Class: AWS::S3::EncryptedClient

Inherits:
Client
  • Object
show all
Defined in:
lib/aws/s3/encrypted_client.rb

Constant Summary collapse

HEADER_META =
"x-amz-meta"
HEADER_KEY =
"x-amz-key"
HEADER_IV =
"x-amz-iv"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ EncryptedClient

Returns a new instance of EncryptedClient.



13
14
15
16
17
18
19
# File 'lib/aws/s3/encrypted_client.rb', line 13

def initialize(options = {})
  config = (options[:config] || AWS.config).with(options)
  @private_encryption_key = config.s3_private_key
  @public_encryption_key  = config.s3_public_key
  raise "missing public and/or private key" unless private_encryption_key && public_encryption_key
  super
end

Instance Attribute Details

#private_encryption_keyObject (readonly)

Returns the value of attribute private_encryption_key.



6
7
8
# File 'lib/aws/s3/encrypted_client.rb', line 6

def private_encryption_key
  @private_encryption_key
end

#public_encryption_keyObject (readonly)

Returns the value of attribute public_encryption_key.



7
8
9
# File 'lib/aws/s3/encrypted_client.rb', line 7

def public_encryption_key
  @public_encryption_key
end

Instance Method Details

#crypterObject



68
69
70
# File 'lib/aws/s3/encrypted_client.rb', line 68

def crypter
  @crypter ||= Crypter.new
end

#crypter=(crypter) ⇒ Object



64
65
66
# File 'lib/aws/s3/encrypted_client.rb', line 64

def crypter=(crypter)
  @crypter = crypter
end

#get_object(options = {}) ⇒ Object



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# File 'lib/aws/s3/encrypted_client.rb', line 38

def get_object(options = {})
  response = super

  ekey = response.http_response.headers["#{HEADER_META}-#{HEADER_KEY}"]
  iv   = response.http_response.headers["#{HEADER_META}-#{HEADER_IV}"]

  if ekey && iv
    ekey  = Base64.decode64(URI.decode([ekey].compact.join))
    iv    = Base64.decode64(URI.decode([iv].compact.join))
    edata = response.data

    begin
      key = @public_encryption_key.public_decrypt(ekey)
    rescue Exception => e
      raise Errors::DecryptionError.new(@public_encryption_key, ekey, e)
    end

    data  = crypter.decrypt_data(edata, key, iv)
    Core::MetaUtils.extend_method(response, :data) { data }
  else
    raise Errors::UnencryptedData.new(response.http_request, response.http_response)
  end

  response
end

#put_object(options = {}) ⇒ Object



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/aws/s3/encrypted_client.rb', line 21

def put_object(options = {})
  if block_given?
    buffer = StringIO.new
    yield buffer
    options[:data] = buffer.string
  end

  edata, key, iv = crypter.encrypt_data(options[:data])
  key = @private_encryption_key.private_encrypt(key)

  options[:metadata]           ||= {}
  options[:metadata][HEADER_KEY] = URI.encode(Base64.encode64(key))
  options[:metadata][HEADER_IV]  = URI.encode(Base64.encode64(iv))
  options[:data]                 = edata
  super
end