aws · zoewangg · Oct 27, 2025 · Oct 16, 2025 · Oct 17, 2025 · Oct 21, 2025
@@ -302,14 +302,12 @@
     </Match>
 
     <!-- Retrieves and updates crc value in update() -->
-     <Match>
-         <Or>
-             <Class name="software.amazon.awssdk.checksums.internal.SdkCrc32CChecksum"/>
-             <Class name="software.amazon.awssdk.checksums.internal.SdkCrc32Checksum"/>
-             <Class name="software.amazon.awssdk.core.internal.checksums.factory.SdkCrc32C"/>
-             <Class name="software.amazon.awssdk.core.internal.checksums.factory.SdkCrc32"/>
-         </Or>
-         <Bug pattern="SA_FIELD_SELF_ASSIGNMENT"/>
+    <Match>
+        <Or>
+            <Class name="software.amazon.awssdk.checksums.internal.SdkCrc32CChecksum"/>
+            <Class name="software.amazon.awssdk.checksums.internal.SdkCrc32Checksum"/>
+        </Or>
+        <Bug pattern="SA_FIELD_SELF_ASSIGNMENT"/>
     </Match>
 
     <!-- Suppress existing blocking call. -->

@@ -62,6 +62,11 @@
             <artifactId>auth</artifactId>
             <version>${awsjavasdk.version}</version>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>http-auth-aws</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk.crt</groupId>
             <artifactId>aws-crt</artifactId>

@@ -23,9 +23,9 @@
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
-import software.amazon.awssdk.auth.signer.internal.SignerConstant;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.crt.auth.signing.AwsSigningConfig;
+import software.amazon.awssdk.http.auth.aws.signer.SignerConstant;
 import software.amazon.awssdk.regions.RegionScope;
 
 @SdkInternalApi
@@ -80,7 +80,7 @@ private AwsSigningConfig createPresigningConfig(ExecutionAttributes executionAtt
 
         long expirationInSeconds = expirationTime
             .map(end -> Math.max(0, Duration.between(getSigningClock(executionAttributes).instant(), end).getSeconds()))
-            .orElse(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS);
+            .orElse(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_DURATION.getSeconds());
 
         AwsSigningConfig signingConfig = createDefaultRequestConfig(executionAttributes);
         signingConfig.setExpirationInSeconds(expirationInSeconds);

@@ -15,6 +15,16 @@
 
 package software.amazon.awssdk.authcrt.signer.internal;
 
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.AUTHORIZATION;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.HOST;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_ALGORITHM;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_CONTENT_SHA256;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_CREDENTIAL;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_DATE;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_EXPIRES;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_SIGNATURE;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_SIGNED_HEADERS;
+
 import java.nio.charset.StandardCharsets;
 import java.time.Clock;
 import java.time.Duration;
@@ -42,22 +52,11 @@ public class SigningUtils {
      */
     public static final ExecutionAttribute<Clock> SIGNING_CLOCK = new ExecutionAttribute<>("SigningClock");
 
-    private static final String BODY_HASH_NAME = "x-amz-content-sha256";
-    private static final String DATE_NAME = "X-Amz-Date";
-    private static final String AUTHORIZATION_NAME = "Authorization";
     private static final String REGION_SET_NAME = "X-amz-region-set";
 
-    private static final String SIGNATURE_NAME = "X-Amz-Signature";
-    private static final String CREDENTIAL_NAME = "X-Amz-Credential";
-    private static final String ALGORITHM_NAME = "X-Amz-Algorithm";
-    private static final String SIGNED_HEADERS_NAME = "X-Amz-SignedHeaders";
-    private static final String EXPIRES_NAME = "X-Amz-Expires";
-
     private static final Set<String> FORBIDDEN_HEADERS = buildForbiddenHeaderSet();
     private static final Set<String> FORBIDDEN_PARAMS = buildForbiddenQueryParamSet();
 
-    private static final String HOST_HEADER = "Host";
-
     private SigningUtils() {
     }
 
@@ -125,7 +124,7 @@ public static SdkHttpFullRequest sanitizeSdkRequestForCrtSigning(SdkHttpFullRequ
         String hostHeader = SdkHttpUtils.isUsingStandardPort(request.protocol(), request.port())
                             ? request.host()
                             : request.host() + ":" + request.port();
-        builder.putHeader(HOST_HEADER, hostHeader);
+        builder.putHeader(HOST, hostHeader);
 
         builder.clearQueryParameters();
 
@@ -142,9 +141,9 @@ public static SdkHttpFullRequest sanitizeSdkRequestForCrtSigning(SdkHttpFullRequ
     private static Set<String> buildForbiddenHeaderSet() {
         Set<String> forbiddenHeaders = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
 
-        forbiddenHeaders.add(BODY_HASH_NAME);
-        forbiddenHeaders.add(DATE_NAME);
-        forbiddenHeaders.add(AUTHORIZATION_NAME);
+        forbiddenHeaders.add(X_AMZ_CONTENT_SHA256);
+        forbiddenHeaders.add(X_AMZ_DATE);
+        forbiddenHeaders.add(AUTHORIZATION);
         forbiddenHeaders.add(REGION_SET_NAME);
 
         return forbiddenHeaders;
@@ -153,13 +152,13 @@ private static Set<String> buildForbiddenHeaderSet() {
     private static Set<String> buildForbiddenQueryParamSet() {
         Set<String> forbiddenParams = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
 
-        forbiddenParams.add(SIGNATURE_NAME);
-        forbiddenParams.add(DATE_NAME);
-        forbiddenParams.add(CREDENTIAL_NAME);
-        forbiddenParams.add(ALGORITHM_NAME);
-        forbiddenParams.add(SIGNED_HEADERS_NAME);
+        forbiddenParams.add(X_AMZ_SIGNATURE);
+        forbiddenParams.add(X_AMZ_DATE);
+        forbiddenParams.add(X_AMZ_CREDENTIAL);
+        forbiddenParams.add(X_AMZ_ALGORITHM);
+        forbiddenParams.add(X_AMZ_SIGNED_HEADERS);
         forbiddenParams.add(REGION_SET_NAME);
-        forbiddenParams.add(EXPIRES_NAME);
+        forbiddenParams.add(X_AMZ_EXPIRES);
 
         return forbiddenParams;
     }

@@ -25,11 +25,11 @@
 import org.junit.jupiter.api.Test;
 import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
 import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute;
-import software.amazon.awssdk.auth.signer.internal.SignerConstant;
 import software.amazon.awssdk.authcrt.signer.SignerTestUtils;
 import software.amazon.awssdk.authcrt.signer.SigningTestCase;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.crt.auth.signing.AwsSigningConfig;
+import software.amazon.awssdk.http.auth.aws.signer.SignerConstant;
 
 public class SigningConfigProviderTest {
 
@@ -68,7 +68,7 @@ public void testBasicQuerySigningConfiguration() {
         assertTrue(signingConfig.getService().equals(testCase.signingName));
         assertTrue(signingConfig.getShouldNormalizeUriPath());
         assertTrue(signingConfig.getUseDoubleUriEncode());
-        assertTrue(signingConfig.getExpirationInSeconds() == SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS);
+        assertTrue(signingConfig.getExpirationInSeconds() == SignerConstant.PRESIGN_URL_MAX_EXPIRATION_DURATION.getSeconds());
     }
 
     @Test

@@ -15,7 +15,7 @@
 
 package software.amazon.awssdk.auth.signer;
 
-import static software.amazon.awssdk.auth.signer.internal.SignerConstant.X_AMZ_CONTENT_SHA256;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_CONTENT_SHA256;
 
 import software.amazon.awssdk.annotations.SdkPublicApi;
 import software.amazon.awssdk.auth.signer.internal.BaseAws4Signer;

@@ -46,10 +46,12 @@
 import software.amazon.awssdk.core.signer.Presigner;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpRequest;
+import software.amazon.awssdk.http.auth.aws.signer.SignerConstant;
 import software.amazon.awssdk.utils.BinaryUtils;
 import software.amazon.awssdk.utils.Logger;
 import software.amazon.awssdk.utils.Pair;
 import software.amazon.awssdk.utils.StringUtils;
+import software.amazon.awssdk.utils.cache.FifoCache;
 import software.amazon.awssdk.utils.http.SdkHttpUtils;
 
 /**
@@ -332,7 +334,7 @@ private void addPreSignInformationToRequest(SdkHttpFullRequest.Builder mutableRe
 
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_ALGORITHM, SignerConstant.AWS4_SIGNING_ALGORITHM);
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_DATE, signerParams.getFormattedRequestSigningDateTime());
-        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNED_HEADER, canonicalRequest.signedHeaderString());
+        mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_SIGNED_HEADERS, canonicalRequest.signedHeaderString());
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_EXPIRES, Long.toString(expirationInSeconds));
         mutableRequest.putRawQueryParameter(SignerConstant.X_AMZ_CREDENTIAL, signingCredentials);
     }
@@ -375,9 +377,9 @@ private long getSignatureDurationInSeconds(Aws4SignerRequestParams requestParams
         long expirationInSeconds = signingParams.expirationTime()
                                                 .map(t -> t.getEpochSecond() -
                                                           (requestParams.getRequestSigningDateTimeMilli() / 1000))
-                                                .orElse(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS);
+                                                .orElse(SignerConstant.PRESIGN_URL_MAX_EXPIRATION_DURATION.getSeconds());
 
-        if (expirationInSeconds > SignerConstant.PRESIGN_URL_MAX_EXPIRATION_SECONDS) {
+        if (expirationInSeconds > SignerConstant.PRESIGN_URL_MAX_EXPIRATION_DURATION.getSeconds()) {
             throw SdkClientException.builder()
                                     .message("Requests that are pre-signed by SigV4 algorithm are valid for at most 7" +
                                              " days. The expiration date set on the current request [" +

@@ -16,7 +16,7 @@
 package software.amazon.awssdk.auth.signer.internal;
 
 import static software.amazon.awssdk.auth.signer.internal.Aws4SignerUtils.calculateRequestContentLength;
-import static software.amazon.awssdk.auth.signer.internal.SignerConstant.X_AMZ_CONTENT_SHA256;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_CONTENT_SHA256;
 
 import java.io.InputStream;
 import java.util.Optional;

@@ -19,6 +19,7 @@
 import java.time.Duration;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
+import software.amazon.awssdk.http.auth.aws.signer.SignerConstant;
 import software.amazon.awssdk.regions.Region;
 
 /**

@@ -26,6 +26,7 @@
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.core.signer.AsyncRequestBodySigner;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.http.auth.aws.signer.SignerConstant;
 
 
 @SdkInternalApi

@@ -15,7 +15,7 @@
 
 package software.amazon.awssdk.auth.signer.internal;
 
-import static software.amazon.awssdk.auth.signer.internal.SignerConstant.X_AMZ_CONTENT_SHA256;
+import static software.amazon.awssdk.http.auth.aws.signer.SignerConstant.X_AMZ_CONTENT_SHA256;
 
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
@@ -37,6 +37,7 @@
 import software.amazon.awssdk.core.checksums.SdkChecksum;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.http.auth.aws.signer.SignerConstant;
 import software.amazon.awssdk.utils.BinaryUtils;
 import software.amazon.awssdk.utils.Logger;
 import software.amazon.eventstream.HeaderValue;