/**
* Returns a request that has the content as input stream wrapped with a cipher, and configured
* with some meta data and user metadata.
*/
protected final PutObjectRequest wrapWithCipher(
PutObjectRequest request, ContentCryptoMaterial cekMaterial) {
// Create a new metadata object if there is no metadata already.
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) {
metadata = new ObjectMetadata();
}
// Record the original Content MD5, if present, for the unencrypted data
if (metadata.getContentMD5() != null) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_MD5, metadata.getContentMD5());
}
// Removes the original content MD5 if present from the meta data.
metadata.setContentMD5(null);
// Record the original, unencrypted content-length so it can be accessed
// later
final long plaintextLength = plaintextLength(request, metadata);
if (plaintextLength >= 0) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_LENGTH, Long.toString(plaintextLength));
// Put the ciphertext length in the metadata
metadata.setContentLength(ciphertextLength(plaintextLength));
}
request.setMetadata(metadata);
request.setInputStream(newS3CipherLiteInputStream(request, cekMaterial, plaintextLength));
// Treat all encryption requests as input stream upload requests, not as
// file upload requests.
request.setFile(null);
return request;
}
/**
* Updates put request to store the specified instruction object in S3.
*
* @param request The put request for the original object to be stored in S3.
* @param cekMaterial The instruction object to be stored in S3.
* @return A put request to store the specified instruction object in S3.
*/
protected final PutObjectRequest upateInstructionPutRequest(
PutObjectRequest request, ContentCryptoMaterial cekMaterial) {
byte[] bytes = cekMaterial.toJsonString().getBytes(UTF8);
InputStream is = new ByteArrayInputStream(bytes);
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) {
metadata = new ObjectMetadata();
request.setMetadata(metadata);
}
// Set the content-length of the upload
metadata.setContentLength(bytes.length);
// Set the crypto instruction file header
metadata.addUserMetadata(Headers.CRYPTO_INSTRUCTION_FILE, "");
// Update the instruction request
request.setKey(request.getKey() + INSTRUCTION_SUFFIX);
request.setMetadata(metadata);
request.setInputStream(is);
request.setFile(null);
return request;
}
/**
* Update the request's ObjectMetadata with the necessary information for decrypting the object
*
* @param request Non-null PUT request encrypted using the given instruction
* @param instruction Non-null instruction used to encrypt the data in this PUT request.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
public static void updateMetadataWithEncryptionInstruction(
PutObjectRequest request, EncryptionInstruction instruction) {
byte[] keyBytesToStoreInMetadata = instruction.getEncryptedSymmetricKey();
Cipher symmetricCipher = instruction.getSymmetricCipher();
Map<String, String> materialsDescription = instruction.getMaterialsDescription();
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) metadata = new ObjectMetadata();
if (request.getFile() != null) {
Mimetypes mimetypes = Mimetypes.getInstance();
metadata.setContentType(mimetypes.getMimetype(request.getFile()));
}
updateMetadata(metadata, keyBytesToStoreInMetadata, symmetricCipher, materialsDescription);
request.setMetadata(metadata);
}
/**
* Returns an updated request where the input stream contains the encrypted object contents. The
* specified instruction will be used to encrypt data.
*
* @param request The request whose contents are to be encrypted.
* @param instruction The instruction that will be used to encrypt the object data.
* @return The updated request where the input stream contains the encrypted contents.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
public static PutObjectRequest encryptRequestUsingInstruction(
PutObjectRequest request, EncryptionInstruction instruction) {
// Create a new metadata object if there is no metadata already.
ObjectMetadata metadata = request.getMetadata();
if (metadata == null) {
metadata = new ObjectMetadata();
}
// Record the original Content MD5, if present, for the unencrypted data
if (metadata.getContentMD5() != null) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_MD5, metadata.getContentMD5());
}
// Removes the original content MD5 if present from the meta data.
metadata.setContentMD5(null);
// Record the original, unencrypted content-length so it can be accessed later
final long plaintextLength = getUnencryptedContentLength(request, metadata);
if (plaintextLength >= 0) {
metadata.addUserMetadata(Headers.UNENCRYPTED_CONTENT_LENGTH, Long.toString(plaintextLength));
}
// Put the calculated length of the encrypted contents in the metadata
long cryptoContentLength =
calculateCryptoContentLength(instruction.getSymmetricCipher(), request, metadata);
if (cryptoContentLength >= 0) {
metadata.setContentLength(cryptoContentLength);
}
request.setMetadata(metadata);
// Create encrypted input stream
request.setInputStream(
getEncryptedInputStream(request, instruction.getCipherFactory(), plaintextLength));
// Treat all encryption requests as input stream upload requests, not as file upload requests.
request.setFile(null);
return request;
}
/**
* Creates a put request to store the specified instruction object in S3.
*
* @param request The put request for the original object to be stored in S3.
* @param instruction The instruction object to be stored in S3.
* @return A put request to store the specified instruction object in S3.
* @deprecated no longer used and will be removed in the future
*/
@Deprecated
public static PutObjectRequest createInstructionPutRequest(
PutObjectRequest request, EncryptionInstruction instruction) {
JSONObject instructionJSON = convertInstructionToJSONObject(instruction);
byte[] instructionBytes = instructionJSON.toString().getBytes(StringUtils.UTF8);
InputStream instructionInputStream = new ByteArrayInputStream(instructionBytes);
ObjectMetadata metadata = request.getMetadata();
// Set the content-length of the upload
metadata.setContentLength(instructionBytes.length);
// Set the crypto instruction file header
metadata.addUserMetadata(Headers.CRYPTO_INSTRUCTION_FILE, "");
// Update the instruction request
request.setKey(request.getKey() + INSTRUCTION_SUFFIX);
request.setMetadata(metadata);
request.setInputStream(instructionInputStream);
return request;
}
