/*
* Copyright 2013-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.s3.internal.crypto;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
/**
* Strict Authenticated encryption (AE) cryptographic module for the S3
* encryption client.
*/
class S3CryptoModuleAEStrict extends S3CryptoModuleAE {
S3CryptoModuleAEStrict(S3Direct s3,
AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider encryptionMaterialsProvider,
ClientConfiguration clientConfig, CryptoConfiguration cryptoConfig) {
super(s3, credentialsProvider, encryptionMaterialsProvider,
clientConfig, cryptoConfig);
}
/**
* Used for testing purposes only.
*/
S3CryptoModuleAEStrict(S3Direct s3,
EncryptionMaterialsProvider encryptionMaterialsProvider,
CryptoConfiguration cryptoConfig) {
super(s3, encryptionMaterialsProvider, cryptoConfig);
}
@Override
protected final boolean isStrict() {
return true;
}
@Override
protected void securityCheck(ContentCryptoMaterial cekMaterial,
S3ObjectWrapper retrieved) {
if (!ContentCryptoScheme.AES_GCM.equals(cekMaterial.getContentCryptoScheme())) {
throw new SecurityException("S3 object [bucket: "
+ retrieved.getBucketName() + ", key: "
+ retrieved.getKey()
+ "] not encrypted using authenticated encryption");
}
}
}