Skip to content

Commit

Permalink
feat(s3): Add option to specify an SSE-C customer provided key
Browse files Browse the repository at this point in the history
Signed-off-by: Julius Härtl <jus@bitgrid.net>
  • Loading branch information
juliusknorr committed Dec 21, 2022
1 parent c1a99ca commit 3b5f731
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 5 deletions.
30 changes: 30 additions & 0 deletions lib/private/Files/ObjectStore/S3ConnectionTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -227,4 +227,34 @@ protected function getCertificateBundlePath(): ?string {
return null;
}
}

protected function getSSECKey(): ?string {
if (isset($this->params['sse_c_key'])) {
return $this->params['sse_c_key'];
}

return null;
}

protected function getSSECParameters(bool $copy = false): array {
$key = $this->getSSECKey();

if ($key === null) {
return [];
}

$rawKey = base64_decode($key);
if ($copy) {
return [
'CopySourceSSECustomerAlgorithm' => 'AES256',
'CopySourceSSECustomerKey' => $rawKey,
'CopySourceSSECustomerKeyMD5' => md5($rawKey, true)
];
}
return [
'SSECustomerAlgorithm' => 'AES256',
'SSECustomerKey' => $rawKey,
'SSECustomerKeyMD5' => md5($rawKey, true)
];
}
}
13 changes: 8 additions & 5 deletions lib/private/Files/ObjectStore/S3ObjectTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ trait S3ObjectTrait {
abstract protected function getConnection();

abstract protected function getCertificateBundlePath(): ?string;
abstract protected function getSSECParameters(bool $copy = false): array;

/**
* @param string $urn the unified resource name used to identify the object
Expand All @@ -58,7 +59,7 @@ public function readObject($urn) {
'Bucket' => $this->bucket,
'Key' => $urn,
'Range' => 'bytes=' . $range,
]);
] + $this->getSSECParameters());
$request = \Aws\serialize($command);
$headers = [];
foreach ($request->getHeaders() as $key => $values) {
Expand Down Expand Up @@ -105,7 +106,7 @@ protected function writeSingle(string $urn, StreamInterface $stream, string $mim
'Body' => $stream,
'ACL' => 'private',
'ContentType' => $mimetype,
]);
] + $this->getSSECParameters());
}


Expand All @@ -124,7 +125,7 @@ protected function writeMultiPart(string $urn, StreamInterface $stream, string $
'part_size' => $this->uploadPartSize,
'params' => [
'ContentType' => $mimetype
],
] + $this->getSSECParameters(),
]);

try {
Expand Down Expand Up @@ -179,10 +180,12 @@ public function deleteObject($urn) {
}

public function objectExists($urn) {
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
}

public function copyObject($from, $to) {
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', [
'params' => $this->getSSECParameters() + $this->getSSECParameters(true)
]);
}
}

0 comments on commit 3b5f731

Please sign in to comment.