Throw Crc32MismatchException when response content is absent but x-amz-crc32 is present and is non-zero, instead of silently returning an empty response.

Author: joviegas

core/sdk-core/src/main/java/software/amazon/awssdk/core/http/Crc32Validation.java

@@ -20,6 +20,7 @@
 import java.util.Optional;
 import java.util.zip.GZIPInputStream;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.core.exception.Crc32MismatchException;
 import software.amazon.awssdk.core.internal.util.Crc32ChecksumValidatingInputStream;
 import software.amazon.awssdk.http.AbortableInputStream;
 import software.amazon.awssdk.http.SdkHttpFullResponse;
@@ -37,6 +38,16 @@ public static SdkHttpFullResponse validate(boolean calculateCrc32FromCompressedD
                                                SdkHttpFullResponse httpResponse) {
 
         if (!httpResponse.content().isPresent()) {
+            // CRC32 of zero bytes is 0, so a 0 header is a valid match for an empty body.
+            // A non-zero header with no content means the Crc32 mismatch error.
+            Optional<Long> expectedChecksum = getCrc32Checksum(httpResponse);
+            if (expectedChecksum.isPresent() && expectedChecksum.get() != 0L) {
+                throw Crc32MismatchException.builder()
+                                            .message(String.format("Expected %d as the Crc32 checksum but the response "
+                                                                   + "had no content",
+                                                                   expectedChecksum.get()))
+                                            .build();
+            }
             return httpResponse;
         }
 

core/sdk-core/src/test/java/software/amazon/awssdk/core/http/Crc32ValidationTest.java

@@ -16,6 +16,7 @@
 package software.amazon.awssdk.core.http;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -27,6 +28,7 @@
 import org.junit.runner.RunWith;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.unitils.util.ReflectionUtils;
+import software.amazon.awssdk.core.exception.Crc32MismatchException;
 import software.amazon.awssdk.core.internal.util.Crc32ChecksumValidatingInputStream;
 import software.amazon.awssdk.http.AbortableInputStream;
 import software.amazon.awssdk.http.SdkHttpFullResponse;
@@ -109,18 +111,41 @@ public void adapt_InvalidGzipContent_ThrowsException() throws UnsupportedEncodin
     }
 
     @Test
-    public void adapt_ResponseWithCrc32Header_And_NoContent_DoesNotThrowNPE() throws UnsupportedEncodingException {
+    public void adapt_ResponseWithNonZeroCrc32Header_AndNoContent_ThrowsCrc32Mismatch() {
         SdkHttpFullResponse httpResponse = SdkHttpFullResponse.builder()
                                                               .statusCode(200)
                                                               .putHeader("x-amz-crc32", "1234")
                                                               .build();
 
+        assertThatThrownBy(() -> adapt(httpResponse))
+            .isInstanceOf(Crc32MismatchException.class)
+            .hasMessageContaining("1234")
+            .hasMessageContaining("no content");
+    }
+
+    @Test
+    public void adapt_ResponseWithZeroCrc32Header_AndNoContent_PassesThrough() {
+        SdkHttpFullResponse httpResponse = SdkHttpFullResponse.builder()
+                                                              .statusCode(200)
+                                                              .putHeader("x-amz-crc32", "0")
+                                                              .build();
+
         SdkHttpFullResponse adapted = adapt(httpResponse);
         assertThat(adapted.content().isPresent()).isFalse();
     }
 
     @Test
-    public void adapt_ResponseGzipEncoding_And_NoContent_DoesNotThrowNPE() throws IOException {
+    public void adapt_ResponseWithoutCrc32Header_AndNoContent_PassesThrough() {
+        SdkHttpFullResponse httpResponse = SdkHttpFullResponse.builder()
+                                                              .statusCode(200)
+                                                              .build();
+
+        SdkHttpFullResponse adapted = adapt(httpResponse);
+        assertThat(adapted.content().isPresent()).isFalse();
+    }
+
+    @Test
+    public void adapt_ResponseGzipEncoding_AndNoContent_PassesThrough() throws IOException {
         SdkHttpFullResponse httpResponse = SdkHttpFullResponse.builder()
                                                               .statusCode(200)
                                                               .putHeader("Content-Encoding", "gzip")
@@ -130,6 +155,18 @@ public void adapt_ResponseGzipEncoding_And_NoContent_DoesNotThrowNPE() throws IO
         assertThat(adapted.content().isPresent()).isFalse();
     }
 
+    @Test
+    public void adapt_ResponseGzip_NonZeroCrc32_AndNoContent_ThrowsCrc32Mismatch() {
+        SdkHttpFullResponse httpResponse = SdkHttpFullResponse.builder()
+                                                              .statusCode(200)
+                                                              .putHeader("Content-Encoding", "gzip")
+                                                              .putHeader("x-amz-crc32", "1234")
+                                                              .build();
+
+        assertThatThrownBy(() -> adapt(httpResponse))
+            .isInstanceOf(Crc32MismatchException.class);
+    }
+
     private SdkHttpFullResponse adapt(SdkHttpFullResponse httpResponse) {
         return Crc32Validation.validate(false, httpResponse);
     }

test/protocol-tests/src/test/java/software/amazon/awssdk/protocol/tests/crc32/AwsJsonAsyncCrc32ChecksumTests.java

@@ -166,4 +166,15 @@ public void useGzipFalse_WhenCrc32IsInvalid_ThrowException() throws Exception {
         assertThatThrownBy(() -> jsonRpcAsync.allTypes(AllTypesRequest.builder().build()).get())
             .hasRootCauseInstanceOf(Crc32MismatchException.class);
     }
+
+    @Test
+    public void emptyBody_WhenCrc32HeaderIsNonZero_ThrowsCrc32Mismatch() {
+        stubFor(post(urlEqualTo("/")).willReturn(aResponse()
+                                                     .withStatus(200)
+                                                     .withHeader("x-amz-crc32", JSON_BODY_Crc32_CHECKSUM)
+                                                     .withHeader("Content-Length", "0")));
+
+        assertThatThrownBy(() -> jsonRpcAsync.allTypes(AllTypesRequest.builder().build()).get())
+            .hasRootCauseInstanceOf(Crc32MismatchException.class);
+    }
 }

test/protocol-tests/src/test/java/software/amazon/awssdk/protocol/tests/crc32/AwsJsonCrc32ChecksumTests.java

@@ -29,6 +29,7 @@
 import org.junit.Test;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.core.exception.Crc32MismatchException;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.protocoljsonrpc.ProtocolJsonRpcClient;
@@ -183,4 +184,20 @@ public void useGzipFalse_WhenCrc32IsInvalid_ThrowException() {
 
         jsonRpc.allTypes(AllTypesRequest.builder().build());
     }
+
+    @Test(expected = Crc32MismatchException.class)
+    public void emptyBody_WhenCrc32HeaderIsNonZero_ThrowsCrc32Mismatch() {
+        stubFor(post(urlEqualTo("/")).willReturn(aResponse()
+                                                         .withStatus(200)
+                                                         .withHeader("x-amz-crc32", JSON_BODY_Crc32_CHECKSUM)
+                                                         .withHeader("Content-Length", "0")));
+
+        ProtocolJsonRpcClient jsonRpc = ProtocolJsonRpcClient.builder()
+                .credentialsProvider(FAKE_CREDENTIALS_PROVIDER)
+                .region(Region.US_EAST_1)
+                .endpointOverride(URI.create("http://localhost:" + mockServer.port()))
+                .build();
+
+        jsonRpc.allTypes(AllTypesRequest.builder().build());
+    }
 }

test/protocol-tests/src/test/java/software/amazon/awssdk/protocol/tests/crc32/RestJsonCrc32ChecksumTests.java

@@ -30,6 +30,7 @@
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.core.exception.Crc32MismatchException;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.protocolrestjson.ProtocolRestJsonClient;
@@ -153,4 +154,20 @@ public void useGzipFalse_WhenCrc32IsInvalid_ThrowException() {
 
         client.allTypes(AllTypesRequest.builder().build());
     }
+
+    @Test(expected = Crc32MismatchException.class)
+    public void emptyBody_WhenCrc32HeaderIsNonZero_ThrowsCrc32Mismatch() {
+        stubFor(post(urlEqualTo(RESOURCE_PATH)).willReturn(aResponse()
+                .withStatus(200)
+                .withHeader("x-amz-crc32", JSON_BODY_Crc32_CHECKSUM)
+                .withHeader("Content-Length", "0")));
+
+        ProtocolRestJsonClient client = ProtocolRestJsonClient.builder()
+                .credentialsProvider(FAKE_CREDENTIALS_PROVIDER)
+                .region(Region.US_EAST_1)
+                .endpointOverride(URI.create("http://localhost:" + mockServer.port()))
+                .build();
+
+        client.allTypes(AllTypesRequest.builder().build());
+    }
 }