Merge pull request #44 from bdonlan/new-ctors-ua

SalusaSecondus · web-flow · commit 26bd3cb07727 · 2018-03-20T11:09:45.000-07:00
Restore logic to set UA suffixes
diff --git a/src/main/java/com/amazonaws/encryptionsdk/kms/KmsMasterKey.java b/src/main/java/com/amazonaws/encryptionsdk/kms/KmsMasterKey.java
@@ -23,6 +23,7 @@
 import java.util.Map;
 
 import com.amazonaws.AmazonServiceException;
+import com.amazonaws.AmazonWebServiceRequest;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
 import com.amazonaws.encryptionsdk.AwsCrypto;
@@ -33,6 +34,7 @@
 import com.amazonaws.encryptionsdk.MasterKeyProvider;
 import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
 import com.amazonaws.encryptionsdk.exception.UnsupportedProviderException;
+import com.amazonaws.encryptionsdk.internal.VersionInfo;
 import com.amazonaws.services.kms.AWSKMS;
 import com.amazonaws.services.kms.model.DecryptRequest;
 import com.amazonaws.services.kms.model.DecryptResult;
@@ -51,6 +53,12 @@ public final class KmsMasterKey extends MasterKey<KmsMasterKey> implements KmsMe
     private final String id_;
     private final List<String> grantTokens_ = new ArrayList<>();
 
+    private <T extends AmazonWebServiceRequest> T updateUserAgent(T request) {
+        request.getRequestClientOptions().appendUserAgent(VersionInfo.USER_AGENT);
+
+        return request;
+    }
+
     /**
      *
      * @deprecated Use a {@link KmsMasterKeyProvider} to obtain {@link KmsMasterKey}s.
@@ -93,13 +101,13 @@ public String getKeyId() {
     @Override
     public DataKey<KmsMasterKey> generateDataKey(final CryptoAlgorithm algorithm,
             final Map<String, String> encryptionContext) {
-        final GenerateDataKeyResult gdkResult = kms_.generateDataKey(
+        final GenerateDataKeyResult gdkResult = kms_.generateDataKey(updateUserAgent(
                 new GenerateDataKeyRequest()
                         .withKeyId(getKeyId())
                         .withNumberOfBytes(algorithm.getDataKeyLength())
                         .withEncryptionContext(encryptionContext)
                         .withGrantTokens(grantTokens_)
-                );
+        ));
         final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
         gdkResult.getPlaintext().get(rawKey);
         if (gdkResult.getPlaintext().remaining() > 0) {
@@ -137,12 +145,12 @@ public DataKey<KmsMasterKey> encryptDataKey(final CryptoAlgorithm algorithm,
             throw new IllegalArgumentException("Only RAW encoded keys are supported");
         }
         try {
-            final EncryptResult encryptResult = kms_.encrypt(
+            final EncryptResult encryptResult = kms_.encrypt(updateUserAgent(
                     new EncryptRequest()
                             .withKeyId(id_)
                             .withPlaintext(ByteBuffer.wrap(key.getEncoded()))
                             .withEncryptionContext(encryptionContext)
-                            .withGrantTokens(grantTokens_));
+                            .withGrantTokens(grantTokens_)));
             final byte[] edk = new byte[encryptResult.getCiphertextBlob().remaining()];
             encryptResult.getCiphertextBlob().get(edk);
             return new DataKey<>(dataKey.getKey(), edk, encryptResult.getKeyId().getBytes(StandardCharsets.UTF_8), this);
@@ -159,11 +167,11 @@ public DataKey<KmsMasterKey> decryptDataKey(final CryptoAlgorithm algorithm,
         final List<Exception> exceptions = new ArrayList<>();
         for (final EncryptedDataKey edk : encryptedDataKeys) {
             try {
-                final DecryptResult decryptResult = kms_.decrypt(
+                final DecryptResult decryptResult = kms_.decrypt(updateUserAgent(
                         new DecryptRequest()
                                 .withCiphertextBlob(ByteBuffer.wrap(edk.getEncryptedDataKey()))
                                 .withEncryptionContext(encryptionContext)
-                                .withGrantTokens(grantTokens_));
+                                .withGrantTokens(grantTokens_)));
                 if (decryptResult.getKeyId().equals(id_)) {
                     final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
                     decryptResult.getPlaintext().get(rawKey);
diff --git a/src/test/java/com/amazonaws/services/kms/KMSProviderBuilderIntegrationTests.java b/src/test/java/com/amazonaws/services/kms/KMSProviderBuilderIntegrationTests.java
@@ -13,9 +13,12 @@
 import java.util.Arrays;
 
 import org.junit.Test;
+import org.mockito.ArgumentCaptor;
 
 import com.amazonaws.AbortedException;
+import com.amazonaws.AmazonWebServiceRequest;
 import com.amazonaws.ClientConfiguration;
+import com.amazonaws.Request;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
 import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
@@ -24,6 +27,7 @@
 import com.amazonaws.encryptionsdk.CryptoResult;
 import com.amazonaws.encryptionsdk.MasterKeyProvider;
 import com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException;
+import com.amazonaws.encryptionsdk.internal.VersionInfo;
 import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider;
 import com.amazonaws.handlers.RequestHandler2;
 import com.amazonaws.http.exception.HttpRequestTimeoutException;
@@ -197,6 +201,34 @@ public void whenBogusEndpointIsSet_constructionFails() throws Exception {
                             );
     }
 
+    @Test
+    public void whenUserAgentsOverridden_originalUAsPreserved() throws Exception {
+        RequestHandler2 handler = spy(new RequestHandler2() {});
+
+        KmsMasterKeyProvider mkp = KmsMasterKeyProvider.builder()
+                                                       .withClientBuilder(
+                                                               AWSKMSClientBuilder.standard().withRequestHandlers(handler)
+                                                               .withClientConfiguration(
+                                                                       new ClientConfiguration()
+                                                                           .withUserAgentPrefix("TEST-UA-PREFIX")
+                                                                           .withUserAgentSuffix("TEST-UA-SUFFIX")
+                                                               )
+                                                       )
+                                                       .withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[0])
+                                                       .clone().build();
+
+        new AwsCrypto().encryptData(mkp, new byte[0]);
+
+        ArgumentCaptor<Request> captor = ArgumentCaptor.forClass(Request.class);
+        verify(handler, atLeastOnce()).beforeRequest(captor.capture());
+
+        String ua = (String)captor.getValue().getHeaders().get("User-Agent");
+
+        assertTrue(ua.contains("TEST-UA-PREFIX"));
+        assertTrue(ua.contains("TEST-UA-SUFFIX"));
+        assertTrue(ua.contains(VersionInfo.USER_AGENT));
+    }
+
     @Test
     public void whenDefaultRegionSet_itIsUsedForBareKeyIds() throws Exception {
         // TODO: Need to set up a role to assume as bare key IDs are relative to the caller account
diff --git a/src/test/java/com/amazonaws/services/kms/KMSProviderBuilderMockTests.java b/src/test/java/com/amazonaws/services/kms/KMSProviderBuilderMockTests.java
@@ -23,8 +23,11 @@
 import org.junit.Test;
 import org.mockito.ArgumentCaptor;
 
+import com.amazonaws.AmazonWebServiceRequest;
+import com.amazonaws.RequestClientOptions;
 import com.amazonaws.encryptionsdk.AwsCrypto;
 import com.amazonaws.encryptionsdk.MasterKeyProvider;
+import com.amazonaws.encryptionsdk.internal.VersionInfo;
 import com.amazonaws.encryptionsdk.kms.KmsMasterKey;
 import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider;
 import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider.RegionalClientSupplier;
@@ -157,4 +160,37 @@ public void testLegacyGrantTokenPassthrough() throws Exception {
         assertFalse(grantTokens.contains("x"));
         assertFalse(grantTokens.contains("z"));
     }
+
+    @Test
+    public void testUserAgentPassthrough() throws Exception {
+        MockKMSClient client = spy(new MockKMSClient());
+
+        String key1 = client.createKey().getKeyMetadata().getArn();
+        String key2 = client.createKey().getKeyMetadata().getArn();
+
+        KmsMasterKeyProvider mkp = KmsMasterKeyProvider.builder()
+                                                       .withKeysForEncryption(key1, key2)
+                                                       .withCustomClientFactory(ignored -> client)
+                                                       .build();
+
+        new AwsCrypto().decryptData(mkp, new AwsCrypto().encryptData(mkp, new byte[0]).getResult());
+
+        ArgumentCaptor<GenerateDataKeyRequest> gdkr = ArgumentCaptor.forClass(GenerateDataKeyRequest.class);
+        verify(client, times(1)).generateDataKey(gdkr.capture());
+        assertTrue(getUA(gdkr.getValue()).contains(VersionInfo.USER_AGENT));
+
+        ArgumentCaptor<EncryptRequest> encr = ArgumentCaptor.forClass(EncryptRequest.class);
+        verify(client, times(1)).encrypt(encr.capture());
+        assertTrue(getUA(encr.getValue()).contains(VersionInfo.USER_AGENT));
+
+        ArgumentCaptor<DecryptRequest> decr = ArgumentCaptor.forClass(DecryptRequest.class);
+        verify(client, times(1)).decrypt(decr.capture());
+        assertTrue(getUA(decr.getValue()).contains(VersionInfo.USER_AGENT));
+    }
+
+    private String getUA(AmazonWebServiceRequest request) {
+        // Note: This test may break in future versions of the AWS SDK, as Marker is documented as being for internal
+        // use only.
+        return request.getRequestClientOptions().getClientMarker(RequestClientOptions.Marker.USER_AGENT);
+    }
 }
diff --git a/src/test/java/com/amazonaws/services/kms/LegacyKMSMasterKeyProviderTests.java b/src/test/java/com/amazonaws/services/kms/LegacyKMSMasterKeyProviderTests.java
@@ -56,10 +56,10 @@ public void testExplicitCredentials() throws Exception {
             }
         };
 
-        MasterKeyProvider<KmsMasterKey> mkp = new KmsMasterKeyProvider(creds, "arn:aws:kms:us-east-1:012345678901);key/foo-bar");
+        MasterKeyProvider<KmsMasterKey> mkp = new KmsMasterKeyProvider(creds, "arn:aws:kms:us-east-1:012345678901:key/foo-bar");
         assertExplicitCredentialsUsed(mkp);
 
-        mkp = new KmsMasterKeyProvider(new AWSStaticCredentialsProvider(creds), "arn:aws:kms:us-east-1:012345678901);key/foo-bar");
+        mkp = new KmsMasterKeyProvider(new AWSStaticCredentialsProvider(creds), "arn:aws:kms:us-east-1:012345678901:key/foo-bar");
         assertExplicitCredentialsUsed(mkp);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -56,10 +56,10 @@ public void testExplicitCredentials() throws Exception {`
`56`	`56`	`}`
`57`	`57`	`};`
`58`	`58`
`59`		`- MasterKeyProvider<KmsMasterKey> mkp = new KmsMasterKeyProvider(creds, "arn:aws:kms:us-east-1:012345678901);key/foo-bar");`
	`59`	`+ MasterKeyProvider<KmsMasterKey> mkp = new KmsMasterKeyProvider(creds, "arn:aws:kms:us-east-1:012345678901:key/foo-bar");`
`60`	`60`	`assertExplicitCredentialsUsed(mkp);`
`61`	`61`
`62`		`- mkp = new KmsMasterKeyProvider(new AWSStaticCredentialsProvider(creds), "arn:aws:kms:us-east-1:012345678901);key/foo-bar");`
	`62`	`+ mkp = new KmsMasterKeyProvider(new AWSStaticCredentialsProvider(creds), "arn:aws:kms:us-east-1:012345678901:key/foo-bar");`
`63`	`63`	`assertExplicitCredentialsUsed(mkp);`
`64`	`64`	`}`
`65`	`65`