aws
diff --git a/‎.changes/2.13.4.json
Lines changed: 36 additions & 0 deletions b/‎.changes/2.13.4.json
Lines changed: 36 additions & 0 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 22 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 22 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 4 additions & 4 deletions b/‎README.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎archetypes/archetype-lambda/pom.xml
Lines changed: 1 addition & 1 deletion b/‎archetypes/archetype-lambda/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎archetypes/pom.xml
Lines changed: 1 addition & 1 deletion b/‎archetypes/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎aws-sdk-java/pom.xml
Lines changed: 1 addition & 1 deletion b/‎aws-sdk-java/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎bom-internal/pom.xml
Lines changed: 1 addition & 1 deletion b/‎bom-internal/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎bom/pom.xml
Lines changed: 1 addition & 1 deletion b/‎bom/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎bundle/pom.xml
Lines changed: 1 addition & 1 deletion b/‎bundle/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎codegen-lite-maven-plugin/pom.xml
Lines changed: 1 addition & 1 deletion b/‎codegen-lite-maven-plugin/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎codegen-lite/pom.xml
Lines changed: 1 addition & 1 deletion b/‎codegen-lite/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎codegen-maven-plugin/pom.xml
Lines changed: 1 addition & 1 deletion b/‎codegen-maven-plugin/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎codegen/pom.xml
Lines changed: 1 addition & 1 deletion b/‎codegen/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎core/annotations/pom.xml
Lines changed: 1 addition & 1 deletion b/‎core/annotations/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎core/arns/pom.xml
Lines changed: 1 addition & 1 deletion b/‎core/arns/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎core/auth/pom.xml
Lines changed: 1 addition & 1 deletion b/‎core/auth/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java
Lines changed: 47 additions & 39 deletions b/‎core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java
Lines changed: 47 additions & 39 deletions
@@ -0,0 +1,36 @@
+{
+    "version": "2.13.4",
+    "date": "2020-04-27",
+    "entries": [
+        {
+            "type": "feature",
+            "category": "AWS Database Migration Service",
+            "description": "Adding minimum replication engine version for describe-endpoint-types api."
+        },
+        {
+            "type": "feature",
+            "category": "AWS SDK for Java v2",
+            "description": "Various performance improvements."
+        },
+        {
+            "type": "feature",
+            "category": "AWS SDK for Java v2",
+            "description": "Updated service endpoint metadata."
+        },
+        {
+            "type": "feature",
+            "category": "Amazon SageMaker Service",
+            "description": "Change to the input, ResourceSpec, changing EnvironmentArn to SageMakerImageArn. This affects the following preview APIs: CreateDomain, DescribeDomain, UpdateDomain, CreateUserProfile, DescribeUserProfile, UpdateUserProfile, CreateApp and DescribeApp."
+        },
+        {
+            "type": "feature",
+            "category": "AWS Data Exchange",
+            "description": "This release introduces AWS Data Exchange support for configurable encryption parameters when exporting data sets to Amazon S3."
+        },
+        {
+            "type": "feature",
+            "category": "Access Analyzer",
+            "description": "This release adds support for inclusion of S3 Access Point policies in IAM Access Analyzer evaluation of S3 bucket access. IAM Access Analyzer now reports findings for buckets shared through access points and identifies the access point that permits access."
+        }
+    ]
+}
@@ -1,3 +1,25 @@
+# __2.13.4__ __2020-04-27__
+## __AWS Data Exchange__
+  - ### Features
+    - This release introduces AWS Data Exchange support for configurable encryption parameters when exporting data sets to Amazon S3.
+
+## __AWS Database Migration Service__
+  - ### Features
+    - Adding minimum replication engine version for describe-endpoint-types api.
+
+## __AWS SDK for Java v2__
+  - ### Features
+    - Updated service endpoint metadata.
+    - Various performance improvements.
+
+## __Access Analyzer__
+  - ### Features
+    - This release adds support for inclusion of S3 Access Point policies in IAM Access Analyzer evaluation of S3 bucket access. IAM Access Analyzer now reports findings for buckets shared through access points and identifies the access point that permits access.
+
+## __Amazon SageMaker Service__
+  - ### Features
+    - Change to the input, ResourceSpec, changing EnvironmentArn to SageMakerImageArn. This affects the following preview APIs: CreateDomain, DescribeDomain, UpdateDomain, CreateUserProfile, DescribeUserProfile, UpdateUserProfile, CreateApp and DescribeApp.
+
 # __2.13.3__ __2020-04-24__
 ## __AWS IoT__
   - ### Features
 
@@ -49,7 +49,7 @@ To automatically manage module versions (currently all modules have the same ver
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>bom</artifactId>
-      <version>2.13.3</version>
+      <version>2.13.4</version>
       <type>pom</type>
       <scope>import</scope>
     </dependency>
@@ -83,12 +83,12 @@ Alternatively you can add dependencies for the specific services you use only:
 <dependency>
   <groupId>software.amazon.awssdk</groupId>
   <artifactId>ec2</artifactId>
-  <version>2.13.3</version>
+  <version>2.13.4</version>
 </dependency>
 <dependency>
   <groupId>software.amazon.awssdk</groupId>
   <artifactId>s3</artifactId>
-  <version>2.13.3</version>
+  <version>2.13.4</version>
 </dependency>
 ```
 
@@ -100,7 +100,7 @@ You can import the whole SDK into your project (includes *ALL* services). Please
 <dependency>
   <groupId>software.amazon.awssdk</groupId>
   <artifactId>aws-sdk-java</artifactId>
-  <version>2.13.3</version>
+  <version>2.13.4</version>
 </dependency>
 ```
 
 
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>archetypes</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>archetype-lambda</artifactId>
 
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>aws-sdk-java-pom</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>archetypes</artifactId>
 
@@ -17,7 +17,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>aws-sdk-java</artifactId>
 
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>aws-sdk-java-pom</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -17,7 +17,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>bom</artifactId>
 
@@ -21,7 +21,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <artifactId>bundle</artifactId>
     <packaging>jar</packaging>
 
@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>codegen-lite-maven-plugin</artifactId>
 
@@ -21,7 +21,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <artifactId>codegen-lite</artifactId>
     <name>AWS Java SDK :: Code Generator Lite</name>
 
@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>codegen-maven-plugin</artifactId>
 
@@ -21,7 +21,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>aws-sdk-java-pom</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <artifactId>codegen</artifactId>
     <name>AWS Java SDK :: Code Generator</name>
 
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>core</artifactId>
         <groupId>software.amazon.awssdk</groupId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -22,7 +22,7 @@
     <parent>
         <groupId>software.amazon.awssdk</groupId>
         <artifactId>core</artifactId>
-        <version>2.13.3</version>
+        <version>2.13.4</version>
     </parent>
 
     <artifactId>auth</artifactId>
 
@@ -24,6 +24,7 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+import java.util.TreeMap;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
@@ -75,7 +76,14 @@ protected SdkHttpFullRequest.Builder doSign(SdkHttpFullRequest request,
                       .filter(h -> h.equals("required"))
                       .ifPresent(h -> mutableRequest.putHeader(SignerConstant.X_AMZ_CONTENT_SHA256, contentSha256));
 
-        String canonicalRequest = createCanonicalRequest(mutableRequest, contentSha256, signingParams.doubleUrlEncode());
+        Map<String, List<String>> canonicalHeaders = canonicalizeSigningHeaders(mutableRequest.headers());
+        String signedHeadersString = getSignedHeadersString(canonicalHeaders);
+
+        String canonicalRequest = createCanonicalRequest(mutableRequest,
+                                                         canonicalHeaders,
+                                                         signedHeadersString,
+                                                         contentSha256,
+                                                         signingParams.doubleUrlEncode());
 
         String stringToSign = createStringToSign(canonicalRequest, requestParams);
 
@@ -84,7 +92,7 @@ protected SdkHttpFullRequest.Builder doSign(SdkHttpFullRequest request,
         byte[] signature = computeSignature(stringToSign, signingKey);
 
         mutableRequest.putHeader(SignerConstant.AUTHORIZATION,
-                                 buildAuthorizationHeader(signature, sanitizedCredentials, requestParams, mutableRequest));
+                                 buildAuthorizationHeader(signature, sanitizedCredentials, requestParams, signedHeadersString));
 
         processRequestPayload(mutableRequest, signature, signingKey, requestParams, signingParams);
 
@@ -110,11 +118,16 @@ protected SdkHttpFullRequest.Builder doPresign(SdkHttpFullRequest request,
         }
 
         // Add the important parameters for v4 signing
-        addPreSignInformationToRequest(mutableRequest, sanitizedCredentials, requestParams, expirationInSeconds);
+        Map<String, List<String>> canonicalizedHeaders = canonicalizeSigningHeaders(mutableRequest.headers());
+        String signedHeadersString = getSignedHeadersString(canonicalizedHeaders);
+
+        addPreSignInformationToRequest(mutableRequest, signedHeadersString, sanitizedCredentials,
+                                       requestParams, expirationInSeconds);
 
         String contentSha256 = calculateContentHashPresign(mutableRequest, signingParams);
 
-        String canonicalRequest = createCanonicalRequest(mutableRequest, contentSha256, signingParams.doubleUrlEncode());
+        String canonicalRequest = createCanonicalRequest(mutableRequest, canonicalizedHeaders, signedHeadersString,
+                                                         contentSha256, signingParams.doubleUrlEncode());
 
         String stringToSign = createStringToSign(canonicalRequest, requestParams);
 
@@ -191,19 +204,20 @@ protected final byte[] deriveSigningKey(AwsCredentials credentials, Instant sign
      * generate the canonical request.
      */
     private String createCanonicalRequest(SdkHttpFullRequest.Builder request,
+                                          Map<String, List<String>> canonicalHeaders,
+                                          String signedHeadersString,
                                           String contentSha256,
                                           boolean doubleUrlEncode) {
-
         String canonicalRequest = request.method().toString() +
                                   SignerConstant.LINE_SEPARATOR +
                                   // This would optionally double url-encode the resource path
                                   getCanonicalizedResourcePath(request.encodedPath(), doubleUrlEncode) +
                                   SignerConstant.LINE_SEPARATOR +
                                   getCanonicalizedQueryString(request.rawQueryParameters()) +
                                   SignerConstant.LINE_SEPARATOR +
-                                  getCanonicalizedHeaderString(request.headers()) +
+                                  getCanonicalizedHeaderString(canonicalHeaders) +
                                   SignerConstant.LINE_SEPARATOR +
-                                  getSignedHeadersString(request.headers()) +
+                                  signedHeadersString +
                                   SignerConstant.LINE_SEPARATOR +
                                   contentSha256;
 
@@ -254,12 +268,11 @@ private byte[] computeSignature(String stringToSign, byte[] signingKey) {
     private String buildAuthorizationHeader(byte[] signature,
                                             AwsCredentials credentials,
                                             Aws4SignerRequestParams signerParams,
-                                            SdkHttpFullRequest.Builder mutableRequest) {
+                                            String signedHeadersString) {
 
         String signingCredentials = credentials.accessKeyId() + "/" + signerParams.getScope();
         String credential = "Credential=" + signingCredentials;
-        String signerHeaders = "SignedHeaders=" +
-                               getSignedHeadersString(mutableRequest.headers());
+        String signerHeaders = "SignedHeaders=" + signedHeadersString;
         String signatureHeader = "Signature=" + BinaryUtils.toHex(signature);
 
         return SignerConstant.AWS4_SIGNING_ALGORITHM + " " + credential + ", " + signerHeaders + ", " + signatureHeader;
@@ -269,6 +282,7 @@ private String buildAuthorizationHeader(byte[] signature,
      * Includes all the signing headers as request parameters for pre-signing.
      */
     private void addPreSignInformationToRequest(SdkHttpFullRequest.Builder mutableRequest,
+                                                String signedHeadersString,
                                                 AwsCredentials sanitizedCredentials,
                                                 Aws4SignerRequestParams signerParams,
                                                 long expirationInSeconds) {
@@ -277,34 +291,39 @@ private void addPreSignInformationToRequest(SdkHttpFullRequest.Builder mutableRe
 
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_ALGORITHM, SignerConstant.AWS4_SIGNING_ALGORITHM);
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_DATE, signerParams.getFormattedRequestSigningDateTime());
-        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNED_HEADER,
-                                            getSignedHeadersString(mutableRequest.headers()));
-        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_EXPIRES,
-                                            Long.toString(expirationInSeconds));
+        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNED_HEADER, signedHeadersString);
+        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_EXPIRES, Long.toString(expirationInSeconds));
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_CREDENTIAL, signingCredentials);
     }
 
+    private Map<String, List<String>> canonicalizeSigningHeaders(Map<String, List<String>> headers) {
+        Map<String, List<String>> result = new TreeMap<>();
 
-    private String getCanonicalizedHeaderString(Map<String, List<String>> headers) {
-        List<String> sortedHeaders = new ArrayList<>(headers.keySet());
-        sortedHeaders.sort(String.CASE_INSENSITIVE_ORDER);
-
-        StringBuilder buffer = new StringBuilder();
-        for (String header : sortedHeaders) {
-            if (shouldExcludeHeaderFromSigning(header)) {
+        for (Map.Entry<String, List<String>> header : headers.entrySet()) {
+            String lowerCaseHeader = lowerCase(header.getKey());
+            if (LIST_OF_HEADERS_TO_IGNORE_IN_LOWER_CASE.contains(lowerCaseHeader)) {
                 continue;
             }
-            String key = lowerCase(header);
 
-            for (String headerValue : headers.get(header)) {
-                appendCompactedString(buffer, key);
+            result.computeIfAbsent(lowerCaseHeader, x -> new ArrayList<>()).addAll(header.getValue());
+        }
+
+        return result;
+    }
+
+    private String getCanonicalizedHeaderString(Map<String, List<String>> canonicalizedHeaders) {
+        StringBuilder buffer = new StringBuilder();
+
+        canonicalizedHeaders.forEach((headerName, headerValues) -> {
+            for (String headerValue : headerValues) {
+                appendCompactedString(buffer, headerName);
                 buffer.append(":");
                 if (headerValue != null) {
                     appendCompactedString(buffer, headerValue);
                 }
                 buffer.append("\n");
             }
-        }
+        });
 
         return buffer.toString();
     }
@@ -350,28 +369,17 @@ private boolean isWhiteSpace(final char ch) {
         return ch == ' ' || ch == '\t' || ch == '\n' || ch == '\u000b' || ch == '\r' || ch == '\f';
     }
 
-    private String getSignedHeadersString(Map<String, List<String>> headers) {
-        List<String> sortedHeaders = new ArrayList<>(headers.keySet());
-        sortedHeaders.sort(String.CASE_INSENSITIVE_ORDER);
-
+    private String getSignedHeadersString(Map<String, List<String>> canonicalizedHeaders) {
         StringBuilder buffer = new StringBuilder();
-        for (String header : sortedHeaders) {
-            if (shouldExcludeHeaderFromSigning(header)) {
-                continue;
-            }
+        for (String header : canonicalizedHeaders.keySet()) {
             if (buffer.length() > 0) {
                 buffer.append(";");
             }
-            buffer.append(lowerCase(header));
+            buffer.append(header);
         }
-
         return buffer.toString();
     }
 
-    private boolean shouldExcludeHeaderFromSigning(String header) {
-        return LIST_OF_HEADERS_TO_IGNORE_IN_LOWER_CASE.contains(lowerCase(header));
-    }
-
     private void addHostHeader(SdkHttpFullRequest.Builder mutableRequest) {
         // AWS4 requires that we sign the Host header so we
         // have to have it in the request by the time we sign.