You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by da...@apache.org on 2023/06/19 08:45:18 UTC
[jackrabbit-oak] branch OAK-10093 updated (04bcb4b25d -> 0f35458d50)
This is an automated email from the ASF dual-hosted git repository.
daim pushed a change to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
omit 04bcb4b25d OAK-10093 : fixed code smells suggested by SONAR
omit a9edb7207d OAK-10093 : updated properties file with steps to generate SSE_C key
omit d65f5b56f3 OAK-10093 : fixed issues with unit cases and provided steps to create base64 encoded 32 bytes SSE_C keys
omit c6d3efeee6 OAK-10093 : replaces if/else block with switch statement
omit edcb4b009a OAK-10093 : provided support for SSE Customer Keys for AWS
add 1674cd82a9 OAK-10278: switch oak-run-elastic to shaded guava (#967)
add aa3c8d6ef2 OAK-10282: switch oak-it to shaded guava (#968)
add 1909b7cc06 OAK-10283: switch oak-examples to shaded guava (#970)
add e503b50d9d OAK-10284: switch oak-benchmarks to shaded guava (#972)
add 142e4be8f7 OAK-10286 : AutoMembershipPrincipals.isInheritedMember add check for cyclic membership, OAK-10285 : MembershipProvider change log level to ERROR for cyclic membership (#971)
add 9f3358d11a OAK-9660: NullPointerException When Moving Transient node
add 488cca50af Merge pull request #461 from mreutegg/OAK-9660
add 136bf146f5 OAK-10287: switch oak-benchmarks-lucene to shaded guava (#973)
add 5ae2e6c5d2 OAK-10280: Occasional failure to start docker container
add 3a9d407841 OAK-10280: Occasional failure to start docker container
add f49e2caccb OAK-10280: Occasional failure to start docker container
add de3c2755f9 Merge pull request #969 from mreutegg/OAK-10280
add dea494cc4b OAK-10268: propertyIndex=false fields cannot be used for sorting (#963)
add 3796f984ab OAK-10290: switch oak-benchmarks-elastic to shaded guava (#976)
add 04c23cb1da OAK-10292: switch oak-benchmarks-solr to shaded guava (#978)
add 7bcb56a077 OAK-10291: oak-segment-remote: PersistentRedisCacheTest may fail on Windows due to insufficient pagefile size. (#977)
new 9e3fe63d51 OAK-10093 : provided support for SSE Customer Keys for AWS
new 91db3d4f16 OAK-10093 : replaces if/else block with switch statement
new 097a77da15 OAK-10093 : fixed issues with unit cases and provided steps to create base64 encoded 32 bytes SSE_C keys
new 071c2d9b63 OAK-10093 : updated properties file with steps to generate SSE_C key
new 47e2ea6daf OAK-10093 : fixed code smells suggested by SONAR
new 0f35458d50 OAK-10093 : incorporated review comments
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (04bcb4b25d)
\
N -- N -- N refs/heads/OAK-10093 (0f35458d50)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../impl/principal/AutoMembershipPrincipals.java | 12 ++-
.../impl/principal/AutoMembershipCycleTest.java | 109 ++++++++++++++++++++
...lasticFullTextWithoutGlobalIndexSearchTest.java | 2 +-
.../benchmark/util/ElasticGlobalInitializer.java | 2 +-
.../org/apache/jackrabbit/oak/run/ElasticMain.java | 2 +-
.../jackrabbit/oak/benchmark/HybridIndexTest.java | 10 +-
...LuceneFullTextWithoutGlobalIndexSearchTest.java | 2 +-
...LucenePropertyFTIndexedContentAvailability.java | 2 +-
...pertyFTSeparatedIndexedContentAvailability.java | 2 +-
.../oak/benchmark/LucenePropertySearchTest.java | 2 +-
.../oak/benchmark/util/OakLuceneIndexUtils.java | 4 +-
.../org/apache/jackrabbit/oak/run/LuceneMain.java | 2 +-
.../benchmarks/search/AggregateNodeSearcher.java | 2 +-
.../suites/ScalabilityBlobSearchSuite.java | 10 +-
.../suites/ScalabilityNodeRelationshipSuite.java | 10 +-
.../scalability/suites/ScalabilityNodeSuite.java | 14 +--
.../org/apache/jackrabbit/oak/run/SolrMain.java | 2 +-
.../jackrabbit/oak/benchmark/AbstractTest.java | 2 +-
.../jackrabbit/oak/benchmark/BenchmarkRunner.java | 6 +-
.../jackrabbit/oak/benchmark/BundlingNodeTest.java | 4 +-
.../oak/benchmark/CompositeAuthorizationTest.java | 2 +-
.../oak/benchmark/ConcurrentFileWriteTest.java | 2 +-
.../oak/benchmark/ConcurrentHasPermissionTest.java | 2 +-
.../oak/benchmark/ContinuousRevisionGCTest.java | 2 +-
.../apache/jackrabbit/oak/benchmark/CugTest.java | 2 +-
.../jackrabbit/oak/benchmark/FacetSearchTest.java | 8 +-
.../IsCheckedOutAddMixinSetPropertyTest.java | 2 +-
.../jackrabbit/oak/benchmark/LoginSystemTest.java | 2 +-
.../jackrabbit/oak/benchmark/MemberBaseTest.java | 2 +-
.../jackrabbit/oak/benchmark/ObservationTest.java | 2 +-
.../oak/benchmark/PropertyFullTextTest.java | 4 +-
.../jackrabbit/oak/benchmark/ReadManyTest.java | 2 +-
.../jackrabbit/oak/benchmark/ReadPropertyTest.java | 2 +-
.../jackrabbit/oak/benchmark/RevisionGCTest.java | 2 +-
.../jackrabbit/oak/benchmark/SearchTest.java | 6 +-
.../jackrabbit/oak/benchmark/SetPropertyTest.java | 2 +-
.../oak/benchmark/SmallFileReadTest.java | 2 +-
.../external/AbstractExternalTest.java | 6 +-
.../authentication/external/ExternalLoginTest.java | 2 +-
.../external/PrincipalNameResolutionTest.java | 2 +-
.../authorization/AbstractHasItemGetItemTest.java | 4 +-
.../benchmark/authorization/AceCreationTest.java | 2 +-
.../GetPrivilegeCollectionIncludeNamesTest.java | 4 +-
.../HasPermissionHasItemGetItemTest.java | 2 +-
.../permission/EagerCacheSizeTest.java | 4 +-
.../principalbased/PermissionEvaluationTest.java | 2 +-
.../principalbased/PrinicipalBasedReadTest.java | 12 +--
.../oak/benchmark/util/OakIndexUtils.java | 4 +-
.../oak/benchmark/wikipedia/WikipediaImport.java | 2 +-
.../java/org/apache/jackrabbit/oak/run/Main.java | 2 +-
.../oak/scalability/ScalabilityRunner.java | 10 +-
.../benchmarks/search/ConcurrentReader.java | 2 +-
.../standby/StandbyBulkTransferBenchmark.java | 2 +-
.../suites/ScalabilityAbstractSuite.java | 12 +--
.../cloud/azure/blobstorage/AzuriteDockerRule.java | 29 +++++-
.../jackrabbit/oak/blob/cloud/s3/S3Constants.java | 6 +-
.../oak/blob/cloud/s3/S3RequestDecorator.java | 4 +-
.../blob/cloud/s3/TestS3DSWithSSECustomerKey.java | 6 +-
.../jackrabbit/oak/blob/cloud/s3/TestS3Ds.java | 6 +-
oak-blob-cloud/src/test/resources/aws.properties | 2 +-
.../oak/security/user/MembershipProvider.java | 2 +-
.../oak/standalone/RepositoryInitializer.java | 6 +-
.../java/org/apache/jackrabbit/j2ee/TomcatIT.java | 2 +-
.../java/org/apache/jackrabbit/oak/OakAssert.java | 2 +-
.../org/apache/jackrabbit/oak/api/TreeTest.java | 6 +-
.../oak/composite/AtomicCompositeMergeTest.java | 6 +-
.../CompositeNodeStoreClusterObservationTest.java | 2 +-
.../oak/composite/CompositeNodeStoreTest.java | 6 +-
.../jackrabbit/oak/core/MutableTreeTest.java | 2 +-
.../blob/DocumentBlobGCRegistrationTest.java | 2 +-
.../blob/DocumentBlobTrackerRegistrationTest.java | 2 +-
.../blob/datastore/DataStoreTrackerGCTest.java | 12 +--
.../DocumentCachingDataStoreStatsTest.java | 2 +-
.../index/AsyncIndexUpdateClusterTestIT.java | 6 +-
.../plugins/index/AsyncIndexUpdateLeaseTest.java | 4 +-
.../name/ReadWriteNamespaceRegistryTest.java | 2 +-
.../oak/segment/SegmentAzureDataStoreBlobGCIT.java | 2 +-
.../oak/segment/SegmentBlobGCRegistrationTest.java | 2 +-
.../segment/SegmentCachingDataStoreStatsTest.java | 2 +-
.../oak/segment/SegmentS3DataStoreBlobGCIT.java | 2 +-
.../oak/spi/commit/CommitContextTest.java | 2 +-
.../jackrabbit/oak/spi/state/CheckpointTest.java | 2 +-
.../jackrabbit/oak/spi/state/NodeStoreTest.java | 8 +-
.../jackrabbit/oak/jcr/TransientMoveTest.java | 110 +++++++++++++++++++++
.../oak/index/ElasticDocumentStoreIndexer.java | 2 +-
.../jackrabbit/oak/index/ElasticIndexCommand.java | 10 +-
.../oak/index/ElasticIndexImporterSupport.java | 2 +-
.../jackrabbit/oak/run/AvailableElasticModes.java | 2 +-
.../jackrabbit/oak/run/AzuriteDockerRule.java | 106 --------------------
.../oak/run/DataStoreCopyCommandTest.java | 1 +
.../index/elastic/query/ElasticIndexPlanner.java | 1 +
.../oak/plugins/index/OrderByCommonTest.java | 59 +++++++++++
oak-segment-azure/pom.xml | 7 ++
.../segment/azure/tool/SegmentCopyTestBase.java | 3 +-
.../oak/segment/azure/AzureArchiveManagerTest.java | 1 +
.../oak/segment/azure/AzureGCJournalTest.java | 2 +
.../oak/segment/azure/AzureJournalFileTest.java | 1 +
.../oak/segment/azure/AzureManifestFileTest.java | 2 +
.../oak/segment/azure/AzureReadSegmentTest.java | 1 +
.../oak/segment/azure/AzureRepositoryLockTest.java | 2 +
.../azure/AzureSegmentStoreServiceTest.java | 2 +
.../oak/segment/azure/AzureTarFileTest.java | 2 +
.../oak/segment/azure/AzureTarFilesTest.java | 2 +
.../oak/segment/azure/AzureTarWriterTest.java | 2 +
.../oak/segment/azure/AzuriteDockerRule.java | 106 --------------------
.../azure/journal/AzureJournalReaderTest.java | 3 +-
.../azure/journal/AzureTarRevisionsTest.java | 3 +-
.../azure/journal/ReverseFileReaderTest.java | 3 +-
.../oak/segment/azure/tool/ToolUtilsTest.java | 3 +-
.../split/SplitPersistenceBlobTest.java | 2 +-
.../persistence/split/SplitPersistenceTest.java | 2 +-
.../persistentcache/PersistentRedisCacheTest.java | 2 +-
.../plugins/document/mongo/MongoDockerRule.java | 41 +++++++-
oak-upgrade/pom.xml | 2 +-
.../upgrade/cli/SegmentAzureToSegmentTarTest.java | 2 +-
.../upgrade/cli/SegmentTarToSegmentAzureTest.java | 2 +-
.../container/SegmentAzureNodeStoreContainer.java | 2 +-
117 files changed, 553 insertions(+), 398 deletions(-)
create mode 100644 oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipCycleTest.java
create mode 100644 oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TransientMoveTest.java
delete mode 100644 oak-run/src/test/java/org/apache/jackrabbit/oak/run/AzuriteDockerRule.java
delete mode 100644 oak-segment-azure/src/test/java/org/apache/jackrabbit/oak/segment/azure/AzuriteDockerRule.java
[jackrabbit-oak] 03/06: OAK-10093 : fixed issues with unit cases and provided steps to create base64 encoded 32 bytes SSE_C keys
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
daim pushed a commit to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 097a77da1531a415afc7f139123ea16d1414061c
Author: Rishabh Kumar <di...@adobe.com>
AuthorDate: Thu Jun 8 14:27:30 2023 +0530
OAK-10093 : fixed issues with unit cases and provided steps to create base64 encoded 32 bytes SSE_C keys
---
.../jackrabbit/oak/blob/cloud/s3/S3Backend.java | 41 +++++++--------
.../jackrabbit/oak/blob/cloud/s3/S3Constants.java | 4 +-
.../oak/blob/cloud/s3/S3RequestDecorator.java | 45 ++++++++++++----
.../jackrabbit/oak/blob/cloud/s3/TestS3Ds.java | 61 ++++++++++++++++------
4 files changed, 103 insertions(+), 48 deletions(-)
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java
index 367a28a1fb..6b145eb0fa 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java
@@ -39,6 +39,8 @@ import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
+import com.amazonaws.services.s3.model.GetObjectMetadataRequest;
+import com.amazonaws.services.s3.model.GetObjectRequest;
import org.apache.commons.io.IOUtils;
import org.apache.jackrabbit.core.data.DataIdentifier;
import org.apache.jackrabbit.core.data.DataRecord;
@@ -328,7 +330,7 @@ public class S3Backend extends AbstractSharedBackend {
getClass().getClassLoader());
// check if the same record already exists
try {
- objectMetaData = s3service.getObjectMetadata(bucket, key);
+ objectMetaData = s3service.getObjectMetadata(s3ReqDecorator.decorate(new GetObjectMetadataRequest(bucket, key)));
} catch (AmazonServiceException ase) {
if (!(ase.getStatusCode() == 404 || ase.getStatusCode() == 403)) {
throw ase;
@@ -389,8 +391,7 @@ public class S3Backend extends AbstractSharedBackend {
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
- ObjectMetadata objectMetaData = s3service.getObjectMetadata(bucket,
- key);
+ ObjectMetadata objectMetaData = s3service.getObjectMetadata(s3ReqDecorator.decorate(new GetObjectMetadataRequest(bucket, key)));
if (objectMetaData != null) {
LOG.trace("exists [{}]: [true] took [{}] ms.",
identifier, (System.currentTimeMillis() - start) );
@@ -555,7 +556,7 @@ public class S3Backend extends AbstractSharedBackend {
getClass().getClassLoader());
ObjectMetadata meta = s3service.getObjectMetadata(bucket, addMetaKeyPrefix(name));
return new S3DataRecord(this, s3service, bucket, new DataIdentifier(name),
- meta.getLastModified().getTime(), meta.getContentLength(), true);
+ meta.getLastModified().getTime(), meta.getContentLength(), true, s3ReqDecorator);
} catch(Exception e) {
LOG.error("Error getting metadata record for {}", name, e);
}
@@ -582,7 +583,7 @@ public class S3Backend extends AbstractSharedBackend {
for (final S3ObjectSummary s3ObjSumm : prevObjectListing.getObjectSummaries()) {
metadataList.add(new S3DataRecord(this, s3service, bucket,
new DataIdentifier(stripMetaKeyPrefix(s3ObjSumm.getKey())),
- s3ObjSumm.getLastModified().getTime(), s3ObjSumm.getSize(), true));
+ s3ObjSumm.getLastModified().getTime(), s3ObjSumm.getSize(), true, s3ReqDecorator));
}
} finally {
if (contextClassLoader != null) {
@@ -646,7 +647,7 @@ public class S3Backend extends AbstractSharedBackend {
public DataRecord apply(S3ObjectSummary input) {
return new S3DataRecord(backend, s3service, bucket,
new DataIdentifier(getIdentifierName(input.getKey())),
- input.getLastModified().getTime(), input.getSize());
+ input.getLastModified().getTime(), input.getSize(), s3ReqDecorator);
}
});
}
@@ -659,9 +660,9 @@ public class S3Backend extends AbstractSharedBackend {
try {
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
- ObjectMetadata object = s3service.getObjectMetadata(bucket, key);
+ ObjectMetadata object = s3service.getObjectMetadata(s3ReqDecorator.decorate(new GetObjectMetadataRequest(bucket, key)));
S3DataRecord record = new S3DataRecord(this, s3service, bucket, identifier,
- object.getLastModified().getTime(), object.getContentLength());
+ object.getLastModified().getTime(), object.getContentLength(), s3ReqDecorator);
LOG.debug("Identifier [{}]'s getRecord = [{}] took [{}]ms.",
identifier, record, (System.currentTimeMillis() - start));
@@ -994,7 +995,8 @@ public class S3Backend extends AbstractSharedBackend {
bucket,
blobId,
lastModified.getTime(),
- size
+ size,
+ s3ReqDecorator
);
}
else {
@@ -1026,13 +1028,9 @@ public class S3Backend extends AbstractSharedBackend {
final Date expiration = new Date();
expiration.setTime(expiration.getTime() + expirySeconds * 1000);
- GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(bucket, key)
+ GeneratePresignedUrlRequest request = s3ReqDecorator.decorate(new GeneratePresignedUrlRequest(bucket, key)
.withMethod(method)
- .withExpiration(expiration);
-
- if (method != HttpMethod.GET) {
- request = s3ReqDecorator.decorate(request);
- }
+ .withExpiration(expiration));
for (Map.Entry<String, String> e : reqParams.entrySet()) {
request.addRequestParameter(e.getKey(), e.getValue());
@@ -1169,22 +1167,22 @@ public class S3Backend extends AbstractSharedBackend {
private long lastModified;
private String bucket;
private boolean isMeta;
+ private final S3RequestDecorator s3RequestDecorator;
public S3DataRecord(AbstractSharedBackend backend, AmazonS3Client s3service, String bucket,
- DataIdentifier key, long lastModified,
- long length) {
- this(backend, s3service, bucket, key, lastModified, length, false);
+ DataIdentifier key, long lastModified, long length, final S3RequestDecorator s3RequestDecorator) {
+ this(backend, s3service, bucket, key, lastModified, length, false, s3RequestDecorator);
}
public S3DataRecord(AbstractSharedBackend backend, AmazonS3Client s3service, String bucket,
- DataIdentifier key, long lastModified,
- long length, boolean isMeta) {
+ DataIdentifier key, long lastModified, long length, boolean isMeta, final S3RequestDecorator s3RequestDecorator) {
super(backend, key);
this.s3service = s3service;
this.lastModified = lastModified;
this.length = length;
this.bucket = bucket;
this.isMeta = isMeta;
+ this.s3RequestDecorator = s3RequestDecorator;
}
@Override
@@ -1197,6 +1195,7 @@ public class S3Backend extends AbstractSharedBackend {
String id = getKeyName(getIdentifier());
if (isMeta) {
id = addMetaKeyPrefix(getIdentifier().toString());
+ return s3service.getObject(bucket, id).getObjectContent();
}
else {
// Don't worry about stream logging for metadata records
@@ -1205,7 +1204,7 @@ public class S3Backend extends AbstractSharedBackend {
LOG_STREAMS_DOWNLOAD.debug("Binary downloaded from S3 - identifier={}", id, new Exception());
}
}
- return s3service.getObject(bucket, id).getObjectContent();
+ return s3service.getObject(s3RequestDecorator.decorate(new GetObjectRequest(bucket, id))).getObjectContent();
}
@Override
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
index 62877b9c9b..eb6ca3dce8 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
@@ -118,8 +118,10 @@ public final class S3Constants {
public static final String S3_SSE_KMS_KEYID = "kmsKeyId";
/**
- * Constant to set keyID for SSE_C encryption.
+ * Constant to set base64 encoded keyID for SSE_C encryption.
*/
+ // please use 'openssl rand -base64 -out ssec.key 32' command to
+ // generate base64 encoded 32 bytes string customer key for SSE_C
public static final String S3_SSE_C_KEYID = "sseCustomerKeyId";
/**
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
index 8e66124a20..46b6e5aa79 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
@@ -19,8 +19,11 @@ package org.apache.jackrabbit.oak.blob.cloud.s3;
import java.util.Properties;
+import com.amazonaws.HttpMethod;
import com.amazonaws.services.s3.model.CopyObjectRequest;
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
+import com.amazonaws.services.s3.model.GetObjectMetadataRequest;
+import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
@@ -28,9 +31,9 @@ import com.amazonaws.services.s3.model.SSEAlgorithm;
import com.amazonaws.services.s3.model.SSEAwsKeyManagementParams;
import com.amazonaws.services.s3.model.SSECustomerKey;
+import static com.amazonaws.HttpMethod.GET;
import static com.amazonaws.services.s3.model.SSEAlgorithm.AES256;
import static com.amazonaws.util.StringUtils.hasValue;
-import static java.nio.charset.StandardCharsets.UTF_8;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_KMS;
@@ -43,7 +46,6 @@ import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_KMS_KEY
*/
public class S3RequestDecorator {
DataEncryption dataEncryption = DataEncryption.NONE;
- Properties props;
SSEAwsKeyManagementParams sseParams;
SSECustomerKey sseCustomerKey;
@@ -65,7 +67,7 @@ public class S3RequestDecorator {
case S3_ENCRYPTION_SSE_C: {
final String keyId = props.getProperty(S3_SSE_C_KEYID);
if (hasValue(keyId)) {
- sseCustomerKey = new SSECustomerKey(keyId.getBytes(UTF_8));
+ sseCustomerKey = new SSECustomerKey(keyId);
}
break;
}
@@ -73,6 +75,34 @@ public class S3RequestDecorator {
}
}
+ /**
+ * Set encryption in {@link GetObjectMetadataRequest}
+ */
+ public GetObjectMetadataRequest decorate(final GetObjectMetadataRequest request) {
+ switch (getDataEncryption()) {
+ case SSE_C:
+ request.withSSECustomerKey(sseCustomerKey);
+ break;
+ case NONE:
+ break;
+ }
+ return request;
+ }
+
+ /**
+ * Set encryption in {@link GetObjectRequest}
+ */
+ public GetObjectRequest decorate(final GetObjectRequest request) {
+ switch (getDataEncryption()) {
+ case SSE_C:
+ request.withSSECustomerKey(sseCustomerKey);
+ break;
+ case NONE:
+ break;
+ }
+ return request;
+ }
+
/**
* Set encryption in {@link PutObjectRequest}
*/
@@ -90,7 +120,6 @@ public class S3RequestDecorator {
request.withSSEAwsKeyManagementParams(sseParams);
break;
case SSE_C:
- metadata.setSSEAlgorithm(AES256.getAlgorithm());
request.withSSECustomerKey(sseCustomerKey);
break;
case NONE:
@@ -139,7 +168,6 @@ public class S3RequestDecorator {
request.withSSEAwsKeyManagementParams(sseParams);
break;
case SSE_C:
- metadata.setSSEAlgorithm(AES256.getAlgorithm());
request.withSSECustomerKey(sseCustomerKey);
break;
case NONE:
@@ -152,6 +180,7 @@ public class S3RequestDecorator {
public GeneratePresignedUrlRequest decorate(GeneratePresignedUrlRequest request) {
switch (getDataEncryption()) {
case SSE_KMS:
+ if (request.getMethod() == GET) break; // KMS is not valid for GET Requests
String keyId = getSSEParams().getAwsKmsKeyId();
request = request.withSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
if (keyId != null) {
@@ -159,7 +188,7 @@ public class S3RequestDecorator {
}
break;
case SSE_C:
- request = request.withSSEAlgorithm(AES256).withSSECustomerKey(getSseCustomerKey());
+ request = request.withSSECustomerKey(sseCustomerKey);
break;
}
return request;
@@ -169,10 +198,6 @@ public class S3RequestDecorator {
return this.sseParams;
}
- private SSECustomerKey getSseCustomerKey() {
- return this.sseCustomerKey;
- }
-
private DataEncryption getDataEncryption() {
return this.dataEncryption;
}
diff --git a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
index a3b8702551..940ff24618 100644
--- a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
+++ b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
@@ -22,12 +22,11 @@ import java.io.InputStream;
import java.net.URI;
import java.util.Date;
import java.util.List;
+import java.util.Objects;
import java.util.Properties;
import javax.jcr.RepositoryException;
-import com.amazonaws.services.s3.Headers;
-import com.amazonaws.services.s3.model.SSEAlgorithm;
import org.apache.jackrabbit.guava.common.collect.Lists;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.http.HttpEntity;
@@ -60,6 +59,20 @@ import org.junit.runners.Parameterized;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static com.amazonaws.services.s3.Headers.SERVER_SIDE_ENCRYPTION;
+import static com.amazonaws.services.s3.Headers.SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID;
+import static com.amazonaws.services.s3.Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM;
+import static com.amazonaws.services.s3.Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY;
+import static com.amazonaws.services.s3.Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5;
+import static com.amazonaws.services.s3.model.SSEAlgorithm.AES256;
+import static com.amazonaws.services.s3.model.SSEAlgorithm.KMS;
+import static com.amazonaws.util.Base64.decode;
+import static com.amazonaws.util.Md5Utils.md5AsBase64;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_KMS;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_KMS_KEYID;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3DataStoreUtils.getFixtures;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3DataStoreUtils.getS3Config;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3DataStoreUtils.getS3DataStore;
@@ -125,7 +138,7 @@ public class TestS3Ds extends AbstractDataStoreTest {
props.setProperty(S3Constants.PRESIGNED_HTTP_UPLOAD_URI_EXPIRY_SECONDS, "60");
props.setProperty(S3Constants.PRESIGNED_URI_ENABLE_ACCELERATION, "60");
props.setProperty(S3Constants.PRESIGNED_HTTP_DOWNLOAD_URI_CACHE_MAX_SIZE, "60");
- props.setProperty(S3Constants.S3_ENCRYPTION, S3Constants.S3_ENCRYPTION_NONE);
+ props.setProperty(S3_ENCRYPTION, S3Constants.S3_ENCRYPTION_NONE);
super.setUp();
}
@@ -175,11 +188,11 @@ public class TestS3Ds extends AbstractDataStoreTest {
@Test
public void testDataMigration() {
try {
- String encryption = props.getProperty(S3Constants.S3_ENCRYPTION);
+ String encryption = props.getProperty(S3_ENCRYPTION);
//manually close the setup ds and remove encryption
ds.close();
- props.remove(S3Constants.S3_ENCRYPTION);
+ props.remove(S3_ENCRYPTION);
ds = createDataStore();
byte[] data = new byte[dataLength];
@@ -190,7 +203,7 @@ public class TestS3Ds extends AbstractDataStoreTest {
ds.close();
// turn encryption now anc recreate datastore instance
- props.setProperty(S3Constants.S3_ENCRYPTION, encryption);
+ props.setProperty(S3_ENCRYPTION, encryption);
props.setProperty(S3Constants.S3_RENAME_KEYS, "true");
ds = createDataStore();
@@ -252,16 +265,22 @@ public class TestS3Ds extends AbstractDataStoreTest {
HttpPut putreq = new HttpPut(puturl);
String keyId = null;
- String encryptionType = props.getProperty(S3Constants.S3_ENCRYPTION);
-
- if (encryptionType.equals(S3Constants.S3_ENCRYPTION_SSE_KMS)) {
- keyId = props.getProperty(S3Constants.S3_SSE_KMS_KEYID);
- putreq.addHeader(new BasicHeader(Headers.SERVER_SIDE_ENCRYPTION,
- SSEAlgorithm.KMS.getAlgorithm()));
- if(keyId != null) {
- putreq.addHeader(new BasicHeader(Headers.SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID,
- keyId));
- }
+ String encryptionType = props.getProperty(S3_ENCRYPTION);
+
+ switch (encryptionType) {
+ case S3_ENCRYPTION_SSE_KMS:
+ keyId = props.getProperty(S3_SSE_KMS_KEYID);
+ putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION, KMS.getAlgorithm()));
+ if (keyId != null) {
+ putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID, keyId));
+ }
+ break;
+ case S3_ENCRYPTION_SSE_C:
+ keyId = props.getProperty(S3_SSE_C_KEYID);
+ putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM, AES256.getAlgorithm()));
+ putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, keyId));
+ putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, md5AsBase64(decode(keyId))));
+ break;
}
putreq.setEntity(new InputStreamEntity(inputstream , length));
@@ -273,6 +292,16 @@ public class TestS3Ds extends AbstractDataStoreTest {
private HttpEntity httpGet(URI uri) throws IOException {
HttpGet getreq = new HttpGet(uri);
+
+ final String encryptionType = props.getProperty(S3_ENCRYPTION);
+
+ if (Objects.equals(S3_ENCRYPTION_SSE_C, encryptionType)) {
+ String keyId = props.getProperty(S3_SSE_C_KEYID);
+ getreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM, AES256.getAlgorithm()));
+ getreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, keyId));
+ getreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, md5AsBase64(decode(keyId))));
+ }
+
CloseableHttpClient httpclient = HttpClients.createDefault();
CloseableHttpResponse res = httpclient.execute(getreq);
Assert.assertEquals(200, res.getStatusLine().getStatusCode());
[jackrabbit-oak] 06/06: OAK-10093 : incorporated review comments
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
daim pushed a commit to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 0f35458d50a540c353a0b4f62fd30c8267047280
Author: Rishabh Kumar <di...@adobe.com>
AuthorDate: Mon Jun 19 14:14:59 2023 +0530
OAK-10093 : incorporated review comments
---
.../java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java | 6 +++---
.../org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java | 4 ++--
.../jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java | 6 +++---
.../test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java | 6 +++---
oak-blob-cloud/src/test/resources/aws.properties | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
index eb6ca3dce8..3852e35b2f 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
@@ -108,7 +108,7 @@ public final class S3Constants {
public static final String S3_ENCRYPTION_SSE_KMS = "SSE_KMS";
/**
- * Constant to set SSE_KMS encryption.
+ * Constant to set SSE_C encryption.
*/
public static final String S3_ENCRYPTION_SSE_C = "SSE_C";
@@ -118,11 +118,11 @@ public final class S3Constants {
public static final String S3_SSE_KMS_KEYID = "kmsKeyId";
/**
- * Constant to set base64 encoded keyID for SSE_C encryption.
+ * Constant to set base64 encoded key for SSE_C encryption.
*/
// please use 'openssl rand -base64 -out ssec.key 32' command to
// generate base64 encoded 32 bytes string customer key for SSE_C
- public static final String S3_SSE_C_KEYID = "sseCustomerKeyId";
+ public static final String S3_SSE_C_KEY = "sseCustomerKey";
/**
* Constant to set S3 signature for SSE_KMS encryption.
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
index 92f74fbc0c..a99e8b67ef 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
@@ -37,7 +37,7 @@ import static java.util.Objects.requireNonNull;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_KMS;
-import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEY;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_KMS_KEYID;
/**
@@ -65,7 +65,7 @@ public class S3RequestDecorator {
break;
}
case S3_ENCRYPTION_SSE_C: {
- final String keyId = props.getProperty(S3_SSE_C_KEYID);
+ final String keyId = props.getProperty(S3_SSE_C_KEY);
if (hasValue(keyId)) {
sseCustomerKey = new SSECustomerKey(keyId);
}
diff --git a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java
index f49ef0e01b..c8d1b20e64 100644
--- a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java
+++ b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java
@@ -23,7 +23,7 @@ import org.slf4j.Logger;
import static com.amazonaws.util.StringUtils.hasValue;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
-import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEY;
import static org.slf4j.LoggerFactory.getLogger;
/**
@@ -42,10 +42,10 @@ public class TestS3DSWithSSECustomerKey extends TestS3Ds {
@Before
public void setUp() throws Exception {
super.setUp();
- String keyId = props.getProperty(S3_SSE_C_KEYID);
+ String keyId = props.getProperty(S3_SSE_C_KEY);
if (hasValue(keyId)) {
props.setProperty(S3_ENCRYPTION, S3_ENCRYPTION_SSE_C);
- props.setProperty(S3_SSE_C_KEYID, keyId);
+ props.setProperty(S3_SSE_C_KEY, keyId);
} else {
LOG.info("SSE Customer Key ID not configured so ignoring test");
throw new AssumptionViolatedException("SSE Customer key Id not configured");
diff --git a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
index 49d2309fbd..58a521cf3a 100644
--- a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
+++ b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
@@ -71,7 +71,7 @@ import static com.amazonaws.util.Md5Utils.md5AsBase64;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_KMS;
-import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEY;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_KMS_KEYID;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3DataStoreUtils.getFixtures;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3DataStoreUtils.getS3Config;
@@ -276,7 +276,7 @@ public class TestS3Ds extends AbstractDataStoreTest {
}
break;
case S3_ENCRYPTION_SSE_C:
- keyId = props.getProperty(S3_SSE_C_KEYID);
+ keyId = props.getProperty(S3_SSE_C_KEY);
putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM, AES256.getAlgorithm()));
putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, keyId));
putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, md5AsBase64(decode(keyId))));
@@ -298,7 +298,7 @@ public class TestS3Ds extends AbstractDataStoreTest {
final String encryptionType = props.getProperty(S3_ENCRYPTION);
if (Objects.equals(S3_ENCRYPTION_SSE_C, encryptionType)) {
- String keyId = props.getProperty(S3_SSE_C_KEYID);
+ String keyId = props.getProperty(S3_SSE_C_KEY);
getreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM, AES256.getAlgorithm()));
getreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, keyId));
getreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, md5AsBase64(decode(keyId))));
diff --git a/oak-blob-cloud/src/test/resources/aws.properties b/oak-blob-cloud/src/test/resources/aws.properties
index e29dfef8e6..fb5623d4bb 100644
--- a/oak-blob-cloud/src/test/resources/aws.properties
+++ b/oak-blob-cloud/src/test/resources/aws.properties
@@ -38,7 +38,7 @@ kmsKeyId=
# base64 encoded 32 bytes customer key to be used for SSE_C
# Please use 'openssl rand -base64 -out ssec.key 32' command
# to generate customer key
-sseCustomerKeyId=
+sseCustomerKey=
connectionTimeout=120000
socketTimeout=120000
maxConnections=20
[jackrabbit-oak] 05/06: OAK-10093 : fixed code smells suggested by SONAR
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
daim pushed a commit to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 47e2ea6daf655d03ac46b2a7c05c5dfac7be6c09
Author: Rishabh Kumar <di...@adobe.com>
AuthorDate: Thu Jun 8 16:00:51 2023 +0530
OAK-10093 : fixed code smells suggested by SONAR
---
.../jackrabbit/oak/blob/cloud/s3/S3Backend.java | 12 +++++-----
.../oak/blob/cloud/s3/S3RequestDecorator.java | 26 +++++++++-------------
.../jackrabbit/oak/blob/cloud/s3/TestS3Ds.java | 2 ++
3 files changed, 19 insertions(+), 21 deletions(-)
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java
index 6b145eb0fa..37f28d36ce 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Backend.java
@@ -1167,22 +1167,22 @@ public class S3Backend extends AbstractSharedBackend {
private long lastModified;
private String bucket;
private boolean isMeta;
- private final S3RequestDecorator s3RequestDecorator;
+ private final S3RequestDecorator s3ReqDecorator;
public S3DataRecord(AbstractSharedBackend backend, AmazonS3Client s3service, String bucket,
- DataIdentifier key, long lastModified, long length, final S3RequestDecorator s3RequestDecorator) {
- this(backend, s3service, bucket, key, lastModified, length, false, s3RequestDecorator);
+ DataIdentifier key, long lastModified, long length, final S3RequestDecorator s3ReqDecorator) {
+ this(backend, s3service, bucket, key, lastModified, length, false, s3ReqDecorator);
}
public S3DataRecord(AbstractSharedBackend backend, AmazonS3Client s3service, String bucket,
- DataIdentifier key, long lastModified, long length, boolean isMeta, final S3RequestDecorator s3RequestDecorator) {
+ DataIdentifier key, long lastModified, long length, boolean isMeta, final S3RequestDecorator s3ReqDecorator) {
super(backend, key);
this.s3service = s3service;
this.lastModified = lastModified;
this.length = length;
this.bucket = bucket;
this.isMeta = isMeta;
- this.s3RequestDecorator = s3RequestDecorator;
+ this.s3ReqDecorator = s3ReqDecorator;
}
@Override
@@ -1204,7 +1204,7 @@ public class S3Backend extends AbstractSharedBackend {
LOG_STREAMS_DOWNLOAD.debug("Binary downloaded from S3 - identifier={}", id, new Exception());
}
}
- return s3service.getObject(s3RequestDecorator.decorate(new GetObjectRequest(bucket, id))).getObjectContent();
+ return s3service.getObject(s3ReqDecorator.decorate(new GetObjectRequest(bucket, id))).getObjectContent();
}
@Override
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
index 46b6e5aa79..92f74fbc0c 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
@@ -17,9 +17,6 @@
package org.apache.jackrabbit.oak.blob.cloud.s3;
-import java.util.Properties;
-
-import com.amazonaws.HttpMethod;
import com.amazonaws.services.s3.model.CopyObjectRequest;
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
import com.amazonaws.services.s3.model.GetObjectMetadataRequest;
@@ -31,9 +28,12 @@ import com.amazonaws.services.s3.model.SSEAlgorithm;
import com.amazonaws.services.s3.model.SSEAwsKeyManagementParams;
import com.amazonaws.services.s3.model.SSECustomerKey;
+import java.util.Properties;
+
import static com.amazonaws.HttpMethod.GET;
import static com.amazonaws.services.s3.model.SSEAlgorithm.AES256;
import static com.amazonaws.util.StringUtils.hasValue;
+import static java.util.Objects.requireNonNull;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_KMS;
@@ -71,6 +71,8 @@ public class S3RequestDecorator {
}
break;
}
+ default:
+ break;
}
}
}
@@ -79,12 +81,8 @@ public class S3RequestDecorator {
* Set encryption in {@link GetObjectMetadataRequest}
*/
public GetObjectMetadataRequest decorate(final GetObjectMetadataRequest request) {
- switch (getDataEncryption()) {
- case SSE_C:
- request.withSSECustomerKey(sseCustomerKey);
- break;
- case NONE:
- break;
+ if (requireNonNull(getDataEncryption()) == DataEncryption.SSE_C) {
+ request.withSSECustomerKey(sseCustomerKey);
}
return request;
}
@@ -93,12 +91,8 @@ public class S3RequestDecorator {
* Set encryption in {@link GetObjectRequest}
*/
public GetObjectRequest decorate(final GetObjectRequest request) {
- switch (getDataEncryption()) {
- case SSE_C:
- request.withSSECustomerKey(sseCustomerKey);
- break;
- case NONE:
- break;
+ if (requireNonNull(getDataEncryption()) == DataEncryption.SSE_C) {
+ request.withSSECustomerKey(sseCustomerKey);
}
return request;
}
@@ -190,6 +184,8 @@ public class S3RequestDecorator {
case SSE_C:
request = request.withSSECustomerKey(sseCustomerKey);
break;
+ default:
+ break;
}
return request;
}
diff --git a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
index 940ff24618..49d2309fbd 100644
--- a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
+++ b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3Ds.java
@@ -281,6 +281,8 @@ public class TestS3Ds extends AbstractDataStoreTest {
putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, keyId));
putreq.addHeader(new BasicHeader(SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5, md5AsBase64(decode(keyId))));
break;
+ default:
+ break;
}
putreq.setEntity(new InputStreamEntity(inputstream , length));
[jackrabbit-oak] 04/06: OAK-10093 : updated properties file with steps to generate SSE_C key
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
daim pushed a commit to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 071c2d9b633f94752c7800142f83b12307c6344f
Author: Rishabh Kumar <di...@adobe.com>
AuthorDate: Thu Jun 8 14:30:31 2023 +0530
OAK-10093 : updated properties file with steps to generate SSE_C key
---
oak-blob-cloud/src/test/resources/aws.properties | 3 +++
1 file changed, 3 insertions(+)
diff --git a/oak-blob-cloud/src/test/resources/aws.properties b/oak-blob-cloud/src/test/resources/aws.properties
index 6eaaa3a4bc..e29dfef8e6 100644
--- a/oak-blob-cloud/src/test/resources/aws.properties
+++ b/oak-blob-cloud/src/test/resources/aws.properties
@@ -35,6 +35,9 @@ s3Region=
# and has a higher precedence over endpoint derived
# via S3 region.
kmsKeyId=
+# base64 encoded 32 bytes customer key to be used for SSE_C
+# Please use 'openssl rand -base64 -out ssec.key 32' command
+# to generate customer key
sseCustomerKeyId=
connectionTimeout=120000
socketTimeout=120000
[jackrabbit-oak] 01/06: OAK-10093 : provided support for SSE Customer Keys for AWS
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
daim pushed a commit to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 9e3fe63d517dbcc32a06ee578ebc3b260a1ae8e5
Author: Rishabh Kumar <di...@adobe.com>
AuthorDate: Thu Jun 1 15:01:39 2023 +0530
OAK-10093 : provided support for SSE Customer Keys for AWS
---
.../jackrabbit/oak/blob/cloud/s3/S3Constants.java | 10 ++++
.../oak/blob/cloud/s3/S3RequestDecorator.java | 43 +++++++++++++++--
.../blob/cloud/s3/TestS3DSWithSSECustomerKey.java | 54 ++++++++++++++++++++++
oak-blob-cloud/src/test/resources/aws.properties | 1 +
4 files changed, 104 insertions(+), 4 deletions(-)
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
index e8ed6f00b0..62877b9c9b 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java
@@ -107,11 +107,21 @@ public final class S3Constants {
*/
public static final String S3_ENCRYPTION_SSE_KMS = "SSE_KMS";
+ /**
+ * Constant to set SSE_KMS encryption.
+ */
+ public static final String S3_ENCRYPTION_SSE_C = "SSE_C";
+
/**
* Constant to set keyID for SSE_KMS encryption.
*/
public static final String S3_SSE_KMS_KEYID = "kmsKeyId";
+ /**
+ * Constant to set keyID for SSE_C encryption.
+ */
+ public static final String S3_SSE_C_KEYID = "sseCustomerKeyId";
+
/**
* Constant to set S3 signature for SSE_KMS encryption.
*/
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
index 3d136795c5..af670c436b 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
@@ -26,7 +26,15 @@ import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.SSEAlgorithm;
import com.amazonaws.services.s3.model.SSEAwsKeyManagementParams;
-import com.amazonaws.util.StringUtils;
+import com.amazonaws.services.s3.model.SSECustomerKey;
+
+import java.util.Objects;
+
+import static com.amazonaws.services.s3.model.SSEAlgorithm.AES256;
+import static com.amazonaws.util.StringUtils.hasValue;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
/**
* This class to sets encrption mode in S3 request.
@@ -37,17 +45,24 @@ public class S3RequestDecorator {
Properties props;
SSEAwsKeyManagementParams sseParams;
+ SSECustomerKey sseCustomerKey;
+
public S3RequestDecorator(Properties props) {
String encryptionType = props.getProperty(S3Constants.S3_ENCRYPTION);
if (encryptionType != null) {
- this.dataEncryption = dataEncryption.valueOf(encryptionType);
+ this.dataEncryption = DataEncryption.valueOf(encryptionType);
if (encryptionType.equals(S3Constants.S3_ENCRYPTION_SSE_KMS)) {
String keyId = props.getProperty(S3Constants.S3_SSE_KMS_KEYID);
sseParams = new SSEAwsKeyManagementParams();
- if (!StringUtils.isNullOrEmpty(keyId)) {
+ if (hasValue(keyId)) {
sseParams.withAwsKmsKeyId(keyId);
}
+ } else if (Objects.equals(S3_ENCRYPTION_SSE_C, encryptionType)) {
+ final String keyId = props.getProperty(S3_SSE_C_KEYID);
+ if (hasValue(keyId)) {
+ sseCustomerKey = new SSECustomerKey(keyId.getBytes(UTF_8));
+ }
}
}
}
@@ -68,6 +83,10 @@ public class S3RequestDecorator {
/*Set*/
request.withSSEAwsKeyManagementParams(sseParams);
break;
+ case SSE_C:
+ metadata.setSSEAlgorithm(AES256.getAlgorithm());
+ request.withSSECustomerKey(sseCustomerKey);
+ break;
case NONE:
break;
}
@@ -90,6 +109,10 @@ public class S3RequestDecorator {
metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
request.withSSEAwsKeyManagementParams(sseParams);
break;
+ case SSE_C:
+ metadata.setSSEAlgorithm(AES256.getAlgorithm());
+ request.withSourceSSECustomerKey(sseCustomerKey).withDestinationSSECustomerKey(sseCustomerKey);
+ break;
case NONE:
break;
}
@@ -109,6 +132,10 @@ public class S3RequestDecorator {
metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
request.withSSEAwsKeyManagementParams(sseParams);
break;
+ case SSE_C:
+ metadata.setSSEAlgorithm(AES256.getAlgorithm());
+ request.withSSECustomerKey(sseCustomerKey);
+ break;
case NONE:
break;
}
@@ -124,6 +151,10 @@ public class S3RequestDecorator {
if (keyId != null) {
request = request.withKmsCmkId(keyId);
}
+ break;
+ case SSE_C:
+ request = request.withSSEAlgorithm(AES256).withSSECustomerKey(getSseCustomerKey());
+ break;
}
return request;
}
@@ -132,6 +163,10 @@ public class S3RequestDecorator {
return this.sseParams;
}
+ private SSECustomerKey getSseCustomerKey() {
+ return this.sseCustomerKey;
+ }
+
private DataEncryption getDataEncryption() {
return this.dataEncryption;
}
@@ -141,7 +176,7 @@ public class S3RequestDecorator {
*
*/
private enum DataEncryption {
- SSE_S3, SSE_KMS, NONE;
+ SSE_S3, SSE_KMS, SSE_C, NONE;
}
}
diff --git a/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java
new file mode 100644
index 0000000000..f49ef0e01b
--- /dev/null
+++ b/oak-blob-cloud/src/test/java/org/apache/jackrabbit/oak/blob/cloud/s3/TestS3DSWithSSECustomerKey.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.blob.cloud.s3;
+
+import org.junit.AssumptionViolatedException;
+import org.junit.Before;
+import org.slf4j.Logger;
+
+import static com.amazonaws.util.StringUtils.hasValue;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Test S3DataStore operation with SSE_C encryption.
+ * It requires to pass aws config file via system property or system properties by prefixing with 'ds.'.
+ * See details @ {@link S3DataStoreUtils}.
+ * For e.g. -Dconfig=/opt/cq/aws.properties. Sample aws properties located at
+ * src/test/resources/aws.properties
+ *
+ */
+public class TestS3DSWithSSECustomerKey extends TestS3Ds {
+
+ protected static final Logger LOG = getLogger(TestS3DSWithSSECustomerKey.class);
+
+ @Override
+ @Before
+ public void setUp() throws Exception {
+ super.setUp();
+ String keyId = props.getProperty(S3_SSE_C_KEYID);
+ if (hasValue(keyId)) {
+ props.setProperty(S3_ENCRYPTION, S3_ENCRYPTION_SSE_C);
+ props.setProperty(S3_SSE_C_KEYID, keyId);
+ } else {
+ LOG.info("SSE Customer Key ID not configured so ignoring test");
+ throw new AssumptionViolatedException("SSE Customer key Id not configured");
+ }
+ }
+}
diff --git a/oak-blob-cloud/src/test/resources/aws.properties b/oak-blob-cloud/src/test/resources/aws.properties
index e23ed0c3fd..6eaaa3a4bc 100644
--- a/oak-blob-cloud/src/test/resources/aws.properties
+++ b/oak-blob-cloud/src/test/resources/aws.properties
@@ -35,6 +35,7 @@ s3Region=
# and has a higher precedence over endpoint derived
# via S3 region.
kmsKeyId=
+sseCustomerKeyId=
connectionTimeout=120000
socketTimeout=120000
maxConnections=20
[jackrabbit-oak] 02/06: OAK-10093 : replaces if/else block with switch statement
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
daim pushed a commit to branch OAK-10093
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit 91db3d4f163ecf4869f76926b26eaa604b72b8bd
Author: Rishabh Kumar <di...@adobe.com>
AuthorDate: Mon Jun 5 14:18:29 2023 +0530
OAK-10093 : replaces if/else block with switch statement
---
.../oak/blob/cloud/s3/S3RequestDecorator.java | 30 +++++++++++++---------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
index af670c436b..8e66124a20 100644
--- a/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
+++ b/oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3RequestDecorator.java
@@ -28,13 +28,14 @@ import com.amazonaws.services.s3.model.SSEAlgorithm;
import com.amazonaws.services.s3.model.SSEAwsKeyManagementParams;
import com.amazonaws.services.s3.model.SSECustomerKey;
-import java.util.Objects;
-
import static com.amazonaws.services.s3.model.SSEAlgorithm.AES256;
import static com.amazonaws.util.StringUtils.hasValue;
import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_C;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_ENCRYPTION_SSE_KMS;
import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_C_KEYID;
+import static org.apache.jackrabbit.oak.blob.cloud.s3.S3Constants.S3_SSE_KMS_KEYID;
/**
* This class to sets encrption mode in S3 request.
@@ -48,20 +49,25 @@ public class S3RequestDecorator {
SSECustomerKey sseCustomerKey;
public S3RequestDecorator(Properties props) {
- String encryptionType = props.getProperty(S3Constants.S3_ENCRYPTION);
+ final String encryptionType = props.getProperty(S3_ENCRYPTION);
if (encryptionType != null) {
this.dataEncryption = DataEncryption.valueOf(encryptionType);
- if (encryptionType.equals(S3Constants.S3_ENCRYPTION_SSE_KMS)) {
- String keyId = props.getProperty(S3Constants.S3_SSE_KMS_KEYID);
- sseParams = new SSEAwsKeyManagementParams();
- if (hasValue(keyId)) {
- sseParams.withAwsKmsKeyId(keyId);
+ switch (encryptionType) {
+ case S3_ENCRYPTION_SSE_KMS: {
+ final String keyId = props.getProperty(S3_SSE_KMS_KEYID);
+ sseParams = new SSEAwsKeyManagementParams();
+ if (hasValue(keyId)) {
+ sseParams.withAwsKmsKeyId(keyId);
+ }
+ break;
}
- } else if (Objects.equals(S3_ENCRYPTION_SSE_C, encryptionType)) {
- final String keyId = props.getProperty(S3_SSE_C_KEYID);
- if (hasValue(keyId)) {
- sseCustomerKey = new SSECustomerKey(keyId.getBytes(UTF_8));
+ case S3_ENCRYPTION_SSE_C: {
+ final String keyId = props.getProperty(S3_SSE_C_KEYID);
+ if (hasValue(keyId)) {
+ sseCustomerKey = new SSECustomerKey(keyId.getBytes(UTF_8));
+ }
+ break;
}
}
}