Skip to content

Commit 919a840

Browse files
juliusknorrjuliusknorr
authored
Merge pull request #32798 from nextcloud/enh/sse-c
[S3] Add option to specify an SSE-C customer provided key
2 parents 75e8636 + 159a0c8 commit 919a840

File tree

2 files changed

+38
-5
lines changed

2 files changed

+38
-5
lines changed

lib/private/Files/ObjectStore/S3ConnectionTrait.php

+30
Original file line numberDiff line numberDiff line change
@@ -231,4 +231,34 @@ protected function getCertificateBundlePath(): ?string {
231231
return null;
232232
}
233233
}
234+
235+
protected function getSSECKey(): ?string {
236+
if (isset($this->params['sse_c_key'])) {
237+
return $this->params['sse_c_key'];
238+
}
239+
240+
return null;
241+
}
242+
243+
protected function getSSECParameters(bool $copy = false): array {
244+
$key = $this->getSSECKey();
245+
246+
if ($key === null) {
247+
return [];
248+
}
249+
250+
$rawKey = base64_decode($key);
251+
if ($copy) {
252+
return [
253+
'CopySourceSSECustomerAlgorithm' => 'AES256',
254+
'CopySourceSSECustomerKey' => $rawKey,
255+
'CopySourceSSECustomerKeyMD5' => md5($rawKey, true)
256+
];
257+
}
258+
return [
259+
'SSECustomerAlgorithm' => 'AES256',
260+
'SSECustomerKey' => $rawKey,
261+
'SSECustomerKeyMD5' => md5($rawKey, true)
262+
];
263+
}
234264
}

lib/private/Files/ObjectStore/S3ObjectTrait.php

+8-5
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ trait S3ObjectTrait {
4444
abstract protected function getConnection();
4545

4646
abstract protected function getCertificateBundlePath(): ?string;
47+
abstract protected function getSSECParameters(bool $copy = false): array;
4748

4849
/**
4950
* @param string $urn the unified resource name used to identify the object
@@ -58,7 +59,7 @@ public function readObject($urn) {
5859
'Bucket' => $this->bucket,
5960
'Key' => $urn,
6061
'Range' => 'bytes=' . $range,
61-
]);
62+
] + $this->getSSECParameters());
6263
$request = \Aws\serialize($command);
6364
$headers = [];
6465
foreach ($request->getHeaders() as $key => $values) {
@@ -106,7 +107,7 @@ protected function writeSingle(string $urn, StreamInterface $stream, string $mim
106107
'ACL' => 'private',
107108
'ContentType' => $mimetype,
108109
'StorageClass' => $this->storageClass,
109-
]);
110+
] + $this->getSSECParameters());
110111
}
111112

112113

@@ -126,7 +127,7 @@ protected function writeMultiPart(string $urn, StreamInterface $stream, string $
126127
'params' => [
127128
'ContentType' => $mimetype,
128129
'StorageClass' => $this->storageClass,
129-
],
130+
] + $this->getSSECParameters(),
130131
]);
131132

132133
try {
@@ -181,10 +182,12 @@ public function deleteObject($urn) {
181182
}
182183

183184
public function objectExists($urn) {
184-
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
185+
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
185186
}
186187

187188
public function copyObject($from, $to) {
188-
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
189+
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', [
190+
'params' => $this->getSSECParameters() + $this->getSSECParameters(true)
191+
]);
189192
}
190193
}

0 commit comments

Comments
 (0)