/** * @param request * @return True if {@link PutObjectRequest} has been configured to use SSE-C or SSE-KMS */ private boolean putRequestInvolvesSse(PutObjectRequest request) { return containsNonNull(request.getSSECustomerKey(), request.getSSEAwsKeyManagementParams()); }
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side based on the server response. We skip the * client side check if any of the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_GET_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * <li>The Etag header is missing</li> * <li>The Etag indicates that the object was created by a MultiPart Upload</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerGetResponse(ObjectMetadata metadata) { if (isGetObjectMd5ValidationDisabledByProperty()) { return true; } return skipClientSideValidationPerResponse(metadata); }
private boolean skipClientSideValidationPerResponse(ObjectMetadata metadata) { if (metadata == null) { return true; } // If Etag is not provided or was computed from a multipart upload then skip the check, the // etag won't be the MD5 of the original content if (metadata.getETag() == null || isMultipartUploadETag(metadata.getETag())) { return true; } return metadataInvolvesSse(metadata); }
/** * Conveience method to determine whether to do client side validation of a GetObject call based * on both the request and the response. See * {@link #skipClientSideValidationPerRequest(GetObjectRequest)} and * {@link #skipClientSideValidationPerGetResponse(ObjectMetadata)} for more details on the * criterion. * * @param request * Original {@link GetObjectRequest} * @param returnedMetadata * Metadata returned in {@link S3Object} * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidation(GetObjectRequest request, ObjectMetadata returnedMetadata) { return skipClientSideValidationPerRequest(request) || skipClientSideValidationPerGetResponse(returnedMetadata); }
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side based on the server response. We skip the * client side check if any of the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * <li>The Etag header is missing</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerPutResponse(ObjectMetadata metadata) { if (isPutObjectMd5ValidationDisabledByProperty()) { return true; } return skipClientSideValidationPerResponse(metadata); }
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side. We skip the client side check if any of * the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerRequest(PutObjectRequest request) { if (isPutObjectMd5ValidationDisabledByProperty()) { return true; } return putRequestInvolvesSse(request) || metadataInvolvesSse(request.getMetadata()); }
if (calculateMD5 && !skipMd5CheckStrategy.skipServerSideValidation(putObjectRequest)) { try { String contentMd5_b64 = Md5Utils.md5AsBase64(file); && !skipMd5CheckStrategy.skipClientSideValidationPerRequest(putObjectRequest)) { if (contentMd5 != null && !skipMd5CheckStrategy.skipClientSideValidationPerPutResponse(returnedMetadata)) { byte[] clientSideHash = BinaryUtils.fromBase64(contentMd5); byte[] serverSideHash = BinaryUtils.fromHex(etag);
@Override public boolean needIntegrityCheck() { // Don't perform the integrity check if the checksum won't matchup. return !(s3 instanceof AmazonS3Encryption) && !skipMd5CheckStrategy.skipClientSideValidationPerRequest(getObjectRequest); } }
/** * Determines whether the client should calculate and send the {@link Headers#CONTENT_MD5} * header to be validated by S3 per the request. * <p> * Currently we always try and do server side validation unless it's been explicitly disabled by * the {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} property. Whether or not we actually * calculate the MD5 header is determined in the client based on the source of the data (i.e. if * it's a file we calculate, if not then we don't) * </p> */ public boolean skipServerSideValidation(PutObjectRequest request) { if (isPutObjectMd5ValidationDisabledByProperty()) { return true; } return false; }
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side based on the server response. We skip the * client side check if any of the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * <li>The Etag header is missing</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerUploadPartResponse(ObjectMetadata metadata) { return skipClientSideValidationPerPutResponse(metadata); }
/** * Based on the given {@link GetObjectRequest}, returns whether the specified request should * skip MD5 check on the requested object content. Specifically, MD5 check should be skipped if * one of the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_GET_OBJECT_MD5_VALIDATION_PROPERTY} is set.</li> * <li>The request is a range-get operation</li> * <li>The request is a GET object operation that involves SSE-C</li> * </ol> * Otherwise, MD5 check should not be skipped. */ public boolean skipClientSideValidationPerRequest(GetObjectRequest request) { if (isGetObjectMd5ValidationDisabledByProperty()) { return true; } // Skip MD5 check for range get if (request.getRange() != null) { return true; } if (request.getSSECustomerKey() != null) { return true; } return false; }
try { final ObjectMetadata metadata = s3Object.getObjectMetadata(); if (!skipMd5CheckStrategy.skipClientSideValidationPerGetResponse(metadata)) { clientSideHash = Md5Utils.computeMD5Hash(new FileInputStream(dstfile)); serverSideHash = BinaryUtils.fromHex(metadata.getETag());
if (!skipMd5CheckStrategy.skipClientSideValidation(getObjectRequest, s3Object.getObjectMetadata())) { byte[] serverSideHash = BinaryUtils.fromHex(s3Object.getObjectMetadata().getETag()); try {
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side. We skip the client side check if any of * the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerRequest(PutObjectRequest request) { if (isPutObjectMd5ValidationDisabledByProperty()) { return true; } return putRequestInvolvesSse(request) || metadataInvolvesSse(request.getMetadata()); }
if (calculateMD5 && !skipMd5CheckStrategy.skipServerSideValidation(putObjectRequest)) { try { String contentMd5_b64 = Md5Utils.md5AsBase64(file); && !skipMd5CheckStrategy.skipClientSideValidationPerRequest(putObjectRequest)) { if (contentMd5 != null && !skipMd5CheckStrategy.skipClientSideValidationPerPutResponse(returnedMetadata)) { byte[] clientSideHash = BinaryUtils.fromBase64(contentMd5); byte[] serverSideHash = BinaryUtils.fromHex(etag);
/** * Conveience method to determine whether to do client side validation of a GetObject call based * on both the request and the response. See * {@link #skipClientSideValidationPerRequest(GetObjectRequest)} and * {@link #skipClientSideValidationPerGetResponse(ObjectMetadata)} for more details on the * criterion. * * @param request * Original {@link GetObjectRequest} * @param returnedMetadata * Metadata returned in {@link S3Object} * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidation(GetObjectRequest request, ObjectMetadata returnedMetadata) { return skipClientSideValidationPerRequest(request) || skipClientSideValidationPerGetResponse(returnedMetadata); }
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side based on the server response. We skip the * client side check if any of the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * <li>The Etag header is missing</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerPutResponse(ObjectMetadata metadata) { if (isPutObjectMd5ValidationDisabledByProperty()) { return true; } return skipClientSideValidationPerResponse(metadata); }
@Override public boolean needIntegrityCheck() { return !skipMd5CheckStrategy.skipClientSideValidationPerRequest(getObjectRequest); }
/** * Determines whether the client should calculate and send the {@link Headers#CONTENT_MD5} * header to be validated by S3 per the request. * <p> * Currently we always try and do server side validation unless it's been explicitly disabled by * the {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} property. Whether or not we actually * calculate the MD5 header is determined in the client based on the source of the data (i.e. if * it's a file we calculate, if not then we don't) * </p> */ public boolean skipServerSideValidation(UploadPartRequest request) { if (isPutObjectMd5ValidationDisabledByProperty()) { return true; } return false; }
/** * Determines whether the client should use the {@link Headers#ETAG} header returned by S3 to * validate the integrity of the message client side based on the server response. We skip the * client side check if any of the following conditions are true: * <ol> * <li>The system property {@value #DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY} is set</li> * <li>The request involves SSE-C or SSE-KMS</li> * <li>The Etag header is missing</li> * </ol> * * @return True if client side validation should be skipped, false otherwise. */ public boolean skipClientSideValidationPerUploadPartResponse(ObjectMetadata metadata) { return skipClientSideValidationPerPutResponse(metadata); }