Skip to content

Commit e7177c6

Browse files
juliusknorrjuliusknorr
committed
[S3] Add option to specify an SSE-C customer provided key
Signed-off-by: Julius Härtl <jus@bitgrid.net>
1 parent 76db612 commit e7177c6

File tree

2 files changed

+29
-5
lines changed

2 files changed

+29
-5
lines changed

lib/private/Files/ObjectStore/S3ConnectionTrait.php

+22
Original file line numberDiff line numberDiff line change
@@ -218,4 +218,26 @@ protected function paramCredentialProvider() : callable {
218218
return new RejectedPromise(new CredentialsException($msg));
219219
};
220220
}
221+
222+
protected function getSSECKey(): ?string {
223+
if (isset($this->params['sse_c_key'])) {
224+
return $this->params['sse_c_key'];
225+
}
226+
227+
return null;
228+
}
229+
230+
protected function getSSECParameters(): array {
231+
$key = $this->getSSECKey();
232+
233+
if ($key === null) {
234+
return [];
235+
}
236+
237+
return [
238+
'SSECustomerAlgorithm' => 'AES256',
239+
'SSECustomerKey' => $key,
240+
'SSECustomerKeyMD5' => md5($key, true)
241+
];
242+
}
221243
}

lib/private/Files/ObjectStore/S3ObjectTrait.php

+7-5
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ trait S3ObjectTrait {
4343
*/
4444
abstract protected function getConnection();
4545

46+
abstract protected function getSSECParameters(): array;
47+
4648
/**
4749
* @param string $urn the unified resource name used to identify the object
4850
* @return resource stream with the read data
@@ -55,7 +57,7 @@ public function readObject($urn) {
5557
'Bucket' => $this->bucket,
5658
'Key' => $urn,
5759
'Range' => 'bytes=' . $range,
58-
]);
60+
] + $this->getSSECParameters());
5961
$request = \Aws\serialize($command);
6062
$headers = [];
6163
foreach ($request->getHeaders() as $key => $values) {
@@ -95,7 +97,7 @@ protected function writeSingle(string $urn, StreamInterface $stream, string $mim
9597
'Body' => $stream,
9698
'ACL' => 'private',
9799
'ContentType' => $mimetype,
98-
]);
100+
] + $this->getSSECParameters());
99101
}
100102

101103

@@ -114,7 +116,7 @@ protected function writeMultiPart(string $urn, StreamInterface $stream, string $
114116
'part_size' => $this->uploadPartSize,
115117
'params' => [
116118
'ContentType' => $mimetype
117-
],
119+
] + $this->getSSECParameters(),
118120
]);
119121

120122
try {
@@ -169,10 +171,10 @@ public function deleteObject($urn) {
169171
}
170172

171173
public function objectExists($urn) {
172-
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
174+
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
173175
}
174176

175177
public function copyObject($from, $to) {
176-
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
178+
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', $this->getSSECParameters());
177179
}
178180
}

0 commit comments

Comments
 (0)