aws-crt 0.1.5 → 0.1.6

data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c

@@ -3,12 +3,13 @@
  * SPDX-License-Identifier: Apache-2.0.
  */
 
-#include <aws/auth/external/cJSON.h>
 #include <aws/auth/private/credentials_utils.h>
-#include <aws/common/date_time.h>
 #include <aws/common/string.h>
 #include <aws/common/uuid.h>
 
+#include <aws/common/date_time.h>
+#include <aws/common/json.h>
+
 void aws_credentials_query_init(
     struct aws_credentials_query *query,
     struct aws_credentials_provider *provider,
@@ -48,9 +49,9 @@ void aws_credentials_provider_invoke_shutdown_callback(struct aws_credentials_pr
     }
 }
 
-struct aws_credentials *aws_parse_credentials_from_cjson_object(
+struct aws_credentials *aws_parse_credentials_from_aws_json_object(
     struct aws_allocator *allocator,
-    struct cJSON *document_root,
+    struct aws_json_value *document_root,
     const struct aws_parse_credentials_from_json_doc_options *options) {
 
     AWS_FATAL_ASSERT(allocator);
@@ -68,31 +69,38 @@ struct aws_credentials *aws_parse_credentials_from_cjson_object(
     }
 
     struct aws_credentials *credentials = NULL;
-    cJSON *access_key_id = NULL;
-    cJSON *secrete_access_key = NULL;
-    cJSON *token = NULL;
-    cJSON *creds_expiration = NULL;
+    struct aws_json_value *access_key_id = NULL;
+    struct aws_json_value *secrete_access_key = NULL;
+    struct aws_json_value *token = NULL;
+    struct aws_json_value *creds_expiration = NULL;
 
     bool parse_error = true;
 
     /*
      * Pull out the credentials components
      */
-    access_key_id = cJSON_GetObjectItem(document_root, options->access_key_id_name);
-    if (!cJSON_IsString(access_key_id) || (access_key_id->valuestring == NULL)) {
+    struct aws_byte_cursor access_key_id_cursor;
+    access_key_id =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_c_str((char *)options->access_key_id_name));
+    if (!aws_json_value_is_string(access_key_id) ||
+        aws_json_value_get_string(access_key_id, &access_key_id_cursor) == AWS_OP_ERR) {
         AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "Failed to parse AccessKeyId from Json document.");
         goto done;
     }
 
-    secrete_access_key = cJSON_GetObjectItem(document_root, options->secrete_access_key_name);
-    if (!cJSON_IsString(secrete_access_key) || (secrete_access_key->valuestring == NULL)) {
+    struct aws_byte_cursor secrete_access_key_cursor;
+    secrete_access_key = aws_json_value_get_from_object(
+        document_root, aws_byte_cursor_from_c_str((char *)options->secrete_access_key_name));
+    if (!aws_json_value_is_string(secrete_access_key) ||
+        aws_json_value_get_string(secrete_access_key, &secrete_access_key_cursor) == AWS_OP_ERR) {
         AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "Failed to parse SecretAccessKey from Json document.");
         goto done;
     }
 
+    struct aws_byte_cursor token_cursor;
     if (options->token_name) {
-        token = cJSON_GetObjectItem(document_root, options->token_name);
-        if (!cJSON_IsString(token) || (token->valuestring == NULL)) {
+        token = aws_json_value_get_from_object(document_root, aws_byte_cursor_from_c_str((char *)options->token_name));
+        if (!aws_json_value_is_string(token) || aws_json_value_get_string(token, &token_cursor) == AWS_OP_ERR) {
             if (options->token_required) {
                 AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "Failed to parse Token from Json document.");
                 goto done;
@@ -100,9 +108,13 @@ struct aws_credentials *aws_parse_credentials_from_cjson_object(
         }
     }
 
+    // needed to avoid uninitialized local variable error
+    struct aws_byte_cursor creds_expiration_cursor = aws_byte_cursor_from_c_str("");
     if (options->expiration_name) {
-        creds_expiration = cJSON_GetObjectItem(document_root, options->expiration_name);
-        if (!cJSON_IsString(creds_expiration) || (creds_expiration->valuestring == NULL)) {
+        creds_expiration =
+            aws_json_value_get_from_object(document_root, aws_byte_cursor_from_c_str((char *)options->expiration_name));
+        if (!aws_json_value_is_string(creds_expiration) ||
+            aws_json_value_get_string(creds_expiration, &creds_expiration_cursor) == AWS_OP_ERR) {
             if (options->expiration_required) {
                 AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "Failed to parse Expiration from Json document.");
                 goto done;
@@ -112,7 +124,6 @@ struct aws_credentials *aws_parse_credentials_from_cjson_object(
 
     uint64_t expiration_timepoint_in_seconds = UINT64_MAX;
     if (creds_expiration) {
-        struct aws_byte_cursor creds_expiration_cursor = aws_byte_cursor_from_c_str(creds_expiration->valuestring);
         if (options->expiration_required && creds_expiration_cursor.len == 0) {
             AWS_LOGF_ERROR(
                 AWS_LS_AUTH_CREDENTIALS_PROVIDER,
@@ -142,10 +153,7 @@ struct aws_credentials *aws_parse_credentials_from_cjson_object(
     /*
      * Build the credentials
      */
-    struct aws_byte_cursor access_key_id_cursor = aws_byte_cursor_from_c_str(access_key_id->valuestring);
-    struct aws_byte_cursor secret_access_key_cursor = aws_byte_cursor_from_c_str(secrete_access_key->valuestring);
-
-    if (access_key_id_cursor.len == 0 || secret_access_key_cursor.len == 0) {
+    if (access_key_id_cursor.len == 0 || secrete_access_key_cursor.len == 0) {
         AWS_LOGF_ERROR(
             AWS_LS_AUTH_CREDENTIALS_PROVIDER,
             "Parsed an unexpected credentials json document, either access key, secret key is empty.")
@@ -156,7 +164,7 @@ struct aws_credentials *aws_parse_credentials_from_cjson_object(
     AWS_ZERO_STRUCT(session_token_cursor);
 
     if (token) {
-        session_token_cursor = aws_byte_cursor_from_c_str(token->valuestring);
+        aws_json_value_get_string(token, &session_token_cursor);
         if (options->token_required && session_token_cursor.len == 0) {
             AWS_LOGF_ERROR(
                 AWS_LS_AUTH_CREDENTIALS_PROVIDER, "Parsed an unexpected credentials json document with empty token.")
@@ -167,7 +175,7 @@ struct aws_credentials *aws_parse_credentials_from_cjson_object(
     credentials = aws_credentials_new(
         allocator,
         access_key_id_cursor,
-        secret_access_key_cursor,
+        secrete_access_key_cursor,
         session_token_cursor,
         expiration_timepoint_in_seconds);
 
@@ -191,12 +199,13 @@ struct aws_credentials *aws_parse_credentials_from_json_document(
     const char *document,
     const struct aws_parse_credentials_from_json_doc_options *options) {
 
-    cJSON *document_root = cJSON_Parse(document);
+    struct aws_json_value *document_root =
+        aws_json_value_new_from_string(allocator, aws_byte_cursor_from_c_str(document));
     if (document_root == NULL) {
         AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "Failed to parse document as Json document.");
         return NULL;
     }
-    struct aws_credentials *credentials = aws_parse_credentials_from_cjson_object(allocator, document_root, options);
-    cJSON_Delete(document_root);
+    struct aws_credentials *credentials = aws_parse_credentials_from_aws_json_object(allocator, document_root, options);
+    aws_json_value_destroy(document_root);
     return credentials;
 }

data/aws-crt-ffi/crt/aws-c-auth/source/signable_chunk.c

@@ -5,6 +5,7 @@
 
 #include <aws/auth/signable.h>
 #include <aws/common/string.h>
+#include <aws/io/stream.h>
 
 /*
  * This is a simple aws_signable wrapper implementation for an s3 chunk
@@ -65,7 +66,7 @@ static void s_aws_signable_chunk_destroy(struct aws_signable *signable) {
     if (impl == NULL) {
         return;
     }
-
+    aws_input_stream_release(impl->chunk_data);
     aws_string_destroy(impl->previous_signature);
 
     aws_mem_release(signable->allocator, signable);
@@ -99,7 +100,7 @@ struct aws_signable *aws_signable_new_chunk(
     signable->vtable = &s_signable_chunk_vtable;
     signable->impl = impl;
 
-    impl->chunk_data = chunk_data;
+    impl->chunk_data = aws_input_stream_acquire(chunk_data);
     impl->previous_signature = aws_string_new_from_array(allocator, previous_signature.ptr, previous_signature.len);
     if (impl->previous_signature == NULL) {
         goto on_error;

data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt

@@ -4,14 +4,14 @@ enable_testing()
 
 file(GLOB TEST_SRC "*.c")
 file(GLOB TEST_HDRS "*.h")
-file(GLOB EXTERNAL_TEST_SRC "external/*.c")
-file(GLOB TESTS ${TEST_HDRS} ${TEST_SRC} ${EXTERNAL_TEST_SRC})
+file(GLOB TESTS ${TEST_HDRS} ${TEST_SRC})
 
 add_test_case(credentials_create_destroy_test)
 add_test_case(static_credentials_provider_basic_test)
 add_test_case(environment_credentials_provider_basic_test)
 add_test_case(environment_credentials_provider_negative_test)
 add_test_case(cached_credentials_provider_elapsed_test)
+add_test_case(cached_credentials_provider_expired_test)
 add_test_case(cached_credentials_provider_queued_async_test)
 add_test_case(profile_credentials_provider_new_destroy_defaults_test)
 add_test_case(profile_credentials_provider_default_test)
@@ -83,6 +83,7 @@ add_net_test_case(credentials_provider_sts_from_profile_config_environment_succe
 add_net_test_case(credentials_provider_sts_cache_expiration_conflict)
 
 add_test_case(credentials_provider_process_new_destroy_from_config)
+add_test_case(credentials_provider_process_new_destroy_from_config_without_token)
 add_test_case(credentials_provider_process_new_failed)
 add_test_case(credentials_provider_process_bad_command)
 add_test_case(credentials_provider_process_incorrect_command_output)

data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c

@@ -276,6 +276,7 @@ static int s_aws_imds_tester_init(struct aws_allocator *allocator) {
     if (aws_byte_buf_init(&s_tester.resource, allocator, 256)) {
         return AWS_OP_ERR;
     }
+
     return AWS_OP_SUCCESS;
 }
 

data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_ecs_tests.c

@@ -212,6 +212,8 @@ static int s_aws_ecs_tester_init(struct aws_allocator *allocator) {
         return AWS_OP_ERR;
     }
 
+    aws_auth_library_init(allocator);
+
     /* default to everything successful */
     s_tester.is_connection_acquire_successful = true;
     s_tester.is_request_successful = true;
@@ -225,6 +227,7 @@ static void s_aws_ecs_tester_cleanup(void) {
     aws_condition_variable_clean_up(&s_tester.signal);
     aws_mutex_clean_up(&s_tester.lock);
     aws_credentials_release(s_tester.credentials);
+    aws_auth_library_clean_up();
 }
 
 static bool s_has_tester_received_credentials_callback(void *user_data) {

data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_process_tests.c

@@ -68,7 +68,8 @@ static int s_aws_process_test_init_config_profile(
 }
 
 static int s_aws_process_tester_init(struct aws_allocator *allocator) {
-    (void)allocator;
+    aws_auth_library_init(allocator);
+
     if (aws_mutex_init(&s_tester.lock)) {
         return AWS_OP_ERR;
     }
@@ -84,6 +85,7 @@ static void s_aws_process_tester_cleanup(void) {
     aws_condition_variable_clean_up(&s_tester.signal);
     aws_mutex_clean_up(&s_tester.lock);
     aws_credentials_release(s_tester.credentials);
+    aws_auth_library_clean_up();
 }
 
 static bool s_has_tester_received_credentials_callback(void *user_data) {
@@ -127,6 +129,20 @@ AWS_STATIC_STRING_FROM_LITERAL(
     "\"Expiration\":\"2020-02-25T06:03:31Z\"}'");
 #endif
 
+#ifdef _WIN32
+AWS_STATIC_STRING_FROM_LITERAL(
+    s_test_command_without_token,
+    "echo {\"Version\": 1, \"AccessKeyId\": \"AccessKey123\", "
+    "\"SecretAccessKey\": \"SecretAccessKey321\", "
+    "\"Expiration\":\"2020-02-25T06:03:31Z\"}");
+#else
+AWS_STATIC_STRING_FROM_LITERAL(
+    s_test_command_without_token,
+    "echo '{\"Version\": 1, \"AccessKeyId\": \"AccessKey123\", "
+    "\"SecretAccessKey\": \"SecretAccessKey321\", "
+    "\"Expiration\":\"2020-02-25T06:03:31Z\"}'");
+#endif
+
 AWS_STATIC_STRING_FROM_LITERAL(s_bad_test_command, "/i/dont/know/what/is/this/command");
 AWS_STATIC_STRING_FROM_LITERAL(s_bad_command_output, "echo \"Hello, World!\"");
 
@@ -143,25 +159,13 @@ AWS_STATIC_STRING_FROM_LITERAL(
     "region=us-west-2\n"
     "credential_process=");
 
-static int s_credentials_provider_process_new_destroy_from_config(struct aws_allocator *allocator, void *ctx) {
-    (void)ctx;
+static int s_credentials_provider_process_helper(
+    struct aws_string *config_file_contents,
+    struct aws_allocator *allocator) {
 
     s_aws_process_tester_init(allocator);
 
-    struct aws_byte_buf content_buf;
-    struct aws_byte_buf existing_content = aws_byte_buf_from_c_str(aws_string_c_str(s_process_config_file_contents));
-    aws_byte_buf_init_copy(&content_buf, allocator, &existing_content);
-    struct aws_byte_cursor cursor = aws_byte_cursor_from_string(s_test_command);
-    ASSERT_TRUE(aws_byte_buf_append_dynamic(&content_buf, &cursor) == AWS_OP_SUCCESS);
-    cursor = aws_byte_cursor_from_c_str("\n");
-    ASSERT_TRUE(aws_byte_buf_append_dynamic(&content_buf, &cursor) == AWS_OP_SUCCESS);
-
-    struct aws_string *config_file_contents = aws_string_new_from_array(allocator, content_buf.buffer, content_buf.len);
-    ASSERT_TRUE(config_file_contents != NULL);
-    aws_byte_buf_clean_up(&content_buf);
-
     s_aws_process_test_init_config_profile(allocator, config_file_contents);
-    aws_string_destroy(config_file_contents);
 
     struct aws_credentials_provider_process_options options = {
         .shutdown_options =
@@ -178,10 +182,55 @@ static int s_credentials_provider_process_new_destroy_from_config(struct aws_all
     s_aws_process_tester_cleanup();
     return 0;
 }
+
+static int s_credentials_provider_process_new_destroy_from_config(struct aws_allocator *allocator, void *ctx) {
+    (void)ctx;
+
+    struct aws_byte_buf content_buf;
+    struct aws_byte_buf existing_content = aws_byte_buf_from_c_str(aws_string_c_str(s_process_config_file_contents));
+    aws_byte_buf_init_copy(&content_buf, allocator, &existing_content);
+    struct aws_byte_cursor cursor = aws_byte_cursor_from_string(s_test_command);
+    ASSERT_TRUE(aws_byte_buf_append_dynamic(&content_buf, &cursor) == AWS_OP_SUCCESS);
+    cursor = aws_byte_cursor_from_c_str("\n");
+    ASSERT_TRUE(aws_byte_buf_append_dynamic(&content_buf, &cursor) == AWS_OP_SUCCESS);
+
+    struct aws_string *config_file_contents = aws_string_new_from_array(allocator, content_buf.buffer, content_buf.len);
+    ASSERT_TRUE(config_file_contents != NULL);
+    aws_byte_buf_clean_up(&content_buf);
+
+    ASSERT_SUCCESS(s_credentials_provider_process_helper(config_file_contents, allocator));
+    aws_string_destroy(config_file_contents);
+    return 0;
+}
 AWS_TEST_CASE(
     credentials_provider_process_new_destroy_from_config,
     s_credentials_provider_process_new_destroy_from_config);
 
+static int s_credentials_provider_process_new_destroy_from_config_without_token(
+    struct aws_allocator *allocator,
+    void *ctx) {
+    (void)ctx;
+
+    struct aws_byte_buf content_buf;
+    struct aws_byte_buf existing_content = aws_byte_buf_from_c_str(aws_string_c_str(s_process_config_file_contents));
+    aws_byte_buf_init_copy(&content_buf, allocator, &existing_content);
+    struct aws_byte_cursor cursor = aws_byte_cursor_from_string(s_test_command_without_token);
+    ASSERT_TRUE(aws_byte_buf_append_dynamic(&content_buf, &cursor) == AWS_OP_SUCCESS);
+    cursor = aws_byte_cursor_from_c_str("\n");
+    ASSERT_TRUE(aws_byte_buf_append_dynamic(&content_buf, &cursor) == AWS_OP_SUCCESS);
+
+    struct aws_string *config_file_contents = aws_string_new_from_array(allocator, content_buf.buffer, content_buf.len);
+    ASSERT_TRUE(config_file_contents != NULL);
+    aws_byte_buf_clean_up(&content_buf);
+
+    ASSERT_SUCCESS(s_credentials_provider_process_helper(config_file_contents, allocator));
+    aws_string_destroy(config_file_contents);
+    return 0;
+}
+AWS_TEST_CASE(
+    credentials_provider_process_new_destroy_from_config_without_token,
+    s_credentials_provider_process_new_destroy_from_config_without_token);
+
 AWS_STATIC_STRING_FROM_LITERAL(
     s_process_config_file_no_process_contents,
     "[profile default]\n"

data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_tests.c

@@ -443,6 +443,131 @@ static int s_cached_credentials_provider_elapsed_test(struct aws_allocator *allo
 
 AWS_TEST_CASE(cached_credentials_provider_elapsed_test, s_cached_credentials_provider_elapsed_test);
 
+#define TEST_CACHED_CREDENTIALS_EXPIRATION_TIMEPOINT 3600
+
+static int s_cached_credentials_provider_expired_test(struct aws_allocator *allocator, void *ctx) {
+    (void)ctx;
+
+    mock_aws_set_system_time(0);
+    mock_aws_set_high_res_time(1);
+
+    s_aws_credentials_shutdown_checker_init();
+
+    struct aws_credentials *first_creds = aws_credentials_new_from_string(
+        allocator,
+        s_access_key_id_1,
+        s_secret_access_key_1,
+        s_session_token_1,
+        TEST_CACHED_CREDENTIALS_EXPIRATION_TIMEPOINT);
+    struct aws_credentials *second_creds = aws_credentials_new_from_string(
+        allocator,
+        s_access_key_id_2,
+        s_secret_access_key_2,
+        s_session_token_2,
+        TEST_CACHED_CREDENTIALS_EXPIRATION_TIMEPOINT * 2);
+
+    struct get_credentials_mock_result mock_results[] = {
+        {.error_code = 0, .credentials = first_creds},
+        {.error_code = 0, .credentials = second_creds},
+    };
+
+    struct aws_credentials_provider_shutdown_options shutdown_options;
+    AWS_ZERO_STRUCT(shutdown_options);
+
+    struct aws_credentials_provider *mock_provider =
+        aws_credentials_provider_new_mock(allocator, mock_results, 2, &shutdown_options);
+
+    struct aws_credentials_provider_cached_options options;
+    AWS_ZERO_STRUCT(options);
+    options.source = mock_provider;
+    options.refresh_time_in_milliseconds = TEST_CACHE_REFRESH_TIME_MS;
+    options.high_res_clock_fn = mock_aws_get_high_res_time;
+    options.system_clock_fn = mock_aws_get_system_time;
+    options.shutdown_options.shutdown_callback = s_on_shutdown_complete;
+    options.shutdown_options.shutdown_user_data = NULL;
+
+    struct aws_credentials_provider *cached_provider = aws_credentials_provider_new_cached(allocator, &options);
+    aws_credentials_provider_release(mock_provider);
+
+    struct aws_get_credentials_test_callback_result callback_results;
+    ASSERT_TRUE(s_invoke_get_credentials(cached_provider, &callback_results, 1) == 0);
+    ASSERT_TRUE(s_wait_for_get_credentials(&callback_results) == 0);
+    ASSERT_TRUE(
+        s_verify_callback_status(&callback_results, 1, s_access_key_id_1, s_secret_access_key_1, s_session_token_1) ==
+        0);
+
+    /*
+     * Invoke a couple more times to verify the mock isn't getting called
+     */
+    aws_get_credentials_test_callback_result_clean_up(&callback_results);
+    ASSERT_TRUE(s_invoke_get_credentials(cached_provider, &callback_results, 1) == 0);
+    ASSERT_TRUE(s_wait_for_get_credentials(&callback_results) == 0);
+    ASSERT_TRUE(
+        s_verify_callback_status(&callback_results, 1, s_access_key_id_1, s_secret_access_key_1, s_session_token_1) ==
+        0);
+
+    aws_get_credentials_test_callback_result_clean_up(&callback_results);
+    ASSERT_TRUE(s_invoke_get_credentials(cached_provider, &callback_results, 1) == 0);
+    ASSERT_TRUE(s_wait_for_get_credentials(&callback_results) == 0);
+    ASSERT_TRUE(
+        s_verify_callback_status(&callback_results, 1, s_access_key_id_1, s_secret_access_key_1, s_session_token_1) ==
+        0);
+
+    /*
+     * Advance time enough to cause a refresh from the caching provider's perspective, but not enough to expire the
+     * actual credentials.  Nothing should change because the credential's expiration takes priority.
+     */
+    uint64_t provider_refresh_in_ns =
+        aws_timestamp_convert(TEST_CACHE_REFRESH_TIME_MS, AWS_TIMESTAMP_MILLIS, AWS_TIMESTAMP_NANOS, NULL);
+
+    uint64_t now = 0;
+    mock_aws_get_high_res_time(&now);
+    mock_aws_set_high_res_time(now + provider_refresh_in_ns);
+
+    mock_aws_get_system_time(&now);
+    mock_aws_set_system_time(now + provider_refresh_in_ns);
+
+    aws_get_credentials_test_callback_result_clean_up(&callback_results);
+    ASSERT_TRUE(s_invoke_get_credentials(cached_provider, &callback_results, 1) == 0);
+    ASSERT_TRUE(s_wait_for_get_credentials(&callback_results) == 0);
+    ASSERT_TRUE(
+        s_verify_callback_status(&callback_results, 1, s_access_key_id_1, s_secret_access_key_1, s_session_token_1) ==
+        0);
+
+    /*
+     * Advance time enough to trigger credentials expiration, verify we get the second set of mocked credentials
+     */
+    uint64_t credential_expiration_in_ns = aws_timestamp_convert(
+        TEST_CACHED_CREDENTIALS_EXPIRATION_TIMEPOINT, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL);
+
+    mock_aws_get_high_res_time(&now);
+    mock_aws_set_high_res_time(now + credential_expiration_in_ns);
+
+    mock_aws_get_system_time(&now);
+    mock_aws_set_system_time(now + credential_expiration_in_ns);
+
+    aws_get_credentials_test_callback_result_clean_up(&callback_results);
+    ASSERT_TRUE(s_invoke_get_credentials(cached_provider, &callback_results, 1) == 0);
+    ASSERT_TRUE(s_wait_for_get_credentials(&callback_results) == 0);
+    ASSERT_TRUE(
+        s_verify_callback_status(&callback_results, 1, s_access_key_id_2, s_secret_access_key_2, s_session_token_2) ==
+        0);
+
+    aws_get_credentials_test_callback_result_clean_up(&callback_results);
+    aws_credentials_provider_release(cached_provider);
+
+    s_aws_wait_for_provider_shutdown_callback();
+
+    s_aws_credentials_shutdown_checker_clean_up();
+
+    aws_credentials_release(second_creds);
+    aws_credentials_release(first_creds);
+
+    return 0;
+}
+
+AWS_TEST_CASE(cached_credentials_provider_expired_test, s_cached_credentials_provider_expired_test);
+
 static int s_cached_credentials_provider_queued_async_test(struct aws_allocator *allocator, void *ctx) {
     (void)ctx;