Fix HttpChecksumStage ordering and SIGNING_METHOD resolution for interceptors to pipeline migration

core/aws-core/src/main/java/software/amazon/awssdk/awscore/internal/AwsExecutionContextBuilder.java

@@ -27,6 +27,7 @@
 import java.util.Map;
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
 import software.amazon.awssdk.awscore.AwsExecutionAttribute;
 import software.amazon.awssdk.awscore.client.config.AwsClientOption;
@@ -184,6 +185,13 @@ private AwsExecutionContextBuilder() {
                                              signer, executionAttributes, executionAttributes.getOptionalAttribute(
                                                  AwsSignerExecutionAttribute.AWS_CREDENTIALS).orElse(null)));
 
+        Signer resolvedSigner = signer;
+        AwsCredentials capturedCredentials = executionAttributes.getOptionalAttribute(
+            AwsSignerExecutionAttribute.AWS_CREDENTIALS).orElse(null);
+        executionAttributes.putAttribute(SdkInternalExecutionAttribute.SIGNING_METHOD_UPDATER, attrs ->
+            attrs.putAttribute(HttpChecksumConstant.SIGNING_METHOD,
+                               resolveSigningMethodUsed(resolvedSigner, attrs, capturedCredentials)));
+
         putStreamingInputOutputTypesMetadata(executionAttributes, executionParams);
 
         return ExecutionContext.builder()

core/sdk-core/src/main/java/software/amazon/awssdk/core/interceptor/SdkInternalExecutionAttribute.java

@@ -19,6 +19,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.Consumer;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.ClientEndpointProvider;
 import software.amazon.awssdk.core.SdkClient;
@@ -184,6 +185,13 @@ public final class SdkInternalExecutionAttribute extends SdkExecutionAttribute {
     public static final ExecutionAttribute<AuthSchemeOptionsResolver> AUTH_SCHEME_OPTIONS_RESOLVER =
         new ExecutionAttribute<>("AuthSchemeOptionsResolver");
 
+    /**
+     * Callback to recompute {@code SIGNING_METHOD} after auth scheme resolution.
+     * Set by {@code AwsExecutionContextBuilder}
+     */
+    public static final ExecutionAttribute<Consumer<ExecutionAttributes>> SIGNING_METHOD_UPDATER =
+        new ExecutionAttribute<>("SigningMethodUpdater");
+
     /**
      * Callback for resolving the endpoint. Generated per-service as a lambda in the client class.
      * Called by EndpointResolutionStage after interceptors have run.

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonAsyncHttpClient.java

@@ -199,9 +199,9 @@ public <OutputT> CompletableFuture<OutputT> execute(
                                 .then(MergeCustomQueryParamsStage::new)
                                 .then(QueryParametersToBodyStage::new)
                                 .then(() -> new CompressRequestStage(httpClientDependencies))
-                                .then(() -> new HttpChecksumStage(ClientType.ASYNC))
                                 .then(AuthSchemeResolutionStage::new)
                                 .then(EndpointResolutionStage::new)
+                                .then(() -> new HttpChecksumStage(ClientType.ASYNC))
                                 .then(ApplyUserAgentStage::new)
                                 .then(MakeRequestImmutableStage::new)
                                 .then(RequestPipelineBuilder

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/AmazonSyncHttpClient.java

@@ -187,9 +187,9 @@ public <OutputT> OutputT execute(HttpResponseHandler<Response<OutputT>> response
                                .then(MergeCustomQueryParamsStage::new)
                                .then(QueryParametersToBodyStage::new)
                                .then(() -> new CompressRequestStage(httpClientDependencies))
-                               .then(() -> new HttpChecksumStage(ClientType.SYNC))
                                .then(AuthSchemeResolutionStage::new)
                                .then(EndpointResolutionStage::new)
+                               .then(() -> new HttpChecksumStage(ClientType.SYNC))
                                .then(ApplyUserAgentStage::new)
                                .then(MakeRequestImmutableStage::new)
                                // End of mutating request

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/AuthSchemeResolutionStage.java

@@ -17,6 +17,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.function.Consumer;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.core.RequestOverrideConfiguration;
 import software.amazon.awssdk.core.SdkRequest;
@@ -80,6 +81,12 @@ public SdkHttpFullRequest.Builder execute(SdkHttpFullRequest.Builder request, Re
 
         executionAttributes.putAttribute(SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME, selectedAuthScheme);
 
+        Consumer<ExecutionAttributes> signingMethodUpdater =
+            executionAttributes.getAttribute(SdkInternalExecutionAttribute.SIGNING_METHOD_UPDATER);
+        if (signingMethodUpdater != null) {
+            signingMethodUpdater.accept(executionAttributes);
+        }
+
         recordBusinessMetrics(selectedAuthScheme, sdkRequest, executionAttributes);
 
         return request;