Created
July 3, 2017 22:53
-
-
Save donatello/bbdefac623bc258f1000b318c6d9c120 to your computer and use it in GitHub Desktop.
Check server-side copying of client-side encrypted objects
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/api_functional_v2_test.go b/api_functional_v2_test.go | |
index cc35d44..22435a5 100644 | |
--- a/api_functional_v2_test.go | |
+++ b/api_functional_v2_test.go | |
@@ -19,6 +19,7 @@ package minio | |
import ( | |
"bytes" | |
"errors" | |
+ "fmt" | |
"io" | |
"io/ioutil" | |
"log" | |
@@ -30,6 +31,7 @@ import ( | |
"testing" | |
"time" | |
+ "github.com/minio/minio-go/pkg/encrypt" | |
"github.com/minio/minio-go/pkg/policy" | |
) | |
@@ -1322,3 +1324,77 @@ func TestEncryptedCopyObjectV2(t *testing.T) { | |
testEncryptedCopyObject(c, t) | |
} | |
+ | |
+func testClientEncryptedCopy(c *Client, t *testing.T) { | |
+ // Generate a new random bucket name. | |
+ bucketName := randString(60, rand.NewSource(time.Now().UnixNano()), "minio-go-test") | |
+ // Make a new bucket in 'us-east-1' (source bucket). | |
+ err := c.MakeBucket(bucketName, "us-east-1") | |
+ if err != nil { | |
+ t.Fatal("Error:", err, bucketName) | |
+ } | |
+ | |
+ fmt.Println("Bucket is:", bucketName) | |
+ | |
+ // Build a symmetric key | |
+ symmetricKey := encrypt.NewSymmetricKey([]byte("my-secret-key-00")) | |
+ | |
+ // Build encryption materials which will encrypt uploaded data | |
+ cbcMaterials, err := encrypt.NewCBCSecureMaterials(symmetricKey) | |
+ if err != nil { | |
+ log.Fatalln(err) | |
+ } | |
+ | |
+ // 1. create a client encrypted object to copy by uploading | |
+ const srcSize = 1024 * 1024 | |
+ buf := bytes.Repeat([]byte("abcde"), srcSize) // gives a buffer of 5MiB | |
+ _, err = c.PutEncryptedObject(bucketName, "srcObject", bytes.NewReader(buf), cbcMaterials, nil, nil) | |
+ if err != nil { | |
+ t.Fatal("Put Error:", err) | |
+ } | |
+ | |
+ // 2. copy it. | |
+ src := NewSourceInfo(bucketName, "srcObject", nil) | |
+ dst, err := NewDestinationInfo(bucketName, "dstObject", nil, map[string]string{"myheader": "hahaha"}) | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ | |
+ // Copy an encrypted object | |
+ err = c.CopyObject(dst, src) | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ | |
+ o, err := c.StatObject(bucketName, "dstObject") | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ | |
+ fmt.Println("XXX Metadata:") | |
+ for k, v := range o.Metadata { | |
+ fmt.Println(k, v) | |
+ } | |
+ | |
+ src = NewSourceInfo(bucketName, "srcObject", nil) | |
+ dst, err = NewDestinationInfo(bucketName, "dstObject", nil, nil) | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ // Copy a pair of encrypted objects | |
+ err = c.ComposeObject(dst, []SourceInfo{src, src}) | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ | |
+ o, err = c.StatObject(bucketName, "dstObject") | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ | |
+ fmt.Println("XXX Metadata:") | |
+ for k, v := range o.Metadata { | |
+ fmt.Println(k, v) | |
+ } | |
+ | |
+} | |
diff --git a/api_functional_v4_test.go b/api_functional_v4_test.go | |
index 2ec8c67..d400c23 100644 | |
--- a/api_functional_v4_test.go | |
+++ b/api_functional_v4_test.go | |
@@ -2450,3 +2450,23 @@ func TestEncryptedCopyObject(t *testing.T) { | |
// c.TraceOn(os.Stderr) | |
testEncryptedCopyObject(c, t) | |
} | |
+ | |
+func TestClientEncryptedCopy(t *testing.T) { | |
+ if testing.Short() { | |
+ t.Skip("skipping functional tests for the short runs") | |
+ } | |
+ | |
+ // Instantiate new minio client object | |
+ c, err := NewV4( | |
+ os.Getenv(serverEndpoint), | |
+ os.Getenv(accessKey), | |
+ os.Getenv(secretKey), | |
+ mustParseBool(os.Getenv(enableSecurity)), | |
+ ) | |
+ if err != nil { | |
+ t.Fatal("Error:", err) | |
+ } | |
+ | |
+ // c.TraceOn(os.Stderr) | |
+ testClientEncryptedCopy(c, t) | |
+} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment