add md5 logic and logs

Author: jeromevdl

powertools-large-messages/pom.xml

@@ -54,6 +54,14 @@
             <groupId>software.amazon.payloadoffloading</groupId>
             <artifactId>payloadoffloading-common</artifactId>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>sdk-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>utils</artifactId>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>s3</artifactId>

powertools-large-messages/src/main/java/software/amazon/lambda/powertools/largemessages/LargeMessageConfig.java

@@ -1,14 +1,11 @@
 package software.amazon.lambda.powertools.largemessages;
 
-import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
 import software.amazon.awssdk.http.urlconnection.UrlConnectionHttpClient;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.S3ClientBuilder;
 
-import static software.amazon.lambda.powertools.core.internal.LambdaConstants.AWS_LAMBDA_INITIALIZATION_TYPE;
 import static software.amazon.lambda.powertools.core.internal.LambdaConstants.AWS_REGION_ENV;
-import static software.amazon.lambda.powertools.core.internal.LambdaConstants.ON_DEMAND;
 
 /**
  * Singleton instance for Large Message Config.
@@ -55,14 +52,6 @@ public S3Client getS3Client() {
             S3ClientBuilder s3ClientBuilder = S3Client.builder()
                     .httpClient(UrlConnectionHttpClient.builder().build())
                     .region(Region.of(System.getenv(AWS_REGION_ENV)));
-
-            // AWS_LAMBDA_INITIALIZATION_TYPE has two values on-demand and snap-start
-            // when using snap-start mode, the env var creds provider isn't used and causes a fatal error if set
-            // fall back to the default provider chain if the mode is anything other than on-demand.
-            String initializationType = System.getenv().get(AWS_LAMBDA_INITIALIZATION_TYPE);
-            if (initializationType != null && initializationType.equals(ON_DEMAND)) {
-                s3ClientBuilder.credentialsProvider(EnvironmentVariableCredentialsProvider.create());
-            }
             this.s3Client = s3ClientBuilder.build();
         }
         return this.s3Client;

powertools-large-messages/src/main/java/software/amazon/lambda/powertools/largemessages/internal/LargeMessageAspect.java

@@ -10,8 +10,6 @@
 
 import java.util.Optional;
 
-import static java.lang.String.format;
-
 /**
  * Handle {@link LargeMessage} annotations.
  */
@@ -40,7 +38,7 @@ public Object around(ProceedingJoinPoint pjp,
         Optional<LargeMessageProcessor<?>> largeMessageProcessor = LargeMessageProcessorFactory.get(message);
 
         if (!largeMessageProcessor.isPresent()) {
-            LOG.warn(format("@LargeMessage annotation is placed on a method with unsupported message type [%s], proceeding", message.getClass()));
+            LOG.warn("@LargeMessage annotation is placed on a method with unsupported message type [{}], proceeding", message.getClass());
             return pjp.proceed(proceedArgs);
         }
 

powertools-large-messages/src/main/java/software/amazon/lambda/powertools/largemessages/internal/LargeMessageProcessor.java

@@ -43,20 +43,33 @@ public Object process(ProceedingJoinPoint pjp, boolean deleteS3Object) throws Th
         // legacy attribute (sqs only)
         payloadPointer = payloadPointer.replace("com.amazon.sqs.javamessaging.MessageS3Pointer", "software.amazon.payloadoffloading.PayloadS3Pointer");
 
+        LOG.info("Large message [{}]: retrieving content from S3", getMessageId(message));
+
         String s3ObjectContent = getS3ObjectContent(payloadPointer);
 
+        LOG.debug("Large message [{}]: {}", getMessageId(message), s3ObjectContent);
+
         updateMessageContent(message, s3ObjectContent);
         removeLargeMessageAttributes(message);
 
         Object response = pjp.proceed(proceedArgs);
 
         if (deleteS3Object) {
+            LOG.info("Large message [{}]: deleting object from S3", getMessageId(message));
             deleteS3Object(payloadPointer);
         }
 
         return response;
     }
 
+    /**
+     * Retrieve the message id
+     *
+     * @param message the message itself
+     * @return the id of the message (String format)
+     */
+    protected abstract String getMessageId(T message);
+
     /**
      * Retrieve the content of the message (ex: body of an SQSMessage)
      *
@@ -75,13 +88,15 @@ public Object process(ProceedingJoinPoint pjp, boolean deleteS3Object) throws Th
 
     /**
      * Check if the message is actually a large message (indicator in message attributes)
+     *
      * @param message the message itself
      * @return true if the message is a large message
      */
     protected abstract boolean isLargeMessage(T message);
 
     /**
      * Remove the large message indicator (in message attributes)
+     *
      * @param message the message itself
      */
     protected abstract void removeLargeMessageAttributes(T message);

powertools-large-messages/src/main/java/software/amazon/lambda/powertools/largemessages/internal/LargeSNSMessageProcessor.java

@@ -11,6 +11,11 @@ public class LargeSNSMessageProcessor extends LargeMessageProcessor<SNSRecord> {
     public LargeSNSMessageProcessor() {
     }
 
+    @Override
+    protected String getMessageId(SNSRecord message) {
+        return message.getSNS().getMessageId();
+    }
+
     @Override
     protected String getMessageContent(SNSRecord message) {
         return message.getSNS().getMessage();

powertools-large-messages/src/main/java/software/amazon/lambda/powertools/largemessages/internal/LargeSQSMessageProcessor.java

@@ -2,17 +2,39 @@
 
 import com.amazonaws.services.lambda.runtime.events.SQSEvent.MessageAttribute;
 import com.amazonaws.services.lambda.runtime.events.SQSEvent.SQSMessage;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import software.amazon.awssdk.utils.BinaryUtils;
+import software.amazon.awssdk.utils.Md5Utils;
 
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 public class LargeSQSMessageProcessor extends LargeMessageProcessor<SQSMessage> {
 
-    protected static final String LEGACY_RESERVED_ATTRIBUTE_NAME = "SQSLargePayloadSize";
+    private static final Logger LOG = LoggerFactory.getLogger(LargeSQSMessageProcessor.class);
+    private static final String LEGACY_RESERVED_ATTRIBUTE_NAME = "SQSLargePayloadSize";
+    private static final int INTEGER_SIZE_IN_BYTES = 4;
+    private static final byte STRING_TYPE_FIELD_INDEX = 1;
+    private static final byte BINARY_TYPE_FIELD_INDEX = 2;
+    private static final byte STRING_LIST_TYPE_FIELD_INDEX = 3;
+    private static final byte BINARY_LIST_TYPE_FIELD_INDEX = 4;
 
     public LargeSQSMessageProcessor() {
     }
 
+    @Override
+    protected String getMessageId(SQSMessage message) {
+        return message.getMessageId();
+    }
+
     @Override
     protected String getMessageContent(SQSMessage message) {
         return message.getBody();
@@ -21,6 +43,8 @@ protected String getMessageContent(SQSMessage message) {
     @Override
     protected void updateMessageContent(SQSMessage message, String messageContent) {
         message.setBody(messageContent);
+        // we update the MD5 digest so it doesn't look tempered
+        message.setMd5OfBody(calculateMessageBodyMd5(messageContent).orElse(message.getMd5OfBody()));
     }
 
     @Override
@@ -36,5 +60,103 @@ protected void removeLargeMessageAttributes(SQSMessage message) {
         newAttributes.remove(RESERVED_ATTRIBUTE_NAME);
         newAttributes.remove(LEGACY_RESERVED_ATTRIBUTE_NAME);
         message.setMessageAttributes(newAttributes);
+        // we update the MD5 digest so it doesn't look tempered
+        message.setMd5OfMessageAttributes(calculateMessageAttributesMd5(newAttributes).orElse(message.getMd5OfMessageAttributes()));
+    }
+
+    /**
+     * Compute the MD5 of the message body.<br/>
+     * Inspired from {@code software.amazon.awssdk.services.sqs.internal.MessageMD5ChecksumInterceptor}.<br/>
+     * package protected for testing purpose.
+     *
+     * @param messageBody body of the SQS Message
+     * @return the MD5 digest of the SQS Message body (or empty in case of error)
+     */
+    static Optional<String> calculateMessageBodyMd5(String messageBody) {
+        byte[] expectedMd5;
+        try {
+            expectedMd5 = Md5Utils.computeMD5Hash(messageBody.getBytes(StandardCharsets.UTF_8));
+        } catch (Exception e) {
+            LOG.warn("Unable to calculate the MD5 hash of the message body. ", e);
+            return Optional.empty();
+        }
+        return Optional.of(BinaryUtils.toHex(expectedMd5));
+    }
+
+    /**
+     * Compute the MD5 of the message attributes.<br/>
+     * Inspired from {@code software.amazon.awssdk.services.sqs.internal.MessageMD5ChecksumInterceptor}.<br/>
+     * package protected for testing purpose.
+     *
+     * @param messageAttributes attributes of the SQS Message
+     * @return the MD5 digest of the SQS Message attributes (or empty in case of error)
+     */
+    static Optional<String> calculateMessageAttributesMd5(final Map<String, MessageAttribute> messageAttributes) {
+        List<String> sortedAttributeNames = new ArrayList<>(messageAttributes.keySet());
+        Collections.sort(sortedAttributeNames);
+
+        MessageDigest md5Digest;
+        try {
+            md5Digest = MessageDigest.getInstance("MD5");
+
+            for (String attrName : sortedAttributeNames) {
+                MessageAttribute attrValue = messageAttributes.get(attrName);
+
+                // Encoded Name
+                updateLengthAndBytes(md5Digest, attrName);
+
+                // Encoded Type
+                updateLengthAndBytes(md5Digest, attrValue.getDataType());
+
+                // Encoded Value
+                if (attrValue.getStringValue() != null) {
+                    md5Digest.update(STRING_TYPE_FIELD_INDEX);
+                    updateLengthAndBytes(md5Digest, attrValue.getStringValue());
+                } else if (attrValue.getBinaryValue() != null) {
+                    md5Digest.update(BINARY_TYPE_FIELD_INDEX);
+                    updateLengthAndBytes(md5Digest, attrValue.getBinaryValue());
+                } else if (attrValue.getStringListValues() != null &&
+                        attrValue.getStringListValues().size() > 0) {
+                    md5Digest.update(STRING_LIST_TYPE_FIELD_INDEX);
+                    for (String strListMember : attrValue.getStringListValues()) {
+                        updateLengthAndBytes(md5Digest, strListMember);
+                    }
+                } else if (attrValue.getBinaryListValues() != null &&
+                        attrValue.getBinaryListValues().size() > 0) {
+                    md5Digest.update(BINARY_LIST_TYPE_FIELD_INDEX);
+                    for (ByteBuffer byteListMember : attrValue.getBinaryListValues()) {
+                        updateLengthAndBytes(md5Digest, byteListMember);
+                    }
+                }
+            }
+        } catch (Exception e) {
+            LOG.warn("Unable to calculate the MD5 hash of the message attributes. ", e);
+            return Optional.empty();
+        }
+
+        return Optional.of(BinaryUtils.toHex(md5Digest.digest()));
+    }
+
+    /**
+     * Update the digest using a sequence of bytes that consists of the length (in 4 bytes) of the
+     * input String and the actual utf8-encoded byte values.
+     */
+    private static void updateLengthAndBytes(MessageDigest digest, String str) {
+        byte[] utf8Encoded = str.getBytes(StandardCharsets.UTF_8);
+        ByteBuffer lengthBytes = ByteBuffer.allocate(INTEGER_SIZE_IN_BYTES).putInt(utf8Encoded.length);
+        digest.update(lengthBytes.array());
+        digest.update(utf8Encoded);
+    }
+
+    /**
+     * Update the digest using a sequence of bytes that consists of the length (in 4 bytes) of the
+     * input ByteBuffer and all the bytes it contains.
+     */
+    private static void updateLengthAndBytes(MessageDigest digest, ByteBuffer binaryValue) {
+        ByteBuffer readOnlyBuffer = binaryValue.asReadOnlyBuffer();
+        int size = readOnlyBuffer.remaining();
+        ByteBuffer lengthBytes = ByteBuffer.allocate(INTEGER_SIZE_IN_BYTES).putInt(size);
+        digest.update(lengthBytes.array());
+        digest.update(readOnlyBuffer);
     }
 }