private static void UnmarshallResult(XmlUnmarshallerContext context,GetObjectResponse response) { response.ResponseStream = context.Stream; IWebResponseData responseData = context.ResponseData; if (responseData.IsHeaderPresent("x-amz-delete-marker")) response.DeleteMarker = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-delete-marker")); if (responseData.IsHeaderPresent("accept-ranges")) response.AcceptRanges = S3Transforms.ToString(responseData.GetHeaderValue("accept-ranges")); if (responseData.IsHeaderPresent("x-amz-expiration")) response.Expiration = new Expiration(responseData.GetHeaderValue("x-amz-expiration")); if (responseData.IsHeaderPresent("x-amz-restore")) { bool restoreInProgress; DateTime? restoreExpiration; AmazonS3Util.ParseAmzRestoreHeader(responseData.GetHeaderValue("x-amz-restore"), out restoreInProgress, out restoreExpiration); response.RestoreInProgress = restoreInProgress; response.RestoreExpiration = restoreExpiration; } if (responseData.IsHeaderPresent("Last-Modified")) response.LastModified = S3Transforms.ToDateTime(responseData.GetHeaderValue("Last-Modified")); if (responseData.IsHeaderPresent("ETag")) response.ETag = S3Transforms.ToString(responseData.GetHeaderValue("ETag")); if (responseData.IsHeaderPresent("x-amz-missing-meta")) response.MissingMeta = S3Transforms.ToInt(responseData.GetHeaderValue("x-amz-missing-meta")); if (responseData.IsHeaderPresent("x-amz-version-id")) response.VersionId = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-version-id")); if (responseData.IsHeaderPresent("Cache-Control")) response.Headers.CacheControl = S3Transforms.ToString(responseData.GetHeaderValue("Cache-Control")); if (responseData.IsHeaderPresent("Content-Disposition")) response.Headers.ContentDisposition = S3Transforms.ToString(responseData.GetHeaderValue("Content-Disposition")); if (responseData.IsHeaderPresent("Content-Encoding")) response.Headers.ContentEncoding = S3Transforms.ToString(responseData.GetHeaderValue("Content-Encoding")); if (responseData.IsHeaderPresent("Content-Length")) response.Headers.ContentLength = long.Parse(responseData.GetHeaderValue("Content-Length"), CultureInfo.InvariantCulture); if (responseData.IsHeaderPresent("Content-Type")) response.Headers.ContentType = S3Transforms.ToString(responseData.GetHeaderValue("Content-Type")); if (responseData.IsHeaderPresent("Expires")) response.Expires = S3Transforms.ToDateTime(responseData.GetHeaderValue("Expires")); if (responseData.IsHeaderPresent("x-amz-website-redirect-location")) response.WebsiteRedirectLocation = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-website-redirect-location")); if (responseData.IsHeaderPresent("x-amz-server-side-encryption")) response.ServerSideEncryptionMethod = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-server-side-encryption")); if (responseData.IsHeaderPresent("x-amz-server-side-encryption-customer-algorithm")) response.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.FindValue(responseData.GetHeaderValue("x-amz-server-side-encryption-customer-algorithm")); if (responseData.IsHeaderPresent(HeaderKeys.XAmzServerSideEncryptionAwsKmsKeyIdHeader)) response.ServerSideEncryptionKeyManagementServiceKeyId = S3Transforms.ToString(responseData.GetHeaderValue(HeaderKeys.XAmzServerSideEncryptionAwsKmsKeyIdHeader)); if (responseData.IsHeaderPresent("x-amz-replication-status")) response.ReplicationStatus = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-replication-status")); foreach (var name in responseData.GetHeaderNames()) { if (name.StartsWith("x-amz-meta-", StringComparison.OrdinalIgnoreCase)) response.Metadata[name] = responseData.GetHeaderValue(name); } return; }
/// <summary> /// Check if the file exists or not /// </summary> /// <param name="fileName"></param> /// <returns></returns> public bool Exists(string fileName) { Amazon.S3.Model.GetObjectResponse res = Get(fileName); if (res == null) { return(false); } return(true); }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { GetObjectResponse response = new GetObjectResponse(); UnmarshallResult(context,response); return response; }
public S3VirtualFile Init(GetObjectResponse response) { FilePath = response.Key; ContentType = response.Headers.ContentType; FileLastModified = response.LastModified; ContentLength = response.Headers.ContentLength; Etag = response.ETag; Stream = response.ResponseStream; return this; }
/// <summary> /// Check if the file exists or not /// </summary> /// <param name="fileName"></param> /// <returns></returns> public bool Exists(string fileUrl) { string key = GetKeyNameFromUrl(fileUrl); Amazon.S3.Model.GetObjectResponse res = Get(key); if (res == null) { return(false); } return(true); }
/// <summary> /// Constructs a <see cref="FileResource.FileInputPipe"/>. /// </summary> /// <param name="response">The <see cref="GetObjectResponse"/>.</param> /// <param name="path">The <see cref="IResourcePath"/>.</param> public S3InputPipe(GetObjectResponse response, IResourcePath path) { // validate arguments if (response == null) throw new ArgumentNullException("response"); if (path == null) throw new ArgumentNullException("path"); // set values this.response = response; reader = new StreamReader(response.ResponseStream); }
/// <summary> /// Updates object where the object input stream contains the decrypted contents. /// </summary> /// <param name="getObjectResponse">The getObject response whose contents are to be decrypted.</param> /// <param name="decryptedEnvelopeKeyKMS">The decrypted envelope key to be use if KMS key wrapping is being used. Or null if non-KMS key wrapping is being used.</param> protected void DecryptObjectUsingMetadata(GetObjectResponse getObjectResponse, byte[] decryptedEnvelopeKeyKMS) { // Create an instruction object from the object metadata EncryptionInstructions instructions = EncryptionUtils.BuildInstructionsFromObjectMetadata(getObjectResponse, EncryptionClient.EncryptionMaterials, decryptedEnvelopeKeyKMS); if (decryptedEnvelopeKeyKMS != null) { if (getObjectResponse.Metadata[EncryptionUtils.XAmzCekAlg] != null && instructions.MaterialsDescription.ContainsKey(EncryptionUtils.XAmzEncryptionContextCekAlg)) { if (EncryptionUtils.XAmzAesGcmCekAlgValue.Equals(getObjectResponse.Metadata[EncryptionUtils.XAmzCekAlg]) && EncryptionUtils.XAmzAesGcmCekAlgValue.Equals(instructions.MaterialsDescription[EncryptionUtils.XAmzEncryptionContextCekAlg])) { // Decrypt the object with V2 instruction EncryptionUtils.DecryptObjectUsingInstructionsV2(getObjectResponse, instructions); } else { throw new AmazonCryptoException($"The content encryption algorithm used at encryption time does not match the algorithm stored for decryption time." + " The object may be altered or corrupted."); } } else if (EncryptionUtils.XAmzAesCbcPaddingCekAlgValue.Equals(instructions.CekAlgorithm)) { ThrowIfLegacyReadIsDisabled(); // Decrypt the object with V1 instruction EncryptionUtils.DecryptObjectUsingInstructions(getObjectResponse, instructions); } else { throw new AmazonCryptoException($"The content encryption algorithm used at encryption time does not match the algorithm stored for decryption time." + " The object may be altered or corrupted."); } } else if (EncryptionUtils.XAmzAesGcmCekAlgValue.Equals(getObjectResponse.Metadata[EncryptionUtils.XAmzCekAlg])) { // Decrypt the object with V2 instruction EncryptionUtils.DecryptObjectUsingInstructionsV2(getObjectResponse, instructions); } // It is safe to assume, this is either non KMS encryption with V1 client or AES CBC // We don't need to check cek algorithm to be AES CBC, because non KMS encryption with V1 client doesn't set it else { ThrowIfLegacyReadIsDisabled(); EncryptionUtils.DecryptObjectUsingInstructions(getObjectResponse, instructions); } }
/// <summary> /// /// </summary> /// <param name="key"></param> /// <returns></returns> public Amazon.S3.Model.GetObjectResponse Get(string key) { try { Amazon.S3.AmazonS3Client client = new Amazon.S3.AmazonS3Client(AWAPI_File_AmazonS3_AccessKey, AWAPI_File_AmazonS3_SecretKey); Amazon.S3.Model.GetObjectRequest req = new Amazon.S3.Model.GetObjectRequest(); req.BucketName = AWAPI_File_AmazonS3_BucketName; req.Key = key; Amazon.S3.Model.GetObjectResponse res = client.GetObject(req); return(res); } catch (Exception ex) { } return(null); }
/// <summary> /// Updates object where the object input stream contains the decrypted contents. /// </summary> /// <param name="getObjectResponse">The getObject response of InstructionFile.</param> /// <param name="instructionFileResponse">The getObject response whose contents are to be decrypted.</param> protected void DecryptObjectUsingInstructionFile(GetObjectResponse getObjectResponse, GetObjectResponse instructionFileResponse) { // Create an instruction object from the instruction file response var instructions = EncryptionUtils.BuildInstructionsUsingInstructionFileV2(instructionFileResponse, EncryptionClient.EncryptionMaterials); if (EncryptionUtils.XAmzAesGcmCekAlgValue.Equals(instructions.CekAlgorithm)) { // Decrypt the object with V2 instructions EncryptionUtils.DecryptObjectUsingInstructionsV2(getObjectResponse, instructions); } else { ThrowIfLegacyReadIsDisabled(); // Decrypt the object with V1 instructions EncryptionUtils.DecryptObjectUsingInstructions(getObjectResponse, instructions); } }
/// <summary> /// Check if the file exists or not /// </summary> /// <param name="fileName"></param> /// <returns></returns> public Amazon.S3.Model.GetObjectResponse Get(string fileName) { try { Amazon.S3.AmazonS3Client client = new Amazon.S3.AmazonS3Client(ConfigurationLibrary.Config.fileAmazonS3AccessKey, ConfigurationLibrary.Config.fileAmazonS3SecreyKey); Amazon.S3.Model.GetObjectRequest req = new Amazon.S3.Model.GetObjectRequest(); req.BucketName = GetBucketNameFromUrl(fileName); // ConfigurationLibrary.Config.fileAmazonS3BucketName; req.Key = fileName; Amazon.S3.Model.GetObjectResponse res = client.GetObject(req); return(res); } catch (Exception ex) { } return(null); }
//--- Methods --- public async Task FunctionHandler(S3Event uploadEvent, ILambdaContext context) { string bucket = uploadEvent.Records[0].S3.Bucket.Name; string objectKey = uploadEvent.Records[0].S3.Object.Key; using (var client = new AmazonS3Client(Amazon.RegionEndpoint.USEast1)) { S3Model.GetObjectRequest request = new S3Model.GetObjectRequest { BucketName = bucket, Key = objectKey }; using (S3Model.GetObjectResponse response = await client.GetObjectAsync(request)) using (Stream responseStream = response.ResponseStream) using (StreamReader reader = new StreamReader(responseStream)) { while (reader.Peek() >= 0) { LambdaLogger.Log($"{reader.ReadLine().Replace("\t", " | ")}"); } } } }
/// <summary> /// Find mode of encryption and decrypt GetObjectResponse /// </summary> /// <param name="decryptedEnvelopeKeyKMS">decrypted envelope key for KMS</param> /// <param name="getObjectResponse">GetObjectResponse which needs to be decrypted</param> /// <returns></returns> /// <exception cref="AmazonServiceException">Exception thrown if GetObjectResponse decryption fails</exception> protected void DecryptObject(byte[] decryptedEnvelopeKeyKMS, GetObjectResponse getObjectResponse) { if (EncryptionUtils.IsEncryptionInfoInMetadata(getObjectResponse)) { DecryptObjectUsingMetadata(getObjectResponse, decryptedEnvelopeKeyKMS); } else { GetObjectResponse instructionFileResponse = null; try { var instructionFileRequest = EncryptionUtils.GetInstructionFileRequest(getObjectResponse, EncryptionUtils.EncryptionInstructionFileV2Suffix); instructionFileResponse = GetInstructionFile(instructionFileRequest); } catch (AmazonS3Exception amazonS3Exception) when(amazonS3Exception.ErrorCode == EncryptionUtils.NoSuchKey) { Logger.InfoFormat($"New instruction file with suffix {EncryptionUtils.EncryptionInstructionFileV2Suffix} doesn't exist. " + $"Try to get old instruction file with suffix {EncryptionUtils.EncryptionInstructionFileSuffix}. {amazonS3Exception.Message}"); try { var instructionFileRequest = EncryptionUtils.GetInstructionFileRequest(getObjectResponse, EncryptionUtils.EncryptionInstructionFileSuffix); instructionFileResponse = GetInstructionFile(instructionFileRequest); } catch (AmazonServiceException ace) { throw new AmazonServiceException($"Unable to decrypt data for object {getObjectResponse.Key} in bucket {getObjectResponse.BucketName}", ace); } } catch (AmazonServiceException ace) { throw new AmazonServiceException($"Unable to decrypt data for object {getObjectResponse.Key} in bucket {getObjectResponse.BucketName}", ace); } DecryptObjectUsingInstructionFile(getObjectResponse, instructionFileResponse); } }
/// <summary> /// Updates object where the object input stream contains the decrypted contents. /// </summary> /// <param name="objectResponse"> /// The getObject response whose contents are to be decrypted. /// </param> private void DecryptObjectUsingMetadata(GetObjectResponse objectResponse) { // Create an instruction object from the object metadata EncryptionInstructions instructions = EncryptionUtils.BuildInstructionsFromObjectMetadata(objectResponse, this.encryptionMaterials); // Decrypt the object with the instruction EncryptionUtils.DecryptObjectUsingInstructions(objectResponse, instructions); }
/// <summary> /// Updates object where the object input stream contains the decrypted contents. /// </summary> /// <param name="instructionFileResponse"> /// The getObject response of InstructionFile. /// </param> /// <param name="response"> /// The getObject response whose contents are to be decrypted. /// </param> private void DecryptObjectUsingInstructionFile(GetObjectResponse response, GetObjectResponse instructionFileResponse) { // Create an instruction object from the instruction file response EncryptionInstructions instructions = EncryptionUtils.BuildInstructionsUsingInstructionFile(instructionFileResponse, this.encryptionMaterials); // Decrypt the object with the instructions EncryptionUtils.DecryptObjectUsingInstructions(response, instructions); }
/// <summary> /// checks if encryption credentials are in the instructionfile /// </summary> /// <param name="response">Instruction file response that contains encryption information</param> /// <returns></returns> internal static bool IsEncryptionInfoInInstructionFile(GetObjectResponse response) { MetadataCollection metadata = response.Metadata; if (metadata[instructionFileInfo] != null) return true; else return false; }
/// <summary> /// checks if encryption credentials are in object metadata /// </summary> /// <param name="response">Response of the object</param> /// <returns></returns> internal static bool IsEncryptionInfoInMetadata(GetObjectResponse response) { MetadataCollection metadata = response.Metadata; if (metadata[keyInMetadata] != null && metadata[initVectorInMetadata] != null) return true; else return false; }
/// <summary> /// Builds an instruction object from the instruction file. /// </summary> /// <param name="response"> Instruction file GetObject response</param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <returns> /// A non-null instruction object containing encryption information. /// </returns> internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials) { using (TextReader textReader = new StreamReader(response.ResponseStream)) { JsonData jsonData = JsonMapper.ToObject(textReader); var base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"]; byte[] encryptedEvelopeKey = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials); var base64EncodedIV = jsonData["IV"]; byte[] IV = Convert.FromBase64String((string)base64EncodedIV); return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV); } }
/// <summary> /// Builds an instruction object from the object metadata. /// </summary> /// <param name="response"> /// A non-null object response that contains encryption information in its metadata. /// </param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <returns> /// </returns> internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials) { MetadataCollection metadata = response.Metadata; string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata]; byte[] encryptedEvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials); string base64EncodedIV = metadata[initVectorInMetadata]; byte[] IV = Convert.FromBase64String(base64EncodedIV); return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV); }
internal static GetObjectRequest GetInstructionFileRequest(GetObjectResponse response) { GetObjectRequest request = new GetObjectRequest { BucketName = response.BucketName, Key = response.Key + instructionfileSuffix }; return request; }
public ResponseStreamWrapper(GetObjectResponse response) { if (response == null) throw new ArgumentNullException("response"); this.response = response; }
public DisposableS3ResponseStream(GetObjectResponse response) { this.response = response; }
/// <summary> /// Updates object where the object /// input stream contains the decrypted contents. /// </summary> /// <param name="response"> /// The getObject response whose contents are to be decrypted. /// </param> /// <param name="instructions"> /// The instruction that will be used to encrypt the object data. /// </param> internal static void DecryptObjectUsingInstructions(GetObjectResponse response, EncryptionInstructions instructions) { response.ResponseStream = DecryptStream(response.ResponseStream, instructions); }
public void OpenFileWithBucketPrefix() { //Arrange var stream = new MemoryStream(Encoding.UTF8.GetBytes("Test123")); var response = new GetObjectResponse { ResponseStream = stream }; var clientMock = new Mock<IAmazonS3>(); clientMock.Setup(p => p.GetObject(It.Is<GetObjectRequest>(req => req.Key == "media/1001/media.jpg"))) .Returns(response); var provider = CreateProvider(clientMock); //Act var actual = provider.OpenFile("/media/1001/media.jpg"); //Assert Assert.AreEqual(new StreamReader(actual).ReadToEnd(), "Test123"); clientMock.VerifyAll(); }