/// <summary>
/// Builds an instruction object from the object metadata.
/// </summary>
/// <param name="response">
/// A non-null object response that contains encryption information in its metadata.
/// </param>
/// <param name="materials">
/// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
/// </param>
/// <param name="decryptedEnvelopeKeyKMS">
/// The decrypted envelope key to be use if KMS key wrapping is being used. Or null if non-KMS key wrapping is being used.
/// </param>
/// <returns>
/// </returns>
internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(
GetObjectResponse response, EncryptionMaterials materials, byte[] decryptedEnvelopeKeyKMS)
{
MetadataCollection metadata = response.Metadata;
if (metadata[XAmzKeyV2] != null)
{
EnsureSupportedAlgorithms(metadata);
string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKeyV2];
byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
string base64EncodedIV = metadata[XAmzIV];
byte[] IV = Convert.FromBase64String(base64EncodedIV);
return(new EncryptionInstructions(materials.MaterialsDescription, decryptedEnvelopeKeyKMS, encryptedEnvelopeKey, IV));
}
else
{
string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKey];
byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
byte[] decryptedEnvelopeKey = DecryptNonKMSEnvelopeKey(encryptedEnvelopeKey, materials);
string base64EncodedIV = metadata[XAmzIV];
byte[] IV = Convert.FromBase64String(base64EncodedIV);
return(new EncryptionInstructions(materials.MaterialsDescription, decryptedEnvelopeKey, encryptedEnvelopeKey, IV));
}
}
/// <summary>
/// Generates an instruction that will be used to encrypt an object.
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt data.
/// </param>
/// <returns>
/// The instruction that will be used to encrypt an object.
/// </returns>
internal static EncryptionInstructions GenerateInstructions(EncryptionMaterials materials)
{
Aes AesObject = Aes.Create();
byte[] encryptedEnvelopeKey = EncryptEnvelopeKey(AesObject.Key, materials);
return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, AesObject.Key, encryptedEnvelopeKey, AesObject.IV));
}
public S3Storage()
{
const string filename = "keyxml.pk";
var path = WebServerPathUtils.GetPathTo(Path.Combine("bin", filename));
var f = new FileInfo(path);
if (f.Exists)
{
using (var file = f.OpenRead())
{
var keyString = new StreamReader(file).ReadToEnd();
_algorithm = RSA.Create();
_algorithm.FromXmlString(keyString);
var encryptionMaterials = new EncryptionMaterials(_algorithm);
try
{
_client = new AmazonS3EncryptionClient(encryptionMaterials);
var bucket = new S3DirectoryInfo(_client, PdfDocumentsBucketName);
if (!bucket.Exists)
{
bucket.Create();
}
}
catch (Exception ex)
{
Console.WriteLine("Unable to initialize S3 client\n" + ex);
}
}
}
}
/// <summary>
/// Decrypts an encrypted Envelope key using the provided encryption materials
/// and returns it in raw byte array form.
/// </summary>
/// <param name="encryptedEnvelopeKey"> Encrypted envelope key</param>
/// <param name="materials">Encryption materials needed to decrypt the encrypted envlelope key</param>
/// <returns></returns>
internal static byte[] DecryptEnvelopeKey(byte[] encryptedEnvelopeKey, EncryptionMaterials materials)
{
if (materials.AsymmetricProvider != null)
{
return(DecryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, encryptedEnvelopeKey));
}
else
{
return(DecryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, encryptedEnvelopeKey));
}
}
internal static byte[] EncryptEnvelopeKey(byte[] envelopeKey, EncryptionMaterials materials)
{
if (materials.AsymmetricProvider != null)
{
return (EncryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, envelopeKey));
}
else
{
return (EncryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, envelopeKey));
}
}
/// <summary>
/// Decrypts an encrypted Envelope key using the provided encryption materials
/// and returns it in raw byte array form.
/// </summary>
/// <param name="encryptedEnvelopeKey"> Encrypted envelope key</param>
/// <param name="materials">Encryption materials needed to decrypt the encrypted envlelope key</param>
/// <returns></returns>
internal static byte[] DecryptNonKMSEnvelopeKey(byte[] encryptedEnvelopeKey, EncryptionMaterials materials)
{
if (materials.AsymmetricProvider != null)
{
return(DecryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, encryptedEnvelopeKey));
}
else if (materials.SymmetricProvider != null)
{
return(DecryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, encryptedEnvelopeKey));
}
else
{
throw new ArgumentException("Error decrypting non-KMS envelope key. " +
"EncryptionMaterials must have the AsymmetricProvider or SymmetricProvider set.");
}
}
/// <summary>
/// Generates an instruction that will be used to encrypt an object
/// using materials with the KMSKeyID set.
/// </summary>
/// <param name="kmsClient">
/// Used to call KMS to generate a data key.
/// </param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt data.
/// </param>
/// <returns>
/// The instruction that will be used to encrypt an object.
/// </returns>
internal static async System.Threading.Tasks.Task <EncryptionInstructions> GenerateInstructionsForKMSMaterialsAsync(
ICoreAmazonKMS kmsClient, EncryptionMaterials materials)
{
if (materials.KMSKeyID != null)
{
var iv = new byte[IVLength];
// Generate IV, and get both the key and the encrypted key from KMS.
RandomNumberGenerator.Create().GetBytes(iv);
var result = await kmsClient.GenerateDataKeyAsync(materials.KMSKeyID, materials.MaterialsDescription, KMSKeySpec).ConfigureAwait(false);
return(new EncryptionInstructions(materials.MaterialsDescription, result.KeyPlaintext, result.KeyCiphertext, iv));
}
else
{
throw new ArgumentException("Error generating encryption instructions. EncryptionMaterials must have the KMSKeyID set.");
}
}
public static void Initialize(TestContext a)
{
EncryptionMaterials encryptionMaterials = new EncryptionMaterials(generateAsymmetricProvider());
s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);
AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
{
StorageMode = CryptoStorageMode.InstructionFile
};
s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);
using (StreamWriter writer = File.CreateText(fileName))
{
writer.Write(sampleContent);
}
bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode);
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Access Key ID,
/// AWS Secret Key and Encryption materials
/// </summary>
/// <param name="awsAccessKeyId">AWS Access Key ID</param>
/// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
/// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, EncryptionMaterials materials)
: base(awsAccessKeyId, awsSecretAccessKey)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Credentials and Encryption materials.
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
/// <param name="credentials">AWS Credentials</param>
public AmazonS3EncryptionClient(AWSCredentials credentials, EncryptionMaterials materials)
: base(credentials)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Credentials, AmazonS3CryptoConfiguration Configuration object
/// and Encryption materials
/// </summary>
/// <param name="credentials">AWS Credentials</param>
/// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(AWSCredentials credentials, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
: base(credentials, config)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = config;
}
/// <summary>
/// Builds an instruction object from the instruction file.
/// </summary>
/// <param name="response"> Instruction file GetObject response</param>
/// <param name="materials">
/// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
/// </param>
/// <returns>
/// A non-null instruction object containing encryption information.
/// </returns>
internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials)
{
using (TextReader textReader = new StreamReader(response.ResponseStream))
{
JsonData jsonData = JsonMapper.ToObject(textReader);
var base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"];
byte[] encryptedEvelopeKey = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey);
byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);
var base64EncodedIV = jsonData["IV"];
byte[] IV = Convert.FromBase64String((string)base64EncodedIV);
return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV));
}
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Access Key ID,
/// AWS Secret Key and Encryption materials
/// </summary>
/// <param name="awsAccessKeyId">AWS Access Key ID</param>
/// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
/// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, EncryptionMaterials materials)
: base(awsAccessKeyId, awsSecretAccessKey)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
/// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
///
/// Example App.config with credentials set.
/// <code>
/// <?xml version="1.0" encoding="utf-8" ?>
/// <configuration>
/// <appSettings>
/// <add key="AWSProfileName" value="AWS Default"/>
/// </appSettings>
/// </configuration>
/// </code>
///
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(EncryptionMaterials materials)
: base()
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Credentials and Encryption materials.
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
/// <param name="credentials">AWS Credentials</param>
public AmazonS3EncryptionClient(AWSCredentials credentials, EncryptionMaterials materials)
: base(credentials)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
/// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
///
/// Example App.config with credentials set.
/// <code>
/// <?xml version="1.0" encoding="utf-8" ?>
/// <configuration>
/// <appSettings>
/// <add key="AWSAccessKey" value="********************"/>
/// <add key="AWSSecretKey" value="****************************************"/>
/// </appSettings>
/// </configuration>
/// </code>
///
/// </summary>
/// <param name="region">
/// The region to connect.
/// </param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(RegionEndpoint region, EncryptionMaterials materials)
: base(region)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with the Encryption materials,
/// AmazonS3 CryptoConfiguration object and credentials loaded from the application's
/// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
///
/// Example App.config with credentials set.
/// <code>
/// <?xml version="1.0" encoding="utf-8" ?>
/// <configuration>
/// <appSettings>
/// <add key="AWSAccessKey" value="********************"/>
/// <add key="AWSSecretKey" value="****************************************"/>
/// </appSettings>
/// </configuration>
/// </code>
///
/// </summary>
/// <param name="config">
/// The AmazonS3EncryptionClient CryptoConfiguration Object
/// </param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
: base(config)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = config;
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Credentials, Region and Encryption materials
/// </summary>
/// <param name="credentials">AWS Credentials</param>
/// <param name="region">The region to connect.</param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(AWSCredentials credentials, RegionEndpoint region, EncryptionMaterials materials)
: base(credentials, region)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Generates an instruction that will be used to encrypt an object
/// using materials with the AsymmetricProvider or SymmetricProvider set.
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt data.
/// </param>
/// <returns>
/// The instruction that will be used to encrypt an object.
/// </returns>
internal static EncryptionInstructions GenerateInstructionsForNonKMSMaterials(EncryptionMaterials materials)
{
byte[] encryptedEnvelopeKey = null;
// Generate the IV and key, and encrypt the key locally.
Aes aesObject = Aes.Create();
if (materials.AsymmetricProvider != null)
{
encryptedEnvelopeKey = EncryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, aesObject.Key);
}
else if (materials.SymmetricProvider != null)
{
encryptedEnvelopeKey = EncryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, aesObject.Key);
}
else
{
throw new ArgumentException("Error generating encryption instructions. " +
"EncryptionMaterials must have the AsymmetricProvider or SymmetricProvider set.");
}
return(new EncryptionInstructions(materials.MaterialsDescription, aesObject.Key, encryptedEnvelopeKey, aesObject.IV));
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
/// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
///
/// Example App.config with credentials set.
/// <code>
/// <?xml version="1.0" encoding="utf-8" ?>
/// <configuration>
/// <appSettings>
/// <add key="AWSProfileName" value="AWS Default"/>
/// </appSettings>
/// </configuration>
/// </code>
///
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(EncryptionMaterials materials)
: base()
{
this.EncryptionMaterials = materials;
S3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, SessionToken
/// AmazonS3EncryptionClient CryptoConfiguration object and Encryption materials.
/// </summary>
/// <param name="awsAccessKeyId">AWS Access Key ID</param>
/// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
/// <param name="awsSessionToken">AWS Session Token</param>
/// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
: base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, config)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = config;
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key,
/// SessionToken, Region and Encryption materials.
/// </summary>
/// <param name="awsAccessKeyId">AWS Access Key ID</param>
/// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
/// <param name="awsSessionToken">AWS Session Token</param>
/// <param name="region">The region to connect.</param>
/// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region, EncryptionMaterials materials)
: base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, region)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key,
/// SessionToken, Region and Encryption materials.
/// </summary>
/// <param name="awsAccessKeyId">AWS Access Key ID</param>
/// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
/// <param name="awsSessionToken">AWS Session Token</param>
/// <param name="region">The region to connect.</param>
/// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region, EncryptionMaterials materials)
: base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, region)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Generates an instruction that will be used to encrypt an object.
/// </summary>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt data.
/// </param>
/// <returns>
/// The instruction that will be used to encrypt an object.
/// </returns>
internal static EncryptionInstructions GenerateInstructions(EncryptionMaterials materials)
{
Aes AesObject = Aes.Create();
byte[] encryptedEnvelopeKey = EncryptEnvelopeKey(AesObject.Key, materials);
return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, AesObject.Key, encryptedEnvelopeKey, AesObject.IV);
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, SessionToken
/// AmazonS3EncryptionClient CryptoConfiguration object and Encryption materials.
/// </summary>
/// <param name="awsAccessKeyId">AWS Access Key ID</param>
/// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
/// <param name="awsSessionToken">AWS Session Token</param>
/// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
: base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, config)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = config;
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with the Encryption materials,
/// AmazonS3 CryptoConfiguration object and credentials loaded from the application's
/// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
///
/// Example App.config with credentials set.
/// <code>
/// <?xml version="1.0" encoding="utf-8" ?>
/// <configuration>
/// <appSettings>
/// <add key="AWSProfileName" value="AWS Default"/>
/// </appSettings>
/// </configuration>
/// </code>
///
/// </summary>
/// <param name="config">
/// The AmazonS3EncryptionClient CryptoConfiguration Object
/// </param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
: base(config)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = config;
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
/// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
///
/// Example App.config with credentials set.
/// <code>
/// <?xml version="1.0" encoding="utf-8" ?>
/// <configuration>
/// <appSettings>
/// <add key="AWSProfileName" value="AWS Default"/>
/// </appSettings>
/// </configuration>
/// </code>
///
/// </summary>
/// <param name="region">
/// The region to connect.
/// </param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(RegionEndpoint region, EncryptionMaterials materials)
: base(region)
{
this.encryptionMaterials = materials;
amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Builds an instruction object from the instruction file.
/// </summary>
/// <param name="response"> Instruction file GetObject response</param>
/// <param name="materials">
/// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
/// </param>
/// <returns>
/// A non-null instruction object containing encryption information.
/// </returns>
internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials)
{
using (TextReader textReader = new StreamReader(response.ResponseStream))
{
JsonData jsonData = JsonMapper.ToObject(textReader);
var base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"];
byte[] encryptedEvelopeKey = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey);
byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);
var base64EncodedIV = jsonData["IV"];
byte[] IV = Convert.FromBase64String((string)base64EncodedIV);
return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV);
}
}
/// <summary>
/// Builds an instruction object from the object metadata.
/// </summary>
/// <param name="response">
/// A non-null object response that contains encryption information in its metadata.
/// </param>
/// <param name="materials">
/// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
/// </param>
/// <returns>
/// </returns>
internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials)
{
MetadataCollection metadata = response.Metadata;
string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata];
byte[] encryptedEvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);
string base64EncodedIV = metadata[initVectorInMetadata];
byte[] IV = Convert.FromBase64String(base64EncodedIV);
return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV));
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Credentials, Region and Encryption materials
/// </summary>
/// <param name="credentials">AWS Credentials</param>
/// <param name="region">The region to connect.</param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(AWSCredentials credentials, RegionEndpoint region, EncryptionMaterials materials)
: base(credentials, region)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = new AmazonS3CryptoConfiguration();
}
/// <summary>
/// Builds an instruction object from the object metadata.
/// </summary>
/// <param name="response">
/// A non-null object response that contains encryption information in its metadata.
/// </param>
/// <param name="materials">
/// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
/// </param>
/// <returns>
/// </returns>
internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials)
{
MetadataCollection metadata = response.Metadata;
string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata];
byte[] encryptedEvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);
string base64EncodedIV = metadata[initVectorInMetadata];
byte[] IV = Convert.FromBase64String(base64EncodedIV);
return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV);
}
/// <summary>
/// Constructs AmazonS3EncryptionClient with AWS Credentials, AmazonS3CryptoConfiguration Configuration object
/// and Encryption materials
/// </summary>
/// <param name="credentials">AWS Credentials</param>
/// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
/// <param name="materials">
/// The encryption materials to be used to encrypt and decrypt envelope key.
/// </param>
public AmazonS3EncryptionClient(AWSCredentials credentials, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
: base(credentials, config)
{
this.EncryptionMaterials = materials;
S3CryptoConfig = config;
}
