diff options
author | Julius Härtl <jus@bitgrid.net> | 2022-06-09 20:56:18 +0200 |
---|---|---|
committer | Julius Härtl <jus@bitgrid.net> | 2023-01-24 10:36:03 +0100 |
commit | 159a0c84115c055487da633294c3261434731df5 (patch) | |
tree | def008f32524402e48bc565507dd30550c62dc14 | |
parent | f867a2d65e825800d6bf1b685659677f6136ac5f (diff) | |
download | nextcloud-server-159a0c84115c055487da633294c3261434731df5.tar.gz nextcloud-server-159a0c84115c055487da633294c3261434731df5.zip |
feat(s3): Add option to specify an SSE-C customer provided key
Signed-off-by: Julius Härtl <jus@bitgrid.net>
-rw-r--r-- | lib/private/Files/ObjectStore/S3ConnectionTrait.php | 30 | ||||
-rw-r--r-- | lib/private/Files/ObjectStore/S3ObjectTrait.php | 13 |
2 files changed, 38 insertions, 5 deletions
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index 09fdffe01bd..deb03571c76 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -231,4 +231,34 @@ trait S3ConnectionTrait { return null; } } + + protected function getSSECKey(): ?string { + if (isset($this->params['sse_c_key'])) { + return $this->params['sse_c_key']; + } + + return null; + } + + protected function getSSECParameters(bool $copy = false): array { + $key = $this->getSSECKey(); + + if ($key === null) { + return []; + } + + $rawKey = base64_decode($key); + if ($copy) { + return [ + 'CopySourceSSECustomerAlgorithm' => 'AES256', + 'CopySourceSSECustomerKey' => $rawKey, + 'CopySourceSSECustomerKeyMD5' => md5($rawKey, true) + ]; + } + return [ + 'SSECustomerAlgorithm' => 'AES256', + 'SSECustomerKey' => $rawKey, + 'SSECustomerKeyMD5' => md5($rawKey, true) + ]; + } } diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php index 33b9f6f7fed..8fa6d67faa3 100644 --- a/lib/private/Files/ObjectStore/S3ObjectTrait.php +++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php @@ -44,6 +44,7 @@ trait S3ObjectTrait { abstract protected function getConnection(); abstract protected function getCertificateBundlePath(): ?string; + abstract protected function getSSECParameters(bool $copy = false): array; /** * @param string $urn the unified resource name used to identify the object @@ -58,7 +59,7 @@ trait S3ObjectTrait { 'Bucket' => $this->bucket, 'Key' => $urn, 'Range' => 'bytes=' . $range, - ]); + ] + $this->getSSECParameters()); $request = \Aws\serialize($command); $headers = []; foreach ($request->getHeaders() as $key => $values) { @@ -106,7 +107,7 @@ trait S3ObjectTrait { 'ACL' => 'private', 'ContentType' => $mimetype, 'StorageClass' => $this->storageClass, - ]); + ] + $this->getSSECParameters()); } @@ -126,7 +127,7 @@ trait S3ObjectTrait { 'params' => [ 'ContentType' => $mimetype, 'StorageClass' => $this->storageClass, - ], + ] + $this->getSSECParameters(), ]); try { @@ -181,10 +182,12 @@ trait S3ObjectTrait { } public function objectExists($urn) { - return $this->getConnection()->doesObjectExist($this->bucket, $urn); + return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters()); } public function copyObject($from, $to) { - $this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to); + $this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', [ + 'params' => $this->getSSECParameters() + $this->getSSECParameters(true) + ]); } } |