minio-rs/src/s3/sse.rs

// MinIO Rust Library for Amazon S3 Compatible Cloud Storage
// Copyright 2022 MinIO, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Server side encryption definitions

use crate::s3::multimap::{Multimap, MultimapExt};
use crate::s3::utils::{b64encode, md5sum_hash};
use std::any::Any;

/// Base server side encryption
pub trait Sse: std::fmt::Debug + Send + Sync {
    /// Regular headers
    fn headers(&self) -> Multimap;
    /// Headers for copy operation
    fn copy_headers(&self) -> Multimap;
    fn tls_required(&self) -> bool;
    fn as_any(&self) -> &dyn Any;
}

#[derive(Clone, Debug)]
/// Server side encryption customer key type
pub struct SseCustomerKey {
    headers: Multimap,
    copy_headers: Multimap,
}

impl SseCustomerKey {
    pub fn new(key: &str) -> Self {
        let b64key: String = b64encode(key);
        let md5key: String = md5sum_hash(key.as_bytes());

        let mut headers = Multimap::with_capacity(3);
        headers.add("X-Amz-Server-Side-Encryption-Customer-Algorithm", "AES256");
        headers.add("X-Amz-Server-Side-Encryption-Customer-Key", b64key.clone());
        headers.add(
            "X-Amz-Server-Side-Encryption-Customer-Key-MD5",
            md5key.clone(),
        );

        let mut copy_headers = Multimap::with_capacity(3);
        copy_headers.add(
            "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm",
            "AES256",
        );
        copy_headers.add(
            "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key",
            b64key,
        );
        copy_headers.add(
            "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-MD5",
            md5key,
        );

        Self {
            headers,
            copy_headers,
        }
    }
}

impl Sse for SseCustomerKey {
    fn headers(&self) -> Multimap {
        self.headers.clone()
    }

    fn copy_headers(&self) -> Multimap {
        self.copy_headers.clone()
    }

    fn tls_required(&self) -> bool {
        true
    }

    fn as_any(&self) -> &dyn Any {
        self
    }
}

#[derive(Clone, Debug)]
/// Server side encryption KMS type
pub struct SseKms {
    headers: Multimap,
}

impl SseKms {
    pub fn new(key: &str, context: Option<&str>) -> SseKms {
        let mut headers = Multimap::with_capacity(3);

        headers.add("X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id", key);
        headers.add("X-Amz-Server-Side-Encryption", "aws:kms");
        if let Some(v) = context {
            headers.add("X-Amz-Server-Side-Encryption-Context", b64encode(v));
        }

        SseKms { headers }
    }
}

impl Sse for SseKms {
    fn headers(&self) -> Multimap {
        self.headers.clone()
    }

    fn copy_headers(&self) -> Multimap {
        Multimap::with_capacity(0)
    }

    fn tls_required(&self) -> bool {
        true
    }

    fn as_any(&self) -> &dyn Any {
        self
    }
}

#[derive(Clone, Debug)]
/// Server side encryption S3 type
pub struct SseS3 {
    headers: Multimap,
}

impl SseS3 {
    pub fn new() -> Self {
        let mut headers = Multimap::new();
        headers.add("X-Amz-Server-Side-Encryption", "AES256");

        Self { headers }
    }
}

impl Default for SseS3 {
    fn default() -> Self {
        Self::new()
    }
}

impl Sse for SseS3 {
    fn headers(&self) -> Multimap {
        self.headers.clone()
    }

    fn copy_headers(&self) -> Multimap {
        Multimap::with_capacity(0)
    }

    fn tls_required(&self) -> bool {
        false
    }

    fn as_any(&self) -> &dyn Any {
        self
    }
}