Merge pull request #718 from aws/staging/e56f82f9-3fb7-4f29-acab-b78f58eae5c4

Pull request: release <- staging/e56f82f9-3fb7-4f29-acab-b78f58eae5c4

Author: aws-sdk-java-automation

.changes/2.10.50.json

@@ -0,0 +1,36 @@
+{
+    "version": "2.10.50",
+    "date": "2020-01-15",
+    "entries": [
+        {
+            "type": "bugfix",
+            "category": "Amazon Transcribe Service",
+            "description": "Fixed an issue where streaming transcriptions would fail with signature validation errors if the date changed during the request."
+        },
+        {
+            "type": "feature",
+            "category": "Amazon Simple Systems Manager (SSM)",
+            "description": "Document updates for Patch Manager 'NoReboot' feature."
+        },
+        {
+            "type": "feature",
+            "category": "Amazon Elastic Compute Cloud",
+            "description": "General Update to EC2 Docs and SDKs"
+        },
+        {
+            "type": "feature",
+            "category": "AWS Organizations",
+            "description": "Updated description for PolicyID parameter and ConstraintViolationException."
+        },
+        {
+            "type": "feature",
+            "category": "AWS SDK for Java v2",
+            "description": "Updated service endpoint metadata."
+        },
+        {
+            "type": "feature",
+            "category": "AWS SecurityHub",
+            "description": "Add support for DescribeStandardsControls and UpdateStandardsControl. These new Security Hub API operations are used to track and manage whether a compliance standards control is enabled."
+        }
+    ]
+}

CHANGELOG.md

@@ -1,3 +1,28 @@
+# __2.10.50__ __2020-01-15__
+## __AWS Organizations__
+  - ### Features
+    - Updated description for PolicyID parameter and ConstraintViolationException.
+
+## __AWS SDK for Java v2__
+  - ### Features
+    - Updated service endpoint metadata.
+
+## __AWS SecurityHub__
+  - ### Features
+    - Add support for DescribeStandardsControls and UpdateStandardsControl. These new Security Hub API operations are used to track and manage whether a compliance standards control is enabled.
+
+## __Amazon Elastic Compute Cloud__
+  - ### Features
+    - General Update to EC2 Docs and SDKs
+
+## __Amazon Simple Systems Manager (SSM)__
+  - ### Features
+    - Document updates for Patch Manager 'NoReboot' feature.
+
+## __Amazon Transcribe Service__
+  - ### Bugfixes
+    - Fixed an issue where streaming transcriptions would fail with signature validation errors if the date changed during the request.
+
 # __2.10.49__ __2020-01-14__
 ## __Amazon Elastic Compute Cloud__
   - ### Features

README.md

@@ -48,7 +48,7 @@ To automatically manage module versions (currently all modules have the same ver
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>bom</artifactId>
-      <version>2.10.49</version>
+      <version>2.10.50</version>
       <type>pom</type>
       <scope>import</scope>
     </dependency>
@@ -82,12 +82,12 @@ Alternatively you can add dependencies for the specific services you use only:
 <dependency>
   <groupId>software.amazon.awssdk</groupId>
   <artifactId>ec2</artifactId>
-  <version>2.10.49</version>
+  <version>2.10.50</version>
 </dependency>
 <dependency>
   <groupId>software.amazon.awssdk</groupId>
   <artifactId>s3</artifactId>
-  <version>2.10.49</version>
+  <version>2.10.50</version>
 </dependency>
 ```
 
@@ -99,7 +99,7 @@ You can import the whole SDK into your project (includes *ALL* services). Please
 <dependency>
   <groupId>software.amazon.awssdk</groupId>
   <artifactId>aws-sdk-java</artifactId>
-  <version>2.10.49</version>
+  <version>2.10.50</version>
 </dependency>
 ```
 

aws-sdk-java/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>aws-sdk-java</artifactId>

bom-internal/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>aws-sdk-java-pom</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bom/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>bom</artifactId>

bundle/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
     <artifactId>bundle</artifactId>
     <packaging>jar</packaging>

codegen-lite-maven-plugin/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>codegen-lite-maven-plugin</artifactId>

codegen-lite/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
     <artifactId>codegen-lite</artifactId>
     <name>AWS Java SDK :: Code Generator Lite</name>

codegen-maven-plugin/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>codegen-maven-plugin</artifactId>

codegen/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
     <artifactId>codegen</artifactId>
     <name>AWS Java SDK :: Code Generator</name>

core/annotations/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

core/arns/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

core/auth/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>core</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
 
     <artifactId>auth</artifactId>

core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/Aws4SignerUtils.java

@@ -46,6 +46,10 @@ public static String formatDateStamp(long timeMilli) {
         return DATE_FORMATTER.format(Instant.ofEpochMilli(timeMilli));
     }
 
+    public static String formatDateStamp(Instant instant) {
+        return DATE_FORMATTER.format(instant);
+    }
+
     /**
      * Returns a string representation of the given date time in
      * yyyyMMdd'T'HHmmss'Z' format. The date returned is in the UTC zone.

core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/BaseEventStreamAsyncAws4Signer.java

@@ -129,14 +129,13 @@ public ByteBuffer apply(ByteBuffer byteBuffer) {
                  */
                 Map<String, HeaderValue> nonSignatureHeaders = new HashMap<>();
                 Instant signingInstant = requestParams.getSigningClock().instant();
-                String signingDate = Aws4SignerUtils.formatTimestamp(signingInstant);
                 nonSignatureHeaders.put(EVENT_STREAM_DATE, HeaderValue.fromTimestamp(signingInstant));
 
                 /**
                  * Calculate rolling signature
                  */
                 byte[] payload = byteBuffer.array();
-                byte[] signatureBytes = signEventStream(priorSignature, key, signingDate, requestParams,
+                byte[] signatureBytes = signEventStream(priorSignature, key, signingInstant, requestParams,
                                                         nonSignatureHeaders, payload);
                 priorSignature = BinaryUtils.toHex(signatureBytes);
 
@@ -162,7 +161,7 @@ public ByteBuffer apply(ByteBuffer byteBuffer) {
      *
      * @param priorSignature signature of previous frame (Header frame is the 0th frame)
      * @param signingKey derived signing key
-     * @param date siging date
+     * @param signingInstant the instant at which this message is being signed
      * @param requestParams request parameters
      * @param nonSignatureHeaders non-signature headers
      * @param payload event stream payload
@@ -171,7 +170,7 @@ public ByteBuffer apply(ByteBuffer byteBuffer) {
     private byte[] signEventStream(
         String priorSignature,
         byte[] signingKey,
-        String date,
+        Instant signingInstant,
         Aws4SignerRequestParams requestParams,
         Map<String, HeaderValue> nonSignatureHeaders,
         byte[] payload) {
@@ -180,9 +179,9 @@ private byte[] signEventStream(
         String stringToSign =
             EVENT_STREAM_PAYLOAD +
             SignerConstant.LINE_SEPARATOR +
-            date +
+            Aws4SignerUtils.formatTimestamp(signingInstant) +
             SignerConstant.LINE_SEPARATOR +
-            requestParams.getScope() +
+            computeScope(signingInstant, requestParams) +
             SignerConstant.LINE_SEPARATOR +
             priorSignature +
             SignerConstant.LINE_SEPARATOR +
@@ -195,6 +194,13 @@ private byte[] signEventStream(
                     SigningAlgorithm.HmacSHA256);
     }
 
+    private String computeScope(Instant signingInstant, Aws4SignerRequestParams requestParams) {
+        return Aws4SignerUtils.formatDateStamp(signingInstant) + "/" +
+               requestParams.getRegionName() + "/" +
+               requestParams.getServiceSigningName() + "/" +
+               SignerConstant.AWS4_TERMINATOR;
+    }
+
     /**
      * Sort headers in alphabetic order, with exception that EVENT_STREAM_SIGNATURE header always at last
      *

core/auth/src/test/java/software/amazon/awssdk/auth/signer/EventStreamAws4SignerTest.java

@@ -0,0 +1,105 @@
+package software.amazon.awssdk.auth.signer;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import io.reactivex.Flowable;
+import java.net.URI;
+import java.nio.ByteBuffer;
+import java.time.Clock;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.ZoneOffset;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Callable;
+import org.junit.Test;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.signer.internal.SignerTestUtils;
+import software.amazon.awssdk.core.async.AsyncRequestBody;
+import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.eventstream.HeaderValue;
+import software.amazon.eventstream.Message;
+import software.amazon.eventstream.MessageDecoder;
+
+public class EventStreamAws4SignerTest {
+    /**
+     * Verify that when an event stream is open from one day to the next, the signature is properly signed for the day of the
+     * event.
+     */
+    @Test
+    public void openStreamEventSignaturesCanRollOverBetweenDays() {
+        EventStreamAws4Signer signer = EventStreamAws4Signer.create();
+
+        Region region = Region.US_WEST_2;
+        AwsCredentials credentials = AwsBasicCredentials.create("a", "s");
+        String signingName = "name";
+        AdjustableClock clock = new AdjustableClock();
+        clock.time = Instant.parse("2020-01-01T23:59:59Z");
+
+        SdkHttpFullRequest initialRequest = SdkHttpFullRequest.builder()
+                                                              .uri(URI.create("http://localhost:8080"))
+                                                              .method(SdkHttpMethod.GET)
+                                                              .build();
+        SdkHttpFullRequest signedRequest = SignerTestUtils.signRequest(signer, initialRequest, credentials, signingName, clock,
+                                                                       region.id());
+
+        ByteBuffer event = new Message(Collections.emptyMap(), "foo".getBytes(UTF_8)).toByteBuffer();
+
+        Callable<ByteBuffer> lastEvent = () -> {
+            clock.time = Instant.parse("2020-01-02T00:00:00Z");
+            return event;
+        };
+
+        AsyncRequestBody requestBody = AsyncRequestBody.fromPublisher(Flowable.concatArray(Flowable.just(event),
+                                                                                           Flowable.fromCallable(lastEvent)));
+
+        AsyncRequestBody signedBody = SignerTestUtils.signAsyncRequest(signer, signedRequest, requestBody, credentials,
+                                                                       signingName, clock, region.id());
+
+        List<Message> signedMessages = readMessages(signedBody);
+        assertThat(signedMessages.size()).isEqualTo(3);
+
+        Map<String, HeaderValue> firstMessageHeaders = signedMessages.get(0).getHeaders();
+        assertThat(firstMessageHeaders.get(":date").getTimestamp()).isEqualTo("2020-01-01T23:59:59Z");
+        assertThat(Base64.getEncoder().encodeToString(firstMessageHeaders.get(":chunk-signature").getByteArray()))
+            .isEqualTo("EFt7ZU043r/TJE8U+1GxJXscmNxoqmIdGtUIl8wE9u0=");
+
+        Map<String, HeaderValue> lastMessageHeaders = signedMessages.get(2).getHeaders();
+        assertThat(lastMessageHeaders.get(":date").getTimestamp()).isEqualTo("2020-01-02T00:00:00Z");
+        assertThat(Base64.getEncoder().encodeToString(lastMessageHeaders.get(":chunk-signature").getByteArray()))
+            .isEqualTo("vgDFcmKOVDUSSzKaBzcj0v9gUSgCK5IwnQ4dMB38NlE=");
+
+    }
+
+    private List<Message> readMessages(AsyncRequestBody signedBody) {
+        MessageDecoder decoder = new MessageDecoder();
+        Flowable.fromPublisher(signedBody).blockingForEach(x -> decoder.feed(x.array()));
+        return decoder.getDecodedMessages();
+    }
+
+    private static class AdjustableClock extends Clock {
+        private Instant time;
+
+        @Override
+        public ZoneId getZone() {
+            return ZoneOffset.UTC;
+        }
+
+        @Override
+        public Clock withZone(ZoneId zone) {
+            throw new UnsupportedOperationException();
+        }
+
+        @Override
+        public Instant instant() {
+            return time;
+        }
+    }
+
+}

core/aws-core/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>core</artifactId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
 
     <artifactId>aws-core</artifactId>

core/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <artifactId>aws-sdk-java-pom</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.10.49</version>
+        <version>2.10.50</version>
     </parent>
 
     <artifactId>core</artifactId>