Skip to content

Commit 52b0eee

Browse files
juliusknorrjuliusknorr
committed
[S3] Add option to specify an SSE-C customer provided key
Signed-off-by: Julius Härtl <jus@bitgrid.net>
1 parent 53b6d67 commit 52b0eee

File tree

2 files changed

+28
-5
lines changed

2 files changed

+28
-5
lines changed

lib/private/Files/ObjectStore/S3ConnectionTrait.php

+22
Original file line numberDiff line numberDiff line change
@@ -227,4 +227,26 @@ protected function getCertificateBundlePath(): ?string {
227227
return null;
228228
}
229229
}
230+
231+
protected function getSSECKey(): ?string {
232+
if (isset($this->params['sse_c_key'])) {
233+
return $this->params['sse_c_key'];
234+
}
235+
236+
return null;
237+
}
238+
239+
protected function getSSECParameters(): array {
240+
$key = $this->getSSECKey();
241+
242+
if ($key === null) {
243+
return [];
244+
}
245+
246+
return [
247+
'SSECustomerAlgorithm' => 'AES256',
248+
'SSECustomerKey' => $key,
249+
'SSECustomerKeyMD5' => md5($key, true)
250+
];
251+
}
230252
}

lib/private/Files/ObjectStore/S3ObjectTrait.php

+6-5
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ trait S3ObjectTrait {
4444
abstract protected function getConnection();
4545

4646
abstract protected function getCertificateBundlePath(): ?string;
47+
abstract protected function getSSECParameters(): array;
4748

4849
/**
4950
* @param string $urn the unified resource name used to identify the object
@@ -57,7 +58,7 @@ public function readObject($urn) {
5758
'Bucket' => $this->bucket,
5859
'Key' => $urn,
5960
'Range' => 'bytes=' . $range,
60-
]);
61+
] + $this->getSSECParameters());
6162
$request = \Aws\serialize($command);
6263
$headers = [];
6364
foreach ($request->getHeaders() as $key => $values) {
@@ -103,7 +104,7 @@ protected function writeSingle(string $urn, StreamInterface $stream, string $mim
103104
'Body' => $stream,
104105
'ACL' => 'private',
105106
'ContentType' => $mimetype,
106-
]);
107+
] + $this->getSSECParameters());
107108
}
108109

109110

@@ -122,7 +123,7 @@ protected function writeMultiPart(string $urn, StreamInterface $stream, string $
122123
'part_size' => $this->uploadPartSize,
123124
'params' => [
124125
'ContentType' => $mimetype
125-
],
126+
] + $this->getSSECParameters(),
126127
]);
127128

128129
try {
@@ -177,10 +178,10 @@ public function deleteObject($urn) {
177178
}
178179

179180
public function objectExists($urn) {
180-
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
181+
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
181182
}
182183

183184
public function copyObject($from, $to) {
184-
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
185+
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', $this->getSSECParameters());
185186
}
186187
}

0 commit comments

Comments
 (0)