Merge branch 'alexwoo/master/loginCredentialProvider_refresh1' into alexwoo/master/loginCredentialProvider_refresh_dpop

alextwoods · alextwoods · commit 10935ae264e0 · 2025-10-29T11:10:14.000-07:00
diff --git a/services/signin/src/main/java/software/amazon/awssdk/services/signin/auth/LoginCredentialsProvider.java b/services/signin/src/main/java/software/amazon/awssdk/services/signin/auth/LoginCredentialsProvider.java
@@ -138,8 +138,8 @@ private RefreshResult<AwsCredentials> updateSigninCredentials() {
             () -> SdkClientException.create("Invalid token expiration time. You must re-authenticate.")
         );
 
-        if (shouldRefresh(currentExpirationTime, staleTime)
-            && shouldRefresh(currentExpirationTime, prefetchTime)) {
+        if (shouldNotRefresh(currentExpirationTime, staleTime)
+            && shouldNotRefresh(currentExpirationTime, prefetchTime)) {
             log.debug(() -> "Using access token from disk, current expiration time is : " + currentExpirationTime);
             AwsCredentials credentials = tokenFromDisc.getAccessToken()
                 .toBuilder()
@@ -241,9 +241,9 @@ public Builder toBuilder() {
 
     /**
      *
-     * @return true if the token should be refreshed (it is after the given refresh window, eg stale time or prefetch time)
+     * @return true if the token does NOT need to be refreshed - it is after the given refresh window, eg stale/prefetch time.
      */
-    private static boolean shouldRefresh(Instant expiration, Duration refreshWindow) {
+    private static boolean shouldNotRefresh(Instant expiration, Duration refreshWindow) {
         Instant now = Instant.now();
         return expiration.isAfter(now.plus(refreshWindow));
     }
diff --git a/services/signin/src/main/java/software/amazon/awssdk/services/signin/internal/DpopAuthScheme.java b/services/signin/src/main/java/software/amazon/awssdk/services/signin/internal/DpopAuthScheme.java
@@ -48,8 +48,8 @@ private DpopAuthScheme(DpopIdentityProvider identityProvider) {
         this.identityProvider = Validate.paramNotNull(identityProvider, "identityProvider");
     }
 
-    public static DpopAuthScheme create(ECPublicKey ecPublicKey) {
-        return new DpopAuthScheme(DpopIdentityProvider.create(ecPublicKey));
+    public static DpopAuthScheme create(DpopIdentityProvider identityProvider) {
+        return new DpopAuthScheme(identityProvider);
     }
 
     @Override
@@ -110,9 +110,9 @@ public SignedRequest sign(SignRequest<? extends DpopIdentity> request) {
         public CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends DpopIdentity> request) {
             return CompletableFuture.completedFuture(
                 AsyncSignedRequest.builder()
-                                                                       .request(request.request())
-                                                                       .payload(request.payload().orElse(null))
-                                                                       .build());
+                                  .request(request.request())
+                                  .payload(request.payload().orElse(null))
+                                  .build());
         }
     }
 
@@ -123,8 +123,8 @@ private DpopIdentityProvider(DpopIdentity identity) {
             this.identity = Validate.paramNotNull(identity, "identity");
         }
 
-        public static DpopIdentityProvider create(ECPublicKey ecPublicKey) {
-            return new DpopIdentityProvider(DpopIdentity.create(ecPublicKey));
+        public static DpopIdentityProvider create(String dpopKeyPem) {
+            return new DpopIdentityProvider(DpopIdentity.create(dpopKeyPem));
         }
 
         @Override
@@ -147,15 +147,23 @@ public List<AuthSchemeOption> resolveAuthScheme(SigninAuthSchemeParams authSchem
     }
 
     public static class DpopAuthPlugin implements SdkPlugin {
-        private final ECPublicKey ecPublicKey;
+        private final String dpopKeyPem;
 
+        private DpopAuthPlugin(String dpopKeyPem) {
+            this.dpopKeyPem = Validate.paramNotNull(dpopKeyPem, "dpopKeyPem");
+        }
+
+        public static DpopAuthPlugin create(String dpopKeyPem) {
+            return new DpopAuthPlugin(dpopKeyPem);
+        }
 
         @Override
         public void configureClient(SdkServiceClientConfiguration.Builder config) {
             SigninServiceClientConfiguration.Builder scb =
-                Validate.isInstanceOf(SigninServiceClientConfiguration.Builder.class, config, "bad");
+                Validate.isInstanceOf(SigninServiceClientConfiguration.Builder.class, config,
+                                      "DpopAuthPlugin must be applied to a SigninServiceClient");
             scb.authSchemeProvider(new DpopAuthSchemeResolver());
-            scb.putAuthScheme(new DpopAuthScheme());
+            scb.putAuthScheme(DpopAuthScheme.create(DpopIdentityProvider.create(dpopKeyPem)));
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -48,8 +48,8 @@ private DpopAuthScheme(DpopIdentityProvider identityProvider) {`
`48`	`48`	`this.identityProvider = Validate.paramNotNull(identityProvider, "identityProvider");`
`49`	`49`	`}`
`50`	`50`
`51`		`- public static DpopAuthScheme create(ECPublicKey ecPublicKey) {`
`52`		`- return new DpopAuthScheme(DpopIdentityProvider.create(ecPublicKey));`
	`51`	`+ public static DpopAuthScheme create(DpopIdentityProvider identityProvider) {`
	`52`	`+ return new DpopAuthScheme(identityProvider);`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`@Override`
`@@ -110,9 +110,9 @@ public SignedRequest sign(SignRequest<? extends DpopIdentity> request) {`
`110`	`110`	`public CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends DpopIdentity> request) {`
`111`	`111`	`return CompletableFuture.completedFuture(`
`112`	`112`	`AsyncSignedRequest.builder()`
`113`		`- .request(request.request())`
`114`		`- .payload(request.payload().orElse(null))`
`115`		`- .build());`
	`113`	`+ .request(request.request())`
	`114`	`+ .payload(request.payload().orElse(null))`
	`115`	`+ .build());`
`116`	`116`	`}`
`117`	`117`	`}`
`118`	`118`
`@@ -123,8 +123,8 @@ private DpopIdentityProvider(DpopIdentity identity) {`
`123`	`123`	`this.identity = Validate.paramNotNull(identity, "identity");`
`124`	`124`	`}`
`125`	`125`
`126`		`- public static DpopIdentityProvider create(ECPublicKey ecPublicKey) {`
`127`		`- return new DpopIdentityProvider(DpopIdentity.create(ecPublicKey));`
	`126`	`+ public static DpopIdentityProvider create(String dpopKeyPem) {`
	`127`	`+ return new DpopIdentityProvider(DpopIdentity.create(dpopKeyPem));`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`@Override`
`@@ -147,15 +147,23 @@ public List<AuthSchemeOption> resolveAuthScheme(SigninAuthSchemeParams authSchem`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`public static class DpopAuthPlugin implements SdkPlugin {`
`150`		`- private final ECPublicKey ecPublicKey;`
	`150`	`+ private final String dpopKeyPem;`
`151`	`151`
	`152`	`+ private DpopAuthPlugin(String dpopKeyPem) {`
	`153`	`+ this.dpopKeyPem = Validate.paramNotNull(dpopKeyPem, "dpopKeyPem");`
	`154`	`+ }`
	`155`	`+`
	`156`	`+ public static DpopAuthPlugin create(String dpopKeyPem) {`
	`157`	`+ return new DpopAuthPlugin(dpopKeyPem);`
	`158`	`+ }`
`152`	`159`
`153`	`160`	`@Override`
`154`	`161`	`public void configureClient(SdkServiceClientConfiguration.Builder config) {`
`155`	`162`	`SigninServiceClientConfiguration.Builder scb =`
`156`		`- Validate.isInstanceOf(SigninServiceClientConfiguration.Builder.class, config, "bad");`
	`163`	`+ Validate.isInstanceOf(SigninServiceClientConfiguration.Builder.class, config,`
	`164`	`+ "DpopAuthPlugin must be applied to a SigninServiceClient");`
`157`	`165`	`scb.authSchemeProvider(new DpopAuthSchemeResolver());`
`158`		`- scb.putAuthScheme(new DpopAuthScheme());`
	`166`	`+ scb.putAuthScheme(DpopAuthScheme.create(DpopIdentityProvider.create(dpopKeyPem)));`
`159`	`167`	`}`
`160`	`168`	`}`
`161`	`169`	`}`