From a22917ba1320c065104de1034496d91f8fa69458 Mon Sep 17 00:00:00 2001
From: Saranya Somepalli <somepal@amazon.com>
Date: Wed, 13 May 2026 14:52:00 -0700
Subject: [PATCH] Fix HttpChecksumStage ordering and SIGNING_METHOD resolution
 for pipeline stage migration

---
 .../awscore/internal/AwsExecutionContextBuilder.java      | 8 ++++++++
 .../core/interceptor/SdkInternalExecutionAttribute.java   | 8 ++++++++
 .../awssdk/core/internal/http/AmazonAsyncHttpClient.java  | 2 +-
 .../awssdk/core/internal/http/AmazonSyncHttpClient.java   | 2 +-
 .../http/pipeline/stages/AuthSchemeResolutionStage.java   | 7 +++++++
 5 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/core/aws-core/src/main/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilder.java b/core/aws-core/src/main/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilder.java
index b3ce212efbee..644661a0dfd9 100644
--- a/core/aws-core/src/main/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilder.java
+++ b/core/aws-core/src/main/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilder.java
@@ -27,6 +27,7 @@
 import java.util.Map;
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
 import software.amazon.awssdk.awscore.AwsExecutionAttribute;
 import software.amazon.awssdk.awscore.client.config.AwsClientOption;
@@ -184,6 +185,13 @@ private AwsExecutionContextBuilder() {
                                              signer, executionAttributes, executionAttributes.getOptionalAttribute(
                                                  AwsSignerExecutionAttribute.AWS_CREDENTIALS).orElse(null)));
 
+        Signer resolvedSigner = signer;
+        AwsCredentials capturedCredentials = executionAttributes.getOptionalAttribute(
+            AwsSignerExecutionAttribute.AWS_CREDENTIALS).orElse(null);
+        executionAttributes.putAttribute(SdkInternalExecutionAttribute.SIGNING_METHOD_UPDATER, attrs ->
+            attrs.putAttribute(HttpChecksumConstant.SIGNING_METHOD,
+                               resolveSigningMethodUsed(resolvedSigner, attrs, capturedCredentials)));
+
         putStreamingInputOutputTypesMetadata(executionAttributes, executionParams);
 
         return ExecutionContext.builder()
diff --git a/core/sdk-core/src/main/java/software/amazon/awssdk/core/interceptor/SdkInternalExecutionAttribute.java b/core/sdk-core/src/main/java/software/amazon/awssdk/core/interceptor/SdkInternalExecutionAttribute.java
index 60254eb8e5c4..a6bca010c7b4 100644
--- a/core/sdk-core/src/main/java/software/amazon/awssdk/core/interceptor/SdkInternalExecutionAttribute.java
+++ b/core/sdk-core/src/main/java/software/amazon/awssdk/core/interceptor/SdkInternalExecutionAttribute.java
@@ -19,6 +19,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.Consumer;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.ClientEndpointProvider;
 import software.amazon.awssdk.core.SdkClient;
@@ -184,6 +185,13 @@ public final class SdkInternalExecutionAttribute extends SdkExecutionAttribute {
     public static final ExecutionAttribute<AuthSchemeOptionsResolver> AUTH_SCHEME_OPTIONS_RESOLVER =
         new ExecutionAttribute<>("AuthSchemeOptionsResolver");
 
+    /**
+     * Callback to recompute {@code SIGNING_METHOD} after auth scheme resolution.
+     * Set by {@code AwsExecutionContextBuilder}
+     */
+    public static final ExecutionAttribute<Consumer<ExecutionAttributes>> SIGNING_METHOD_UPDATER =
+        new ExecutionAttribute<>("SigningMethodUpdater");
+
     /**
      * Callback for resolving the endpoint. Generated per-service as a lambda in the client class.
      * Called by EndpointResolutionStage after interceptors have run.
diff --git a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonAsyncHttpClient.java b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonAsyncHttpClient.java
index 6594db840740..5772db0555a3 100644
--- a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonAsyncHttpClient.java
+++ b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonAsyncHttpClient.java
@@ -199,9 +199,9 @@ public <OutputT> CompletableFuture<OutputT> execute(
                                 .then(MergeCustomQueryParamsStage::new)
                                 .then(QueryParametersToBodyStage::new)
                                 .then(() -> new CompressRequestStage(httpClientDependencies))
-                                .then(() -> new HttpChecksumStage(ClientType.ASYNC))
                                 .then(AuthSchemeResolutionStage::new)
                                 .then(EndpointResolutionStage::new)
+                                .then(() -> new HttpChecksumStage(ClientType.ASYNC))
                                 .then(ApplyUserAgentStage::new)
                                 .then(MakeRequestImmutableStage::new)
                                 .then(RequestPipelineBuilder
diff --git a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonSyncHttpClient.java b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonSyncHttpClient.java
index 2298855e98fe..1996766372a4 100644
--- a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonSyncHttpClient.java
+++ b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonSyncHttpClient.java
@@ -187,9 +187,9 @@ public <OutputT> OutputT execute(HttpResponseHandler<Response<OutputT>> response
                                .then(MergeCustomQueryParamsStage::new)
                                .then(QueryParametersToBodyStage::new)
                                .then(() -> new CompressRequestStage(httpClientDependencies))
-                               .then(() -> new HttpChecksumStage(ClientType.SYNC))
                                .then(AuthSchemeResolutionStage::new)
                                .then(EndpointResolutionStage::new)
+                               .then(() -> new HttpChecksumStage(ClientType.SYNC))
                                .then(ApplyUserAgentStage::new)
                                .then(MakeRequestImmutableStage::new)
                                // End of mutating request
diff --git a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AuthSchemeResolutionStage.java b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AuthSchemeResolutionStage.java
index ebc42009ce7c..62524e42bd93 100644
--- a/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AuthSchemeResolutionStage.java
+++ b/core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AuthSchemeResolutionStage.java
@@ -17,6 +17,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.function.Consumer;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.core.RequestOverrideConfiguration;
 import software.amazon.awssdk.core.SdkRequest;
@@ -80,6 +81,12 @@ public SdkHttpFullRequest.Builder execute(SdkHttpFullRequest.Builder request, Re
 
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME, selectedAuthScheme);
 
+        Consumer<ExecutionAttributes> signingMethodUpdater =
+            executionAttributes.getAttribute(SdkInternalExecutionAttribute.SIGNING_METHOD_UPDATER);
+        if (signingMethodUpdater != null) {
+            signingMethodUpdater.accept(executionAttributes);
+        }
+
         recordBusinessMetrics(selectedAuthScheme, sdkRequest, executionAttributes);
 
         return request;