tommy
/
cos-go-sdk-v5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
260 Commits
1 Branch
15 Tags
719 KiB
Tree: 0edf665bf1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0edf665bf1'
${ noResults }
cos-go-sdk-v5/crypto/crypto_object.go

233 lines
6.6 KiB
Raw Normal View History

add ces-kms
4 years ago
add Crypto UserAgent and versionid
4 years ago
add ces-kms
4 years ago
add Crypto UserAgent and versionid
4 years ago
add ces-kms
4 years ago
add Crypto UserAgent and versionid
4 years ago
add ces-kms
4 years ago
add Crypto UserAgent and versionid
4 years ago
add ces-kms
4 years ago
add Crypto UserAgent and versionid
4 years ago
add ces-kms
4 years ago
add Crypto UserAgent and versionid
4 years ago
add ces-kms
4 years ago
  1. package coscrypto
  3. import (
  4. "context"
  5. "fmt"
  6. "github.com/tencentyun/cos-go-sdk-v5"
  7. "io"
  8. "net/http"
  9. "os"
  10. "strconv"
  11. )
  13. type CryptoObjectService struct {
  14. *cos.ObjectService
  15. cryptoClient *CryptoClient
  16. }
  18. type CryptoClient struct {
  19. *cos.Client
  20. Object *CryptoObjectService
  21. ContentCipherBuilder ContentCipherBuilder
  23. userAgent string
  24. }
  26. func NewCryptoClient(client *cos.Client, masterCipher MasterCipher) *CryptoClient {
  27. cc := &CryptoClient{
  28. Client: client,
  29. Object: &CryptoObjectService{
  30. client.Object,
  31. nil,
  32. },
  33. ContentCipherBuilder: CreateAesCtrBuilder(masterCipher),
  34. }
  35. cc.userAgent = cc.Client.UserAgent + "/" + EncryptionUaSuffix
  36. cc.Object.cryptoClient = cc
  38. return cc
  39. }
  41. func (s *CryptoObjectService) Put(ctx context.Context, name string, r io.Reader, opt *cos.ObjectPutOptions) (*cos.Response, error) {
  42. cc, err := s.cryptoClient.ContentCipherBuilder.ContentCipher()
  43. if err != nil {
  44. return nil, err
  45. }
  46. reader, err := cc.EncryptContent(r)
  47. if err != nil {
  48. return nil, err
  49. }
  50. opt = cos.CloneObjectPutOptions(opt)
  51. totalBytes, err := cos.GetReaderLen(r)
  52. if err != nil && opt != nil && opt.Listener != nil && opt.ContentLength == 0 {
  53. return nil, err
  54. }
  55. if err == nil {
  56. if opt != nil && opt.ContentLength == 0 {
  57. // 如果未设置Listener, 非bytes.Buffer/bytes.Reader/strings.Reader由用户指定Contength
  58. if opt.Listener != nil || cos.IsLenReader(r) {
  59. opt.ContentLength = totalBytes
  60. }
  61. }
  62. }
  63. if opt.XOptionHeader == nil {
  64. opt.XOptionHeader = &http.Header{}
  65. }
  66. if opt.ContentMD5 != "" {
  67. opt.XOptionHeader.Add(COSClientSideEncryptionUnencryptedContentMD5, opt.ContentMD5)
  68. opt.ContentMD5 = ""
  69. }
  70. if opt.ContentLength != 0 {
  71. opt.XOptionHeader.Add(COSClientSideEncryptionUnencryptedContentLength, strconv.FormatInt(opt.ContentLength, 10))
  72. opt.ContentLength = cc.GetEncryptedLen(opt.ContentLength)
  73. }
  74. opt.XOptionHeader.Add(UserAgent, s.cryptoClient.userAgent)
  75. addCryptoHeaders(opt.XOptionHeader, cc.GetCipherData())
  77. return s.ObjectService.Put(ctx, name, reader, opt)
  78. }
  80. func (s *CryptoObjectService) PutFromFile(ctx context.Context, name, filePath string, opt *cos.ObjectPutOptions) (resp *cos.Response, err error) {
  81. nr := 0
  82. for nr < 3 {
  83. fd, e := os.Open(filePath)
  84. if e != nil {
  85. err = e
  86. return
  87. }
  88. resp, err = s.Put(ctx, name, fd, opt)
  89. if err != nil {
  90. nr++
  91. fd.Close()
  92. continue
  93. }
  94. fd.Close()
  95. break
  96. }
  97. return
  98. }
  100. func (s *CryptoObjectService) Get(ctx context.Context, name string, opt *cos.ObjectGetOptions, id ...string) (*cos.Response, error) {
  101. meta, err := s.ObjectService.Head(ctx, name, nil, id...)
  102. if err != nil {
  103. return meta, err
  104. }
  105. _isEncrypted := isEncrypted(&meta.Header)
  106. if !_isEncrypted {
  107. return s.ObjectService.Get(ctx, name, opt, id...)
  108. }
  110. envelope := getEnvelopeFromHeader(&meta.Header)
  111. if !envelope.IsValid() {
  112. return nil, fmt.Errorf("get envelope from header failed, object:%v", name)
  113. }
  114. encryptMatDesc := s.cryptoClient.ContentCipherBuilder.GetMatDesc()
  115. if envelope.MatDesc != encryptMatDesc {
  116. return nil, fmt.Errorf("provided master cipher error, want:%v, return:%v, object:%v", encryptMatDesc, envelope.MatDesc, name)
  117. }
  119. cc, err := s.cryptoClient.ContentCipherBuilder.ContentCipherEnv(envelope)
  120. if err != nil {
  121. return nil, fmt.Errorf("get content cipher from envelope failed: %v, object:%v", err, name)
  122. }
  124. opt = cos.CloneObjectGetOptions(opt)
  125. if opt.XOptionHeader == nil {
  126. opt.XOptionHeader = &http.Header{}
  127. }
  128. optRange, err := cos.GetRangeOptions(opt)
  129. if err != nil {
  130. return nil, err
  131. }
  132. discardAlignLen := int64(0)
  133. // Range请求
  134. if optRange != nil && optRange.HasStart {
  135. // 加密block对齐
  136. adjustStart := adjustRangeStart(optRange.Start, int64(cc.GetAlignLen()))
  137. discardAlignLen = optRange.Start - adjustStart
  138. if discardAlignLen > 0 {
  139. optRange.Start = adjustStart
  140. opt.Range = cos.FormatRangeOptions(optRange)
  141. }
  143. cd := cc.GetCipherData().Clone()
  144. cd.SeekIV(uint64(adjustStart))
  145. cc, err = cc.Clone(cd)
  146. if err != nil {
  147. return nil, fmt.Errorf("ContentCipher Clone failed:%v, bject:%v", err, name)
  148. }
  149. }
  150. opt.XOptionHeader.Add(UserAgent, s.cryptoClient.userAgent)
  151. resp, err := s.ObjectService.Get(ctx, name, opt, id...)
  152. if err != nil {
  153. return resp, err
  154. }
  155. resp.Body, err = cc.DecryptContent(resp.Body)
  156. if err != nil {
  157. return resp, err
  158. }
  159. // 抛弃多读取的数据
  160. if discardAlignLen > 0 {
  161. resp.Body = &cos.DiscardReadCloser{
  162. RC: resp.Body,
  163. Discard: int(discardAlignLen),
  164. }
  165. }
  166. return resp, err
  167. }
  169. func (s *CryptoObjectService) GetToFile(ctx context.Context, name, localpath string, opt *cos.ObjectGetOptions, id ...string) (*cos.Response, error) {
  170. resp, err := s.Get(ctx, name, opt, id...)
  171. if err != nil {
  172. return resp, err
  173. }
  174. defer resp.Body.Close()
  176. // If file exist, overwrite it
  177. fd, err := os.OpenFile(localpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0660)
  178. if err != nil {
  179. return resp, err
  180. }
  182. _, err = io.Copy(fd, resp.Body)
  183. fd.Close()
  184. if err != nil {
  185. return resp, err
  186. }
  188. return resp, nil
  189. }
  191. func (s *CryptoObjectService) MultiUpload(ctx context.Context, name string, filepath string, opt *cos.MultiUploadOptions) (*cos.CompleteMultipartUploadResult, *cos.Response, error) {
  192. return s.Upload(ctx, name, filepath, opt)
  193. }
  195. func (s *CryptoObjectService) Upload(ctx context.Context, name string, filepath string, opt *cos.MultiUploadOptions) (*cos.CompleteMultipartUploadResult, *cos.Response, error) {
  196. return nil, nil, fmt.Errorf("CryptoObjectService doesn't support Upload Now")
  197. }
  199. func (s *CryptoObjectService) Download(ctx context.Context, name string, filepath string, opt *cos.MultiDownloadOptions) (*cos.Response, error) {
  200. return nil, fmt.Errorf("CryptoObjectService doesn't support Download Now")
  201. }
  203. func adjustRangeStart(start int64, alignLen int64) int64 {
  204. return (start / alignLen) * alignLen
  205. }
  207. func addCryptoHeaders(header *http.Header, cd *CipherData) {
  208. if cd.MatDesc != "" {
  209. header.Add(COSClientSideEncryptionMatDesc, cd.MatDesc)
  210. }
  211. header.Add(COSClientSideEncryptionKey, string(cd.EncryptedKey))
  212. header.Add(COSClientSideEncryptionStart, string(cd.EncryptedIV))
  213. header.Add(COSClientSideEncryptionWrapAlg, cd.WrapAlgorithm)
  214. header.Add(COSClientSideEncryptionCekAlg, cd.CEKAlgorithm)
  215. }
  217. func getEnvelopeFromHeader(header *http.Header) Envelope {
  218. var envelope Envelope
  219. envelope.CipherKey = header.Get(COSClientSideEncryptionKey)
  220. envelope.IV = header.Get(COSClientSideEncryptionStart)
  221. envelope.MatDesc = header.Get(COSClientSideEncryptionMatDesc)
  222. envelope.WrapAlg = header.Get(COSClientSideEncryptionWrapAlg)
  223. envelope.CEKAlg = header.Get(COSClientSideEncryptionCekAlg)
  224. return envelope
  225. }
  227. func isEncrypted(header *http.Header) bool {
  228. encryptedKey := header.Get(COSClientSideEncryptionKey)
  229. if len(encryptedKey) > 0 {
  230. return true
  231. }
  232. return false
  233. }