Skip to content

Commit b0d3e3c

Browse files
juliusknorrjuliusknorr
committed
feat(s3): Add option to specify an SSE-C customer provided key
Signed-off-by: Julius Härtl <jus@bitgrid.net>
1 parent 5c4b4bd commit b0d3e3c

File tree

2 files changed

+38
-5
lines changed

2 files changed

+38
-5
lines changed

lib/private/Files/ObjectStore/S3ConnectionTrait.php

+30
Original file line numberDiff line numberDiff line change
@@ -227,4 +227,34 @@ protected function getCertificateBundlePath(): ?string {
227227
return null;
228228
}
229229
}
230+
231+
protected function getSSECKey(): ?string {
232+
if (isset($this->params['sse_c_key'])) {
233+
return $this->params['sse_c_key'];
234+
}
235+
236+
return null;
237+
}
238+
239+
protected function getSSECParameters(bool $copy = false): array {
240+
$key = $this->getSSECKey();
241+
242+
if ($key === null) {
243+
return [];
244+
}
245+
246+
$rawKey = base64_decode($key);
247+
if ($copy) {
248+
return [
249+
'CopySourceSSECustomerAlgorithm' => 'AES256',
250+
'CopySourceSSECustomerKey' => $rawKey,
251+
'CopySourceSSECustomerKeyMD5' => md5($rawKey, true)
252+
];
253+
}
254+
return [
255+
'SSECustomerAlgorithm' => 'AES256',
256+
'SSECustomerKey' => $rawKey,
257+
'SSECustomerKeyMD5' => md5($rawKey, true)
258+
];
259+
}
230260
}

lib/private/Files/ObjectStore/S3ObjectTrait.php

+8-5
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ trait S3ObjectTrait {
4444
abstract protected function getConnection();
4545

4646
abstract protected function getCertificateBundlePath(): ?string;
47+
abstract protected function getSSECParameters(bool $copy = false): array;
4748

4849
/**
4950
* @param string $urn the unified resource name used to identify the object
@@ -58,7 +59,7 @@ public function readObject($urn) {
5859
'Bucket' => $this->bucket,
5960
'Key' => $urn,
6061
'Range' => 'bytes=' . $range,
61-
]);
62+
] + $this->getSSECParameters());
6263
$request = \Aws\serialize($command);
6364
$headers = [];
6465
foreach ($request->getHeaders() as $key => $values) {
@@ -105,7 +106,7 @@ protected function writeSingle(string $urn, StreamInterface $stream, string $mim
105106
'Body' => $stream,
106107
'ACL' => 'private',
107108
'ContentType' => $mimetype,
108-
]);
109+
] + $this->getSSECParameters());
109110
}
110111

111112

@@ -124,7 +125,7 @@ protected function writeMultiPart(string $urn, StreamInterface $stream, string $
124125
'part_size' => $this->uploadPartSize,
125126
'params' => [
126127
'ContentType' => $mimetype
127-
],
128+
] + $this->getSSECParameters(),
128129
]);
129130

130131
try {
@@ -179,10 +180,12 @@ public function deleteObject($urn) {
179180
}
180181

181182
public function objectExists($urn) {
182-
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
183+
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
183184
}
184185

185186
public function copyObject($from, $to) {
186-
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
187+
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', [
188+
'params' => $this->getSSECParameters() + $this->getSSECParameters(true)
189+
]);
187190
}
188191
}

0 commit comments

Comments
 (0)