aws-sdk-s3 1.10.0 → 1.208.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1517 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
- data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +250 -0
- data/lib/aws-sdk-s3/bucket.rb +1062 -99
- data/lib/aws-sdk-s3/bucket_acl.rb +67 -17
- data/lib/aws-sdk-s3/bucket_cors.rb +80 -17
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +71 -19
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +126 -20
- data/lib/aws-sdk-s3/bucket_logging.rb +68 -18
- data/lib/aws-sdk-s3/bucket_notification.rb +56 -20
- data/lib/aws-sdk-s3/bucket_policy.rb +108 -17
- data/lib/aws-sdk-s3/bucket_region_cache.rb +11 -5
- data/lib/aws-sdk-s3/bucket_request_payment.rb +60 -15
- data/lib/aws-sdk-s3/bucket_tagging.rb +71 -17
- data/lib/aws-sdk-s3/bucket_versioning.rb +166 -17
- data/lib/aws-sdk-s3/bucket_website.rb +78 -17
- data/lib/aws-sdk-s3/client.rb +20068 -3879
- data/lib/aws-sdk-s3/client_api.rb +1957 -209
- data/lib/aws-sdk-s3/customizations/bucket.rb +57 -38
- data/lib/aws-sdk-s3/customizations/errors.rb +40 -0
- data/lib/aws-sdk-s3/customizations/multipart_upload.rb +2 -0
- data/lib/aws-sdk-s3/customizations/object.rb +338 -68
- data/lib/aws-sdk-s3/customizations/object_summary.rb +17 -0
- data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
- data/lib/aws-sdk-s3/customizations/types/list_object_versions_output.rb +2 -0
- data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
- data/lib/aws-sdk-s3/customizations.rb +30 -27
- data/lib/aws-sdk-s3/default_executor.rb +103 -0
- data/lib/aws-sdk-s3/encryption/client.rb +29 -8
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +71 -29
- data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +45 -5
- data/lib/aws-sdk-s3/encryption/default_key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +15 -2
- data/lib/aws-sdk-s3/encryption/errors.rb +2 -0
- data/lib/aws-sdk-s3/encryption/io_auth_decrypter.rb +11 -3
- data/lib/aws-sdk-s3/encryption/io_decrypter.rb +11 -3
- data/lib/aws-sdk-s3/encryption/io_encrypter.rb +2 -0
- data/lib/aws-sdk-s3/encryption/key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +48 -11
- data/lib/aws-sdk-s3/encryption/materials.rb +8 -6
- data/lib/aws-sdk-s3/encryption/utils.rb +25 -0
- data/lib/aws-sdk-s3/encryption.rb +4 -0
- data/lib/aws-sdk-s3/encryptionV2/client.rb +645 -0
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +68 -0
- data/lib/aws-sdk-s3/encryptionV2/decryption.rb +205 -0
- data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +187 -0
- data/lib/aws-sdk-s3/encryptionV2/default_key_provider.rb +40 -0
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +67 -0
- data/lib/aws-sdk-s3/encryptionV2/errors.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_auth_decrypter.rb +58 -0
- data/lib/aws-sdk-s3/encryptionV2/io_decrypter.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +75 -0
- data/lib/aws-sdk-s3/encryptionV2/key_provider.rb +31 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +181 -0
- data/lib/aws-sdk-s3/encryptionV2/materials.rb +60 -0
- data/lib/aws-sdk-s3/encryptionV2/utils.rb +108 -0
- data/lib/aws-sdk-s3/encryptionV3/client.rb +885 -0
- data/lib/aws-sdk-s3/encryptionV3/decrypt_handler.rb +98 -0
- data/lib/aws-sdk-s3/encryptionV3/decryption.rb +244 -0
- data/lib/aws-sdk-s3/encryptionV3/default_cipher_provider.rb +159 -0
- data/lib/aws-sdk-s3/encryptionV3/default_key_provider.rb +35 -0
- data/lib/aws-sdk-s3/encryptionV3/encrypt_handler.rb +98 -0
- data/lib/aws-sdk-s3/encryptionV3/errors.rb +47 -0
- data/lib/aws-sdk-s3/encryptionV3/io_auth_decrypter.rb +60 -0
- data/lib/aws-sdk-s3/encryptionV3/io_decrypter.rb +35 -0
- data/lib/aws-sdk-s3/encryptionV3/io_encrypter.rb +84 -0
- data/lib/aws-sdk-s3/encryptionV3/key_provider.rb +28 -0
- data/lib/aws-sdk-s3/encryptionV3/kms_cipher_provider.rb +159 -0
- data/lib/aws-sdk-s3/encryptionV3/materials.rb +58 -0
- data/lib/aws-sdk-s3/encryptionV3/utils.rb +321 -0
- data/lib/aws-sdk-s3/encryption_v2.rb +24 -0
- data/lib/aws-sdk-s3/encryption_v3.rb +24 -0
- data/lib/aws-sdk-s3/endpoint_parameters.rb +181 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +886 -0
- data/lib/aws-sdk-s3/endpoints.rb +1544 -0
- data/lib/aws-sdk-s3/errors.rb +181 -1
- data/lib/aws-sdk-s3/event_streams.rb +69 -0
- data/lib/aws-sdk-s3/express_credentials.rb +55 -0
- data/lib/aws-sdk-s3/express_credentials_provider.rb +59 -0
- data/lib/aws-sdk-s3/file_downloader.rb +261 -82
- data/lib/aws-sdk-s3/file_part.rb +16 -13
- data/lib/aws-sdk-s3/file_uploader.rb +37 -22
- data/lib/aws-sdk-s3/legacy_signer.rb +19 -26
- data/lib/aws-sdk-s3/multipart_download_error.rb +8 -0
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +142 -80
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +191 -0
- data/lib/aws-sdk-s3/multipart_upload.rb +342 -31
- data/lib/aws-sdk-s3/multipart_upload_error.rb +5 -4
- data/lib/aws-sdk-s3/multipart_upload_part.rb +387 -47
- data/lib/aws-sdk-s3/object.rb +2733 -204
- data/lib/aws-sdk-s3/object_acl.rb +112 -25
- data/lib/aws-sdk-s3/object_copier.rb +9 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +50 -23
- data/lib/aws-sdk-s3/object_summary.rb +2265 -181
- data/lib/aws-sdk-s3/object_version.rb +542 -74
- data/lib/aws-sdk-s3/plugins/accelerate.rb +17 -64
- data/lib/aws-sdk-s3/plugins/access_grants.rb +178 -0
- data/lib/aws-sdk-s3/plugins/arn.rb +70 -0
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +7 -43
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +20 -3
- data/lib/aws-sdk-s3/plugins/checksum_algorithm.rb +31 -0
- data/lib/aws-sdk-s3/plugins/dualstack.rb +7 -50
- data/lib/aws-sdk-s3/plugins/endpoints.rb +86 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +5 -4
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +88 -0
- data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +3 -1
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +62 -17
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +44 -0
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +5 -1
- data/lib/aws-sdk-s3/plugins/md5s.rb +14 -67
- data/lib/aws-sdk-s3/plugins/redirects.rb +5 -1
- data/lib/aws-sdk-s3/plugins/s3_host_id.rb +2 -0
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +67 -93
- data/lib/aws-sdk-s3/plugins/sse_cpk.rb +3 -1
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +137 -0
- data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb +4 -1
- data/lib/aws-sdk-s3/presigned_post.rb +160 -99
- data/lib/aws-sdk-s3/presigner.rb +178 -81
- data/lib/aws-sdk-s3/resource.rb +164 -15
- data/lib/aws-sdk-s3/transfer_manager.rb +303 -0
- data/lib/aws-sdk-s3/types.rb +15981 -4168
- data/lib/aws-sdk-s3/waiters.rb +67 -1
- data/lib/aws-sdk-s3.rb +46 -31
- data/sig/bucket.rbs +231 -0
- data/sig/bucket_acl.rbs +78 -0
- data/sig/bucket_cors.rbs +69 -0
- data/sig/bucket_lifecycle.rbs +88 -0
- data/sig/bucket_lifecycle_configuration.rbs +115 -0
- data/sig/bucket_logging.rbs +76 -0
- data/sig/bucket_notification.rbs +114 -0
- data/sig/bucket_policy.rbs +59 -0
- data/sig/bucket_request_payment.rbs +54 -0
- data/sig/bucket_tagging.rbs +65 -0
- data/sig/bucket_versioning.rbs +77 -0
- data/sig/bucket_website.rbs +93 -0
- data/sig/client.rbs +2612 -0
- data/sig/customizations/bucket.rbs +19 -0
- data/sig/customizations/object.rbs +38 -0
- data/sig/customizations/object_summary.rbs +35 -0
- data/sig/errors.rbs +44 -0
- data/sig/multipart_upload.rbs +120 -0
- data/sig/multipart_upload_part.rbs +109 -0
- data/sig/object.rbs +464 -0
- data/sig/object_acl.rbs +86 -0
- data/sig/object_summary.rbs +347 -0
- data/sig/object_version.rbs +143 -0
- data/sig/resource.rbs +141 -0
- data/sig/types.rbs +2899 -0
- data/sig/waiters.rbs +95 -0
- metadata +97 -14
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'base64'
|
|
2
4
|
|
|
3
5
|
module Aws
|
|
@@ -15,13 +17,17 @@ module Aws
|
|
|
15
17
|
# envelope and encryption cipher.
|
|
16
18
|
def encryption_cipher
|
|
17
19
|
encryption_context = { "kms_cmk_id" => @kms_key_id }
|
|
18
|
-
key_data =
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
20
|
+
key_data = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
|
|
21
|
+
@kms_client.generate_data_key(
|
|
22
|
+
key_id: @kms_key_id,
|
|
23
|
+
encryption_context: encryption_context,
|
|
24
|
+
key_spec: 'AES_256'
|
|
25
|
+
)
|
|
26
|
+
end
|
|
23
27
|
cipher = Utils.aes_encryption_cipher(:CBC)
|
|
24
28
|
cipher.key = key_data.plaintext
|
|
29
|
+
##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
|
|
30
|
+
##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version.
|
|
25
31
|
envelope = {
|
|
26
32
|
'x-amz-key-v2' => encode64(key_data.ciphertext_blob),
|
|
27
33
|
'x-amz-iv' => encode64(cipher.iv = cipher.random_iv),
|
|
@@ -34,15 +40,38 @@ module Aws
|
|
|
34
40
|
|
|
35
41
|
# @return [Cipher] Given an encryption envelope, returns a
|
|
36
42
|
# decryption cipher.
|
|
37
|
-
def decryption_cipher(envelope)
|
|
43
|
+
def decryption_cipher(envelope, options = {})
|
|
38
44
|
encryption_context = Json.load(envelope['x-amz-matdesc'])
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
45
|
+
cek_alg = envelope['x-amz-cek-alg']
|
|
46
|
+
|
|
47
|
+
case envelope['x-amz-wrap-alg']
|
|
48
|
+
when 'kms'; # NO OP
|
|
49
|
+
when 'kms+context'
|
|
50
|
+
if cek_alg != encryption_context['aws:x-amz-cek-alg']
|
|
51
|
+
raise Errors::DecryptionError, 'Value of cek-alg from envelope'\
|
|
52
|
+
' does not match the value in the encryption context'
|
|
53
|
+
end
|
|
54
|
+
when 'AES/GCM'
|
|
55
|
+
raise ArgumentError, 'Key mismatch - Client is configured' \
|
|
56
|
+
' with a KMS key and the x-amz-wrap-alg is AES/GCM.'
|
|
57
|
+
when 'RSA-OAEP-SHA1'
|
|
58
|
+
raise ArgumentError, 'Key mismatch - Client is configured' \
|
|
59
|
+
' with a KMS key and the x-amz-wrap-alg is RSA-OAEP-SHA1.'
|
|
60
|
+
else
|
|
61
|
+
raise ArgumentError, 'Unsupported wrap-alg: ' \
|
|
62
|
+
"#{envelope['x-amz-wrap-alg']}"
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
key = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
|
|
66
|
+
@kms_client.decrypt(
|
|
67
|
+
ciphertext_blob: decode64(envelope['x-amz-key-v2']),
|
|
68
|
+
encryption_context: encryption_context
|
|
69
|
+
).plaintext
|
|
70
|
+
end
|
|
71
|
+
|
|
43
72
|
iv = decode64(envelope['x-amz-iv'])
|
|
44
73
|
block_mode =
|
|
45
|
-
case
|
|
74
|
+
case cek_alg
|
|
46
75
|
when 'AES/CBC/PKCS5Padding'
|
|
47
76
|
:CBC
|
|
48
77
|
when 'AES/CBC/PKCS7Padding'
|
|
@@ -59,6 +88,14 @@ module Aws
|
|
|
59
88
|
|
|
60
89
|
private
|
|
61
90
|
|
|
91
|
+
def build_encryption_context(cek_alg, options = {})
|
|
92
|
+
kms_context = (options[:kms_encryption_context] || {})
|
|
93
|
+
.each_with_object({}) { |(k, v), h| h[k.to_s] = v }
|
|
94
|
+
{
|
|
95
|
+
'aws:x-amz-cek-alg' => cek_alg
|
|
96
|
+
}.merge(kms_context)
|
|
97
|
+
end
|
|
98
|
+
|
|
62
99
|
def encode64(str)
|
|
63
100
|
Base64.encode64(str).split("\n") * ""
|
|
64
101
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'base64'
|
|
2
4
|
|
|
3
5
|
module Aws
|
|
@@ -32,14 +34,14 @@ module Aws
|
|
|
32
34
|
if [32, 24, 16].include?(key.bytesize)
|
|
33
35
|
key
|
|
34
36
|
else
|
|
35
|
-
msg =
|
|
36
|
-
|
|
37
|
+
msg = 'invalid key, symmetric key required to be 16, 24, or '\
|
|
38
|
+
'32 bytes in length, saw length ' + key.bytesize.to_s
|
|
37
39
|
raise ArgumentError, msg
|
|
38
40
|
end
|
|
39
41
|
else
|
|
40
|
-
msg =
|
|
41
|
-
|
|
42
|
-
|
|
42
|
+
msg = 'invalid encryption key, expected an OpenSSL::PKey::RSA key '\
|
|
43
|
+
'(for asymmetric encryption) or a String (for symmetric '\
|
|
44
|
+
'encryption).'
|
|
43
45
|
raise ArgumentError, msg
|
|
44
46
|
end
|
|
45
47
|
end
|
|
@@ -48,7 +50,7 @@ module Aws
|
|
|
48
50
|
Json.load(description)
|
|
49
51
|
description
|
|
50
52
|
rescue Json::ParseError, EncodingError
|
|
51
|
-
msg =
|
|
53
|
+
msg = 'expected description to be a valid JSON document string'
|
|
52
54
|
raise ArgumentError, msg
|
|
53
55
|
end
|
|
54
56
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'openssl'
|
|
2
4
|
|
|
3
5
|
module Aws
|
|
@@ -37,6 +39,29 @@ module Aws
|
|
|
37
39
|
end
|
|
38
40
|
end
|
|
39
41
|
|
|
42
|
+
|
|
43
|
+
def decrypt_aes_gcm(key, data, auth_data)
|
|
44
|
+
# data is iv (12B) + key + tag (16B)
|
|
45
|
+
buf = data.unpack('C*')
|
|
46
|
+
iv = buf[0,12].pack('C*') # iv will always be 12 bytes
|
|
47
|
+
tag = buf[-16, 16].pack('C*') # tag is 16 bytes
|
|
48
|
+
enc_key = buf[12, buf.size - (12+16)].pack('C*')
|
|
49
|
+
cipher = aes_cipher(:decrypt, :GCM, key, iv)
|
|
50
|
+
cipher.auth_tag = tag
|
|
51
|
+
cipher.auth_data = auth_data
|
|
52
|
+
cipher.update(enc_key) + cipher.final
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# returns the decrypted data + auth_data
|
|
56
|
+
def decrypt_rsa(key, enc_data)
|
|
57
|
+
# Plaintext must be KeyLengthInBytes (1 Byte) + DataKey + AuthData
|
|
58
|
+
buf = key.private_decrypt(enc_data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING).unpack('C*')
|
|
59
|
+
key_length = buf[0]
|
|
60
|
+
data = buf[1, key_length].pack('C*')
|
|
61
|
+
auth_data = buf[key_length+1, buf.length - key_length].pack('C*')
|
|
62
|
+
[data, auth_data]
|
|
63
|
+
end
|
|
64
|
+
|
|
40
65
|
# @param [String] block_mode "CBC" or "ECB"
|
|
41
66
|
# @param [OpenSSL::PKey::RSA, String, nil] key
|
|
42
67
|
# @param [String, nil] iv The initialization vector
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'aws-sdk-s3/encryption/client'
|
|
2
4
|
require 'aws-sdk-s3/encryption/decrypt_handler'
|
|
3
5
|
require 'aws-sdk-s3/encryption/default_cipher_provider'
|
|
@@ -15,5 +17,7 @@ require 'aws-sdk-s3/encryption/default_key_provider'
|
|
|
15
17
|
module Aws
|
|
16
18
|
module S3
|
|
17
19
|
module Encryption; end
|
|
20
|
+
AES_GCM_TAG_LEN_BYTES = 16
|
|
21
|
+
EC_USER_AGENT = 'S3CryptoV1n'
|
|
18
22
|
end
|
|
19
23
|
end
|