/** * If SSE-C or SSE-KMS is involved then the Etag will be the MD5 of the ciphertext not the * plaintext so we can't validate it client side. Plain SSE with S3 managed keys will return an * Etag that does match the MD5 of the plaintext so it's still eligible for client side * validation. * * @param metadata * Metadata of request or response * @return True if the metadata indicates that SSE-C or SSE-KMS is used. False otherwise */ private boolean metadataInvolvesSse(ObjectMetadata metadata) { if (metadata == null) { return false; } return containsNonNull(metadata.getSSECustomerAlgorithm(), metadata.getSSECustomerKeyMd5(), metadata.getSSEAwsKmsKeyId()); }
private static PutObjectResult createPutObjectResult(ObjectMetadata metadata) { final PutObjectResult result = new PutObjectResult(); result.setVersionId(metadata.getVersionId()); result.setSSEAlgorithm(metadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(metadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(metadata.getSSECustomerKeyMd5()); result.setExpirationTime(metadata.getExpirationTime()); result.setExpirationTimeRuleId(metadata.getExpirationTimeRuleId()); result.setETag(metadata.getETag()); result.setMetadata(metadata); result.setRequesterCharged(metadata.isRequesterCharged()); return result; }
result.setPartNumber(partNumber); result.setSSEAlgorithm(metadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(metadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(metadata.getSSECustomerKeyMd5()); result.setRequesterCharged(metadata.isRequesterCharged());
if (origReqMetadata != null && origReqMetadata.getRawMetadataValue(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY) != null && origReqMetadata.getSSECustomerAlgorithm() != null && origReqMetadata.getSSECustomerKeyMd5() != null) { metadata.setHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, origReqMetadata.getRawMetadataValue(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY)); metadata.setSSECustomerAlgorithm(origReqMetadata.getSSECustomerAlgorithm()); metadata.setSSECustomerKeyMd5(origReqMetadata.getSSECustomerKeyMd5());
/** * Based on the given metadata of an S3 response, Returns whether the * specified request should skip MD5 check on the requested object content. * Specifically, MD5 check should be skipped if either SSE-KMS or SSE-C is * involved. * <p> * The reason is that when SSE-KMS or SSE-C is involved, the MD5 returned * from the server side is the MD5 of the ciphertext, which will by * definition mismatch the MD5 on the client side which is computed based on * the plaintext. * @param metadata the ObjectMetadata of an S3 response. * @return true if the specified response should skip MD5 * check on the requested object content. */ public static boolean skipMd5CheckPerResponse(ObjectMetadata metadata) { if (metadata == null) { return false; } final boolean sseKMS = (SSEAlgorithm.KMS.toString().equals(metadata .getSSEAlgorithm())); return (metadata.getSSECustomerAlgorithm() != null) || sseKMS; }
/** * Based on the given metadata of an S3 response, Returns whether the * specified request should skip MD5 check on the requested object content. * Specifically, MD5 check should be skipped if either SSE-KMS or SSE-C is * involved. * <p> * The reason is that when SSE-KMS or SSE-C is involved, the MD5 returned * from the server side is the MD5 of the ciphertext, which will by * definition mismatch the MD5 on the client side which is computed based on * the plaintext. * @param metadata the ObjectMetadata of an S3 response. * @return true if the specified response should skip MD5 * check on the requested object content. */ public static boolean skipMd5CheckPerResponse(ObjectMetadata metadata) { if (metadata == null) { return false; } final boolean sseKMS = (SSEAlgorithm.KMS.toString().equals(metadata .getSSEAlgorithm())); return (metadata.getSSECustomerAlgorithm() != null) || sseKMS; }
result.setPartNumber(partNumber); result.setSSEAlgorithm(metadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(metadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(metadata.getSSECustomerKeyMd5()); result.setRequesterCharged(metadata.isRequesterCharged());
result.setVersionId(returnedMetadata.getVersionId()); result.setSSEAlgorithm(returnedMetadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(returnedMetadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(returnedMetadata.getSSECustomerKeyMd5()); result.setExpirationTime(returnedMetadata.getExpirationTime());
/** * If SSE-C or SSE-KMS is involved then the Etag will be the MD5 of the ciphertext not the * plaintext so we can't validate it client side. Plain SSE with S3 managed keys will return an * Etag that does match the MD5 of the plaintext so it's still eligible for client side * validation. * * @param metadata * Metadata of request or response * @return True if the metadata indicates that SSE-C or SSE-KMS is used. False otherwise */ private boolean metadataInvolvesSse(ObjectMetadata metadata) { if (metadata == null) { return false; } return containsNonNull(metadata.getSSECustomerAlgorithm(), metadata.getSSECustomerKeyMd5(), metadata.getSSEAwsKmsKeyId()); }
assertEquals(restoreExpirationTime, from.getRestoreExpirationTime()); assertEquals("ssealgo", from.getSSEAlgorithm()); assertEquals("SSECustomerAlgorithm", from.getSSECustomerAlgorithm()); assertEquals("sseCustKeyMd5", from.getSSECustomerKeyMd5()); assertTrue(2 == from.getUserMetadata().size()); assertEquals("SSECustomerAlgorithm", to.getSSECustomerAlgorithm()); assertEquals("sseCustKeyMd5", to.getSSECustomerKeyMd5());
@Test public void cloneEmpty() { ObjectMetadata from = new ObjectMetadata(); for (int i = 0; i < 2; i++) { assertNull(from.getCacheControl()); assertNull(from.getContentDisposition()); assertNull(from.getContentEncoding()); assertTrue(0 == from.getContentLength()); assertNull(from.getContentMD5()); assertNull(from.getContentType()); assertNull(from.getETag()); assertNull(from.getExpirationTime()); assertNull(from.getExpirationTimeRuleId()); assertNull(from.getHttpExpiresDate()); assertTrue(0 == from.getInstanceLength()); assertNull(from.getLastModified()); assertNull(from.getOngoingRestore()); assertTrue(from.getRawMetadata().size() == 0); assertNull(from.getRestoreExpirationTime()); assertNull(from.getSSEAlgorithm()); assertNull(from.getSSECustomerAlgorithm()); assertNull(from.getSSECustomerKeyMd5()); assertTrue(0 == from.getUserMetadata().size()); assertNull(from.getVersionId()); assertNull(from.getStorageClass()); // Clone an empty instance from = from.clone(); } }
private static PutObjectResult createPutObjectResult(ObjectMetadata metadata) { final PutObjectResult result = new PutObjectResult(); result.setVersionId(metadata.getVersionId()); result.setSSEAlgorithm(metadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(metadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(metadata.getSSECustomerKeyMd5()); result.setExpirationTime(metadata.getExpirationTime()); result.setExpirationTimeRuleId(metadata.getExpirationTimeRuleId()); result.setETag(metadata.getETag()); result.setMetadata(metadata); result.setRequesterCharged(metadata.isRequesterCharged()); return result; }
result.setPartNumber(partNumber); result.setSSEAlgorithm(metadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(metadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(metadata.getSSECustomerKeyMd5()); result.setRequesterCharged(metadata.isRequesterCharged());
ret.setSSEAlgorithm(source.getSSEAlgorithm()); if (source.getSSECustomerAlgorithm() != null) { ret.setSSECustomerAlgorithm(source.getSSECustomerAlgorithm());
result.setPartNumber(partNumber); result.setSSEAlgorithm(metadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(metadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(metadata.getSSECustomerKeyMd5()); result.setRequesterCharged(metadata.isRequesterCharged());
result.setVersionId(returnedMetadata.getVersionId()); result.setSSEAlgorithm(returnedMetadata.getSSEAlgorithm()); result.setSSECustomerAlgorithm(returnedMetadata.getSSECustomerAlgorithm()); result.setSSECustomerKeyMd5(returnedMetadata.getSSECustomerKeyMd5()); result.setExpirationTime(returnedMetadata.getExpirationTime());