Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix jruby test failures #2384

Merged
merged 4 commits into from
Aug 10, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ module S3
module Encryption
# @api private
class DecryptHandler < Seahorse::Client::Handler
@@warned_response_target_proc = false

V1_ENVELOPE_KEYS = %w(
x-amz-key
Expand Down Expand Up @@ -45,6 +46,16 @@ class DecryptHandler < Seahorse::Client::Handler
def call(context)
attach_http_event_listeners(context)
apply_cse_user_agent(context)

if context[:response_target].is_a?(Proc) && !@@warned_response_target_proc
@@warned_response_target_proc = true
warn(':response_target is a Proc, or a block was provided. ' \
'Read the entire object to the ' \
'end before you start using the decrypted data. This is to ' \
'verify that the object has not been modified since it ' \
'was encrypted.')
end

@handler.call(context)
end

Expand Down Expand Up @@ -75,11 +86,11 @@ def attach_http_event_listeners(context)
end

def decryption_cipher(context)
if envelope = get_encryption_envelope(context)
if (envelope = get_encryption_envelope(context))
cipher = context[:encryption][:cipher_provider]
.decryption_cipher(
envelope,
kms_encryption_context: context[:encryption][:kms_encryption_context]
context[:encryption]
)
[cipher, envelope]
else
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,27 +9,28 @@ class IODecrypter
# @param [OpenSSL::Cipher] cipher
# @param [IO#write] io An IO-like object that responds to `#write`.
def initialize(cipher, io)
@cipher = cipher.clone
@cipher = cipher
# Ensure that IO is reset between retries
@io = io.tap { |io| io.truncate(0) if io.respond_to?(:truncate) }
@cipher_buffer = String.new
end

# @return [#write]
attr_reader :io

def write(chunk)
# decrypt and write
@io.write(@cipher.update(chunk))
if @cipher.method(:update).arity == 1
@io.write(@cipher.update(chunk))
else
@io.write(@cipher.update(chunk, @cipher_buffer))
end
end

def finalize
@io.write(@cipher.final)
end

def size
@io.size
end

end
end
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ module S3
# ## Required Configuration
#
# You must configure all of the following:
#
# * a key or key provider - See the Keys section below. The key provided determines
# the key wrapping schema(s) supported for both encryption and decryption.
# * `key_wrap_schema` - The key wrapping schema. It must match the type of key configured.
Expand Down Expand Up @@ -234,6 +235,7 @@ class Client
def_delegators :@client, :config, :delete_object, :head_object, :build_request

# Creates a new encryption client. You must configure all of the following:
#
# * a key or key provider - The key provided also determines the key wrapping
# schema(s) supported for both encryption and decryption.
# * `key_wrap_schema` - The key wrapping schema. It must match the type of key configured.
Expand Down Expand Up @@ -387,7 +389,7 @@ def put_object(params = {})
# @option (see S3::Client#get_object)
# @return (see S3::Client#get_object)
# @see S3::Client#get_object
# @note The `:range` request parameter is not yet supported.
# @note The `:range` request parameter is not supported.
def get_object(params = {}, &block)
if params[:range]
raise NotImplementedError, '#get_object with :range not supported'
Expand Down
5 changes: 1 addition & 4 deletions aws-sdk-resources/spec/services/s3/encryption/client_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -608,11 +608,8 @@ def stub_encrypted_get_with_instruction_file(sfx = '.instruction')
"\x8E\x0E\xC0\xD5\x1A\x88\xAF2\xB1\xEEg#\x15"
end

if !ENV['TRAVIS'] && RUBY_VERSION > '1.9.3'
if !ENV['TRAVIS'] && RUBY_VERSION > '1.9.3' && OpenSSL::Cipher.ciphers.include?('aes-256-gcm')
it 'supports decryption via KMS w/ GCM' do
unless OpenSSL::Cipher.ciphers.include?('aes-256-gcm')
pending('aes-256-gcm not supported')
end
kms_client.stub_responses(
:decrypt, plaintext: plaintext_object_key
)
Expand Down