From be3044cc367202df2b73634796b01369b68020ff Mon Sep 17 00:00:00 2001 From: Bala FA Date: Tue, 14 Jul 2020 10:06:02 +0000 Subject: [PATCH] simplify server-side encryption (#1014) --- api/src/main/java/io/minio/MinioClient.java | 10 +- api/src/main/java/io/minio/ObjectArgs.java | 4 +- .../java/io/minio/ServerSideEncryption.java | 176 +----------------- .../ServerSideEncryptionCustomerKey.java | 38 ++-- .../io/minio/ServerSideEncryptionKms.java | 59 ++++++ .../java/io/minio/ServerSideEncryptionS3.java | 46 +++++ .../test/java/io/minio/MinioClientTest.java | 6 +- .../java/io/minio/StatObjectArgsTest.java | 2 +- examples/ComposeObjectEncrypted.java | 4 +- examples/CopyObject.java | 8 +- examples/DownloadObject.java | 3 +- examples/PutObject.java | 8 +- examples/StatObject.java | 3 +- examples/UploadObject.java | 3 +- functional/FunctionalTest.java | 8 +- 15 files changed, 166 insertions(+), 212 deletions(-) create mode 100644 api/src/main/java/io/minio/ServerSideEncryptionKms.java create mode 100644 api/src/main/java/io/minio/ServerSideEncryptionS3.java diff --git a/api/src/main/java/io/minio/MinioClient.java b/api/src/main/java/io/minio/MinioClient.java index 57d4501f8..205caa519 100644 --- a/api/src/main/java/io/minio/MinioClient.java +++ b/api/src/main/java/io/minio/MinioClient.java @@ -709,13 +709,13 @@ private void checkReadRequestSse(ServerSideEncryption sse) throws IllegalArgumen return; } - if (sse.type() != ServerSideEncryption.Type.SSE_C) { + if (!(sse instanceof ServerSideEncryptionCustomerKey)) { throw new IllegalArgumentException("only SSE_C is supported for all read requests."); } - if (sse.type().requiresTls() && !this.baseUrl.isHttps()) { + if (sse.tlsRequired() && !this.baseUrl.isHttps()) { throw new IllegalArgumentException( - sse.type().name() + "operations must be performed over a secure connection."); + sse + "operations must be performed over a secure connection."); } } @@ -2360,7 +2360,7 @@ public ObjectWriteResponse composeObject(ComposeObjectArgs args) String uploadId = createMultipartUploadResponse.result().uploadId(); Multimap ssecHeaders = HashMultimap.create(); - if (args.sse() != null && args.sse().type() == ServerSideEncryption.Type.SSE_C) { + if (args.sse() != null && args.sse() instanceof ServerSideEncryptionCustomerKey) { ssecHeaders.putAll(newMultimap(args.sse().headers())); } @@ -4762,7 +4762,7 @@ private ObjectWriteResponse putObject( Map ssecHeaders = null; // set encryption headers in the case of SSE-C. - if (args.sse() != null && args.sse().type() == ServerSideEncryption.Type.SSE_C) { + if (args.sse() != null && args.sse() instanceof ServerSideEncryptionCustomerKey) { ssecHeaders = args.sse().headers(); } diff --git a/api/src/main/java/io/minio/ObjectArgs.java b/api/src/main/java/io/minio/ObjectArgs.java index 3b12d578d..1bc432a05 100644 --- a/api/src/main/java/io/minio/ObjectArgs.java +++ b/api/src/main/java/io/minio/ObjectArgs.java @@ -31,9 +31,9 @@ protected void checkSse(ServerSideEncryption sse, HttpUrl url) { return; } - if (sse.type().requiresTls() && !url.isHttps()) { + if (sse.tlsRequired() && !url.isHttps()) { throw new IllegalArgumentException( - sse.type().name() + " operations must be performed over a secure connection."); + sse + " operations must be performed over a secure connection."); } } diff --git a/api/src/main/java/io/minio/ServerSideEncryption.java b/api/src/main/java/io/minio/ServerSideEncryption.java index 661614385..7d52a7e67 100644 --- a/api/src/main/java/io/minio/ServerSideEncryption.java +++ b/api/src/main/java/io/minio/ServerSideEncryption.java @@ -16,183 +16,21 @@ package io.minio; -import com.google.common.io.BaseEncoding; -import java.io.UnsupportedEncodingException; -import java.nio.charset.StandardCharsets; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.util.Collections; import java.util.HashMap; import java.util.Map; -import java.util.Map.Entry; -import java.util.Optional; -import javax.crypto.SecretKey; -import javax.security.auth.DestroyFailedException; -import javax.security.auth.Destroyable; -/** Server-side encryption options. */ -public abstract class ServerSideEncryption implements Destroyable { - /** The types of server-side encryption. */ - public static enum Type { - SSE_C, - SSE_S3, - SSE_KMS; +public abstract class ServerSideEncryption { + private static final Map emptyHeaders = + Collections.unmodifiableMap(new HashMap<>()); - /** - * Returns true if the server-side encryption requires a TLS connection. - * - * @return true if the type of server-side encryption requires TLS. - */ - public boolean requiresTls() { - return this.equals(SSE_C) || this.equals(SSE_KMS); - } - } - - protected boolean destroyed = false; - - /** Returns server side encryption type. */ - public abstract Type type(); - - /** Returns server side encryption headers. */ public abstract Map headers(); - /** Returns server side encryption headers for source object in Put Object - Copy. */ - public Map copySourceHeaders() throws IllegalArgumentException { - throw new IllegalArgumentException(this.type().name() + " is not supported in copy source"); - } - - @Override - public boolean isDestroyed() { - return this.destroyed; - } - - private static boolean isCustomerKeyValid(SecretKey key) { - if (key == null) { - return false; - } - return !key.isDestroyed() && key.getAlgorithm().equals("AES") && key.getEncoded().length == 32; - } - - /** - * Create a new server-side-encryption object for encryption with customer provided keys (a.k.a. - * SSE-C). - * - * @param key The secret AES-256 key. - * @return An instance of ServerSideEncryption implementing SSE-C. - * @throws InvalidKeyException if the provided secret key is not a 256 bit AES key. - * @throws NoSuchAlgorithmException if the crypto provider does not implement MD5. - */ - public static ServerSideEncryptionCustomerKey withCustomerKey(SecretKey key) - throws InvalidKeyException, NoSuchAlgorithmException { - if (!isCustomerKeyValid(key)) { - throw new InvalidKeyException("The secret key is not a 256 bit AES key"); - } - - return new ServerSideEncryptionCustomerKey(key); - } - - static final class ServerSideEncryptionS3 extends ServerSideEncryption { - private static final Map headers; - - static { - Map map = new HashMap<>(); - map.put("X-Amz-Server-Side-Encryption", "AES256"); - headers = Collections.unmodifiableMap(map); - } - - @Override - public final Type type() { - return Type.SSE_S3; - } - - @Override - public final Map headers() { - return headers; - } - - @Override - public final void destroy() throws DestroyFailedException { - this.destroyed = true; - } - } - - /** - * Create a new server-side-encryption object for encryption at rest (a.k.a. SSE-S3). - * - * @return an instance of ServerSideEncryption implementing SSE-S3 - */ - public static ServerSideEncryption atRest() { - return new ServerSideEncryptionS3(); - } - - static final class ServerSideEncryptionKms extends ServerSideEncryption { - final Map headers; - - public ServerSideEncryptionKms(String keyId, Optional context) { - Map headers = new HashMap<>(); - headers.put("X-Amz-Server-Side-Encryption", "aws:kms"); - headers.put("X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id", keyId); - if (context.isPresent()) { - headers.put("X-Amz-Server-Side-Encryption-Context", context.get()); - } - - this.headers = Collections.unmodifiableMap(headers); - } - - @Override - public final Type type() { - return Type.SSE_KMS; - } - - @Override - public final Map headers() { - if (this.isDestroyed()) { - throw new IllegalStateException("object is already destroyed"); - } - - return headers; - } - - @Override - public final void destroy() throws DestroyFailedException { - this.destroyed = true; - } + public boolean tlsRequired() { + return true; } - /** - * Create a new server-side-encryption object for encryption using a KMS (a.k.a. SSE-KMS). - * - * @param keyId specifies the customer-master-key (CMK) and must not be null. - * @param context is the encryption context. If the context is null no context is used. - * @return an instance of ServerSideEncryption implementing SSE-KMS. - */ - public static ServerSideEncryption withManagedKeys(String keyId, Map context) - throws IllegalArgumentException, UnsupportedEncodingException { - if (keyId == null) { - throw new IllegalArgumentException("The key-ID cannot be null"); - } - if (context == null) { - return new ServerSideEncryptionKms(keyId, Optional.empty()); - } - - StringBuilder builder = new StringBuilder(); - int i = 0; - builder.append('{'); - for (Entry entry : context.entrySet()) { - builder.append('"'); - builder.append(entry.getKey()); - builder.append('"'); - builder.append(':'); - builder.append('"'); - builder.append(entry.getValue()); - builder.append('"'); - if (i < context.entrySet().size() - 1) { - builder.append(','); - } - } - builder.append('}'); - String contextString = - BaseEncoding.base64().encode(builder.toString().getBytes(StandardCharsets.UTF_8)); - return new ServerSideEncryptionKms(keyId, Optional.of(contextString)); + public Map copySourceHeaders() { + return emptyHeaders; } } diff --git a/api/src/main/java/io/minio/ServerSideEncryptionCustomerKey.java b/api/src/main/java/io/minio/ServerSideEncryptionCustomerKey.java index a7b9653a5..8c3153b3e 100644 --- a/api/src/main/java/io/minio/ServerSideEncryptionCustomerKey.java +++ b/api/src/main/java/io/minio/ServerSideEncryptionCustomerKey.java @@ -1,5 +1,5 @@ /* - * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2018 MinIO, Inc. + * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,12 +27,21 @@ import javax.security.auth.DestroyFailedException; public class ServerSideEncryptionCustomerKey extends ServerSideEncryption { - final SecretKey secretKey; - final Map headers; - final Map copySourceHeaders; + private boolean isDestroyed = false; + private final SecretKey secretKey; + private final Map headers; + private final Map copySourceHeaders; public ServerSideEncryptionCustomerKey(SecretKey key) throws InvalidKeyException, NoSuchAlgorithmException { + if (key == null || !key.getAlgorithm().equals("AES") || key.getEncoded().length != 32) { + throw new IllegalArgumentException("Secret key must be 256 bit AES key"); + } + + if (key.isDestroyed()) { + throw new IllegalArgumentException("Secret key already destroyed"); + } + this.secretKey = key; byte[] keyBytes = key.getEncoded(); @@ -54,15 +63,10 @@ public ServerSideEncryptionCustomerKey(SecretKey key) this.copySourceHeaders = Collections.unmodifiableMap(map); } - @Override - public final Type type() { - return Type.SSE_C; - } - @Override public final Map headers() { - if (this.isDestroyed()) { - throw new IllegalStateException("object is already destroyed"); + if (isDestroyed) { + throw new IllegalStateException("Secret key was destroyed"); } return headers; @@ -70,16 +74,20 @@ public final Map headers() { @Override public final Map copySourceHeaders() { - if (this.isDestroyed()) { - throw new IllegalStateException("object is already destroyed"); + if (isDestroyed) { + throw new IllegalStateException("Secret key was destroyed"); } return copySourceHeaders; } - @Override public final void destroy() throws DestroyFailedException { secretKey.destroy(); - this.destroyed = true; + isDestroyed = true; + } + + @Override + public String toString() { + return "SSE-C"; } } diff --git a/api/src/main/java/io/minio/ServerSideEncryptionKms.java b/api/src/main/java/io/minio/ServerSideEncryptionKms.java new file mode 100644 index 000000000..2bcd14117 --- /dev/null +++ b/api/src/main/java/io/minio/ServerSideEncryptionKms.java @@ -0,0 +1,59 @@ +/* + * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.minio; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +public class ServerSideEncryptionKms extends ServerSideEncryption { + private static final ObjectMapper objectMapper = new ObjectMapper(); + private final Map headers; + + public ServerSideEncryptionKms(String keyId, Map context) + throws JsonProcessingException { + if (keyId == null) { + throw new IllegalArgumentException("Key ID cannot be null"); + } + + String contextJson = null; + if (context != null) { + contextJson = objectMapper.writeValueAsString(context); + } + + Map headers = new HashMap<>(); + headers.put("X-Amz-Server-Side-Encryption", "aws:kms"); + headers.put("X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id", keyId); + if (contextJson != null) { + headers.put("X-Amz-Server-Side-Encryption-Context", contextJson); + } + + this.headers = Collections.unmodifiableMap(headers); + } + + @Override + public final Map headers() { + return headers; + } + + @Override + public String toString() { + return "SSE-KMS"; + } +} diff --git a/api/src/main/java/io/minio/ServerSideEncryptionS3.java b/api/src/main/java/io/minio/ServerSideEncryptionS3.java new file mode 100644 index 000000000..39b7f3c6b --- /dev/null +++ b/api/src/main/java/io/minio/ServerSideEncryptionS3.java @@ -0,0 +1,46 @@ +/* + * MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.minio; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +public class ServerSideEncryptionS3 extends ServerSideEncryption { + private static final Map headers; + + static { + Map map = new HashMap<>(); + map.put("X-Amz-Server-Side-Encryption", "AES256"); + headers = Collections.unmodifiableMap(map); + } + + @Override + public final Map headers() { + return headers; + } + + @Override + public final boolean tlsRequired() { + return false; + } + + @Override + public String toString() { + return "SSE-S3"; + } +} diff --git a/api/src/test/java/io/minio/MinioClientTest.java b/api/src/test/java/io/minio/MinioClientTest.java index 94628b611..866acd516 100644 --- a/api/src/test/java/io/minio/MinioClientTest.java +++ b/api/src/test/java/io/minio/MinioClientTest.java @@ -451,7 +451,7 @@ public void testReadSse1() StatObjectArgs.builder() .bucket("mybucket") .object("myobject") - .ssec(ServerSideEncryption.withCustomerKey(keyGen.generateKey())) + .ssec(new ServerSideEncryptionCustomerKey(keyGen.generateKey())) .build()); Assert.fail("exception should be thrown"); } @@ -465,7 +465,7 @@ public void testWriteSse1() client.putObject( PutObjectArgs.builder().bucket("mybucket").object("myobject").stream( new ByteArrayInputStream(new byte[] {}), 0, -1) - .sse(ServerSideEncryption.withCustomerKey(keyGen.generateKey())) + .sse(new ServerSideEncryptionCustomerKey(keyGen.generateKey())) .build()); Assert.fail("exception should be thrown"); } @@ -479,7 +479,7 @@ public void testWriteSse2() client.putObject( PutObjectArgs.builder().bucket("mybucket").object("myobject").stream( new ByteArrayInputStream(new byte[] {}), 0, -1) - .sse(ServerSideEncryption.withManagedKeys("keyId", myContext)) + .sse(new ServerSideEncryptionKms("keyId", myContext)) .build()); Assert.fail("exception should be thrown"); } diff --git a/api/src/test/java/io/minio/StatObjectArgsTest.java b/api/src/test/java/io/minio/StatObjectArgsTest.java index d32aa8818..e40c419d7 100644 --- a/api/src/test/java/io/minio/StatObjectArgsTest.java +++ b/api/src/test/java/io/minio/StatObjectArgsTest.java @@ -71,7 +71,7 @@ public void testBuild() throws NoSuchAlgorithmException, InvalidKeyException { KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); ServerSideEncryptionCustomerKey ssec = - ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + new ServerSideEncryptionCustomerKey(keyGen.generateKey()); StatObjectArgs args = StatObjectArgs.builder() .bucket("mybucket") diff --git a/examples/ComposeObjectEncrypted.java b/examples/ComposeObjectEncrypted.java index 87a06141e..dc05273b8 100644 --- a/examples/ComposeObjectEncrypted.java +++ b/examples/ComposeObjectEncrypted.java @@ -51,12 +51,12 @@ public static void main(String[] args) byte[] key = "01234567890123456789012345678901".getBytes(StandardCharsets.UTF_8); SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); - ServerSideEncryptionCustomerKey ssePut = ServerSideEncryption.withCustomerKey(secretKeySpec); + ServerSideEncryptionCustomerKey ssePut = new ServerSideEncryptionCustomerKey(secretKeySpec); byte[] keyTarget = "01234567890123456789012345678901".getBytes(StandardCharsets.UTF_8); SecretKeySpec secretKeySpecTarget = new SecretKeySpec(keyTarget, "AES"); - ServerSideEncryption sseTarget = ServerSideEncryption.withCustomerKey(secretKeySpecTarget); + ServerSideEncryption sseTarget = new ServerSideEncryptionCustomerKey(secretKeySpecTarget); String sourceObject1 = "my-objectname1"; String sourceObject2 = "my-objectname2"; diff --git a/examples/CopyObject.java b/examples/CopyObject.java index e1474aff6..140bba3a2 100644 --- a/examples/CopyObject.java +++ b/examples/CopyObject.java @@ -20,6 +20,8 @@ import io.minio.MinioClient; import io.minio.ServerSideEncryption; import io.minio.ServerSideEncryptionCustomerKey; +import io.minio.ServerSideEncryptionKms; +import io.minio.ServerSideEncryptionS3; import io.minio.errors.MinioException; import java.io.IOException; import java.security.InvalidKeyException; @@ -50,13 +52,13 @@ public static void main(String[] args) KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); ServerSideEncryptionCustomerKey ssec = - ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + new ServerSideEncryptionCustomerKey(keyGen.generateKey()); Map myContext = new HashMap<>(); myContext.put("key1", "value1"); - ServerSideEncryption sseKms = ServerSideEncryption.withManagedKeys("Key-Id", myContext); + ServerSideEncryption sseKms = new ServerSideEncryptionKms("Key-Id", myContext); - ServerSideEncryption sseS3 = ServerSideEncryption.atRest(); + ServerSideEncryption sseS3 = new ServerSideEncryptionS3(); String versionId = "ac38316c-fe14-4f96-9f76-8f675ae5a79e"; diff --git a/examples/DownloadObject.java b/examples/DownloadObject.java index bd208b62f..f357842d0 100644 --- a/examples/DownloadObject.java +++ b/examples/DownloadObject.java @@ -16,7 +16,6 @@ import io.minio.DownloadObjectArgs; import io.minio.MinioClient; -import io.minio.ServerSideEncryption; import io.minio.ServerSideEncryptionCustomerKey; import io.minio.errors.MinioException; import java.io.IOException; @@ -58,7 +57,7 @@ public static void main(String[] args) KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); ServerSideEncryptionCustomerKey ssec = - ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + new ServerSideEncryptionCustomerKey(keyGen.generateKey()); // Download SSE-C encrypted 'my-objectname' from 'my-bucketname' to 'my-filename' minioClient.downloadObject( diff --git a/examples/PutObject.java b/examples/PutObject.java index c6a19b0c2..06fdd75ef 100644 --- a/examples/PutObject.java +++ b/examples/PutObject.java @@ -18,6 +18,8 @@ import io.minio.PutObjectArgs; import io.minio.ServerSideEncryption; import io.minio.ServerSideEncryptionCustomerKey; +import io.minio.ServerSideEncryptionKms; +import io.minio.ServerSideEncryptionS3; import io.minio.errors.MinioException; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -94,7 +96,7 @@ public static void main(String[] args) KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); ServerSideEncryptionCustomerKey ssec = - ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + new ServerSideEncryptionCustomerKey(keyGen.generateKey()); // Create encrypted object 'my-objectname' using SSE-C in 'my-bucketname' with content from // the input stream. @@ -113,7 +115,7 @@ public static void main(String[] args) Map myContext = new HashMap<>(); myContext.put("key1", "value1"); - ServerSideEncryption sseKms = ServerSideEncryption.withManagedKeys("Key-Id", myContext); + ServerSideEncryption sseKms = new ServerSideEncryptionKms("Key-Id", myContext); // Create encrypted object 'my-objectname' using SSE-KMS in 'my-bucketname' with content // from the input stream. @@ -130,7 +132,7 @@ public static void main(String[] args) // Create a InputStream for object upload. ByteArrayInputStream bais = new ByteArrayInputStream(builder.toString().getBytes("UTF-8")); - ServerSideEncryption sseS3 = ServerSideEncryption.atRest(); + ServerSideEncryption sseS3 = new ServerSideEncryptionS3(); // Create encrypted object 'my-objectname' using SSE-S3 in 'my-bucketname' with content // from the input stream. diff --git a/examples/StatObject.java b/examples/StatObject.java index 7d3923111..f6a3e13d1 100644 --- a/examples/StatObject.java +++ b/examples/StatObject.java @@ -15,7 +15,6 @@ */ import io.minio.MinioClient; -import io.minio.ServerSideEncryption; import io.minio.ServerSideEncryptionCustomerKey; import io.minio.StatObjectArgs; import io.minio.StatObjectResponse; @@ -48,7 +47,7 @@ public static void main(String[] args) KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); ServerSideEncryptionCustomerKey ssec = - ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + new ServerSideEncryptionCustomerKey(keyGen.generateKey()); String versionId = "ac38316c-fe14-4f96-9f76-8f675ae5a79e"; { diff --git a/examples/UploadObject.java b/examples/UploadObject.java index bddda4f59..52c41cabf 100644 --- a/examples/UploadObject.java +++ b/examples/UploadObject.java @@ -17,7 +17,6 @@ import static java.nio.file.StandardOpenOption.*; import io.minio.MinioClient; -import io.minio.ServerSideEncryption; import io.minio.ServerSideEncryptionCustomerKey; import io.minio.UploadObjectArgs; import io.minio.errors.MinioException; @@ -61,7 +60,7 @@ public static void main(String[] args) KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); ServerSideEncryptionCustomerKey ssec = - ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + new ServerSideEncryptionCustomerKey(keyGen.generateKey()); // Upload 'my-filename' as object encrypted 'my-objectname' in 'my-bucketname'. minioClient.uploadObject( diff --git a/functional/FunctionalTest.java b/functional/FunctionalTest.java index 1f8099238..e1ddb77ea 100644 --- a/functional/FunctionalTest.java +++ b/functional/FunctionalTest.java @@ -67,6 +67,8 @@ import io.minio.SelectResponseStream; import io.minio.ServerSideEncryption; import io.minio.ServerSideEncryptionCustomerKey; +import io.minio.ServerSideEncryptionKms; +import io.minio.ServerSideEncryptionS3; import io.minio.SetBucketEncryptionArgs; import io.minio.SetBucketLifeCycleArgs; import io.minio.SetBucketNotificationArgs; @@ -169,7 +171,7 @@ public class FunctionalTest { private static MinioClient client = null; private static ServerSideEncryptionCustomerKey ssec = null; - private static ServerSideEncryption sseS3 = ServerSideEncryption.atRest(); + private static ServerSideEncryption sseS3 = new ServerSideEncryptionS3(); private static ServerSideEncryption sseKms = null; static { @@ -183,7 +185,7 @@ public class FunctionalTest { try { KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); - ssec = ServerSideEncryption.withCustomerKey(keyGen.generateKey()); + ssec = new ServerSideEncryptionCustomerKey(keyGen.generateKey()); } catch (InvalidKeyException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } @@ -3569,7 +3571,7 @@ public static void main(String[] args) throws Exception { if (kmsKeyName != null) { Map myContext = new HashMap<>(); myContext.put("key1", "value1"); - sseKms = ServerSideEncryption.withManagedKeys(kmsKeyName, myContext); + sseKms = new ServerSideEncryptionKms(kmsKeyName, myContext); } int exitValue = 0;