crypto_bucket_test.go 38 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226
  1. package osscrypto
  2. import (
  3. "crypto/md5"
  4. "encoding/hex"
  5. "fmt"
  6. "io"
  7. "io/ioutil"
  8. "log"
  9. "math/rand"
  10. math_rand "math/rand"
  11. "net/http"
  12. "os"
  13. "strings"
  14. "testing"
  15. "time"
  16. kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
  17. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  18. . "gopkg.in/check.v1"
  19. )
  20. func Test(t *testing.T) {
  21. TestingT(t)
  22. }
  23. type OssCryptoBucketSuite struct {
  24. }
  25. var _ = Suite(&OssCryptoBucketSuite{})
  26. var (
  27. matDesc = make(map[string]string)
  28. rsaPublicKey string = `-----BEGIN PUBLIC KEY-----
  29. MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCokfiAVXXf5ImFzKDw+XO/UByW
  30. 6mse2QsIgz3ZwBtMNu59fR5zttSx+8fB7vR4CN3bTztrP9A6bjoN0FFnhlQ3vNJC
  31. 5MFO1PByrE/MNd5AAfSVba93I6sx8NSk5MzUCA4NJzAUqYOEWGtGBcom6kEF6MmR
  32. 1EKib1Id8hpooY5xaQIDAQAB
  33. -----END PUBLIC KEY-----`
  34. rsaPrivateKey string = `-----BEGIN PRIVATE KEY-----
  35. MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAKiR+IBVdd/kiYXM
  36. oPD5c79QHJbqax7ZCwiDPdnAG0w27n19HnO21LH7x8Hu9HgI3dtPO2s/0DpuOg3Q
  37. UWeGVDe80kLkwU7U8HKsT8w13kAB9JVtr3cjqzHw1KTkzNQIDg0nMBSpg4RYa0YF
  38. yibqQQXoyZHUQqJvUh3yGmihjnFpAgMBAAECgYA49RmCQ14QyKevDfVTdvYlLmx6
  39. kbqgMbYIqk+7w611kxoCTMR9VMmJWgmk/Zic9mIAOEVbd7RkCdqT0E+xKzJJFpI2
  40. ZHjrlwb21uqlcUqH1Gn+wI+jgmrafrnKih0kGucavr/GFi81rXixDrGON9KBE0FJ
  41. cPVdc0XiQAvCBnIIAQJBANXu3htPH0VsSznfqcDE+w8zpoAJdo6S/p30tcjsDQnx
  42. l/jYV4FXpErSrtAbmI013VYkdJcghNSLNUXppfk2e8UCQQDJt5c07BS9i2SDEXiz
  43. byzqCfXVzkdnDj9ry9mba1dcr9B9NCslVelXDGZKvQUBqNYCVxg398aRfWlYDTjU
  44. IoVVAkAbTyjPN6R4SkC4HJMg5oReBmvkwFCAFsemBk0GXwuzD0IlJAjXnAZ+/rIO
  45. ItewfwXIL1Mqz53lO/gK+q6TR585AkB304KUIoWzjyF3JqLP3IQOxzns92u9EV6l
  46. V2P+CkbMPXiZV6sls6I4XppJXX2i3bu7iidN3/dqJ9izQK94fMU9AkBZvgsIPCot
  47. y1/POIbv9LtnviDKrmpkXgVQSU4BmTPvXwTJm8APC7P/horSh3SVf1zgmnsyjm9D
  48. hO92gGc+4ajL
  49. -----END PRIVATE KEY-----`
  50. rsaPublicKeyPks1 string = `-----BEGIN RSA PUBLIC KEY-----
  51. MIGJAoGBAKiR+IBVdd/kiYXMoPD5c79QHJbqax7ZCwiDPdnAG0w27n19HnO21LH7
  52. x8Hu9HgI3dtPO2s/0DpuOg3QUWeGVDe80kLkwU7U8HKsT8w13kAB9JVtr3cjqzHw
  53. 1KTkzNQIDg0nMBSpg4RYa0YFyibqQQXoyZHUQqJvUh3yGmihjnFpAgMBAAE=
  54. -----END RSA PUBLIC KEY-----`
  55. rsaPrivateKeyPks1 string = `-----BEGIN RSA PRIVATE KEY-----
  56. MIICWwIBAAKBgQCokfiAVXXf5ImFzKDw+XO/UByW6mse2QsIgz3ZwBtMNu59fR5z
  57. ttSx+8fB7vR4CN3bTztrP9A6bjoN0FFnhlQ3vNJC5MFO1PByrE/MNd5AAfSVba93
  58. I6sx8NSk5MzUCA4NJzAUqYOEWGtGBcom6kEF6MmR1EKib1Id8hpooY5xaQIDAQAB
  59. AoGAOPUZgkNeEMinrw31U3b2JS5sepG6oDG2CKpPu8OtdZMaAkzEfVTJiVoJpP2Y
  60. nPZiADhFW3e0ZAnak9BPsSsySRaSNmR465cG9tbqpXFKh9Rp/sCPo4Jq2n65yood
  61. JBrnGr6/xhYvNa14sQ6xjjfSgRNBSXD1XXNF4kALwgZyCAECQQDV7t4bTx9FbEs5
  62. 36nAxPsPM6aACXaOkv6d9LXI7A0J8Zf42FeBV6RK0q7QG5iNNd1WJHSXIITUizVF
  63. 6aX5NnvFAkEAybeXNOwUvYtkgxF4s28s6gn11c5HZw4/a8vZm2tXXK/QfTQrJVXp
  64. VwxmSr0FAajWAlcYN/fGkX1pWA041CKFVQJAG08ozzekeEpAuByTIOaEXgZr5MBQ
  65. gBbHpgZNBl8Lsw9CJSQI15wGfv6yDiLXsH8FyC9TKs+d5Tv4Cvquk0efOQJAd9OC
  66. lCKFs48hdyaiz9yEDsc57PdrvRFepVdj/gpGzD14mVerJbOiOF6aSV19ot27u4on
  67. Td/3aifYs0CveHzFPQJAWb4LCDwqLctfzziG7/S7Z74gyq5qZF4FUElOAZkz718E
  68. yZvADwuz/4aK0od0lX9c4Jp7Mo5vQ4TvdoBnPuGoyw==
  69. -----END RSA PRIVATE KEY-----`
  70. )
  71. var (
  72. // Endpoint/ID/Key
  73. endpoint = os.Getenv("OSS_TEST_ENDPOINT")
  74. accessID = os.Getenv("OSS_TEST_ACCESS_KEY_ID")
  75. accessKey = os.Getenv("OSS_TEST_ACCESS_KEY_SECRET")
  76. kmsID = os.Getenv("OSS_TEST_KMS_ID")
  77. kmsRegion = os.Getenv("OSS_TEST_KMS_REGION")
  78. kmsAccessID = accessID
  79. kmsAccessKey = accessKey
  80. bucketNamePrefix = "go-sdk-test-bucket-"
  81. objectNamePrefix = "go-sdk-test-object-"
  82. )
  83. var (
  84. logPath = "go_sdk_test_" + time.Now().Format("20060102_150405") + ".log"
  85. testLogFile, _ = os.OpenFile(logPath, os.O_RDWR|os.O_CREATE, 0664)
  86. testLogger = log.New(testLogFile, "", log.Ldate|log.Ltime|log.Lshortfile)
  87. letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
  88. timeoutInOperation = 3 * time.Second
  89. )
  90. func RandStr(n int) string {
  91. b := make([]rune, n)
  92. randMarker := rand.New(rand.NewSource(time.Now().UnixNano()))
  93. for i := range b {
  94. b[i] = letters[randMarker.Intn(len(letters))]
  95. }
  96. return string(b)
  97. }
  98. func RandLowStr(n int) string {
  99. return strings.ToLower(RandStr(n))
  100. }
  101. func GetFileMD5(filePath string) (string, error) {
  102. fd, err := os.Open(filePath)
  103. if err != nil {
  104. return "", err
  105. }
  106. defer fd.Close()
  107. md5 := md5.New()
  108. _, err = io.Copy(md5, fd)
  109. if err != nil {
  110. return "", fmt.Errorf("buff copy error")
  111. }
  112. md5Str := hex.EncodeToString(md5.Sum(nil))
  113. return md5Str, nil
  114. }
  115. func GetStringMd5(s string) string {
  116. md5 := md5.New()
  117. md5.Write([]byte(s))
  118. md5Str := hex.EncodeToString(md5.Sum(nil))
  119. return md5Str
  120. }
  121. func ForceDeleteBucket(client *oss.Client, bucketName string, c *C) {
  122. bucket, err := client.Bucket(bucketName)
  123. c.Assert(err, IsNil)
  124. // Delete Object
  125. marker := oss.Marker("")
  126. for {
  127. lor, err := bucket.ListObjects(marker)
  128. c.Assert(err, IsNil)
  129. for _, object := range lor.Objects {
  130. err = bucket.DeleteObject(object.Key)
  131. c.Assert(err, IsNil)
  132. }
  133. marker = oss.Marker(lor.NextMarker)
  134. if !lor.IsTruncated {
  135. break
  136. }
  137. }
  138. // Delete Object Versions and DeleteMarks
  139. keyMarker := oss.KeyMarker("")
  140. versionIdMarker := oss.VersionIdMarker("")
  141. options := []oss.Option{keyMarker, versionIdMarker}
  142. for {
  143. lor, err := bucket.ListObjectVersions(options...)
  144. if err != nil {
  145. break
  146. }
  147. for _, object := range lor.ObjectDeleteMarkers {
  148. err = bucket.DeleteObject(object.Key, oss.VersionId(object.VersionId))
  149. c.Assert(err, IsNil)
  150. }
  151. for _, object := range lor.ObjectVersions {
  152. err = bucket.DeleteObject(object.Key, oss.VersionId(object.VersionId))
  153. c.Assert(err, IsNil)
  154. }
  155. keyMarker = oss.KeyMarker(lor.NextKeyMarker)
  156. versionIdMarker := oss.VersionIdMarker(lor.NextVersionIdMarker)
  157. options = []oss.Option{keyMarker, versionIdMarker}
  158. if !lor.IsTruncated {
  159. break
  160. }
  161. }
  162. // Delete Part
  163. keyMarker = oss.KeyMarker("")
  164. uploadIDMarker := oss.UploadIDMarker("")
  165. for {
  166. lmur, err := bucket.ListMultipartUploads(keyMarker, uploadIDMarker)
  167. c.Assert(err, IsNil)
  168. for _, upload := range lmur.Uploads {
  169. var imur = oss.InitiateMultipartUploadResult{Bucket: bucketName,
  170. Key: upload.Key, UploadID: upload.UploadID}
  171. err = bucket.AbortMultipartUpload(imur)
  172. c.Assert(err, IsNil)
  173. }
  174. keyMarker = oss.KeyMarker(lmur.NextKeyMarker)
  175. uploadIDMarker = oss.UploadIDMarker(lmur.NextUploadIDMarker)
  176. if !lmur.IsTruncated {
  177. break
  178. }
  179. }
  180. // delete live channel
  181. strMarker := ""
  182. for {
  183. result, err := bucket.ListLiveChannel(oss.Marker(strMarker))
  184. c.Assert(err, IsNil)
  185. for _, channel := range result.LiveChannel {
  186. err := bucket.DeleteLiveChannel(channel.Name)
  187. c.Assert(err, IsNil)
  188. }
  189. if result.IsTruncated {
  190. strMarker = result.NextMarker
  191. } else {
  192. break
  193. }
  194. }
  195. // Delete Bucket
  196. err = client.DeleteBucket(bucketName)
  197. c.Assert(err, IsNil)
  198. }
  199. func ReadBody(body io.ReadCloser) (string, error) {
  200. data, err := ioutil.ReadAll(body)
  201. body.Close()
  202. if err != nil {
  203. return "", err
  204. }
  205. return string(data), nil
  206. }
  207. // SetUpSuite runs once when the suite starts running
  208. func (s *OssCryptoBucketSuite) SetUpSuite(c *C) {
  209. }
  210. // TearDownSuite runs before each test or benchmark starts running
  211. func (s *OssCryptoBucketSuite) TearDownSuite(c *C) {
  212. }
  213. // SetUpTest runs after each test or benchmark runs
  214. func (s *OssCryptoBucketSuite) SetUpTest(c *C) {
  215. }
  216. // TearDownTest runs once after all tests or benchmarks have finished running
  217. func (s *OssCryptoBucketSuite) TearDownTest(c *C) {
  218. }
  219. func (s *OssCryptoBucketSuite) TestPutObjectNormalPks8(c *C) {
  220. // create a bucket with default proprety
  221. client, err := oss.New(endpoint, accessID, accessKey)
  222. c.Assert(err, IsNil)
  223. bucketName := bucketNamePrefix + RandLowStr(6)
  224. err = client.CreateBucket(bucketName)
  225. c.Assert(err, IsNil)
  226. // crypto bucket
  227. testMatDesc := make(map[string]string)
  228. testMatDesc["desc"] = "test rsa key"
  229. masterRsaCipher, _ := CreateMasterRsa(testMatDesc, rsaPublicKey, rsaPrivateKey)
  230. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  231. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  232. objectName := objectNamePrefix + RandStr(8)
  233. objectValue := RandStr(1023)
  234. // Put string
  235. var respHeader http.Header
  236. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  237. c.Assert(err, IsNil)
  238. // Check
  239. body, err := bucket.GetObject(objectName)
  240. c.Assert(err, IsNil)
  241. text, err := ReadBody(body)
  242. c.Assert(text, Equals, objectValue)
  243. // non-crypto bucket download
  244. normalBucket, err := client.Bucket(bucketName)
  245. c.Assert(err, IsNil)
  246. body, err = normalBucket.GetObject(objectName)
  247. c.Assert(err, IsNil)
  248. encryptText, err := ReadBody(body)
  249. c.Assert(encryptText != objectValue, Equals, true)
  250. // acl
  251. acl, err := bucket.GetObjectACL(objectName)
  252. c.Assert(err, IsNil)
  253. c.Assert(acl.ACL, Equals, "default")
  254. err = bucket.DeleteObject(objectName)
  255. c.Assert(err, IsNil)
  256. // put with meta
  257. options := []oss.Option{
  258. oss.ObjectACL(oss.ACLPublicRead),
  259. oss.Meta("myprop", "mypropval"),
  260. }
  261. err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
  262. c.Assert(err, IsNil)
  263. // Check
  264. body, err = bucket.GetObject(objectName)
  265. c.Assert(err, IsNil)
  266. text, err = ReadBody(body)
  267. c.Assert(err, IsNil)
  268. c.Assert(text, Equals, objectValue)
  269. acl, err = bucket.GetObjectACL(objectName)
  270. c.Assert(err, IsNil)
  271. c.Assert(acl.ACL, Equals, string(oss.ACLPublicRead))
  272. meta, err := bucket.GetObjectDetailedMeta(objectName)
  273. c.Assert(err, IsNil)
  274. c.Assert(meta.Get("X-Oss-Meta-Myprop"), Equals, "mypropval")
  275. ForceDeleteBucket(client, bucketName, c)
  276. }
  277. func (s *OssCryptoBucketSuite) TestPutObjectNormalPks1(c *C) {
  278. // create a bucket with default proprety
  279. client, err := oss.New(endpoint, accessID, accessKey)
  280. c.Assert(err, IsNil)
  281. bucketName := bucketNamePrefix + RandLowStr(6)
  282. err = client.CreateBucket(bucketName)
  283. c.Assert(err, IsNil)
  284. // crypto bucket
  285. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
  286. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  287. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  288. objectName := objectNamePrefix + RandStr(8)
  289. objectValue := RandStr(1023)
  290. // Put string
  291. var respHeader http.Header
  292. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  293. c.Assert(err, IsNil)
  294. // Check
  295. body, err := bucket.GetObject(objectName)
  296. c.Assert(err, IsNil)
  297. text, err := ReadBody(body)
  298. c.Assert(text, Equals, objectValue)
  299. // non-crypto bucket download
  300. normalBucket, err := client.Bucket(bucketName)
  301. c.Assert(err, IsNil)
  302. body, err = normalBucket.GetObject(objectName)
  303. c.Assert(err, IsNil)
  304. encryptText, err := ReadBody(body)
  305. c.Assert(encryptText != objectValue, Equals, true)
  306. // acl
  307. acl, err := bucket.GetObjectACL(objectName)
  308. c.Assert(err, IsNil)
  309. c.Assert(acl.ACL, Equals, "default")
  310. err = bucket.DeleteObject(objectName)
  311. c.Assert(err, IsNil)
  312. // put with meta
  313. options := []oss.Option{
  314. oss.ObjectACL(oss.ACLPublicRead),
  315. oss.Meta("myprop", "mypropval"),
  316. }
  317. err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
  318. c.Assert(err, IsNil)
  319. // Check
  320. body, err = bucket.GetObject(objectName)
  321. c.Assert(err, IsNil)
  322. text, err = ReadBody(body)
  323. c.Assert(err, IsNil)
  324. c.Assert(text, Equals, objectValue)
  325. acl, err = bucket.GetObjectACL(objectName)
  326. c.Assert(err, IsNil)
  327. c.Assert(acl.ACL, Equals, string(oss.ACLPublicRead))
  328. meta, err := bucket.GetObjectDetailedMeta(objectName)
  329. c.Assert(err, IsNil)
  330. c.Assert(meta.Get("X-Oss-Meta-Myprop"), Equals, "mypropval")
  331. ForceDeleteBucket(client, bucketName, c)
  332. }
  333. func (s *OssCryptoBucketSuite) TestPutObjectEmptyPks1(c *C) {
  334. // create a bucket with default proprety
  335. client, err := oss.New(endpoint, accessID, accessKey)
  336. c.Assert(err, IsNil)
  337. bucketName := bucketNamePrefix + RandLowStr(6)
  338. err = client.CreateBucket(bucketName)
  339. c.Assert(err, IsNil)
  340. // crypto bucket
  341. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
  342. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  343. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  344. objectName := objectNamePrefix + RandStr(8)
  345. objectValue := ""
  346. // Put empty string
  347. var respHeader http.Header
  348. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  349. c.Assert(err, IsNil)
  350. // Check
  351. body, err := bucket.GetObject(objectName)
  352. c.Assert(err, IsNil)
  353. text, err := ReadBody(body)
  354. c.Assert(text, Equals, objectValue)
  355. // non-crypto bucket download
  356. normalBucket, err := client.Bucket(bucketName)
  357. c.Assert(err, IsNil)
  358. body, err = normalBucket.GetObject(objectName)
  359. c.Assert(err, IsNil)
  360. encryptText, err := ReadBody(body)
  361. c.Assert(encryptText == objectValue, Equals, true)
  362. ForceDeleteBucket(client, bucketName, c)
  363. }
  364. func (s *OssCryptoBucketSuite) TestPutObjectSmallSizePks1(c *C) {
  365. // create a bucket with default proprety
  366. client, err := oss.New(endpoint, accessID, accessKey)
  367. c.Assert(err, IsNil)
  368. bucketName := bucketNamePrefix + RandLowStr(6)
  369. err = client.CreateBucket(bucketName)
  370. c.Assert(err, IsNil)
  371. // crypto bucket
  372. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
  373. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  374. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  375. objectName := objectNamePrefix + RandStr(8)
  376. objectValue := "123"
  377. var respHeader http.Header
  378. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  379. c.Assert(err, IsNil)
  380. // Check
  381. body, err := bucket.GetObject(objectName)
  382. c.Assert(err, IsNil)
  383. text, err := ReadBody(body)
  384. c.Assert(text, Equals, objectValue)
  385. // non-crypto bucket download
  386. normalBucket, err := client.Bucket(bucketName)
  387. c.Assert(err, IsNil)
  388. body, err = normalBucket.GetObject(objectName)
  389. c.Assert(err, IsNil)
  390. encryptText, err := ReadBody(body)
  391. c.Assert(encryptText != objectValue, Equals, true)
  392. ForceDeleteBucket(client, bucketName, c)
  393. }
  394. func (s *OssCryptoBucketSuite) TestPutObjectEmptyFilePks1(c *C) {
  395. // create a bucket with default proprety
  396. client, err := oss.New(endpoint, accessID, accessKey)
  397. c.Assert(err, IsNil)
  398. bucketName := bucketNamePrefix + RandLowStr(6)
  399. err = client.CreateBucket(bucketName)
  400. c.Assert(err, IsNil)
  401. // crypto bucket
  402. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
  403. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  404. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  405. fileName := "oss-go-sdk-test-file-" + RandStr(5)
  406. fo, err := os.Create(fileName)
  407. c.Assert(err, IsNil)
  408. _, err = fo.Write([]byte(""))
  409. c.Assert(err, IsNil)
  410. fo.Close()
  411. objectName := objectNamePrefix + RandStr(8)
  412. // file not exist
  413. err = bucket.PutObjectFromFile(objectName, "/root1/abc.txt")
  414. c.Assert(err, NotNil)
  415. err = bucket.PutObjectFromFile(objectName, fileName)
  416. c.Assert(err, IsNil)
  417. downFileName := fileName + "-down"
  418. // Check
  419. err = bucket.GetObjectToFile(objectName, downFileName)
  420. c.Assert(err, IsNil)
  421. b1, err := ioutil.ReadFile(fileName)
  422. b2, err := ioutil.ReadFile(downFileName)
  423. c.Assert(len(b1), Equals, 0)
  424. c.Assert(string(b1), Equals, string(b2))
  425. os.Remove(downFileName)
  426. os.Remove(fileName)
  427. ForceDeleteBucket(client, bucketName, c)
  428. }
  429. func (s *OssCryptoBucketSuite) TestKmsPutObjectNormal(c *C) {
  430. // create a bucket with default proprety
  431. client, err := oss.New(endpoint, accessID, accessKey)
  432. c.Assert(err, IsNil)
  433. bucketName := bucketNamePrefix + RandLowStr(6)
  434. err = client.CreateBucket(bucketName)
  435. c.Assert(err, IsNil)
  436. kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
  437. c.Assert(err, IsNil)
  438. // crypto bucket
  439. masterKmsCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
  440. contentProvider := CreateAesCtrCipher(masterKmsCipher)
  441. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  442. objectName := objectNamePrefix + RandStr(8)
  443. objectValue := RandStr(1023)
  444. // Put string
  445. var respHeader http.Header
  446. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  447. c.Assert(err, IsNil)
  448. // Check
  449. body, err := bucket.GetObject(objectName)
  450. c.Assert(err, IsNil)
  451. text, err := ReadBody(body)
  452. c.Assert(text, Equals, objectValue)
  453. // non-crypto bucket download
  454. normalBucket, err := client.Bucket(bucketName)
  455. c.Assert(err, IsNil)
  456. body, err = normalBucket.GetObject(objectName)
  457. c.Assert(err, IsNil)
  458. encryptText, err := ReadBody(body)
  459. c.Assert(encryptText != objectValue, Equals, true)
  460. // acl
  461. acl, err := bucket.GetObjectACL(objectName)
  462. c.Assert(err, IsNil)
  463. c.Assert(acl.ACL, Equals, "default")
  464. err = bucket.DeleteObject(objectName)
  465. c.Assert(err, IsNil)
  466. // put with meta
  467. options := []oss.Option{
  468. oss.ObjectACL(oss.ACLPublicRead),
  469. oss.Meta("myprop", "mypropval"),
  470. }
  471. err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
  472. c.Assert(err, IsNil)
  473. // Check
  474. body, err = bucket.GetObject(objectName)
  475. c.Assert(err, IsNil)
  476. text, err = ReadBody(body)
  477. c.Assert(err, IsNil)
  478. c.Assert(text, Equals, objectValue)
  479. acl, err = bucket.GetObjectACL(objectName)
  480. c.Assert(err, IsNil)
  481. c.Assert(acl.ACL, Equals, string(oss.ACLPublicRead))
  482. meta, err := bucket.GetObjectDetailedMeta(objectName)
  483. c.Assert(err, IsNil)
  484. c.Assert(meta.Get("X-Oss-Meta-Myprop"), Equals, "mypropval")
  485. // put object error,bucket not exist
  486. bucket.BucketName = bucket.BucketName + "-not-exist"
  487. err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
  488. c.Assert(err, NotNil)
  489. ForceDeleteBucket(client, bucketName, c)
  490. }
  491. type MockKmsManager struct {
  492. }
  493. func (mg *MockKmsManager) GetMasterKey(matDesc map[string]string) ([]string, error) {
  494. if len(matDesc) == 0 {
  495. return nil, fmt.Errorf("not found")
  496. }
  497. keyList := []string{kmsID}
  498. return keyList, nil
  499. }
  500. func (s *OssCryptoBucketSuite) TestRsaBucketDecrptObjectWithKmsSuccess(c *C) {
  501. // create a bucket with default proprety
  502. client, err := oss.New(endpoint, accessID, accessKey)
  503. c.Assert(err, IsNil)
  504. bucketName := bucketNamePrefix + RandLowStr(6)
  505. err = client.CreateBucket(bucketName)
  506. c.Assert(err, IsNil)
  507. kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
  508. c.Assert(err, IsNil)
  509. // crypto bucket with kms
  510. testMatDesc := make(map[string]string)
  511. testMatDesc["desc"] = "test kms wrap"
  512. masterKmsCipher, _ := CreateMasterAliKms(testMatDesc, kmsID, kmsClient)
  513. contentProvider := CreateAesCtrCipher(masterKmsCipher)
  514. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  515. objectName := objectNamePrefix + RandStr(8)
  516. objectValue := RandStr(1023)
  517. // Put string
  518. var respHeader http.Header
  519. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  520. c.Assert(err, IsNil)
  521. // crypto bucket with rsa
  522. var masterManager MockKmsManager
  523. var options []CryptoBucketOption
  524. options = append(options, SetAliKmsClient(kmsClient))
  525. options = append(options, SetMasterCipherManager(&masterManager))
  526. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  527. rsaProvider := CreateAesCtrCipher(masterRsaCipher)
  528. rsaBucket, err := GetCryptoBucket(client, bucketName, rsaProvider, options...)
  529. // Check
  530. body, err := rsaBucket.GetObject(objectName)
  531. c.Assert(err, IsNil)
  532. text, err := ReadBody(body)
  533. c.Assert(text, Equals, objectValue)
  534. // non-crypto bucket download
  535. normalBucket, err := client.Bucket(bucketName)
  536. c.Assert(err, IsNil)
  537. body, err = normalBucket.GetObject(objectName)
  538. c.Assert(err, IsNil)
  539. encryptText, err := ReadBody(body)
  540. c.Assert(encryptText != objectValue, Equals, true)
  541. ForceDeleteBucket(client, bucketName, c)
  542. }
  543. func (s *OssCryptoBucketSuite) TestRsaBucketDecrptObjectWithKmsError(c *C) {
  544. // create a bucket with default proprety
  545. client, err := oss.New(endpoint, accessID, accessKey)
  546. c.Assert(err, IsNil)
  547. bucketName := bucketNamePrefix + RandLowStr(6)
  548. err = client.CreateBucket(bucketName)
  549. c.Assert(err, IsNil)
  550. kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
  551. c.Assert(err, IsNil)
  552. // crypto bucket with kms
  553. testMatDesc := make(map[string]string)
  554. testMatDesc["desc"] = "test kms wrap"
  555. masterKmsCipher, _ := CreateMasterAliKms(testMatDesc, kmsID, kmsClient)
  556. contentProvider := CreateAesCtrCipher(masterKmsCipher)
  557. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  558. objectName := objectNamePrefix + RandStr(8)
  559. objectValue := RandStr(1023)
  560. // Put string
  561. var respHeader http.Header
  562. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  563. c.Assert(err, IsNil)
  564. // crypto bucket with rsa
  565. var masterManager MockKmsManager
  566. var options []CryptoBucketOption
  567. // kms client is nil
  568. //options = append(options, SetAliKmsClient(kmsClient))
  569. options = append(options, SetMasterCipherManager(&masterManager))
  570. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  571. rsaProvider := CreateAesCtrCipher(masterRsaCipher)
  572. rsaBucket, err := GetCryptoBucket(client, bucketName, rsaProvider, options...)
  573. // Check
  574. _, err = rsaBucket.GetObject(objectName)
  575. c.Assert(err, NotNil)
  576. ForceDeleteBucket(client, bucketName, c)
  577. }
  578. func (s *OssCryptoBucketSuite) TestRangeGetObject(c *C) {
  579. // create a bucket with default proprety
  580. client, err := oss.New(endpoint, accessID, accessKey)
  581. c.Assert(err, IsNil)
  582. bucketName := bucketNamePrefix + RandLowStr(6)
  583. err = client.CreateBucket(bucketName)
  584. c.Assert(err, IsNil)
  585. // crypto bucket
  586. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  587. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  588. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  589. objectName := objectNamePrefix + RandStr(8)
  590. contentLen := 1024 * 1024
  591. content := RandStr(contentLen)
  592. err = bucket.PutObject(objectName, strings.NewReader(content))
  593. c.Assert(err, IsNil)
  594. // range get
  595. for i := 0; i < 20; i++ {
  596. math_rand.Seed(time.Now().UnixNano())
  597. rangeStart := rand.Intn(contentLen)
  598. rangeEnd := rangeStart + rand.Intn(contentLen-rangeStart)
  599. if rangeEnd == rangeStart || rangeStart >= contentLen-1 {
  600. continue
  601. }
  602. body, err := bucket.GetObject(objectName, oss.Range(int64(rangeStart), int64(rangeEnd)))
  603. c.Assert(err, IsNil)
  604. downText, err := ReadBody(body)
  605. c.Assert(len(downText) > 0, Equals, true)
  606. downMd5 := GetStringMd5(downText)
  607. srcText := content[rangeStart : rangeEnd+1]
  608. srcMd5 := GetStringMd5(srcText)
  609. c.Assert(len(downText), Equals, len(srcText))
  610. c.Assert(downMd5, Equals, srcMd5)
  611. }
  612. ForceDeleteBucket(client, bucketName, c)
  613. }
  614. func (s *OssCryptoBucketSuite) TestGetNormalObject(c *C) {
  615. // create a bucket with default proprety
  616. client, err := oss.New(endpoint, accessID, accessKey)
  617. c.Assert(err, IsNil)
  618. bucketName := bucketNamePrefix + RandLowStr(6)
  619. err = client.CreateBucket(bucketName)
  620. c.Assert(err, IsNil)
  621. // crypto bucket
  622. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  623. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  624. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  625. // normal bucket
  626. normalBucket, _ := client.Bucket(bucketName)
  627. objectName := objectNamePrefix + RandStr(8)
  628. objectValue := RandStr(1023)
  629. // Put string
  630. err = normalBucket.PutObject(objectName, strings.NewReader(objectValue))
  631. c.Assert(err, IsNil)
  632. // Check
  633. body, err := bucket.GetObject(objectName)
  634. c.Assert(err, IsNil)
  635. text, err := ReadBody(body)
  636. c.Assert(text, Equals, objectValue)
  637. // delete object
  638. err = bucket.DeleteObject(objectName)
  639. c.Assert(err, IsNil)
  640. // get object again
  641. body, err = bucket.GetObject(objectName)
  642. c.Assert(err, NotNil)
  643. ForceDeleteBucket(client, bucketName, c)
  644. }
  645. func (s *OssCryptoBucketSuite) TestGetCryptoBucketNotSupport(c *C) {
  646. // create a bucket with default proprety
  647. client, err := oss.New(endpoint, accessID, accessKey)
  648. c.Assert(err, IsNil)
  649. bucketName := bucketNamePrefix + RandLowStr(6)
  650. // crypto bucket
  651. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  652. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  653. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  654. objectName := objectNamePrefix + RandStr(8)
  655. objectValue := RandStr(1023)
  656. // AppendObject
  657. _, err = bucket.AppendObject(objectName, strings.NewReader(objectValue), 0)
  658. c.Assert(err, NotNil)
  659. // DoAppendObject
  660. var request oss.AppendObjectRequest
  661. var options []oss.Option
  662. _, err = bucket.DoAppendObject(&request, options)
  663. c.Assert(err, NotNil)
  664. // PutObjectWithURL
  665. err = bucket.PutObjectWithURL("oss://bucket/object", strings.NewReader(objectValue))
  666. c.Assert(err, NotNil)
  667. // PutObjectFromFileWithURL
  668. err = bucket.PutObjectFromFileWithURL("oss://bucket/object", "file.txt")
  669. c.Assert(err, NotNil)
  670. // DoPutObjectWithURL
  671. _, err = bucket.DoPutObjectWithURL("oss://bucket/object", strings.NewReader(objectValue), options)
  672. c.Assert(err, NotNil)
  673. // GetObjectWithURL
  674. _, err = bucket.GetObjectWithURL("oss://bucket/object")
  675. c.Assert(err, NotNil)
  676. // GetObjectToFileWithURL
  677. err = bucket.GetObjectToFileWithURL("oss://bucket/object", "file.txt")
  678. c.Assert(err, NotNil)
  679. // DoGetObjectWithURL
  680. _, err = bucket.DoGetObjectWithURL("oss://bucket/object", options)
  681. c.Assert(err, NotNil)
  682. // ProcessObject
  683. _, err = bucket.ProcessObject("oss://bucket/object", "")
  684. c.Assert(err, NotNil)
  685. // DownloadFile
  686. err = bucket.DownloadFile(objectName, "file.txt", 1024)
  687. c.Assert(err, NotNil)
  688. // CopyFile
  689. err = bucket.CopyFile("src-bucket", "src-object", "dest-object", 1024)
  690. c.Assert(err, NotNil)
  691. // UploadFile
  692. err = bucket.UploadFile(objectName, "file.txt", 1024)
  693. c.Assert(err, NotNil)
  694. }
  695. type MockRsaManager struct {
  696. }
  697. func (mg *MockRsaManager) GetMasterKey(matDesc map[string]string) ([]string, error) {
  698. if len(matDesc) == 0 {
  699. return nil, fmt.Errorf("not found")
  700. }
  701. keyList := []string{rsaPublicKey, rsaPrivateKey}
  702. return keyList, nil
  703. }
  704. func (s *OssCryptoBucketSuite) TestGetMasterKey(c *C) {
  705. // create a bucket with default proprety
  706. client, err := oss.New(endpoint, accessID, accessKey)
  707. c.Assert(err, IsNil)
  708. bucketName := bucketNamePrefix + RandLowStr(6)
  709. err = client.CreateBucket(bucketName)
  710. c.Assert(err, IsNil)
  711. // crypto bucket
  712. testMatDesc := make(map[string]string)
  713. testMatDesc["desc"] = "test rsa key"
  714. masterRsaCipher, _ := CreateMasterRsa(testMatDesc, rsaPublicKey, rsaPrivateKey)
  715. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  716. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  717. objectName := objectNamePrefix + RandStr(8)
  718. fileName := "../../sample/BingWallpaper-2015-11-07.jpg"
  719. srcMD5, err := GetFileMD5(fileName)
  720. c.Assert(err, IsNil)
  721. err = bucket.PutObjectFromFile(objectName, fileName)
  722. c.Assert(err, IsNil)
  723. // other crypto bucket
  724. var rsaManager MockRsaManager
  725. masterRsaCipherOther, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  726. contentProviderOther := CreateAesCtrCipher(masterRsaCipherOther)
  727. bucketOther, err := GetCryptoBucket(client, bucketName, contentProviderOther, SetMasterCipherManager(&rsaManager))
  728. // download
  729. downfileName := "test-go-sdk-file-" + RandLowStr(5) + ".jpg"
  730. err = bucketOther.GetObjectToFile(objectName, downfileName)
  731. c.Assert(err, IsNil)
  732. downFileMD5, err := GetFileMD5(downfileName)
  733. c.Assert(err, IsNil)
  734. c.Assert(downFileMD5, Equals, srcMD5)
  735. // GetObjectToFile error
  736. err = bucketOther.GetObjectToFile(objectName, "/root1/"+downfileName)
  737. c.Assert(err, NotNil)
  738. os.Remove(downfileName)
  739. ForceDeleteBucket(client, bucketName, c)
  740. }
  741. type MockReader struct {
  742. Reader io.Reader
  743. }
  744. func (r *MockReader) Read(b []byte) (int, error) {
  745. return r.Reader.Read(b)
  746. }
  747. func (s *OssCryptoBucketSuite) TestPutObjectUnkownReaderLen(c *C) {
  748. // create a bucket with default proprety
  749. client, err := oss.New(endpoint, accessID, accessKey)
  750. c.Assert(err, IsNil)
  751. bucketName := bucketNamePrefix + RandLowStr(6)
  752. err = client.CreateBucket(bucketName)
  753. c.Assert(err, IsNil)
  754. // crypto bucket
  755. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  756. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  757. bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  758. objectName := objectNamePrefix + RandStr(8)
  759. objectValue := RandStr(1023)
  760. srcMD5 := GetStringMd5(objectValue)
  761. options := []oss.Option{oss.ContentMD5(srcMD5), oss.ContentLength(1023)}
  762. // Put string
  763. mockReader := &MockReader{strings.NewReader(objectValue)}
  764. err = bucket.PutObject(objectName, mockReader, options...)
  765. c.Assert(err, IsNil)
  766. // Check
  767. body, err := bucket.GetObject(objectName)
  768. c.Assert(err, IsNil)
  769. text, err := ReadBody(body)
  770. c.Assert(text, Equals, objectValue)
  771. ForceDeleteBucket(client, bucketName, c)
  772. }
  773. func (s *OssCryptoBucketSuite) TestGetDecryptCipher(c *C) {
  774. // create a bucket with default proprety
  775. client, err := oss.New(endpoint, accessID, accessKey)
  776. c.Assert(err, IsNil)
  777. bucketName := bucketNamePrefix + RandLowStr(6)
  778. err = client.CreateBucket(bucketName)
  779. c.Assert(err, IsNil)
  780. // crypto bucket
  781. var rsaManager MockRsaManager
  782. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  783. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  784. bucket, err := GetCryptoBucket(client, bucketName, contentProvider, SetMasterCipherManager(&rsaManager))
  785. objectName := objectNamePrefix + RandStr(8)
  786. objectValue := RandStr(1023)
  787. // Put string
  788. var respHeader http.Header
  789. err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
  790. c.Assert(err, IsNil)
  791. // first,we must head object
  792. metaInfo, err := bucket.GetObjectDetailedMeta(objectName)
  793. c.Assert(err, IsNil)
  794. envelope, _ := getEnvelopeFromHeader(metaInfo)
  795. // test for getEnvelopeFromHeader
  796. metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionKey, string([]byte{200, 200, 200}))
  797. _, err = getEnvelopeFromHeader(metaInfo)
  798. c.Assert(err, NotNil)
  799. metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionKey, envelope.CipherKey)
  800. metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionStart, string([]byte{200, 200, 200}))
  801. _, err = getEnvelopeFromHeader(metaInfo)
  802. c.Assert(err, NotNil)
  803. metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionKey, envelope.IV)
  804. // test for getDecryptCipher
  805. CEKAlg := envelope.CEKAlg
  806. envelope.CEKAlg = ""
  807. _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
  808. c.Assert(err, NotNil)
  809. envelope.CEKAlg = CEKAlg
  810. // matDesc is emtpy
  811. bucket.MasterCipherManager = &MockRsaManager{}
  812. _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
  813. c.Assert(err, NotNil)
  814. // MasterCipherManager is nil
  815. bucket.MasterCipherManager = nil
  816. _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
  817. c.Assert(err, NotNil)
  818. WrapAlg := envelope.WrapAlg
  819. envelope.WrapAlg = "test"
  820. _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
  821. c.Assert(err, NotNil)
  822. envelope.WrapAlg = WrapAlg
  823. envelope.WrapAlg = KmsAliCryptoWrap
  824. _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
  825. c.Assert(err, NotNil)
  826. ForceDeleteBucket(client, bucketName, c)
  827. }
  828. func (s *OssCryptoBucketSuite) TestGetObjectEncryptedByCppRsa(c *C) {
  829. // create a bucket with default proprety
  830. client, err := oss.New(endpoint, accessID, accessKey)
  831. c.Assert(err, IsNil)
  832. bucketName := bucketNamePrefix + RandLowStr(6)
  833. err = client.CreateBucket(bucketName)
  834. c.Assert(err, IsNil)
  835. // put object encrypted by cpp
  836. bucket, err := client.Bucket(bucketName)
  837. c.Assert(err, IsNil)
  838. objectName := objectNamePrefix + RandStr(8)
  839. srcJpgFile := "../../sample/test-client-encryption-src.jpg"
  840. fileEncryptedByCpp := "../../sample/test-client-encryption-crypto-cpp-rsa.jpg"
  841. opts := []oss.Option{}
  842. opts = append(opts, oss.Meta(OssClientSideEncryptionKey, "nyXOp7delQ/MQLjKQMhHLaT0w7u2yQoDLkSnK8MFg/MwYdh4na4/LS8LLbLcM18m8I/ObWUHU775I50sJCpdv+f4e0jLeVRRiDFWe+uo7Puc9j4xHj8YB3QlcIOFQiTxHIB6q+C+RA6lGwqqYVa+n3aV5uWhygyv1MWmESurppg="))
  843. opts = append(opts, oss.Meta(OssClientSideEncryptionStart, "De/S3T8wFjx7QPxAAFl7h7TeI2EsZlfCwox4WhLGng5DK2vNXxULmulMUUpYkdc9umqmDilgSy5Z3Foafw+v4JJThfw68T/9G2gxZLrQTbAlvFPFfPM9Ehk6cY4+8WpY32uN8w5vrHyoSZGr343NxCUGIp6fQ9sSuOLMoJg7hNw="))
  844. opts = append(opts, oss.Meta(OssClientSideEncryptionWrapAlg, "RSA/NONE/PKCS1Padding"))
  845. opts = append(opts, oss.Meta(OssClientSideEncryptionCekAlg, "AES/CTR/NoPadding"))
  846. err = bucket.PutObjectFromFile(objectName, fileEncryptedByCpp, opts...)
  847. c.Assert(err, IsNil)
  848. // download with crypto bucket
  849. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  850. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  851. cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  852. downFileName := "oss-go-sdk-test-file-" + RandStr(5)
  853. err = cryptoBucket.GetObjectToFile(objectName, downFileName)
  854. c.Assert(err, IsNil)
  855. downMd5, _ := GetFileMD5(downFileName)
  856. srcJpgMd5, _ := GetFileMD5(srcJpgFile)
  857. c.Assert(downMd5, Equals, srcJpgMd5)
  858. os.Remove(downFileName)
  859. ForceDeleteBucket(client, bucketName, c)
  860. }
  861. func (s *OssCryptoBucketSuite) TestGetObjectEncryptedByPythonRsa(c *C) {
  862. // create a bucket with default proprety
  863. client, err := oss.New(endpoint, accessID, accessKey)
  864. c.Assert(err, IsNil)
  865. bucketName := bucketNamePrefix + RandLowStr(6)
  866. err = client.CreateBucket(bucketName)
  867. c.Assert(err, IsNil)
  868. // put object encrypted by python
  869. bucket, err := client.Bucket(bucketName)
  870. c.Assert(err, IsNil)
  871. objectName := objectNamePrefix + RandStr(8)
  872. srcJpgFile := "../../sample/test-client-encryption-src.jpg"
  873. fileEncryptedByCpp := "../../sample/test-client-encryption-crypto-python-rsa.jpg"
  874. opts := []oss.Option{}
  875. opts = append(opts, oss.Meta(OssClientSideEncryptionKey, "ZNQM4g+JykUfOBMkfL8kbvChD3R23UH53sRyTg42h9H2ph8ZJJlo2tSP5Oi3nR5gJAwA/OTrruNq02M2Zt4N7zVWdbFArKbY/CkHpihVYOqsSU4Z8RmrNBm4QfC5om2WElRHNt8hlqhnvzhdorGDB5OoMQ8KvQqXDC53aM5OY64="))
  876. opts = append(opts, oss.Meta(OssClientSideEncryptionStart, "mZ6kts6kaMm++0akhQQZl+tj8gPWznZ+giHciCQTIzriwBzZZO4d85YZeBStuUPshdnO3QHK63/NH9QFL6pwpLiXI9UZxkGygkp82oB4jaF4HKoQ4ujd670pXLxpljBLnp0sCxiCIaf5Fzp4jgNCurXycY10/5DN7yPPtdw7dkk="))
  877. opts = append(opts, oss.Meta(OssClientSideEncryptionWrapAlg, "RSA/NONE/PKCS1Padding"))
  878. opts = append(opts, oss.Meta(OssClientSideEncryptionCekAlg, "AES/CTR/NoPadding"))
  879. err = bucket.PutObjectFromFile(objectName, fileEncryptedByCpp, opts...)
  880. c.Assert(err, IsNil)
  881. // download with crypto bucket
  882. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  883. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  884. cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  885. downFileName := "oss-go-sdk-test-file-" + RandStr(5)
  886. err = cryptoBucket.GetObjectToFile(objectName, downFileName)
  887. c.Assert(err, IsNil)
  888. downMd5, _ := GetFileMD5(downFileName)
  889. srcJpgMd5, _ := GetFileMD5(srcJpgFile)
  890. c.Assert(downMd5, Equals, srcJpgMd5)
  891. os.Remove(downFileName)
  892. ForceDeleteBucket(client, bucketName, c)
  893. }
  894. func (s *OssCryptoBucketSuite) TestRepeatedPutObjectFromFile(c *C) {
  895. // create a bucket with default proprety
  896. client, err := oss.New(endpoint, accessID, accessKey)
  897. c.Assert(err, IsNil)
  898. bucketName := bucketNamePrefix + RandLowStr(6)
  899. err = client.CreateBucket(bucketName)
  900. c.Assert(err, IsNil)
  901. objectName := objectNamePrefix + RandStr(8)
  902. srcJpgFile := "../../sample/test-client-encryption-src.jpg"
  903. // put object from file
  904. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  905. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  906. cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  907. err = cryptoBucket.PutObjectFromFile(objectName, srcJpgFile)
  908. c.Assert(err, IsNil)
  909. downFileName := "oss-go-sdk-test-file-" + RandStr(5)
  910. err = cryptoBucket.GetObjectToFile(objectName, downFileName)
  911. c.Assert(err, IsNil)
  912. srcJpgMd5, _ := GetFileMD5(srcJpgFile)
  913. downMd5, _ := GetFileMD5(downFileName)
  914. c.Assert(len(srcJpgMd5) > 0, Equals, true)
  915. c.Assert(len(downMd5) > 0, Equals, true)
  916. c.Assert(downMd5, Equals, srcJpgMd5)
  917. os.Remove(downFileName)
  918. err = cryptoBucket.PutObjectFromFile(objectName+"-other", srcJpgFile)
  919. c.Assert(err, IsNil)
  920. err = cryptoBucket.GetObjectToFile(objectName, downFileName)
  921. c.Assert(err, IsNil)
  922. downMd5, _ = GetFileMD5(downFileName)
  923. c.Assert(downMd5, Equals, srcJpgMd5)
  924. os.Remove(downFileName)
  925. ForceDeleteBucket(client, bucketName, c)
  926. }
  927. func (s *OssCryptoBucketSuite) TestPutObjectEncryptionUserAgent(c *C) {
  928. logName := "." + string(os.PathSeparator) + "test-go-sdk.log" + RandStr(5)
  929. f, err := os.OpenFile(logName, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0660)
  930. c.Assert(err, IsNil)
  931. // create a bucket with default proprety
  932. client, err := oss.New(endpoint, accessID, accessKey)
  933. c.Assert(err, IsNil)
  934. client.Config.LogLevel = oss.Debug
  935. client.Config.Logger = log.New(f, "", log.LstdFlags)
  936. bucketName := bucketNamePrefix + RandLowStr(6)
  937. err = client.CreateBucket(bucketName)
  938. c.Assert(err, IsNil)
  939. objectName := objectNamePrefix + RandStr(8)
  940. srcJpgFile := "../../sample/test-client-encryption-src.jpg"
  941. // put object from file
  942. masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
  943. contentProvider := CreateAesCtrCipher(masterRsaCipher)
  944. cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
  945. err = cryptoBucket.PutObjectFromFile(objectName, srcJpgFile)
  946. c.Assert(err, IsNil)
  947. // read log file,get http info
  948. contents, err := ioutil.ReadFile(logName)
  949. c.Assert(err, IsNil)
  950. httpContent := string(contents)
  951. c.Assert(strings.Contains(httpContent, EncryptionUaSuffix), Equals, true)
  952. f.Close()
  953. os.Remove(logName)
  954. ForceDeleteBucket(client, bucketName, c)
  955. }
  956. func (s *OssCryptoBucketSuite) TestPutObjectNormalUserAgent(c *C) {
  957. logName := "." + string(os.PathSeparator) + "test-go-sdk.log" + RandStr(5)
  958. f, err := os.OpenFile(logName, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0660)
  959. c.Assert(err, IsNil)
  960. // create a bucket with default proprety
  961. client, err := oss.New(endpoint, accessID, accessKey)
  962. c.Assert(err, IsNil)
  963. client.Config.LogLevel = oss.Debug
  964. client.Config.Logger = log.New(f, "", log.LstdFlags)
  965. bucketName := bucketNamePrefix + RandLowStr(6)
  966. err = client.CreateBucket(bucketName)
  967. c.Assert(err, IsNil)
  968. objectName := objectNamePrefix + RandStr(8)
  969. srcJpgFile := "../../sample/test-client-encryption-src.jpg"
  970. bucket, err := client.Bucket(bucketName)
  971. err = bucket.PutObjectFromFile(objectName, srcJpgFile)
  972. c.Assert(err, IsNil)
  973. // read log file,get http info
  974. contents, err := ioutil.ReadFile(logName)
  975. c.Assert(err, IsNil)
  976. httpContent := string(contents)
  977. c.Assert(strings.Contains(httpContent, EncryptionUaSuffix), Equals, false)
  978. f.Close()
  979. os.Remove(logName)
  980. ForceDeleteBucket(client, bucketName, c)
  981. }