feat: extend delegating client to enable non-encrypted API operations in default and async encrypion clients (#94)

kessplas · web-flow · commit ba78c2cd8d94 · 2023-03-01T06:03:49.000-08:00
diff --git a/src/main/java/software/amazon/encryption/s3/S3AsyncEncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3AsyncEncryptionClient.java
@@ -6,6 +6,7 @@
 import software.amazon.awssdk.core.async.AsyncRequestBody;
 import software.amazon.awssdk.core.async.AsyncResponseTransformer;
 import software.amazon.awssdk.core.exception.SdkClientException;
+import software.amazon.awssdk.services.s3.DelegatingS3AsyncClient;
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.model.DeleteObjectRequest;
 import software.amazon.awssdk.services.s3.model.DeleteObjectResponse;
@@ -36,7 +37,7 @@
 import java.util.function.Consumer;
 import java.util.function.Function;
 
-public class S3AsyncEncryptionClient implements S3AsyncClient {
+public class S3AsyncEncryptionClient extends DelegatingS3AsyncClient {
 
     private final S3AsyncClient _wrappedClient;
     private final S3AsyncClient _wrappedCrtClient;
@@ -48,6 +49,7 @@ public class S3AsyncEncryptionClient implements S3AsyncClient {
     private final boolean _enableMultipartPutObject;
 
     private S3AsyncEncryptionClient(Builder builder) {
+        super(builder._wrappedClient);
         _wrappedClient = builder._wrappedClient;
         _wrappedCrtClient = builder._wrappedCrtClient;
         _cryptoMaterialsManager = builder._cryptoMaterialsManager;
@@ -123,11 +125,6 @@ public CompletableFuture<DeleteObjectsResponse> deleteObjects(DeleteObjectsReque
                 .build());
     }
 
-    @Override
-    public String serviceName() {
-        return _wrappedClient.serviceName();
-    }
-
     @Override
     public void close() {
         _wrappedClient.close();
diff --git a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
@@ -11,6 +11,7 @@
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.core.sync.ResponseTransformer;
 import software.amazon.awssdk.http.AbortableInputStream;
+import software.amazon.awssdk.services.s3.DelegatingS3Client;
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.model.AbortMultipartUploadRequest;
@@ -59,13 +60,14 @@
  * This client is a drop-in replacement for the S3 client. It will automatically encrypt objects
  * on putObject and decrypt objects on getObject using the provided encryption key(s).
  */
-public class S3EncryptionClient implements S3Client {
+public class S3EncryptionClient extends DelegatingS3Client {
 
     // Used for request-scoped encryption contexts for supporting keys
     public static final ExecutionAttribute<Map<String, String>> ENCRYPTION_CONTEXT = new ExecutionAttribute<>("EncryptionContext");
     // TODO: Replace with UploadPartRequest.isLastPart() when launched.
     // Used for multipart uploads
     public static final ExecutionAttribute<Boolean> IS_LAST_PART = new ExecutionAttribute<>("isLastPart");
+
     private final S3AsyncClient _wrappedClient;
     private final S3AsyncClient _wrappedCrtClient;
     private final CryptographicMaterialsManager _cryptoMaterialsManager;
@@ -77,6 +79,9 @@ public class S3EncryptionClient implements S3Client {
     private final MultipartUploadObjectPipeline _multipartPipeline;
 
     private S3EncryptionClient(Builder builder) {
+        // The non-encrypted APIs will use a default client.
+        // In the future, we may want to make this configurable.
+        super(S3Client.create());
         _wrappedClient = builder._wrappedClient;
         _wrappedCrtClient = builder._wrappedCrtClient;
         _cryptoMaterialsManager = builder._cryptoMaterialsManager;
@@ -206,11 +211,6 @@ public AbortMultipartUploadResponse abortMultipartUpload(AbortMultipartUploadReq
         return _multipartPipeline.abortMultipartUpload(request);
     }
 
-    @Override
-    public String serviceName() {
-        return _wrappedClient.serviceName();
-    }
-
     @Override
     public void close() {
         _wrappedClient.close();
diff --git a/src/test/java/software/amazon/encryption/s3/S3AsyncEncryptionClientTest.java b/src/test/java/software/amazon/encryption/s3/S3AsyncEncryptionClientTest.java
@@ -20,6 +20,7 @@
 import software.amazon.awssdk.core.sync.ResponseTransformer;
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.CopyObjectResponse;
 import software.amazon.awssdk.services.s3.model.DeleteObjectResponse;
 import software.amazon.awssdk.services.s3.model.DeleteObjectsResponse;
 import software.amazon.awssdk.services.s3.model.GetObjectResponse;
@@ -38,7 +39,6 @@
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.BUCKET;
 import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.appendTestSuffix;
 import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.deleteObject;
@@ -120,6 +120,36 @@ public void putDefaultGetAsync() {
         v3AsyncClient.close();
     }
 
+    @Test
+    public void putAsyncGetAsync() {
+        final String objectKey = appendTestSuffix("put-async-get-async");
+
+        S3AsyncClient v3AsyncClient = S3AsyncEncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+
+        final String input = "PutAsyncGetAsync";
+
+        CompletableFuture<PutObjectResponse> futurePut = v3AsyncClient.putObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKey)
+                .build(), AsyncRequestBody.fromString(input));
+        // Block on completion of the futurePut
+        futurePut.join();
+
+        CompletableFuture<ResponseBytes<GetObjectResponse>> futureGet = v3AsyncClient.getObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKey)
+                .build(), AsyncResponseTransformer.toBytes());
+        // Just wait for the future to complete
+        ResponseBytes<GetObjectResponse> getResponse = futureGet.join();
+        assertEquals(input, getResponse.asUtf8String());
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3AsyncClient);
+        v3AsyncClient.close();
+    }
+
     @Test
     public void aesCbcV1toV3Async() {
         final String objectKey = appendTestSuffix("aes-cbc-v1-to-v3-async");
@@ -333,4 +363,46 @@ public void deleteObjectWithWrongObjectKeySuccessAsync() {
         // Cleanup
         v3Client.close();
     }
+
+    @Test
+    public void copyObjectTransparentlyAsync() {
+        final String objectKey = appendTestSuffix("copy-object-from-here-async");
+        final String newObjectKey = appendTestSuffix("copy-object-to-here-async");
+
+        S3AsyncClient v3AsyncClient = S3AsyncEncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+
+        final String input = "CopyObjectAsync";
+
+        CompletableFuture<PutObjectResponse> futurePut = v3AsyncClient.putObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKey)
+                .build(), AsyncRequestBody.fromString(input));
+        // Block on completion of the futurePut
+        futurePut.join();
+
+        CompletableFuture<CopyObjectResponse> futureCopy = v3AsyncClient.copyObject(builder -> builder
+                .sourceBucket(BUCKET)
+                .destinationBucket(BUCKET)
+                .sourceKey(objectKey)
+                .destinationKey(newObjectKey)
+                .build());
+        // Block on copy future
+        futureCopy.join();
+
+        // Decrypt new object
+        CompletableFuture<ResponseBytes<GetObjectResponse>> futureGet = v3AsyncClient.getObject(builder -> builder
+                .bucket(BUCKET)
+                .key(newObjectKey)
+                .build(), AsyncResponseTransformer.toBytes());
+        ResponseBytes<GetObjectResponse> getResponse = futureGet.join();
+        assertEquals(input, getResponse.asUtf8String());
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3AsyncClient);
+        deleteObject(BUCKET, newObjectKey, v3AsyncClient);
+        v3AsyncClient.close();
+    }
+
 }
diff --git a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java
@@ -24,7 +24,6 @@
 import software.amazon.awssdk.services.s3.model.GetObjectRequest;
 import software.amazon.awssdk.services.s3.model.GetObjectResponse;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
-import software.amazon.awssdk.services.s3.model.S3Exception;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
@@ -36,7 +35,6 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.concurrent.CompletionException;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
diff --git a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java
@@ -75,6 +75,43 @@ public static void setUp() throws NoSuchAlgorithmException {
         RSA_KEY_PAIR = keyPairGen.generateKeyPair();
     }
 
+    @Test
+    public void copyObjectTransparently() {
+        final String objectKey = appendTestSuffix("copy-object-from-here");
+        final String newObjectKey = appendTestSuffix("copy-object-to-here");
+
+        S3Client s3EncryptionClient = S3EncryptionClient.builder()
+                .kmsKeyId(KMS_KEY_ID)
+                .build();
+
+        final String input = "SimpleTestOfV3EncryptionClientCopyObject";
+
+        s3EncryptionClient.putObject(builder -> builder
+                        .bucket(BUCKET)
+                        .key(objectKey)
+                        .build(),
+                RequestBody.fromString(input));
+
+        s3EncryptionClient.copyObject(builder -> builder
+                .sourceBucket(BUCKET)
+                .destinationBucket(BUCKET)
+                .sourceKey(objectKey)
+                .destinationKey(newObjectKey)
+                .build());
+
+        ResponseBytes<GetObjectResponse> objectResponse = s3EncryptionClient.getObjectAsBytes(builder -> builder
+                .bucket(BUCKET)
+                .key(newObjectKey)
+                .build());
+        String output = objectResponse.asUtf8String();
+        assertEquals(input, output);
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, s3EncryptionClient);
+        deleteObject(BUCKET, newObjectKey, s3EncryptionClient);
+        s3EncryptionClient.close();
+    }
+
     @Test
     public void deleteObjectWithInstructionFileSuccess() {
         final String objectKey = appendTestSuffix("delete-object-with-instruction-file");
