Do not sign Transfer-Encoding Header if present on the request

.changes/next-release/bugfix-AWSSDKforJavav2-ed80b40.json

@@ -0,0 +1,6 @@
+{
+    "type": "bugfix",
+    "category": "AWS SDK for Java v2",
+    "contributor": "",
+    "description": "Transfer-Encoding headers will no longer be signed during SigV4 authentication"
+}

core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java

@@ -68,7 +68,7 @@ public abstract class AbstractAws4Signer<T extends Aws4SignerParams, U extends A
     private static final FifoCache<SignerKey> SIGNER_CACHE =
         new FifoCache<>(SIGNER_CACHE_MAX_SIZE);
     private static final List<String> LIST_OF_HEADERS_TO_IGNORE_IN_LOWER_CASE =
-        Arrays.asList("connection", "x-amzn-trace-id", "user-agent", "expect");
+        Arrays.asList("connection", "x-amzn-trace-id", "user-agent", "expect", "transfer-encoding");
 
     protected SdkHttpFullRequest.Builder doSign(SdkHttpFullRequest request,
                                                 Aws4SignerRequestParams requestParams,

core/auth/src/test/java/software/amazon/awssdk/auth/signer/Aws4SignerTest.java

@@ -398,4 +398,19 @@ public void signing_with_Crc32Checksum_with__trailer_header_already_present() th
         assertThat(signed.firstMatchingHeader(SignerConstant.X_AMZ_CONTENT_SHA256)).isNotPresent();
         assertThat(signed.firstMatchingHeader("Authorization")).hasValue(expectedAuthorization);
     }
+
+
+    @Test
+    public void TransferEncodingIsNotSigned_NotSigned() {
+        AwsBasicCredentials credentials = AwsBasicCredentials.create("akid", "skid");
+        SdkHttpFullRequest.Builder request = generateBasicRequest();
+        request.putHeader("Transfer-Encoding", "chunked");
+
+        SdkHttpFullRequest actual = SignerTestUtils.signRequest(signer, request.build(), credentials, "demo", signingOverrideClock, "us-east-1");
+
+        assertThat(actual.firstMatchingHeader("Authorization"))
+            .hasValue("AWS4-HMAC-SHA256 Credential=akid/19810216/us-east-1/demo/aws4_request, " +
+                      "SignedHeaders=host;x-amz-archive-description;x-amz-date, " +
+                      "Signature=581d0042389009a28d461124138f1fe8eeb8daed87611d2a2b47fd3d68d81d73");
+    }
 }

core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/V4CanonicalRequest.java

@@ -43,7 +43,7 @@
 @Immutable
 public final class V4CanonicalRequest {
     private static final List<String> HEADERS_TO_IGNORE_IN_LOWER_CASE =
-        Arrays.asList("connection", "x-amzn-trace-id", "user-agent", "expect");
+        Arrays.asList("connection", "x-amzn-trace-id", "user-agent", "expect", "transfer-encoding");
 
     private final SdkHttpRequest request;
     private final String contentHash;

core/http-auth-aws/src/test/java/software/amazon/awssdk/http/auth/aws/internal/signer/V4CanonicalRequestTest.java

@@ -84,6 +84,7 @@ public void canonicalRequest_WithForbiddenHeaders_shouldExcludeForbidden() {
                                                .method(SdkHttpMethod.PUT)
                                                .putHeader("foo", "bar")
                                                .putHeader("x-amzn-trace-id", "wontBePresent")
+                                               .putHeader("Transfer-Encoding", "wontBePresent")
                                                .build();
         V4CanonicalRequest cr = new V4CanonicalRequest(request, "sha-256",
                                                        new V4CanonicalRequest.Options(true,

test/codegen-generated-classes-test/src/test/java/software/amazon/awssdk/services/AsyncRequestCompressionTest.java

@@ -26,7 +26,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.reactivestreams.Subscriber;
-import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.core.SdkBytes;
 import software.amazon.awssdk.core.async.AsyncRequestBody;
 import software.amazon.awssdk.core.async.AsyncResponseTransformer;
@@ -44,17 +45,19 @@
 public class AsyncRequestCompressionTest {
     private static final String UNCOMPRESSED_BODY =
         "RequestCompressionTest-RequestCompressionTest-RequestCompressionTest-RequestCompressionTest-RequestCompressionTest";
+    private  static String TRANSFER_ENCODING_HEADER = "Transfer-Encoding";
     private String compressedBody;
     private int compressedLen;
     private MockAsyncHttpClient mockAsyncHttpClient;
     private ProtocolRestJsonAsyncClient asyncClient;
     private Compressor compressor;
+    private static final AwsBasicCredentials CLIENT_CREDENTIALS = AwsBasicCredentials.create("akid", "skid");
 
     @BeforeEach
     public void setUp() {
         mockAsyncHttpClient = new MockAsyncHttpClient();
         asyncClient = ProtocolRestJsonAsyncClient.builder()
-                                                 .credentialsProvider(AnonymousCredentialsProvider.create())
+                                                 .credentialsProvider(StaticCredentialsProvider.create(CLIENT_CREDENTIALS))
                                                  .region(Region.US_EAST_1)
                                                  .httpClient(mockAsyncHttpClient)
                                                  .build();
@@ -129,7 +132,9 @@ public void asyncStreamingOperation_compressionEnabled_compressesCorrectly() {
         assertThat(loggedBody).isEqualTo(compressedBody);
         assertThat(loggedRequest.firstMatchingHeader("Content-encoding").get()).isEqualTo("gzip");
         assertThat(loggedRequest.matchingHeaders("Content-Length")).isEmpty();
-        assertThat(loggedRequest.firstMatchingHeader("Transfer-Encoding").get()).isEqualTo("chunked");
+        assertThat(loggedRequest.firstMatchingHeader(TRANSFER_ENCODING_HEADER).get()).isEqualTo("chunked");
+        assertThat(loggedRequest.firstMatchingHeader("Authorization").get())
+            .doesNotContainIgnoringCase(TRANSFER_ENCODING_HEADER);
     }
 
     @Test
@@ -172,8 +177,8 @@ public void asyncStreamingOperation_compressionEnabledWithRetry_compressesCorrec
 
         assertThat(loggedBody).isEqualTo(compressedBody);
         assertThat(loggedRequest.firstMatchingHeader("Content-encoding").get()).isEqualTo("gzip");
-        assertThat(loggedRequest.matchingHeaders("Content-Length")).isEmpty();
-        assertThat(loggedRequest.firstMatchingHeader("Transfer-Encoding").get()).isEqualTo("chunked");
+        assertThat(loggedRequest.matchingHeaders("Content-Length")).isEmpty();assertThat(loggedRequest.firstMatchingHeader(TRANSFER_ENCODING_HEADER).get()).isEqualTo("chunked");
+        assertThat(loggedRequest.firstMatchingHeader("Authorization").get()).doesNotContainIgnoringCase(TRANSFER_ENCODING_HEADER);
     }
 
     private HttpExecuteResponse mockResponse() {