Example 6 with USER_AGENT
use of com.amazonaws.services.s3.AmazonS3EncryptionClient.USER_AGENT in project aws-sdk-android by aws-amplify.
the class S3CryptoModuleBase method putInstructionFileSecurely.
@Override
public final PutObjectResult putInstructionFileSecurely(PutInstructionFileRequest req) {
final S3ObjectId id = req.getS3ObjectId();
final GetObjectRequest getreq = new GetObjectRequest(id);
appendUserAgent(getreq, USER_AGENT);
// Get the object from S3
final S3Object retrieved = s3.getObject(getreq);
// We only need the meta-data already retrieved, not the data stream.
// So close it immediately to prevent resource leakage.
closeQuietly(retrieved, log);
if (retrieved == null) {
throw new IllegalArgumentException("The specified S3 object (" + id + ") doesn't exist.");
}
final S3ObjectWrapper wrapped = new S3ObjectWrapper(retrieved, id);
try {
final ContentCryptoMaterial origCCM = contentCryptoMaterialOf(wrapped);
if (ContentCryptoScheme.AES_GCM.equals(origCCM.getContentCryptoScheme()) && cryptoConfig.getCryptoMode() == CryptoMode.EncryptionOnly) {
throw new SecurityException("Lowering the protection of encryption material is not allowed");
}
securityCheck(origCCM, wrapped);
// Re-ecnrypt the CEK in a new content crypto material
final EncryptionMaterials newKEK = req.getEncryptionMaterials();
final ContentCryptoMaterial newCCM;
if (newKEK == null) {
newCCM = origCCM.recreate(req.getMaterialsDescription(), this.kekMaterialsProvider, cryptoScheme, cryptoConfig.getCryptoProvider(), kms, req);
} else {
newCCM = origCCM.recreate(newKEK, this.kekMaterialsProvider, cryptoScheme, cryptoConfig.getCryptoProvider(), kms, req);
}
final PutObjectRequest putInstFileRequest = req.createPutObjectRequest(retrieved);
// Put the new instruction file into S3
return s3.putObject(updateInstructionPutRequest(putInstFileRequest, newCCM));
} catch (final RuntimeException ex) {
// If we're unable to set up the decryption, make sure we close the
// HTTP connection
closeQuietly(retrieved, log);
throw ex;
} catch (final Error error) {
closeQuietly(retrieved, log);
throw error;
}
}
Also used :
EncryptionMaterials(com.amazonaws.services.s3.model.EncryptionMaterials)
S3ObjectId(com.amazonaws.services.s3.model.S3ObjectId)
S3Object(com.amazonaws.services.s3.model.S3Object)
GetObjectRequest(com.amazonaws.services.s3.model.GetObjectRequest)
AbstractPutObjectRequest(com.amazonaws.services.s3.model.AbstractPutObjectRequest)
PutObjectRequest(com.amazonaws.services.s3.model.PutObjectRequest)
Aggregations
USER_AGENT (com.amazonaws.services.s3.AmazonS3EncryptionClient.USER_AGENT)3
DOT (com.amazonaws.services.s3.model.InstructionFileId.DOT)3
AmazonClientException (com.amazonaws.AmazonClientException)2
S3Object (com.amazonaws.services.s3.model.S3Object)2
S3ObjectId (com.amazonaws.services.s3.model.S3ObjectId)2
ReleasableInputStream (com.amazonaws.internal.ReleasableInputStream)1
ResettableInputStream (com.amazonaws.internal.ResettableInputStream)1
SdkFilterInputStream (com.amazonaws.internal.SdkFilterInputStream)1
AbstractPutObjectRequest (com.amazonaws.services.s3.model.AbstractPutObjectRequest)1
CompleteMultipartUploadResult (com.amazonaws.services.s3.model.CompleteMultipartUploadResult)1
InstructionFile (com.amazonaws.services.s3.model.CryptoStorageMode.InstructionFile)1
ObjectMetadata (com.amazonaws.services.s3.model.CryptoStorageMode.ObjectMetadata)1
DeleteObjectRequest (com.amazonaws.services.s3.model.DeleteObjectRequest)1
EncryptedGetObjectRequest (com.amazonaws.services.s3.model.EncryptedGetObjectRequest)1
EncryptionMaterials (com.amazonaws.services.s3.model.EncryptionMaterials)1
GetObjectRequest (com.amazonaws.services.s3.model.GetObjectRequest)1
InitiateMultipartUploadResult (com.amazonaws.services.s3.model.InitiateMultipartUploadResult)1
InstructionFileId (com.amazonaws.services.s3.model.InstructionFileId)1
MaterialsDescriptionProvider (com.amazonaws.services.s3.model.MaterialsDescriptionProvider)1
ObjectMetadata (com.amazonaws.services.s3.model.ObjectMetadata)1
