/**
* Returns a request that has the content as input stream wrapped with a cipher, and configured
* with some meta data and user metadata.
*/
protected final PutObjectRequest wrapWithCipher(
PutObjectRequest request, ContentCryptoMaterial cekMaterial) {
// Create a new metadata object if there is no metadata already.
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) {
metadata = new ObjectMetadata();
}
// Record the original Content MD5, if present, for the unencrypted data
if (metadata.getContentMD5() != null) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_MD5, metadata.getContentMD5());
}
// Removes the original content MD5 if present from the meta data.
metadata.setContentMD5(null);
// Record the original, unencrypted content-length so it can be accessed
// later
final long plaintextLength = plaintextLength(request, metadata);
if (plaintextLength >= 0) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_LENGTH, Long.toString(plaintextLength));
// Put the ciphertext length in the metadata
metadata.setContentLength(ciphertextLength(plaintextLength));
}
request.setMetadata(metadata);
request.setInputStream(newS3CipherLiteInputStream(request, cekMaterial, plaintextLength));
// Treat all encryption requests as input stream upload requests, not as
// file upload requests.
request.setFile(null);
return request;
}
/** Returns the plaintext length from the request and metadata; or -1 if unknown. */
protected final long plaintextLength(PutObjectRequest request, ObjectMetadata metadata) {
if (request.getFile() != null) {
return request.getFile().length();
} else if (request.getInputStream() != null
&& metadata.getRawMetadata().get(Headers.CONTENT_LENGTH) != null) {
return metadata.getContentLength();
}
return -1;
}
/**
* Returns the content length of the unencrypted data in a PutObjectRequest, or -1 if the original
* content-length isn't known.
*
* @param request The request to examine.
* @param metadata The metadata for the request.
* @return The content length of the unencrypted data in the request, or -1 if it isn't known.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
private static long getUnencryptedContentLength(
PutObjectRequest request, ObjectMetadata metadata) {
if (request.getFile() != null) {
return request.getFile().length();
} else if (request.getInputStream() != null
&& metadata.getRawMetadataValue(Headers.CONTENT_LENGTH) != null) {
return metadata.getContentLength();
}
return -1;
}
/**
* Returns the size of the data in this request, otherwise -1 if the content length is unknown.
*
* @param putObjectRequest The request to check.
* @return The size of the data in this request, otherwise -1 if the size of the data is unknown.
*/
public static long getContentLength(PutObjectRequest putObjectRequest) {
File file = getRequestFile(putObjectRequest);
if (file != null) return file.length();
if (putObjectRequest.getInputStream() != null) {
if (putObjectRequest.getMetadata().getContentLength() > 0) {
return putObjectRequest.getMetadata().getContentLength();
}
}
return -1;
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String urlParam = req.getParameter("url");
String nameParam = req.getParameter("name");
AmazonS3Client amazonS3Client = new AmazonS3Client(new DefaultAWSCredentialsProviderChain());
URL url = new URL(urlParam);
InputStream in = new BufferedInputStream(url.openStream());
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setContentType("image/jpeg");
PutObjectRequest putObjectRequest =
new PutObjectRequest("wiseman-bucket-test", nameParam, in, objectMetadata);
putObjectRequest.withCannedAcl(CannedAccessControlList.PublicRead);
PutObjectResult result = amazonS3Client.putObject(putObjectRequest);
resp.getWriter().print(amazonS3Client.getResourceUrl("wiseman-bucket-test", nameParam));
}
/**
* Update the request's ObjectMetadata with the necessary information for decrypting the object
*
* @param request Non-null PUT request encrypted using the given instruction
* @param instruction Non-null instruction used to encrypt the data in this PUT request.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
public static void updateMetadataWithEncryptionInstruction(
PutObjectRequest request, EncryptionInstruction instruction) {
byte[] keyBytesToStoreInMetadata = instruction.getEncryptedSymmetricKey();
Cipher symmetricCipher = instruction.getSymmetricCipher();
Map<String, String> materialsDescription = instruction.getMaterialsDescription();
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) metadata = new ObjectMetadata();
if (request.getFile() != null) {
Mimetypes mimetypes = Mimetypes.getInstance();
metadata.setContentType(mimetypes.getMimetype(request.getFile()));
}
updateMetadata(metadata, keyBytesToStoreInMetadata, symmetricCipher, materialsDescription);
request.setMetadata(metadata);
}
/**
* Upload the input file to S3 bucket
*
* @param file : the file you want to upload
* @param name : File name
* @return if the upload is success, return true
*/
public boolean S3MapUpload(File file, String name, String userName, boolean ifPublic) {
System.out.println("Uploading a new object to S3 from a file\n");
if (ifPublic) {
PutObjectRequest por = new PutObjectRequest(bucketName, "maps/public/" + name, file);
por.setCannedAcl(CannedAccessControlList.PublicRead);
s3.putObject(por);
}
PutObjectRequest por = new PutObjectRequest(bucketName, "maps/" + userName + "/" + name, file);
por.setCannedAcl(CannedAccessControlList.PublicRead);
s3.putObject(por);
return true;
}
private CipherLiteInputStream newS3CipherLiteInputStream(
PutObjectRequest req, ContentCryptoMaterial cekMaterial, long plaintextLength) {
try {
InputStream is = req.getInputStream();
if (req.getFile() != null) is = new RepeatableFileInputStream(req.getFile());
if (plaintextLength > -1) {
// S3 allows a single PUT to be no more than 5GB, which
// therefore won't exceed the maximum length that can be
// encrypted either using any cipher such as CBC or GCM.
// This ensures the plain-text read from the underlying data
// stream has the same length as the expected total.
is = new LengthCheckInputStream(is, plaintextLength, EXCLUDE_SKIPPED_BYTES);
}
return new CipherLiteInputStream(is, cekMaterial.getCipherLite(), DEFAULT_BUFFER_SIZE);
} catch (Exception e) {
throw new AmazonClientException("Unable to create cipher input stream: " + e.getMessage(), e);
}
}
/**
* @param plaintextLength the expected total number of bytes of the plaintext; or -1 if not
* available.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
private static InputStream getEncryptedInputStream(
PutObjectRequest request, CipherFactory cipherFactory, long plaintextLength) {
try {
InputStream is = request.getInputStream();
if (request.getFile() != null) {
// Historically file takes precedence over the original input
// stream
is = new RepeatableFileInputStream(request.getFile());
}
if (plaintextLength > -1) {
// This ensures the plain-text read from the underlying data
// stream has the same length as the expected total
is = new LengthCheckInputStream(is, plaintextLength, EXCLUDE_SKIPPED_BYTES);
}
return new RepeatableCipherInputStream(is, cipherFactory);
} catch (Exception e) {
throw new AmazonClientException("Unable to create cipher input stream: " + e.getMessage(), e);
}
}
/**
* Returns an updated request where the input stream contains the encrypted object contents. The
* specified instruction will be used to encrypt data.
*
* @param request The request whose contents are to be encrypted.
* @param instruction The instruction that will be used to encrypt the object data.
* @return The updated request where the input stream contains the encrypted contents.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
public static PutObjectRequest encryptRequestUsingInstruction(
PutObjectRequest request, EncryptionInstruction instruction) {
// Create a new metadata object if there is no metadata already.
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) {
metadata = new ObjectMetadata();
}
// Record the original Content MD5, if present, for the unencrypted data
if (metadata.getContentMD5() != null) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_MD5, metadata.getContentMD5());
}
// Removes the original content MD5 if present from the meta data.
metadata.setContentMD5(null);
// Record the original, unencrypted content-length so it can be accessed later
final long plaintextLength = getUnencryptedContentLength(request, metadata);
if (plaintextLength >= 0) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_LENGTH, Long.toString(plaintextLength));
}
// Put the calculated length of the encrypted contents in the metadata
long cryptoContentLength =
calculateCryptoContentLength(instruction.getSymmetricCipher(), request, metadata);
if (cryptoContentLength >= 0) {
metadata.setContentLength(cryptoContentLength);
}
request.setMetadata(metadata);
// Create encrypted input stream
request.setInputStream(
getEncryptedInputStream(request, instruction.getCipherFactory(), plaintextLength));
// Treat all encryption requests as input stream upload requests, not as file upload requests.
request.setFile(null);
return request;
}
@Override
public PutObjectResult putObject(PutObjectRequest req)
throws AmazonClientException, AmazonServiceException {
if (!multipartUpload) return super.putObject(req);
final long contentLen = TransferManagerUtils.getContentLength(req);
String tempFilename = req.getKey() + ".tmp";
String origFilename = req.getKey();
req.setKey(tempFilename);
XProgressListener progressListener = new XProgressListener();
req.setProgressListener(new ProgressListenerChain(progressListener));
progressListener.setContentLen(contentLen);
progressListener.setUpload(transferManager.upload(req));
try {
progressListener.getUpload().waitForCompletion();
} catch (InterruptedException e) {
throw new AmazonClientException(e.getMessage(), e);
}
CopyObjectRequest copyReq =
new CopyObjectRequest(req.getBucketName(), tempFilename, req.getBucketName(), origFilename);
copyObject(copyReq);
deleteObject(new DeleteObjectRequest(req.getBucketName(), tempFilename));
return null;
}
/**
* Creates a put request to store the specified instruction object in S3.
*
* @param request The put request for the original object to be stored in S3.
* @param instruction The instruction object to be stored in S3.
* @return A put request to store the specified instruction object in S3.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
public static PutObjectRequest createInstructionPutRequest(
PutObjectRequest request, EncryptionInstruction instruction) {
JSONObject instructionJSON = convertInstructionToJSONObject(instruction);
byte[] instructionBytes = instructionJSON.toString().getBytes(StringUtils.UTF8);
InputStream instructionInputStream = new ByteArrayInputStream(instructionBytes);
ObjectMetadata metadata = request.getMetadata();
// Set the content-length of the upload
metadata.setContentLength(instructionBytes.length);
// Set the crypto instruction file header
metadata.addUserMetadata(Headers.CRYPTO_INSTRUCTION_FILE, "");
// Update the instruction request
request.setKey(request.getKey() + INSTRUCTION_SUFFIX);
request.setMetadata(metadata);
request.setInputStream(instructionInputStream);
return request;
}
// Makes a putObjectRequest to make file public, and sends request.
private static boolean putObject(AmazonS3 s3, PutObjectRequest req) {
// Set file as public.
req.withCannedAcl(CannedAccessControlList.PublicRead);
// Send upload request.
try {
s3.putObject(req);
} catch (AmazonServiceException e) {
logger.severe(e.getMessage());
return false;
} catch (AmazonClientException e) {
logger.severe(e.getMessage());
return false;
}
return true;
}
/**
* Updates put request to store the specified instruction object in S3.
*
* @param request The put request for the original object to be stored in S3.
* @param cekMaterial The instruction object to be stored in S3.
* @return A put request to store the specified instruction object in S3.
*/
protected final PutObjectRequest upateInstructionPutRequest(
PutObjectRequest request, ContentCryptoMaterial cekMaterial) {
byte[] bytes = cekMaterial.toJsonString().getBytes(UTF8);
InputStream is = new ByteArrayInputStream(bytes);
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) {
metadata = new ObjectMetadata();
request.setMetadata(metadata);
}
// Set the content-length of the upload
metadata.setContentLength(bytes.length);
// Set the crypto instruction file header
metadata.addUserMetadata(Headers.CRYPTO_INSTRUCTION_FILE, "");
// Update the instruction request
request.setKey(request.getKey() + INSTRUCTION_SUFFIX);
request.setMetadata(metadata);
request.setInputStream(is);
request.setFile(null);
return request;
}
/** Convenience method for getting the file specified in a request. */
public static File getRequestFile(final PutObjectRequest putObjectRequest) {
if (putObjectRequest.getFile() != null) return putObjectRequest.getFile();
return null;
}