Example 1 with EncryptedGetObjectRequest
use of com.qcloud.cos.model.EncryptedGetObjectRequest in project cos-java-sdk-v5 by tencentyun.
the class COSCryptoModuleAE method decipherWithMetadata.
private COSObject decipherWithMetadata(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, COSObjectWrapper retrieved) {
boolean keyWrapExpected = isStrict();
if (req instanceof EncryptedGetObjectRequest) {
EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
if (!keyWrapExpected)
keyWrapExpected = ereq.isKeyWrapExpected();
}
ContentCryptoMaterial cekMaterial = ContentCryptoMaterial.fromObjectMetadata(retrieved.getObjectMetadata(), kekMaterialsProvider, cryptoConfig.getCryptoProvider(), // range is sometimes necessary to compute the adjusted IV
cryptoRange, keyWrapExpected, kms);
securityCheck(cekMaterial, retrieved);
COSObjectWrapper decrypted = decrypt(retrieved, cekMaterial, cryptoRange);
// Adjust the output to the desired range of bytes.
COSObjectWrapper adjusted = adjustToDesiredRange(decrypted, desiredRange, null);
return adjusted.getCOSObject();
}
Also used :
EncryptedGetObjectRequest(com.qcloud.cos.model.EncryptedGetObjectRequest)
Example 2 with EncryptedGetObjectRequest
use of com.qcloud.cos.model.EncryptedGetObjectRequest in project cos-java-sdk-v5 by tencentyun.
the class COSCryptoModuleAE method decipherWithInstructionFile.
private COSObject decipherWithInstructionFile(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, COSObjectWrapper retrieved, COSObjectWrapper instructionFile) {
boolean keyWrapExpected = isStrict();
if (req instanceof EncryptedGetObjectRequest) {
EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
if (!keyWrapExpected)
keyWrapExpected = ereq.isKeyWrapExpected();
}
String json = instructionFile.toJsonString();
@SuppressWarnings("unchecked") Map<String, String> matdesc = Collections.unmodifiableMap(Jackson.fromJsonString(json, Map.class));
ContentCryptoMaterial cekMaterial = ContentCryptoMaterial.fromInstructionFile(matdesc, // range is
kekMaterialsProvider, // range is
cryptoConfig.getCryptoProvider(), // range is
cryptoRange, // adjusted IV
keyWrapExpected, kms);
securityCheck(cekMaterial, retrieved);
COSObjectWrapper decrypted = decrypt(retrieved, cekMaterial, cryptoRange);
// Adjust the output to the desired range of bytes.
COSObjectWrapper adjusted = adjustToDesiredRange(decrypted, desiredRange, matdesc);
return adjusted.getCOSObject();
}
Also used :
EncryptedGetObjectRequest(com.qcloud.cos.model.EncryptedGetObjectRequest)
Map(java.util.Map)
Example 3 with EncryptedGetObjectRequest
use of com.qcloud.cos.model.EncryptedGetObjectRequest in project cos-java-sdk-v5 by tencentyun.
the class COSCryptoModuleAE method getObjectSecurely.
@Override
public COSObject getObjectSecurely(GetObjectRequest req) {
// Adjust the crypto range to retrieve all of the cipher blocks needed to contain the user's
// desired
// range of bytes.
long[] desiredRange = req.getRange();
if (isStrict() && (desiredRange != null))
throw new SecurityException("Range get and getting a part are not allowed in strict crypto mode");
long[] adjustedCryptoRange = getAdjustedCryptoRange(desiredRange);
if (adjustedCryptoRange != null)
req.setRange(adjustedCryptoRange[0], adjustedCryptoRange[1]);
// Get the object from COS
COSObject retrieved = cos.getObject(req);
// would return null, so we simply return null as well.
if (retrieved == null)
return null;
String suffix = null;
if (req instanceof EncryptedGetObjectRequest) {
EncryptedGetObjectRequest ereq = (EncryptedGetObjectRequest) req;
suffix = ereq.getInstructionFileSuffix();
}
try {
return suffix == null || suffix.trim().isEmpty() ? decipher(req, desiredRange, adjustedCryptoRange, retrieved) : decipherWithInstFileSuffix(req, desiredRange, adjustedCryptoRange, retrieved, suffix);
} catch (RuntimeException ex) {
// If we're unable to set up the decryption, make sure we close the
// HTTP connection
IOUtils.closeQuietly(retrieved, log);
throw ex;
} catch (Error error) {
IOUtils.closeQuietly(retrieved, log);
throw error;
}
}
Also used :
EncryptedGetObjectRequest(com.qcloud.cos.model.EncryptedGetObjectRequest)
COSObject(com.qcloud.cos.model.COSObject)
Aggregations
EncryptedGetObjectRequest (com.qcloud.cos.model.EncryptedGetObjectRequest)3
COSObject (com.qcloud.cos.model.COSObject)1
Map (java.util.Map)1
