Merge pull request #76 from wastore/fileencryption

Encryption at REST for files

Author: jofriedm-msft

ChangeLog.txt

@@ -1,6 +1,7 @@
 2017.XX.XX Version X.X.X
  * Added ErrorReceivingResponseEvent which fires when a network error occurs before the responseReceivedEvent fires. If the responseReceivedEvent fires sucessfully, this new event will not fire.
  * For Premium Accounts only, added support for getting and setting the tier on a page blob. The tier can also be set when creating or copying from an existing page blob.
+ * Added support for server side encryption for File Service.
 
 2017.06.21 Version 5.3.1
  * Fixed a bug in specific upload case for block blobs. This only affects uploads greater than the max put blob threshold, that have increased the streamWriteSizeInBytes beyond the 4 MB and storeBlobContentMD5 has been disabled.

microsoft-azure-storage-test/src/com/microsoft/azure/storage/file/CloudFileServerEncryptionTests.java

@@ -0,0 +1,127 @@
+/**
+ * Copyright Microsoft Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.microsoft.azure.storage.file;
+
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+
+import com.microsoft.azure.storage.OperationContext;
+import com.microsoft.azure.storage.RequestCompletedEvent;
+import com.microsoft.azure.storage.StorageEvent;
+import com.microsoft.azure.storage.StorageException;
+import com.microsoft.azure.storage.TestRunners.CloudTests;
+import com.microsoft.azure.storage.TestRunners.DevFabricTests;
+import com.microsoft.azure.storage.TestRunners.DevStoreTests;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import static org.junit.Assert.*;
+
+@Category({ CloudTests.class, DevFabricTests.class, DevStoreTests.class })
+//@Ignore
+/* These test only works on accounts with server-side encryption enabled. */
+public class CloudFileServerEncryptionTests {
+
+    private CloudFileShare share;
+    private CloudFileDirectory dir;
+    private CloudFile file;
+    private boolean requestFound;
+
+    @Before
+    public void fileEncryptionTestMethodSetup() throws URISyntaxException, StorageException, IOException {
+        this.share = FileTestHelper.getRandomShareReference();
+        this.share.create();
+        this.dir = this.share.getRootDirectoryReference().getDirectoryReference("dir");
+        this.dir.create();
+        this.file = this.share.getRootDirectoryReference().getFileReference("file");
+        this.file.uploadText("text");
+    }
+
+    @After
+    public void fileEncryptionTestMethodTearDown() throws StorageException {
+        this.share.deleteIfExists();
+    }
+
+    @Test
+    public void testFileAttributesEncryption() throws URISyntaxException, StorageException, IOException {
+        this.file.downloadAttributes();
+        assertTrue(this.file.getProperties().isServerEncrypted());
+
+        CloudFile testFile = this.share.getRootDirectoryReference().getFileReference("file");
+        testFile.downloadText();
+        assertTrue(testFile.getProperties().isServerEncrypted());
+    }
+    
+    @Test
+    public void testDirectoryAttributesEncryption() throws URISyntaxException, StorageException, IOException {
+        assertFalse(this.dir.getProperties().isServerEncrypted());
+
+        CloudFileDirectory testDir = this.share.getRootDirectoryReference().getDirectoryReference("dir");
+        testDir.downloadAttributes();
+        assertTrue(testDir.getProperties().isServerEncrypted());
+    }
+
+    @Test
+    public void testCloudFileUploadEncryption() throws URISyntaxException, StorageException, IOException {
+        this.requestFound = false;
+
+        OperationContext ctxt = new OperationContext();
+        ctxt.getRequestCompletedEventHandler().addListener(new StorageEvent<RequestCompletedEvent>() {
+            @Override
+            public void eventOccurred(RequestCompletedEvent eventArg) {
+                assertTrue(eventArg.getRequestResult().isRequestServiceEncrypted());
+                CloudFileServerEncryptionTests.this.requestFound = true;
+            }
+        });
+
+        this.file.uploadText("test", null, null, null, ctxt);
+        assertTrue(this.requestFound);
+
+        this.requestFound = false;
+        this.file.uploadProperties(null, null, ctxt);
+        assertTrue(this.requestFound);
+
+        this.requestFound = false;
+        this.file.uploadMetadata(null, null, ctxt);
+        assertTrue(this.requestFound);
+    }
+
+    @Test
+    public void testCloudFileDirectoryEncryption() throws URISyntaxException, StorageException, IOException {
+        this.requestFound = false;
+
+        OperationContext ctxt = new OperationContext();
+        ctxt.getRequestCompletedEventHandler().addListener(new StorageEvent<RequestCompletedEvent>() {
+            @Override
+            public void eventOccurred(RequestCompletedEvent eventArg) {
+                assertTrue(eventArg.getRequestResult().isRequestServiceEncrypted());
+                CloudFileServerEncryptionTests.this.requestFound = true;
+            }
+        });
+
+        this.dir.uploadMetadata(null, null, ctxt);
+        assertTrue(this.requestFound);
+
+        this.requestFound = false;
+        CloudFileDirectory dir2 = this.share.getRootDirectoryReference().getDirectoryReference("dir2");
+        dir2.create(null, ctxt);
+        assertTrue(this.requestFound);
+    }
+}

microsoft-azure-storage/src/com/microsoft/azure/storage/blob/CloudAppendBlob.java

@@ -34,6 +34,7 @@
 import com.microsoft.azure.storage.StorageCredentials;
 import com.microsoft.azure.storage.StorageException;
 import com.microsoft.azure.storage.StorageUri;
+import com.microsoft.azure.storage.core.BaseResponse;
 import com.microsoft.azure.storage.core.ExecutionEngine;
 import com.microsoft.azure.storage.core.SR;
 import com.microsoft.azure.storage.core.StorageRequest;
@@ -309,7 +310,7 @@ public Void preProcessResponse(CloudBlob blob, CloudBlobClient client, Operation
                 }
 
                 blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 blob.getProperties().setLength(0);
                 return null;
             }
@@ -460,7 +461,7 @@ public Long preProcessResponse(CloudAppendBlob blob, CloudBlobClient client, Ope
                 blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
                 blob.updateCommittedBlockCountFromResponse(this.getConnection());
 
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return appendOffset;
             }
 

microsoft-azure-storage/src/com/microsoft/azure/storage/blob/CloudBlob.java

@@ -44,6 +44,7 @@
 import com.microsoft.azure.storage.StorageException;
 import com.microsoft.azure.storage.StorageLocation;
 import com.microsoft.azure.storage.StorageUri;
+import com.microsoft.azure.storage.core.BaseResponse;
 import com.microsoft.azure.storage.core.ExecutionEngine;
 import com.microsoft.azure.storage.core.Logger;
 import com.microsoft.azure.storage.core.NetworkInputStream;
@@ -2828,7 +2829,7 @@ public Void preProcessResponse(CloudBlob blob, CloudBlobClient client, Operation
                 }
 
                 blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };
@@ -2978,8 +2979,4 @@ protected static String getParentNameFromURI(final StorageUri resourceAddress, f
 
         return parentName;
     }
-    
-    protected static boolean isServerRequestEncrypted(HttpURLConnection connection) {
-        return Constants.TRUE.equals(connection.getHeaderField(Constants.HeaderConstants.SERVER_REQUEST_ENCRYPTED));
-    }
 }

microsoft-azure-storage/src/com/microsoft/azure/storage/blob/CloudBlockBlob.java

@@ -20,6 +20,7 @@
 
 import javax.crypto.Cipher;
 import javax.xml.stream.XMLStreamException;
+
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -379,7 +380,7 @@ public Void preProcessResponse(CloudBlob blob, CloudBlobClient client, Operation
                     }
 
                     blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
-                    this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                    this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                     return null;
                 }
 
@@ -920,7 +921,7 @@ public Void preProcessResponse(CloudBlob blob, CloudBlobClient client, Operation
                 }
 
                 blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
 
@@ -1116,7 +1117,7 @@ public Void preProcessResponse(CloudBlob blob, CloudBlobClient client, Operation
                     return null;
                 }
 
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
 

microsoft-azure-storage/src/com/microsoft/azure/storage/blob/CloudPageBlob.java

@@ -33,6 +33,7 @@
 import com.microsoft.azure.storage.StorageException;
 import com.microsoft.azure.storage.StorageUri;
 import com.microsoft.azure.storage.core.Base64;
+import com.microsoft.azure.storage.core.BaseResponse;
 import com.microsoft.azure.storage.core.ExecutionEngine;
 import com.microsoft.azure.storage.core.RequestLocationMode;
 import com.microsoft.azure.storage.core.SR;
@@ -575,7 +576,7 @@ public Void preProcessResponse(CloudBlob blob, CloudBlobClient client, Operation
                 }
 
                 blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 blob.getProperties().setLength(length);
                 blob.getProperties().setPremiumPageBlobTier(premiumBlobTier);
                 if (premiumBlobTier != null) {
@@ -1156,7 +1157,7 @@ public Void preProcessResponse(CloudPageBlob blob, CloudBlobClient client, Opera
 
                 blob.updateEtagAndLastModifiedFromResponse(this.getConnection());
                 blob.updateSequenceNumberFromResponse(this.getConnection());
-                this.getResult().setRequestServiceEncrypted(CloudBlob.isServerRequestEncrypted(this.getConnection()));
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };

microsoft-azure-storage/src/com/microsoft/azure/storage/core/BaseResponse.java

@@ -80,6 +80,16 @@ public static String getRequestId(final HttpURLConnection request) {
         return request.getHeaderField(Constants.HeaderConstants.REQUEST_ID_HEADER);
     }
 
+    /**
+     * Gets if the request was encrypted by the server.
+     * @param request
+     *            The response from the server.
+     * @return A boolean indicating if the request was encrypted by the server.
+     */
+    public static boolean isServerRequestEncrypted(HttpURLConnection request) {
+        return Constants.TRUE.equals(request.getHeaderField(Constants.HeaderConstants.SERVER_REQUEST_ENCRYPTED));
+    }
+    
     /**
      * Returns all the header/value pairs with the given prefix.
      * 

microsoft-azure-storage/src/com/microsoft/azure/storage/file/CloudFile.java

@@ -50,6 +50,7 @@
 import com.microsoft.azure.storage.blob.CloudBlob;
 import com.microsoft.azure.storage.blob.CloudBlobClient;
 import com.microsoft.azure.storage.core.Base64;
+import com.microsoft.azure.storage.core.BaseResponse;
 import com.microsoft.azure.storage.core.ExecutionEngine;
 import com.microsoft.azure.storage.core.Logger;
 import com.microsoft.azure.storage.core.NetworkInputStream;
@@ -667,6 +668,7 @@ public Void preProcessResponse(CloudFile file, CloudFileClient client, Operation
                 }
 
                 file.updateEtagAndLastModifiedFromResponse(this.getConnection());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
 
@@ -2284,6 +2286,7 @@ public Void preProcessResponse(CloudFile file, CloudFileClient client, Operation
                 }
 
                 file.updateEtagAndLastModifiedFromResponse(this.getConnection());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };
@@ -2376,6 +2379,7 @@ public Void preProcessResponse(CloudFile file, CloudFileClient client, Operation
                 }
 
                 file.updateEtagAndLastModifiedFromResponse(this.getConnection());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };
@@ -2462,6 +2466,7 @@ public Void preProcessResponse(CloudFile file, CloudFileClient client, Operation
                 }
 
                 file.updateEtagAndLastModifiedFromResponse(this.getConnection());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };
@@ -2544,6 +2549,7 @@ public Void preProcessResponse(CloudFile file, CloudFileClient client, Operation
 
                 file.getProperties().setLength(size);
                 file.updateEtagAndLastModifiedFromResponse(this.getConnection());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };

microsoft-azure-storage/src/com/microsoft/azure/storage/file/CloudFileDirectory.java

@@ -34,6 +34,7 @@
 import com.microsoft.azure.storage.StorageErrorCodeStrings;
 import com.microsoft.azure.storage.StorageException;
 import com.microsoft.azure.storage.StorageUri;
+import com.microsoft.azure.storage.core.BaseResponse;
 import com.microsoft.azure.storage.core.ExecutionEngine;
 import com.microsoft.azure.storage.core.LazySegmentedIterable;
 import com.microsoft.azure.storage.core.ListResponse;
@@ -238,6 +239,7 @@ public Void preProcessResponse(CloudFileDirectory directory, CloudFileClient cli
                 final FileDirectoryAttributes attributes = FileResponse
                         .getFileDirectoryAttributes(this.getConnection(), client.isUsePathStyleUris());
                 directory.setProperties(attributes.getProperties());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };
@@ -629,6 +631,7 @@ public Void preProcessResponse(CloudFileDirectory directory, CloudFileClient cli
                 }
 
                 directory.updatePropertiesFromResponse(this.getConnection());
+                this.getResult().setRequestServiceEncrypted(BaseResponse.isServerRequestEncrypted(this.getConnection()));
                 return null;
             }
         };

microsoft-azure-storage/src/com/microsoft/azure/storage/file/FileDirectoryProperties.java

@@ -33,6 +33,11 @@ public final class FileDirectoryProperties {
      */
     private Date lastModified;
 
+    /**
+     * Represents the directory's server-side encryption status.
+     */
+    private boolean serverEncrypted;
+
     /**
      * Gets the ETag value of the directory.
      * <p>
@@ -58,6 +63,15 @@ public Date getLastModified() {
         return this.lastModified;
     }
 
+    /**
+     * Gets the directory's server-side encryption status.
+     * 
+     * @return A <code>boolean</code> which specifies the directory's encryption status.
+     */
+    public boolean isServerEncrypted() {
+        return serverEncrypted;
+    }
+
     /**
      * Sets the ETag value on the directory.
      * 
@@ -68,6 +82,16 @@ protected void setEtag(final String etag) {
         this.etag = etag;
     }
 
+    /**
+     * Sets the directory's server-side encryption status.
+     * 
+     * @param serverEncrypted
+     *        A <code>boolean</code> which specifies the encryption status to set.
+     */
+    protected void setServerEncrypted(boolean serverEncrypted) {
+        this.serverEncrypted = serverEncrypted;
+    }
+
     /**
      * Sets the last modified time on the directory.
      *