S3EncryptionClient.h

 
#pragma once
 
#include <aws/s3-encryption/s3Encryption_EXPORTS.h>
#include <aws/s3/S3Client.h>
#include <aws/s3-encryption/modules/CryptoModuleFactory.h>
#include <aws/core/client/AWSError.h>
 
namespace Aws
{
    namespace S3Encryption
    {
        struct AWS_S3ENCRYPTION_API S3EncryptionErrors
        {
            S3EncryptionErrors() = default;
            S3EncryptionErrors(const Aws::Utils::Crypto::CryptoErrors& error) :cryptoError(error), m_isS3Error(false) {}
            S3EncryptionErrors(const Aws::S3::S3Errors& error) :s3Error(error), m_isS3Error(true) {}
 
            inline bool IsS3Error() const { return m_isS3Error; }
            inline bool IsCryptoError() const { return !m_isS3Error; }
 
            union {
                Aws::Utils::Crypto::CryptoErrors cryptoError;
                Aws::S3::S3Errors s3Error;
            };
        private:
            bool m_isS3Error;
        };
 
        template<typename ERROR_TYPE>
        Aws::Client::AWSError<S3EncryptionErrors> BuildS3EncryptionError(const Aws::Client::AWSError<ERROR_TYPE>& error)
        {
            Aws::Client::AWSError<S3EncryptionErrors> s3EncryptionError = Aws::Client::AWSError<S3EncryptionErrors>(error.GetErrorType(), error.GetExceptionName(), error.GetMessage(), error.ShouldRetry());
            s3EncryptionError.SetResponseCode(error.GetResponseCode());
            s3EncryptionError.SetResponseHeaders(error.GetResponseHeaders());
            return s3EncryptionError;
        }
 
        typedef Aws::Utils::Outcome<Aws::S3::Model::PutObjectResult, Aws::Client::AWSError<S3EncryptionErrors>> S3EncryptionPutObjectOutcome;
        typedef Aws::Utils::Outcome<Aws::S3::Model::GetObjectResult, Aws::Client::AWSError<S3EncryptionErrors>> S3EncryptionGetObjectOutcome;
 
        class AWS_S3ENCRYPTION_API S3EncryptionClientBase
        {
        public:
            /*
            * Initialize the S3EncryptionClientBase with encryption materials, crypto configuration, and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientBase(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials, const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
                const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration());
 
            /*
            * Initialize the S3EncryptionClientBase with encryption materials, crypto configuration, AWS credentials and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientBase(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials, const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
                const Aws::Auth::AWSCredentials& credentials, const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration());
 
            /*
            * Initialize the S3EncryptionClientBase with encryption materials, crypto configuration, AWS credentials provider and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientBase(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials, const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
                const std::shared_ptr<Aws::Auth::AWSCredentialsProvider>& credentialsProvider, const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration());
 
            /*
             * Initialize the S3EncryptionClientBase with encryption materials, crypto configuration, and a s3 client factory.
             * The factory will be used to create the underlying S3 Client.
             */
            S3EncryptionClientBase(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials,
              const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
              const std::function<Aws::UniquePtr<Aws::S3::S3Client> ()>& s3ClientFactory);
 
            S3EncryptionClientBase(const S3EncryptionClientBase&) = delete;
            S3EncryptionClientBase& operator=(const S3EncryptionClientBase&) = delete;
 
            /*
            * Function to put an object encrypted to S3.
            * For KMSWithContext encryption materials, you can provide a context map as the KMS context for encrypting the CEK.
            * For other encryption materials, this context map must be an empty map.
            */
            //= ../specification/s3-encryption/client.md#required-api-operations
            //= type=implication
            //# - PutObject MUST be implemented by the S3EC.
            //# - PutObject MUST encrypt its input data before it is uploaded to S3.
            S3EncryptionPutObjectOutcome PutObject(const Aws::S3::Model::PutObjectRequest& request, const Aws::Map<Aws::String, Aws::String>& contextMap) const;
 
            /*
            * Function to get an object decrypted from S3.
            *
            * Range gets using this method are deprecated. Please see
            * <https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html> for more information
            */
            //= ../specification/s3-encryption/client.md#required-api-operations
            //= type=implication
            //# - GetObject MUST be implemented by the S3EC.
            //# - GetObject MUST decrypt data received from the S3 server and return it as plaintext.
            S3EncryptionGetObjectOutcome GetObject(const Aws::S3::Model::GetObjectRequest& request) const;
 
            /*
            * Function to get an object decrypted from S3. Fails if stored Materials Description does not exactly match supplied contextMap
            *
            * Range gets using this method are deprecated. Please see
            * <https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html> for more information
            */
            S3EncryptionGetObjectOutcome GetObject(const Aws::S3::Model::GetObjectRequest& request, const Aws::Map<Aws::String, Aws::String>& contextMap) const;
 
            inline bool MultipartUploadSupported() const { return false; }
 
        protected:
            bool ValidateStorageMethod(StorageMethod s);
            bool ValidateSecurityProfile(SecurityProfile s);
            bool ValidateCommitmentPolicy(CommitmentPolicy s);
            bool ValidateRangeGetMode(RangeGetMode s);
            /*
         * GetObject with optional contextMap.
         * Fail if contextMap is supplied and does not exactly match stored Materials Description
         */
            S3EncryptionGetObjectOutcome GetObjectInner(const Aws::S3::Model::GetObjectRequest& request, const Aws::Map<Aws::String, Aws::String> * contextMap) const;
 
            /*
            * Function to get the instruction file object of a encrypted object from S3. This instruction file object will be used to assist decryption.
            */
            Aws::S3::Model::GetObjectOutcome GetInstructionFileObject(const Aws::S3::Model::GetObjectRequest& originalGetRequest) const;
 
            Aws::UniquePtr<Aws::S3::S3Client> m_s3Client;
            Aws::S3Encryption::Modules::CryptoModuleFactory m_cryptoModuleFactory;
            std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials> m_encryptionMaterials;
            Aws::S3Encryption::CryptoConfiguration m_cryptoConfig;
            Aws::String m_error;
        };
 
        class
        AWS_DEPRECATED("This class is in the maintenance mode, no new updates will be released, use S3EncryptionClientV3. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.")
        AWS_S3ENCRYPTION_API S3EncryptionClient : public S3EncryptionClientBase
        {
        public:
            /*
            * Initialize the S3 Encryption Client with encryption materials, crypto configuration, and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClient(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials, const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
                const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(encryptionMaterials, cryptoConfig, clientConfiguration)
            {}
 
            /*
            * Initialize the S3 Encryption Client with encryption materials, crypto configuration, AWS credentials and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClient(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials, const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
                const Aws::Auth::AWSCredentials& credentials, const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(encryptionMaterials, cryptoConfig, credentials, clientConfiguration)
            {}
 
            /*
            * Initialize the S3 Encryption Client with encryption materials, crypto configuration, AWS credentials provider and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClient(const std::shared_ptr<Aws::Utils::Crypto::EncryptionMaterials>& encryptionMaterials, const Aws::S3Encryption::CryptoConfiguration& cryptoConfig,
                const std::shared_ptr<Aws::Auth::AWSCredentialsProvider>& credentialsProvider, const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(encryptionMaterials, cryptoConfig, credentialsProvider, clientConfiguration)
            {}
 
            /*
            * Function to put an object encrypted to S3.
            */
            S3EncryptionPutObjectOutcome PutObject(const Aws::S3::Model::PutObjectRequest& request) const { return S3EncryptionClientBase::PutObject(request, {}); }
        };
 
        class
        AWS_DEPRECATED("This class is in the maintenance mode, no new updates will be released, use S3EncryptionClientV3. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.")
        AWS_S3ENCRYPTION_API S3EncryptionClientV2 : public S3EncryptionClientBase
        {
        public:
            /*
            * Initialize the S3 Encryption Client V2 with crypto configuration v2, and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientV2(const Aws::S3Encryption::CryptoConfigurationV2& cryptoConfig,
                const Aws::Client::ClientConfiguration& clientConfig = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), clientConfig)
            {
                Init(cryptoConfig);
            }
 
 
            /*
            * Initialize the S3 Encryption Client V2 with crypto configuration v2, AWS credentials and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientV2(const Aws::S3Encryption::CryptoConfigurationV2& cryptoConfig, const Aws::Auth::AWSCredentials& credentials,
                const Aws::Client::ClientConfiguration& clientConfig = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), credentials, clientConfig)
            {
                Init(cryptoConfig);
            }
 
            /*
            * Initialize the S3 Encryption Client V2 with crypto configuration v2, AWS credentials provider and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientV2(const Aws::S3Encryption::CryptoConfigurationV2& cryptoConfig, const std::shared_ptr<Aws::Auth::AWSCredentialsProvider>& credentialsProvider,
                const Aws::Client::ClientConfiguration& clientConfig = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), credentialsProvider, clientConfig)
            {
                Init(cryptoConfig);
            }
 
            /*
             * Initialize the S3 Encryption Client V2 with crypto configuration v2, and a s3 client factory.
             * The factory will be used to create the underlying S3 Client.
             */
            S3EncryptionClientV2(const Aws::S3Encryption::CryptoConfigurationV2& cryptoConfig,
                const std::function<Aws::UniquePtr<Aws::S3::S3Client> ()>& s3ClientFactory)
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), s3ClientFactory)
            {
                Init(cryptoConfig);
            }
 
            S3EncryptionClientV2(const S3EncryptionClientV2&) = delete;
            S3EncryptionClientV2& operator=(const S3EncryptionClientV2&) = delete;
 
        private:
            void Init(const Aws::S3Encryption::CryptoConfigurationV2& cryptoConfig);
        };
 
        class AWS_S3ENCRYPTION_API S3EncryptionClientV3 : public S3EncryptionClientBase
        {
        public:
            /*
            * Initialize the S3 Encryption Client V3 with crypto configuration v3, and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            //= ../specification/s3-encryption/client.md#cryptographic-materials
            //= type=implication
            //# The S3EC MAY accept key material directly.
 
            //= ../specification/s3-encryption/client.md#inherited-sdk-configuration
            //= type=implication
            //# The S3EC MAY support directly configuring the wrapped SDK clients through its initialization.
            //# For example, the S3EC MAY accept a credentials provider instance during its initialization.
            //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped S3 clients.
            // There's only one client, so it's safe to say "all"
            S3EncryptionClientV3(const Aws::S3Encryption::CryptoConfigurationV3& cryptoConfig,
                const Aws::Client::ClientConfiguration& clientConfig = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), clientConfig)
            {
                Init(cryptoConfig);
            }
 
 
            /*
            * Initialize the S3 Encryption Client V3 with crypto configuration v3, AWS credentials and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientV3(const Aws::S3Encryption::CryptoConfigurationV3& cryptoConfig, const Aws::Auth::AWSCredentials& credentials,
                const Aws::Client::ClientConfiguration& clientConfig = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), credentials, clientConfig)
            {
                Init(cryptoConfig);
            }
 
            /*
            * Initialize the S3 Encryption Client V3 with crypto configuration v3, AWS credentials provider and a client configuration. If no client configuration is supplied,
            * the default client configuration will be used.
            */
            S3EncryptionClientV3(const Aws::S3Encryption::CryptoConfigurationV3& cryptoConfig, const std::shared_ptr<Aws::Auth::AWSCredentialsProvider>& credentialsProvider,
                const Aws::Client::ClientConfiguration& clientConfig = Aws::Client::ClientConfiguration())
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), credentialsProvider, clientConfig)
            {
                Init(cryptoConfig);
            }
 
            /*
             * Initialize the S3 Encryption Client V3 with crypto configuration v3, and a s3 client factory.
             * The factory will be used to create the underlying S3 Client.
             */
            //= ../specification/s3-encryption/client.md#wrapped-s3-client-s
            //= type=implication
            //# The S3EC MUST support the option to provide an SDK S3 client instance during its initialization.
            //# The S3EC MUST NOT support use of S3EC as the provided S3 client during its initialization; it MUST throw an exception in this case.
            // The S3EncryptionClientV3 is not an S3Client, so this can't happen.
            S3EncryptionClientV3(const Aws::S3Encryption::CryptoConfigurationV3& cryptoConfig,
                const std::function<Aws::UniquePtr<Aws::S3::S3Client> ()>& s3ClientFactory)
                : S3EncryptionClientBase(cryptoConfig.GetEncryptionMaterials(), CryptoConfiguration(), s3ClientFactory)
            {
                Init(cryptoConfig);
            }
 
            S3EncryptionClientV3(const S3EncryptionClientV3&) = delete;
            S3EncryptionClientV3& operator=(const S3EncryptionClientV3&) = delete;
 
        private:
            void Init(const Aws::S3Encryption::CryptoConfigurationV3& cryptoConfig);
        };
    }
}