Examples with EncryptedGetObjectRequest - com.amazonaws.services.s3.model.EncryptedGetObjectRequest

Example 1 with EncryptedGetObjectRequest

use of com.amazonaws.services.s3.model.EncryptedGetObjectRequest in project aws-sdk-android by aws-amplify.

the class S3CryptoModuleAE method decipherWithInstructionFile.

private S3Object decipherWithInstructionFile(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3ObjectWrapper retrieved, S3ObjectWrapper instructionFile) {
    ExtraMaterialsDescription extraMatDesc = NONE;
    boolean keyWrapExpected = isStrict();
    if (req instanceof EncryptedGetObjectRequest) {
        final EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
        extraMatDesc = ereq.getExtraMaterialDescription();
        if (!keyWrapExpected) {
            keyWrapExpected = ereq.isKeyWrapExpected();
        }
    }
    final String json = instructionFile.toJsonString();
    @SuppressWarnings("unchecked") final Map<String, String> matdesc = Collections.unmodifiableMap(JsonUtils.jsonToMap(json));
    final ContentCryptoMaterial cekMaterial = ContentCryptoMaterial.fromInstructionFile(matdesc, kekMaterialsProvider, cryptoConfig.getCryptoProvider(), // range is sometimes necessary to compute the adjusted IV
    cryptoRange, extraMatDesc, keyWrapExpected, kms);
    securityCheck(cekMaterial, retrieved);
    final S3ObjectWrapper decrypted = decrypt(retrieved, cekMaterial, cryptoRange);
    // Adjust the output to the desired range of bytes.
    final S3ObjectWrapper adjusted = adjustToDesiredRange(decrypted, desiredRange, matdesc);
    return adjusted.getS3Object();
}

Also used : EncryptedGetObjectRequest(com.amazonaws.services.s3.model.EncryptedGetObjectRequest) ExtraMaterialsDescription(com.amazonaws.services.s3.model.ExtraMaterialsDescription)

Example 2 with EncryptedGetObjectRequest

use of com.amazonaws.services.s3.model.EncryptedGetObjectRequest in project aws-sdk-android by aws-amplify.

the class S3CryptoModuleAE method decipherWithMetadata.

private S3Object decipherWithMetadata(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3ObjectWrapper retrieved) {
    ExtraMaterialsDescription extraMatDesc = NONE;
    boolean keyWrapExpected = isStrict();
    if (req instanceof EncryptedGetObjectRequest) {
        final EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
        extraMatDesc = ereq.getExtraMaterialDescription();
        if (!keyWrapExpected) {
            keyWrapExpected = ereq.isKeyWrapExpected();
        }
    }
    final ContentCryptoMaterial cekMaterial = ContentCryptoMaterial.fromObjectMetadata(retrieved.getObjectMetadata(), kekMaterialsProvider, cryptoConfig.getCryptoProvider(), // range is sometimes necessary to compute the adjusted IV
    cryptoRange, extraMatDesc, keyWrapExpected, kms);
    securityCheck(cekMaterial, retrieved);
    final S3ObjectWrapper decrypted = decrypt(retrieved, cekMaterial, cryptoRange);
    // Adjust the output to the desired range of bytes.
    final S3ObjectWrapper adjusted = adjustToDesiredRange(decrypted, desiredRange, null);
    return adjusted.getS3Object();
}

Also used : EncryptedGetObjectRequest(com.amazonaws.services.s3.model.EncryptedGetObjectRequest) ExtraMaterialsDescription(com.amazonaws.services.s3.model.ExtraMaterialsDescription)

Example 3 with EncryptedGetObjectRequest

use of com.amazonaws.services.s3.model.EncryptedGetObjectRequest in project aws-sdk-android by aws-amplify.

the class S3CryptoModuleAE method getObjectSecurely.

@Override
public S3Object getObjectSecurely(GetObjectRequest req) {
    appendUserAgent(req, USER_AGENT);
    // Adjust the crypto range to retrieve all of the cipher blocks needed to contain the user's desired
    // range of bytes.
    final long[] desiredRange = req.getRange();
    if (isStrict() && (desiredRange != null || req.getPartNumber() != null)) {
        throw new SecurityException("Range get and getting a part are not allowed in strict crypto mode");
    }
    final long[] adjustedCryptoRange = getAdjustedCryptoRange(desiredRange);
    if (adjustedCryptoRange != null) {
        req.setRange(adjustedCryptoRange[0], adjustedCryptoRange[1]);
    }
    // Get the object from S3
    final S3Object retrieved = s3.getObject(req);
    // would return null, so we simply return null as well.
    if (retrieved == null) {
        return null;
    }
    String suffix = null;
    if (req instanceof EncryptedGetObjectRequest) {
        final EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
        suffix = ereq.getInstructionFileSuffix();
    }
    try {
        return suffix == null || suffix.trim().isEmpty() ? decipher(req, desiredRange, adjustedCryptoRange, retrieved) : decipherWithInstFileSuffix(req, desiredRange, adjustedCryptoRange, retrieved, suffix);
    } catch (final RuntimeException ex) {
        // If we're unable to set up the decryption, make sure we close the
        // HTTP connection
        closeQuietly(retrieved, log);
        throw ex;
    } catch (final Error error) {
        closeQuietly(retrieved, log);
        throw error;
    }
}

Also used : EncryptedGetObjectRequest(com.amazonaws.services.s3.model.EncryptedGetObjectRequest) S3Object(com.amazonaws.services.s3.model.S3Object)

Aggregations

EncryptedGetObjectRequest (com.amazonaws.services.s3.model.EncryptedGetObjectRequest)3 ExtraMaterialsDescription (com.amazonaws.services.s3.model.ExtraMaterialsDescription)2 S3Object (com.amazonaws.services.s3.model.S3Object)1