		PayloadHash: []byte(v4.UnsignedPayload),
+		PayloadHash: v4.UnsignedPayload(),
 	})
 	if err == nil {
 		t.Fatal("expect error but didn't get one")

diff --git a/aws-http-auth/v4/v4.go b/aws-http-auth/v4/v4.go
@@ -1,10 +1,6 @@
 // Package v4 exposes common APIs for AWS Signature Version 4.
 package v4
 
-// UnsignedPayload is a sentinel value for a payload hash to indicate that a
-// request's payload is unsigned.
-const UnsignedPayload = "UNSIGNED-PAYLOAD"
-
 // SignerOption applies configuration to a signer.
 type SignerOption func(*SignerOptions)
 
@@ -40,3 +36,9 @@ type SignerOptions struct {
 type SignedHeaderRules interface {
 	IsSigned(string) bool
 }
+
+// UnsignedPayload provides the sentinel value for a payload hash to indicate
+// that a request's payload is unsigned.
+func UnsignedPayload() []byte {
+	return []byte("UNSIGNED-PAYLOAD")
+}