Improve v4 Signer.SignHTTP & Signer.PresignHTTP performance

.changelog/7bacfa97-ac95-4390-8c46-9d0528bda2c1.json

@@ -0,0 +1,9 @@
+{
+    "id": "7bacfa97-ac95-4390-8c46-9d0528bda2c1",
+    "type": "feature",
+    "description": "Improve v4 Signer.SignHTTP & Signer.PresignHTTP performance",
+    "collapse": false,
+    "modules": [
+        "."
+    ]
+}

aws/signer/internal/v4/cache.go

@@ -10,9 +10,9 @@ import (
 
 func lookupKey(service, region string) string {
 	var s strings.Builder
-	s.Grow(len(region) + len(service) + 3)
+	s.Grow(len(region) + 1 + len(service))
 	s.WriteString(region)
-	s.WriteRune('/')
+	s.WriteByte('/')
 	s.WriteString(service)
 	return s.String()
 }

aws/signer/internal/v4/scope.go

@@ -4,10 +4,17 @@ import "strings"
 
 // BuildCredentialScope builds the Signature Version 4 (SigV4) signing scope
 func BuildCredentialScope(signingTime SigningTime, region, service string) string {
-	return strings.Join([]string{
-		signingTime.ShortTimeFormat(),
-		region,
-		service,
-		"aws4_request",
-	}, "/")
+	const suffix = "aws4_request"
+	t := signingTime.ShortTimeFormat()
+
+	var sb strings.Builder
+	sb.Grow(len(t) + 1 + len(region) + 1 + len(service) + 1 + len(suffix))
+	sb.WriteString(t)
+	sb.WriteByte('/')
+	sb.WriteString(region)
+	sb.WriteByte('/')
+	sb.WriteString(service)
+	sb.WriteByte('/')
+	sb.WriteString(suffix)
+	return sb.String()
 }

aws/signer/v4/v4.go

@@ -52,10 +52,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/aws/aws-sdk-go-v2/aws"
-	v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
 	"github.com/aws/smithy-go/encoding/httpbinding"
 	"github.com/aws/smithy-go/logging"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
 )
 
 const (
@@ -234,7 +235,7 @@ func buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature
 		len(signature) + len(signingSignature),
 	)
 	parts.WriteString(signingAlgorithm)
-	parts.WriteRune(' ')
+	parts.WriteByte(' ')
 	parts.WriteString(credential)
 	parts.WriteString(credentialStr)
 	parts.WriteString(commaSpace)
@@ -374,7 +375,7 @@ func (s *Signer) PresignHTTP(
 
 	logSigningInfo(ctx, options, &signedRequest, true)
 
-	signedHeaders = make(http.Header)
+	signedHeaders = make(http.Header, len(signedRequest.SignedHeaders))
 
 	// For the signed headers we canonicalize the header keys in the returned map.
 	// This avoids situations where can standard library double headers like host header. For example the standard
@@ -459,46 +460,60 @@ func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, he
 	for i := 0; i < n; i++ {
 		if headers[i] == hostHeader {
 			canonicalHeaders.WriteString(hostHeader)
-			canonicalHeaders.WriteRune(colon)
+			canonicalHeaders.WriteByte(colon)
 			canonicalHeaders.WriteString(v4Internal.StripExcessSpaces(host))
 		} else {
 			canonicalHeaders.WriteString(headers[i])
-			canonicalHeaders.WriteRune(colon)
+			canonicalHeaders.WriteByte(colon)
 			// Trim out leading, trailing, and dedup inner spaces from signed header values.
 			values := signed[headers[i]]
 			for j, v := range values {
 				cleanedValue := strings.TrimSpace(v4Internal.StripExcessSpaces(v))
 				canonicalHeaders.WriteString(cleanedValue)
 				if j < len(values)-1 {
-					canonicalHeaders.WriteRune(',')
+					canonicalHeaders.WriteByte(',')
 				}
 			}
 		}
-		canonicalHeaders.WriteRune('\n')
+		canonicalHeaders.WriteByte('\n')
 	}
 	canonicalHeadersStr = canonicalHeaders.String()
 
 	return signed, signedHeaders, canonicalHeadersStr
 }
 
 func (s *httpSigner) buildCanonicalString(method, uri, query, signedHeaders, canonicalHeaders string) string {
-	return strings.Join([]string{
-		method,
-		uri,
-		query,
-		canonicalHeaders,
-		signedHeaders,
-		s.PayloadHash,
-	}, "\n")
+	var sb strings.Builder
+	sb.Grow(len(method) + 1 + len(uri) + 1 + len(query) + 1 + len(canonicalHeaders) + 1 + len(signedHeaders) + 1 + len(s.PayloadHash))
+	sb.WriteString(method)
+	sb.WriteByte('\n')
+	sb.WriteString(uri)
+	sb.WriteByte('\n')
+	sb.WriteString(query)
+	sb.WriteByte('\n')
+	sb.WriteString(canonicalHeaders)
+	sb.WriteByte('\n')
+	sb.WriteString(signedHeaders)
+	sb.WriteByte('\n')
+	sb.WriteString(s.PayloadHash)
+	return sb.String()
 }
 
 func (s *httpSigner) buildStringToSign(credentialScope, canonicalRequestString string) string {
-	return strings.Join([]string{
-		signingAlgorithm,
-		s.Time.TimeFormat(),
-		credentialScope,
-		hex.EncodeToString(makeHash(sha256.New(), []byte(canonicalRequestString))),
-	}, "\n")
+	h := sha256.Sum256([]byte(canonicalRequestString))
+	encodedHash := hex.EncodeToString(h[:])
+	t := s.Time.TimeFormat()
+
+	var sb strings.Builder
+	sb.Grow(len(signingAlgorithm) + 1 + len(t) + 1 + len(credentialScope) + 1 + len(encodedHash))
+	sb.WriteString(signingAlgorithm)
+	sb.WriteByte('\n')
+	sb.WriteString(t)
+	sb.WriteByte('\n')
+	sb.WriteString(credentialScope)
+	sb.WriteByte('\n')
+	sb.WriteString(encodedHash)
+	return sb.String()
 }
 
 func makeHash(hash hash.Hash, b []byte) []byte {