aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulius Härtl <jus@bitgrid.net>2022-06-09 20:56:18 +0200
committerJulius Härtl <jus@bitgrid.net>2023-01-24 10:36:03 +0100
commit159a0c84115c055487da633294c3261434731df5 (patch)
treedef008f32524402e48bc565507dd30550c62dc14
parentf867a2d65e825800d6bf1b685659677f6136ac5f (diff)
downloadnextcloud-server-159a0c84115c055487da633294c3261434731df5.tar.gz
nextcloud-server-159a0c84115c055487da633294c3261434731df5.zip
feat(s3): Add option to specify an SSE-C customer provided key
Signed-off-by: Julius Härtl <jus@bitgrid.net>
-rw-r--r--lib/private/Files/ObjectStore/S3ConnectionTrait.php30
-rw-r--r--lib/private/Files/ObjectStore/S3ObjectTrait.php13
2 files changed, 38 insertions, 5 deletions
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index 09fdffe01bd..deb03571c76 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -231,4 +231,34 @@ trait S3ConnectionTrait {
return null;
}
}
+
+ protected function getSSECKey(): ?string {
+ if (isset($this->params['sse_c_key'])) {
+ return $this->params['sse_c_key'];
+ }
+
+ return null;
+ }
+
+ protected function getSSECParameters(bool $copy = false): array {
+ $key = $this->getSSECKey();
+
+ if ($key === null) {
+ return [];
+ }
+
+ $rawKey = base64_decode($key);
+ if ($copy) {
+ return [
+ 'CopySourceSSECustomerAlgorithm' => 'AES256',
+ 'CopySourceSSECustomerKey' => $rawKey,
+ 'CopySourceSSECustomerKeyMD5' => md5($rawKey, true)
+ ];
+ }
+ return [
+ 'SSECustomerAlgorithm' => 'AES256',
+ 'SSECustomerKey' => $rawKey,
+ 'SSECustomerKeyMD5' => md5($rawKey, true)
+ ];
+ }
}
diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php
index 33b9f6f7fed..8fa6d67faa3 100644
--- a/lib/private/Files/ObjectStore/S3ObjectTrait.php
+++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php
@@ -44,6 +44,7 @@ trait S3ObjectTrait {
abstract protected function getConnection();
abstract protected function getCertificateBundlePath(): ?string;
+ abstract protected function getSSECParameters(bool $copy = false): array;
/**
* @param string $urn the unified resource name used to identify the object
@@ -58,7 +59,7 @@ trait S3ObjectTrait {
'Bucket' => $this->bucket,
'Key' => $urn,
'Range' => 'bytes=' . $range,
- ]);
+ ] + $this->getSSECParameters());
$request = \Aws\serialize($command);
$headers = [];
foreach ($request->getHeaders() as $key => $values) {
@@ -106,7 +107,7 @@ trait S3ObjectTrait {
'ACL' => 'private',
'ContentType' => $mimetype,
'StorageClass' => $this->storageClass,
- ]);
+ ] + $this->getSSECParameters());
}
@@ -126,7 +127,7 @@ trait S3ObjectTrait {
'params' => [
'ContentType' => $mimetype,
'StorageClass' => $this->storageClass,
- ],
+ ] + $this->getSSECParameters(),
]);
try {
@@ -181,10 +182,12 @@ trait S3ObjectTrait {
}
public function objectExists($urn) {
- return $this->getConnection()->doesObjectExist($this->bucket, $urn);
+ return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
}
public function copyObject($from, $to) {
- $this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
+ $this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', [
+ 'params' => $this->getSSECParameters() + $this->getSSECParameters(true)
+ ]);
}
}