Examples with InstructionFile com.amazonaws.services.s3.model.CryptoStorageMode.InstructionFile used on opensource projects

Example 1 with InstructionFile

use of com.amazonaws.services.s3.model.CryptoStorageMode.InstructionFile in project aws-sdk-android by aws-amplify.

the class S3CryptoModuleAE method decipherWithInstructionFile.

private S3Object decipherWithInstructionFile(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3ObjectWrapper retrieved, S3ObjectWrapper instructionFile) {
    ExtraMaterialsDescription extraMatDesc = NONE;
    boolean keyWrapExpected = isStrict();
    if (req instanceof EncryptedGetObjectRequest) {
        final EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
        extraMatDesc = ereq.getExtraMaterialDescription();
        if (!keyWrapExpected) {
            keyWrapExpected = ereq.isKeyWrapExpected();
        }
    }
    final String json = instructionFile.toJsonString();
    @SuppressWarnings("unchecked") final Map<String, String> matdesc = Collections.unmodifiableMap(JsonUtils.jsonToMap(json));
    final ContentCryptoMaterial cekMaterial = ContentCryptoMaterial.fromInstructionFile(matdesc, kekMaterialsProvider, cryptoConfig.getCryptoProvider(), // range is sometimes necessary to compute the adjusted IV
    cryptoRange, extraMatDesc, keyWrapExpected, kms);
    securityCheck(cekMaterial, retrieved);
    final S3ObjectWrapper decrypted = decrypt(retrieved, cekMaterial, cryptoRange);
    // Adjust the output to the desired range of bytes.
    final S3ObjectWrapper adjusted = adjustToDesiredRange(decrypted, desiredRange, matdesc);
    return adjusted.getS3Object();
}

Example 2 with InstructionFile

use of com.amazonaws.services.s3.model.CryptoStorageMode.InstructionFile in project aws-sdk-android by aws-amplify.

the class S3CryptoModuleBase method completeMultipartUploadSecurely.

@Override
public CompleteMultipartUploadResult completeMultipartUploadSecurely(CompleteMultipartUploadRequest req) {
    appendUserAgent(req, USER_AGENT);
    final String uploadId = req.getUploadId();
    final T uploadContext = multipartUploadContexts.get(uploadId);
    if (uploadContext != null && !uploadContext.hasFinalPartBeenSeen()) {
        throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  " + "Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
    }
    final CompleteMultipartUploadResult result = s3.completeMultipartUpload(req);
    // after the whole upload has completed correctly.
    if (uploadContext != null && cryptoConfig.getStorageMode() == InstructionFile) {
        // Put the instruction file into S3
        s3.putObject(createInstructionPutRequest(uploadContext.getBucketName(), uploadContext.getKey(), uploadContext.getContentCryptoMaterial()));
    }
    multipartUploadContexts.remove(uploadId);
    return result;
}

Example 3 with InstructionFile

use of com.amazonaws.services.s3.model.CryptoStorageMode.InstructionFile in project aws-sdk-android by aws-amplify.

the class S3ObjectWrapper method encryptionSchemeOf.

/**
 * Returns the original crypto scheme used for encryption, which may differ
 * from the crypto scheme used for decryption during, for example, a
 * range-get operation.
 *
 * @param instructionFile the instruction file of the s3 object; or null if
 *            there is none.
 */
ContentCryptoScheme encryptionSchemeOf(Map<String, String> instructionFile) {
    if (instructionFile != null) {
        final String cekAlgo = instructionFile.get(Headers.CRYPTO_CEK_ALGORITHM);
        return ContentCryptoScheme.fromCEKAlgo(cekAlgo);
    }
    final ObjectMetadata meta = s3obj.getObjectMetadata();
    final Map<String, String> userMeta = meta.getUserMetadata();
    final String cekAlgo = userMeta.get(Headers.CRYPTO_CEK_ALGORITHM);
    return ContentCryptoScheme.fromCEKAlgo(cekAlgo);
}

Example 4 with InstructionFile

use of com.amazonaws.services.s3.model.CryptoStorageMode.InstructionFile in project aws-sdk-android by aws-amplify.

the class EncryptionUtils method buildInstructionFromInstructionFile.

/**
 * Builds an instruction object from the contents of an instruction file.
 *
 * @param instructionFile A non-null instruction file retrieved from S3 that
 *            contains encryption information
 * @param materialsProvider The non-null encryption materials provider to be
 *            used to encrypt and decrypt data.
 * @param cryptoProvider The crypto provider whose encryption implementation
 *            will be used to encrypt and decrypt data. NULL is ok and uses
 *            the preferred provider from Security.getProviders().
 * @return A non-null instruction object containing encryption information
 */
public static EncryptionInstruction buildInstructionFromInstructionFile(S3Object instructionFile, EncryptionMaterialsProvider materialsProvider, Provider cryptoProvider) {
    Map<String, String> instructionJSON = parseJSONInstruction(instructionFile);
    // Get fields from instruction object
    String encryptedSymmetricKeyB64 = instructionJSON.get(Headers.CRYPTO_KEY);
    String ivB64 = instructionJSON.get(Headers.CRYPTO_IV);
    String materialsDescriptionString = instructionJSON.get(Headers.MATERIALS_DESCRIPTION);
    Map<String, String> materialsDescription = convertJSONToMap(materialsDescriptionString);
    // Decode from Base 64 to standard binary bytes
    byte[] encryptedSymmetricKey = Base64.decode(encryptedSymmetricKeyB64);
    byte[] iv = Base64.decode(ivB64);
    if (encryptedSymmetricKey == null || iv == null) {
        // file, throw an exception.
        throw new AmazonClientException(String.format("Necessary encryption info not found in the instruction file '%s' in bucket '%s'", instructionFile.getKey(), instructionFile.getBucketName()));
    }
    EncryptionMaterials materials = retrieveOriginalMaterials(materialsDescription, materialsProvider);
    // throw an exception.
    if (materials == null) {
        throw new AmazonClientException(String.format("Unable to retrieve the encryption materials that originally " + "encrypted object corresponding to instruction file '%s' in bucket '%s'.", instructionFile.getKey(), instructionFile.getBucketName()));
    }
    // Decrypt the symmetric key and create the symmetric cipher
    SecretKey symmetricKey = getDecryptedSymmetricKey(encryptedSymmetricKey, materials, cryptoProvider);
    CipherFactory cipherFactory = new CipherFactory(symmetricKey, Cipher.DECRYPT_MODE, iv, cryptoProvider);
    return new EncryptionInstruction(materialsDescription, encryptedSymmetricKey, symmetricKey, cipherFactory);
}