github.com/aavshr/aws-sdk-go@v1.41.3/service/s3/s3crypto/decryption_client.go (about)

     1  package s3crypto
     2  
     3  import (
     4  	"github.com/aavshr/aws-sdk-go/aws"
     5  	"github.com/aavshr/aws-sdk-go/aws/client"
     6  	"github.com/aavshr/aws-sdk-go/aws/request"
     7  	"github.com/aavshr/aws-sdk-go/service/kms"
     8  	"github.com/aavshr/aws-sdk-go/service/s3"
     9  	"github.com/aavshr/aws-sdk-go/service/s3/s3iface"
    10  )
    11  
    12  // WrapEntry is builder that return a proper key decrypter and error
    13  type WrapEntry func(Envelope) (CipherDataDecrypter, error)
    14  
    15  // CEKEntry is a builder that returns a proper content decrypter and error
    16  type CEKEntry func(CipherData) (ContentCipher, error)
    17  
    18  // DecryptionClient is an S3 crypto client. The decryption client
    19  // will handle all get object requests from Amazon S3.
    20  // Supported key wrapping algorithms:
    21  //	*AWS KMS
    22  //
    23  // Supported content ciphers:
    24  //	* AES/GCM
    25  //	* AES/CBC
    26  //
    27  // deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
    28  type DecryptionClient struct {
    29  	S3Client s3iface.S3API
    30  	// LoadStrategy is used to load the metadata either from the metadata of the object
    31  	// or from a separate file in s3.
    32  	//
    33  	// Defaults to our default load strategy.
    34  	LoadStrategy LoadStrategy
    35  
    36  	WrapRegistry   map[string]WrapEntry
    37  	CEKRegistry    map[string]CEKEntry
    38  	PadderRegistry map[string]Padder
    39  }
    40  
    41  // NewDecryptionClient instantiates a new S3 crypto client
    42  //
    43  // Example:
    44  //	sess := session.Must(session.NewSession())
    45  //	svc := s3crypto.NewDecryptionClient(sess, func(svc *s3crypto.DecryptionClient{
    46  //		// Custom client options here
    47  //	}))
    48  //
    49  // deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
    50  func NewDecryptionClient(prov client.ConfigProvider, options ...func(*DecryptionClient)) *DecryptionClient {
    51  	s3client := s3.New(prov)
    52  
    53  	s3client.Handlers.Build.PushBack(func(r *request.Request) {
    54  		request.AddToUserAgent(r, "S3CryptoV1n")
    55  	})
    56  
    57  	kmsClient := kms.New(prov)
    58  	client := &DecryptionClient{
    59  		S3Client: s3client,
    60  		LoadStrategy: defaultV2LoadStrategy{
    61  			client: s3client,
    62  		},
    63  		WrapRegistry: map[string]WrapEntry{
    64  			KMSWrap:        NewKMSWrapEntry(kmsClient),
    65  			KMSContextWrap: newKMSContextWrapEntryWithAnyCMK(kmsClient),
    66  		},
    67  		CEKRegistry: map[string]CEKEntry{
    68  			AESGCMNoPadding:                    newAESGCMContentCipher,
    69  			AESCBC + "/" + AESCBCPadder.Name(): newAESCBCContentCipher,
    70  		},
    71  		PadderRegistry: map[string]Padder{
    72  			AESCBC + "/" + AESCBCPadder.Name(): AESCBCPadder,
    73  			NoPadder.Name():                    NoPadder,
    74  		},
    75  	}
    76  	for _, option := range options {
    77  		option(client)
    78  	}
    79  
    80  	return client
    81  }
    82  
    83  // GetObjectRequest will make a request to s3 and retrieve the object. In this process
    84  // decryption will be done. The SDK only supports V2 reads of KMS and GCM.
    85  //
    86  // Example:
    87  //  sess := session.Must(session.NewSession())
    88  //	svc := s3crypto.NewDecryptionClient(sess)
    89  //	req, out := svc.GetObjectRequest(&s3.GetObjectInput {
    90  //	  Key: aws.String("testKey"),
    91  //	  Bucket: aws.String("testBucket"),
    92  //	})
    93  //	err := req.Send()
    94  //
    95  // deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
    96  func (c *DecryptionClient) GetObjectRequest(input *s3.GetObjectInput) (*request.Request, *s3.GetObjectOutput) {
    97  	return getObjectRequest(c.getClientOptions(), input)
    98  }
    99  
   100  // GetObject is a wrapper for GetObjectRequest
   101  //
   102  // deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
   103  func (c *DecryptionClient) GetObject(input *s3.GetObjectInput) (*s3.GetObjectOutput, error) {
   104  	return getObject(c.getClientOptions(), input)
   105  }
   106  
   107  // GetObjectWithContext is a wrapper for GetObjectRequest with the additional
   108  // context, and request options support.
   109  //
   110  // GetObjectWithContext is the same as GetObject with the additional support for
   111  // Context input parameters. The Context must not be nil. A nil Context will
   112  // cause a panic. Use the Context to add deadlining, timeouts, etc. In the future
   113  // this may create sub-contexts for individual underlying requests.
   114  //
   115  // deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
   116  func (c *DecryptionClient) GetObjectWithContext(ctx aws.Context, input *s3.GetObjectInput, opts ...request.Option) (*s3.GetObjectOutput, error) {
   117  	return getObjectWithContext(c.getClientOptions(), ctx, input, opts...)
   118  }
   119  
   120  func (c *DecryptionClient) getClientOptions() DecryptionClientOptions {
   121  	return DecryptionClientOptions{
   122  		S3Client:       c.S3Client,
   123  		LoadStrategy:   c.LoadStrategy,
   124  		CryptoRegistry: initCryptoRegistryFrom(c.WrapRegistry, c.CEKRegistry, c.PadderRegistry),
   125  	}
   126  }