Skip to content

Commit 27bef6e

Browse files
juliusknorrjuliusknorr
committed
[S3] Add option to specify an SSE-C customer provided key
Signed-off-by: Julius Härtl <jus@bitgrid.net>
1 parent 796d6b0 commit 27bef6e

2 files changed

Lines changed: 28 additions & 5 deletions

File tree

lib/private/Files/ObjectStore/S3ConnectionTrait.php

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -225,4 +225,26 @@ protected function getCertificateBundlePath(): ?string {
225225
return null;
226226
}
227227
}
228+
229+
protected function getSSECKey(): ?string {
230+
if (isset($this->params['sse_c_key'])) {
231+
return $this->params['sse_c_key'];
232+
}
233+
234+
return null;
235+
}
236+
237+
protected function getSSECParameters(): array {
238+
$key = $this->getSSECKey();
239+
240+
if ($key === null) {
241+
return [];
242+
}
243+
244+
return [
245+
'SSECustomerAlgorithm' => 'AES256',
246+
'SSECustomerKey' => $key,
247+
'SSECustomerKeyMD5' => md5($key, true)
248+
];
249+
}
228250
}

lib/private/Files/ObjectStore/S3ObjectTrait.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ trait S3ObjectTrait {
4444
abstract protected function getConnection();
4545

4646
abstract protected function getCertificateBundlePath(): ?string;
47+
abstract protected function getSSECParameters(): array;
4748

4849
/**
4950
* @param string $urn the unified resource name used to identify the object
@@ -57,7 +58,7 @@ public function readObject($urn) {
5758
'Bucket' => $this->bucket,
5859
'Key' => $urn,
5960
'Range' => 'bytes=' . $range,
60-
]);
61+
] + $this->getSSECParameters());
6162
$request = \Aws\serialize($command);
6263
$headers = [];
6364
foreach ($request->getHeaders() as $key => $values) {
@@ -100,7 +101,7 @@ protected function writeSingle(string $urn, StreamInterface $stream, string $mim
100101
'Body' => $stream,
101102
'ACL' => 'private',
102103
'ContentType' => $mimetype,
103-
]);
104+
] + $this->getSSECParameters());
104105
}
105106

106107

@@ -119,7 +120,7 @@ protected function writeMultiPart(string $urn, StreamInterface $stream, string $
119120
'part_size' => $this->uploadPartSize,
120121
'params' => [
121122
'ContentType' => $mimetype
122-
],
123+
] + $this->getSSECParameters(),
123124
]);
124125

125126
try {
@@ -174,10 +175,10 @@ public function deleteObject($urn) {
174175
}
175176

176177
public function objectExists($urn) {
177-
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
178+
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
178179
}
179180

180181
public function copyObject($from, $to) {
181-
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
182+
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', $this->getSSECParameters());
182183
}
183184
}

0 commit comments

Comments
 (0)