Fixed issue where specifying a custom presigning time causes a runtime exception.

Author: millems

.changes/next-release/bugfix-AWSSDKforJavav2-c566d54.json

@@ -0,0 +1,5 @@
+{
+    "category": "AWS SDK for Java v2", 
+    "type": "bugfix", 
+    "description": "Fixed issue where specifying a custom presigning time causes a runtime exception."
+}

core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java

@@ -20,7 +20,6 @@
 
 import java.io.InputStream;
 import java.nio.charset.Charset;
-import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -99,7 +98,7 @@ protected SdkHttpFullRequest.Builder doPresign(SdkHttpFullRequest request,
 
         SdkHttpFullRequest.Builder mutableRequest = request.toBuilder();
 
-        long expirationInSeconds = generateExpirationTime(signingParams);
+        long expirationInSeconds = getSignatureDurationInSeconds(requestParams, signingParams);
         addHostHeader(mutableRequest);
 
         AwsCredentials sanitizedCredentials = sanitizeCredentials(signingParams.awsCredentials());
@@ -112,9 +111,7 @@ protected SdkHttpFullRequest.Builder doPresign(SdkHttpFullRequest request,
         }
 
         // Add the important parameters for v4 signing
-        String timeStamp = requestParams.getFormattedRequestSigningDateTime();
-
-        addPreSignInformationToRequest(mutableRequest, sanitizedCredentials, requestParams, timeStamp, expirationInSeconds);
+        addPreSignInformationToRequest(mutableRequest, sanitizedCredentials, requestParams, expirationInSeconds);
 
         String contentSha256 = calculateContentHashPresign(mutableRequest, signingParams);
 
@@ -275,13 +272,12 @@ private String buildAuthorizationHeader(byte[] signature,
     private void addPreSignInformationToRequest(SdkHttpFullRequest.Builder mutableRequest,
                                                 AwsCredentials sanitizedCredentials,
                                                 Aws4SignerRequestParams signerParams,
-                                                String timeStamp,
                                                 long expirationInSeconds) {
 
         String signingCredentials = sanitizedCredentials.accessKeyId() + "/" + signerParams.getScope();
 
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_ALGORITHM, SignerConstant.AWS4_SIGNING_ALGORITHM);
-        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_DATE, timeStamp);
+        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_DATE, signerParams.getFormattedRequestSigningDateTime());
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNED_HEADER,
                                             getSignedHeadersString(mutableRequest.headers()));
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_EXPIRES,
@@ -397,10 +393,13 @@ private void addDateHeader(SdkHttpFullRequest.Builder mutableRequest, String dat
      * Generates an expiration time for the presigned url. If user has specified
      * an expiration time, check if it is in the given limit.
      */
-    private long generateExpirationTime(U signingParams) {
+    private long getSignatureDurationInSeconds(Aws4SignerRequestParams requestParams,
+                                               U signingParams) {
 
-        long expirationInSeconds = signingParams.expirationTime().map(Instant::getEpochSecond)
-                                                 .orElse(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS);
+        long expirationInSeconds = signingParams.expirationTime()
+                                                .map(t -> t.getEpochSecond() -
+                                                          (requestParams.getRequestSigningDateTimeMilli() / 1000))
+                                                .orElse(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS);
 
         if (expirationInSeconds > SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS) {
             throw SdkClientException.builder()