Class S3CryptoModuleBase<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>


  • public abstract class S3CryptoModuleBase<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>
    extends S3CryptoModule<T>
    Common implementation for different S3 cryptographic modules.
    • Field Detail

      • log

        protected final org.apache.commons.logging.Log log
      • cryptoScheme

        protected final com.amazonaws.services.s3.internal.crypto.S3CryptoScheme cryptoScheme
      • contentCryptoScheme

        protected final com.amazonaws.services.s3.internal.crypto.ContentCryptoScheme contentCryptoScheme
      • cryptoConfig

        protected final CryptoConfiguration cryptoConfig
        A read-only copy of the crypto configuration.
      • multipartUploadContexts

        protected final Map<String,​T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext> multipartUploadContexts
        Map of data about in progress encrypted multipart uploads.
      • s3

        protected final com.amazonaws.services.s3.internal.S3Direct s3
    • Method Detail

      • ciphertextLength

        protected abstract long ciphertextLength​(long plaintextLength)
        Returns the length of the ciphertext computed from the length of the plaintext.
        Parameters:
        plaintextLength - a non-negative number
        Returns:
        a non-negative number
      • uploadPartSecurely

        public UploadPartResult uploadPartSecurely​(UploadPartRequest req)

        NOTE: Because the encryption process requires context from previous blocks, parts uploaded with the AmazonS3EncryptionClient (as opposed to the normal AmazonS3Client) must be uploaded serially, and in order. Otherwise, the previous encryption context isn't available to use when encrypting the current part.

        Specified by:
        uploadPartSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>
      • newMultipartS3CipherInputStream

        protected final CipherLiteInputStream newMultipartS3CipherInputStream​(UploadPartRequest req,
                                                                              com.amazonaws.services.s3.internal.crypto.CipherLite cipherLite)
      • updateMetadataWithContentCryptoMaterial

        protected final ObjectMetadata updateMetadataWithContentCryptoMaterial​(ObjectMetadata metadata,
                                                                               File file,
                                                                               com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial instruction)
      • createContentCryptoMaterial

        protected final com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial createContentCryptoMaterial​(AmazonWebServiceRequest req)
        Creates and returns a non-null content crypto material for the given request.
        Throws:
        AmazonClientException - if no encryption material can be found.
      • wrapWithCipher

        protected final <R extends AbstractPutObjectRequest> R wrapWithCipher​(R request,
                                                                              com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
        Returns the given PutObjectRequest but has the content as input stream wrapped with a cipher, and configured with some meta data and user metadata.
      • plaintextLength

        protected final long plaintextLength​(AbstractPutObjectRequest request,
                                             ObjectMetadata metadata)
        Returns the plaintext length from the request and metadata; or -1 if unknown.
      • getS3CryptoScheme

        public final com.amazonaws.services.s3.internal.crypto.S3CryptoScheme getS3CryptoScheme()
      • updateInstructionPutRequest

        protected final PutObjectRequest updateInstructionPutRequest​(PutObjectRequest req,
                                                                     com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
        Updates put request to store the specified instruction object in S3.
        Parameters:
        req - The put-instruction-file request for the instruction file to be stored in S3.
        cekMaterial - The instruction object to be stored in S3.
        Returns:
        A put request to store the specified instruction object in S3.
      • createInstructionPutRequest

        protected final PutObjectRequest createInstructionPutRequest​(String bucketName,
                                                                     String key,
                                                                     com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
      • securityCheck

        protected void securityCheck​(com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial,
                                     com.amazonaws.services.s3.internal.crypto.S3ObjectWrapper retrieved)
        Checks if the the crypto scheme used in the given content crypto material is allowed to be used in this crypto module. Default is no-op. Subclass may override.
        Throws:
        SecurityException - if the crypto scheme used in the given content crypto material is not allowed in this crypto module.