add bucket encryption apis. (#902)

Fixes #898

api/src/main/java/io/minio/DeleteBucketEncryptionArgs.java

@@ -0,0 +1,28 @@
+/*
+ * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.minio;
+
+/** Argument class of MinioClient.deleteBucketEncryption(). */
+public class DeleteBucketEncryptionArgs extends BucketArgs {
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  /** Argument builder of {@link DeleteBucketEncryptionArgs}. */
+  public static final class Builder
+      extends BucketArgs.Builder<Builder, DeleteBucketEncryptionArgs> {}
+}

api/src/main/java/io/minio/ErrorCode.java

@@ -148,6 +148,9 @@ public enum ErrorCode {
   REQUEST_TORRENT_OF_BUCKET_ERROR(
       "RequestTorrentOfBucketError", "Requesting the torrent file of a bucket is not permitted"),
   SIGNATURE_DOES_NOT_MATCH("SignatureDoesNotMatch", "The request signature does not match"),
+  SERVER_SIDE_ENCRYPTION_CONFIGURATION_NOT_FOUND_ERROR(
+      "ServerSideEncryptionConfigurationNotFoundError",
+      "The server side encryption configuration was not found"),
   SERVICE_UNAVAILABLE("ServiceUnavailable", "Service unavailable.  Retry again"),
   SLOW_DOWN("SlowDown", "Reduce request rate"),
   TEMPORARY_REDIRECT("TemporaryRedirect", "Temporary redirect due to DNS updates in progress"),

api/src/main/java/io/minio/GetBucketEncryptionArgs.java

@@ -0,0 +1,27 @@
+/*
+ * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.minio;
+
+/** Argument class of MinioClient.getBucketEncryption(). */
+public class GetBucketEncryptionArgs extends BucketArgs {
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  /** Argument builder of {@link GetBucketEncryptionArgs}. */
+  public static final class Builder extends BucketArgs.Builder<Builder, GetBucketEncryptionArgs> {}
+}

api/src/main/java/io/minio/MinioClient.java

@@ -69,6 +69,7 @@
 import io.minio.messages.Prefix;
 import io.minio.messages.Retention;
 import io.minio.messages.SelectObjectContentRequest;
+import io.minio.messages.SseConfiguration;
 import io.minio.messages.Upload;
 import io.minio.org.apache.commons.validator.routines.InetAddressValidator;
 import java.io.BufferedInputStream;
@@ -5145,6 +5146,128 @@ public SelectResponseStream selectObjectContent(
     return new SelectResponseStream(response.body().byteStream());
   }
 
+  /**
+   * Sets encryption configuration of a bucket.
+   *
+   * <pre>Example:{@code
+   * minioClient.setBucketEncryption(
+   *     SetBucketEncryptionArgs.builder().bucket("my-bucketname").config(config).build());
+   * }</pre>
+   *
+   * @param args {@link SetBucketEncryptionArgs} object.
+   * @throws ErrorResponseException thrown to indicate S3 service returned an error response.
+   * @throws IllegalArgumentException throws to indicate invalid argument passed.
+   * @throws InsufficientDataException thrown to indicate not enough data available in InputStream.
+   * @throws InternalException thrown to indicate internal library error.
+   * @throws InvalidBucketNameException thrown to indicate invalid bucket name passed.
+   * @throws InvalidKeyException thrown to indicate missing of HMAC SHA-256 library.
+   * @throws InvalidResponseException thrown to indicate S3 service returned invalid or no error
+   *     response.
+   * @throws IOException thrown to indicate I/O error on S3 operation.
+   * @throws NoSuchAlgorithmException thrown to indicate missing of MD5 or SHA-256 digest library.
+   * @throws XmlParserException thrown to indicate XML parsing error.
+   */
+  public void setBucketEncryption(SetBucketEncryptionArgs args)
+      throws ErrorResponseException, IllegalArgumentException, InsufficientDataException,
+          InternalException, InvalidBucketNameException, InvalidKeyException,
+          InvalidResponseException, IOException, NoSuchAlgorithmException, XmlParserException {
+    if (args == null) {
+      throw new IllegalArgumentException("null arguments");
+    }
+
+    Map<String, String> queryParamMap = new HashMap<>();
+    queryParamMap.put("encryption", "");
+    Response response = executePut(args.bucket(), null, null, queryParamMap, args.config(), 0);
+    response.close();
+  }
+
+  /**
+   * Gets encryption configuration of a bucket.
+   *
+   * <pre>Example:{@code
+   * SseConfiguration config =
+   *     minioClient.getBucketEncryption(
+   *         GetBucketEncryptionArgs.builder().bucket("my-bucketname").build());
+   * }</pre>
+   *
+   * @param args {@link GetBucketEncryptionArgs} object.
+   * @return {@link SseConfiguration} - Server-side encryption configuration.
+   * @throws ErrorResponseException thrown to indicate S3 service returned an error response.
+   * @throws IllegalArgumentException throws to indicate invalid argument passed.
+   * @throws InsufficientDataException thrown to indicate not enough data available in InputStream.
+   * @throws InternalException thrown to indicate internal library error.
+   * @throws InvalidBucketNameException thrown to indicate invalid bucket name passed.
+   * @throws InvalidKeyException thrown to indicate missing of HMAC SHA-256 library.
+   * @throws InvalidResponseException thrown to indicate S3 service returned invalid or no error
+   *     response.
+   * @throws IOException thrown to indicate I/O error on S3 operation.
+   * @throws NoSuchAlgorithmException thrown to indicate missing of MD5 or SHA-256 digest library.
+   * @throws XmlParserException thrown to indicate XML parsing error.
+   */
+  public SseConfiguration getBucketEncryption(GetBucketEncryptionArgs args)
+      throws ErrorResponseException, IllegalArgumentException, InsufficientDataException,
+          InternalException, InvalidBucketNameException, InvalidKeyException,
+          InvalidResponseException, IOException, NoSuchAlgorithmException, XmlParserException {
+    if (args == null) {
+      throw new IllegalArgumentException("null arguments");
+    }
+
+    Map<String, String> queryParamMap = new HashMap<>();
+    queryParamMap.put("encryption", "");
+    try (Response response = executeGet(args.bucket(), null, null, queryParamMap)) {
+      return Xml.unmarshal(SseConfiguration.class, response.body().charStream());
+    } catch (ErrorResponseException e) {
+      if (e.errorResponse().errorCode()
+          != ErrorCode.SERVER_SIDE_ENCRYPTION_CONFIGURATION_NOT_FOUND_ERROR) {
+        throw e;
+      }
+    }
+
+    return new SseConfiguration();
+  }
+
+  /**
+   * Deletes encryption configuration of a bucket.
+   *
+   * <pre>Example:{@code
+   * minioClient.deleteBucketEncryption(
+   *     DeleteBucketEncryptionArgs.builder().bucket("my-bucketname").build());
+   * }</pre>
+   *
+   * @param args {@link DeleteBucketEncryptionArgs} object.
+   * @throws ErrorResponseException thrown to indicate S3 service returned an error response.
+   * @throws IllegalArgumentException throws to indicate invalid argument passed.
+   * @throws InsufficientDataException thrown to indicate not enough data available in InputStream.
+   * @throws InternalException thrown to indicate internal library error.
+   * @throws InvalidBucketNameException thrown to indicate invalid bucket name passed.
+   * @throws InvalidKeyException thrown to indicate missing of HMAC SHA-256 library.
+   * @throws InvalidResponseException thrown to indicate S3 service returned invalid or no error
+   *     response.
+   * @throws IOException thrown to indicate I/O error on S3 operation.
+   * @throws NoSuchAlgorithmException thrown to indicate missing of MD5 or SHA-256 digest library.
+   * @throws XmlParserException thrown to indicate XML parsing error.
+   */
+  public void deleteBucketEncryption(DeleteBucketEncryptionArgs args)
+      throws ErrorResponseException, IllegalArgumentException, InsufficientDataException,
+          InternalException, InvalidBucketNameException, InvalidKeyException,
+          InvalidResponseException, IOException, NoSuchAlgorithmException, XmlParserException {
+    if (args == null) {
+      throw new IllegalArgumentException("null arguments");
+    }
+
+    Map<String, String> queryParamMap = new HashMap<>();
+    queryParamMap.put("encryption", "");
+    try {
+      Response response = executeDelete(args.bucket(), "", queryParamMap);
+      response.close();
+    } catch (ErrorResponseException e) {
+      if (e.errorResponse().errorCode()
+          != ErrorCode.SERVER_SIDE_ENCRYPTION_CONFIGURATION_NOT_FOUND_ERROR) {
+        throw e;
+      }
+    }
+  }
+
   private long getAvailableSize(Object data, long expectedReadSize)
       throws IOException, InternalException {
     if (!(data instanceof BufferedInputStream)) {

api/src/main/java/io/minio/SetBucketEncryptionArgs.java

@@ -0,0 +1,52 @@
+/*
+ * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.minio;
+
+import io.minio.messages.SseConfiguration;
+
+/** Argument class of MinioClient.setBucketEncryption(). */
+public class SetBucketEncryptionArgs extends BucketArgs {
+  private SseConfiguration config;
+
+  public SseConfiguration config() {
+    return config;
+  }
+
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  /** Argument builder of {@link SetBucketEncryptionArgs}. */
+  public static final class Builder extends BucketArgs.Builder<Builder, SetBucketEncryptionArgs> {
+    private void validateConfig(SseConfiguration config) {
+      if (config == null) {
+        throw new IllegalArgumentException("null server-side encryption configuration");
+      }
+    }
+
+    protected void validate(SetBucketEncryptionArgs args) {
+      super.validate(args);
+      validateConfig(args.config);
+    }
+
+    public Builder config(SseConfiguration config) {
+      validateConfig(config);
+      operations.add(args -> args.config = config);
+      return this;
+    }
+  }
+}

api/src/main/java/io/minio/messages/ApplySseByDefault.java

@@ -0,0 +1,48 @@
+/*
+ * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.minio.messages;
+
+import org.simpleframework.xml.Element;
+import org.simpleframework.xml.Namespace;
+import org.simpleframework.xml.Root;
+
+/** Helper class to denote default rule information for {@link SseConfiguration}. */
+@Root(name = "ApplyServerSideEncryptionByDefault")
+@Namespace(reference = "http://s3.amazonaws.com/doc/2006-03-01/")
+@edu.umd.cs.findbugs.annotations.SuppressFBWarnings(value = "URF_UNREAD_FIELD")
+public class ApplySseByDefault {
+  @Element(name = "KMSMasterKeyID", required = false)
+  private String kmsMasterKeyId;
+
+  @Element(name = "SSEAlgorithm")
+  private SseAlgorithm sseAlgorithm;
+
+  public ApplySseByDefault() {}
+
+  public ApplySseByDefault(String kmsMasterKeyId, SseAlgorithm sseAlgorithm) {
+    this.kmsMasterKeyId = kmsMasterKeyId;
+    this.sseAlgorithm = sseAlgorithm;
+  }
+
+  public String kmsMasterKeyId() {
+    return this.kmsMasterKeyId;
+  }
+
+  public SseAlgorithm sseAlgorithm() {
+    return this.sseAlgorithm;
+  }
+}

api/src/main/java/io/minio/messages/SseAlgorithm.java

@@ -0,0 +1,67 @@
+/*
+ * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.minio.messages;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import org.simpleframework.xml.Root;
+import org.simpleframework.xml.convert.Convert;
+import org.simpleframework.xml.convert.Converter;
+import org.simpleframework.xml.stream.InputNode;
+import org.simpleframework.xml.stream.OutputNode;
+
+/** Server-side encryption algorithm. */
+@Root(name = "SSEAlgorithm")
+@Convert(SseAlgorithm.SseAlgorithmConverter.class)
+public enum SseAlgorithm {
+  AES256("AES256"),
+  AWS_KMS("aws:kms");
+
+  private final String value;
+
+  private SseAlgorithm(String value) {
+    this.value = value;
+  }
+
+  public String toString() {
+    return this.value;
+  }
+
+  /** Returns SseAlgorithm of given string. */
+  @JsonCreator
+  public static SseAlgorithm fromString(String sseAlgorithmString) {
+    for (SseAlgorithm sa : SseAlgorithm.values()) {
+      if (sseAlgorithmString.equals(sa.value)) {
+        return sa;
+      }
+    }
+
+    throw new IllegalArgumentException("unknown SSE algorithm '" + sseAlgorithmString + "'");
+  }
+
+  /** XML converter class. */
+  public static class SseAlgorithmConverter implements Converter<SseAlgorithm> {
+    @Override
+    public SseAlgorithm read(InputNode node) throws Exception {
+      return SseAlgorithm.fromString(node.getValue());
+    }
+
+    @Override
+    public void write(OutputNode node, SseAlgorithm sseAlgorithm) throws Exception {
+      node.setValue(sseAlgorithm.toString());
+    }
+  }
+}