mirror of
https://github.com/nextcloud/server.git
synced 2026-06-13 18:50:47 -04:00
Merge pull request #32798 from nextcloud/enh/sse-c
[S3] Add option to specify an SSE-C customer provided key
This commit is contained in:
Julius Härtl
GitHub
commit
919a840f34
2 changed files with 38 additions and 5 deletions
|
|
@ -231,4 +231,34 @@ trait S3ConnectionTrait {
|
|||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
protected function getSSECKey(): ?string {
|
||||
if (isset($this->params['sse_c_key'])) {
|
||||
return $this->params['sse_c_key'];
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
protected function getSSECParameters(bool $copy = false): array {
|
||||
$key = $this->getSSECKey();
|
||||
|
||||
if ($key === null) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$rawKey = base64_decode($key);
|
||||
if ($copy) {
|
||||
return [
|
||||
'CopySourceSSECustomerAlgorithm' => 'AES256',
|
||||
'CopySourceSSECustomerKey' => $rawKey,
|
||||
'CopySourceSSECustomerKeyMD5' => md5($rawKey, true)
|
||||
];
|
||||
}
|
||||
return [
|
||||
'SSECustomerAlgorithm' => 'AES256',
|
||||
'SSECustomerKey' => $rawKey,
|
||||
'SSECustomerKeyMD5' => md5($rawKey, true)
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ trait S3ObjectTrait {
|
|||
abstract protected function getConnection();
|
||||
|
||||
abstract protected function getCertificateBundlePath(): ?string;
|
||||
abstract protected function getSSECParameters(bool $copy = false): array;
|
||||
|
||||
/**
|
||||
* @param string $urn the unified resource name used to identify the object
|
||||
|
|
@ -58,7 +59,7 @@ trait S3ObjectTrait {
|
|||
'Bucket' => $this->bucket,
|
||||
'Key' => $urn,
|
||||
'Range' => 'bytes=' . $range,
|
||||
]);
|
||||
] + $this->getSSECParameters());
|
||||
$request = \Aws\serialize($command);
|
||||
$headers = [];
|
||||
foreach ($request->getHeaders() as $key => $values) {
|
||||
|
|
@ -106,7 +107,7 @@ trait S3ObjectTrait {
|
|||
'ACL' => 'private',
|
||||
'ContentType' => $mimetype,
|
||||
'StorageClass' => $this->storageClass,
|
||||
]);
|
||||
] + $this->getSSECParameters());
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -126,7 +127,7 @@ trait S3ObjectTrait {
|
|||
'params' => [
|
||||
'ContentType' => $mimetype,
|
||||
'StorageClass' => $this->storageClass,
|
||||
],
|
||||
] + $this->getSSECParameters(),
|
||||
]);
|
||||
|
||||
try {
|
||||
|
|
@ -181,10 +182,12 @@ trait S3ObjectTrait {
|
|||
}
|
||||
|
||||
public function objectExists($urn) {
|
||||
return $this->getConnection()->doesObjectExist($this->bucket, $urn);
|
||||
return $this->getConnection()->doesObjectExist($this->bucket, $urn, $this->getSSECParameters());
|
||||
}
|
||||
|
||||
public function copyObject($from, $to) {
|
||||
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to);
|
||||
$this->getConnection()->copy($this->getBucket(), $from, $this->getBucket(), $to, 'private', [
|
||||
'params' => $this->getSSECParameters() + $this->getSSECParameters(true)
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue