diff --git a/.autover/changes/410401de-8685-444c-a85f-dcc4fd167d15.json b/.autover/changes/410401de-8685-444c-a85f-dcc4fd167d15.json deleted file mode 100644 index 9b8d582..0000000 --- a/.autover/changes/410401de-8685-444c-a85f-dcc4fd167d15.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "Projects": [ - { - "Name": "Amazon.Extensions.S3.Encryption", - "Type": "Minor", - "ChangelogMessages": [ - "feat: Add decryption support for AesGcmWithCommitment" - ] - } - ] -} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index b5bbdb2..e1c09f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## Release 2025-12-16 + +### Amazon.Extensions.S3.Encryption (3.2.0) +* feat: Add decryption support for AesGcmWithCommitment + ## Release 2025-11-12 ### Amazon.Extensions.S3.Encryption (3.1.0) diff --git a/src/Amazon.Extensions.S3.Encryption.csproj b/src/Amazon.Extensions.S3.Encryption.csproj index 1d849e5..1d9618f 100644 --- a/src/Amazon.Extensions.S3.Encryption.csproj +++ b/src/Amazon.Extensions.S3.Encryption.csproj @@ -2,7 +2,7 @@ net472;netstandard2.0;netcoreapp3.1;net8.0 - 3.1.0 + 3.2.0 true Amazon.Extensions.S3.Encryption Amazon S3 Encryption Client for .NET diff --git a/src/AmazonS3EncryptionClientBase.cs b/src/AmazonS3EncryptionClientBase.cs index 391efcb..d78c9ba 100644 --- a/src/AmazonS3EncryptionClientBase.cs +++ b/src/AmazonS3EncryptionClientBase.cs @@ -112,8 +112,7 @@ internal IAmazonKeyManagementService KMSClient { if (this.S3CryptoConfig.KmsConfig != null) { - kmsClient = new AmazonKeyManagementServiceClient(this.Config.DefaultAWSCredentials, - this.S3CryptoConfig.KmsConfig); + kmsClient = new AmazonKeyManagementServiceClient(ExplicitAWSCredentials ?? Config.DefaultAWSCredentials, S3CryptoConfig.KmsConfig); } else { @@ -129,7 +128,7 @@ internal IAmazonKeyManagementService KMSClient kmsConfig.SetWebProxy(proxySettings); } - kmsClient = new AmazonKeyManagementServiceClient(this.Config.DefaultAWSCredentials, kmsConfig); + kmsClient = new AmazonKeyManagementServiceClient(ExplicitAWSCredentials ?? Config.DefaultAWSCredentials, kmsConfig); } } } @@ -146,7 +145,7 @@ internal AmazonS3Client S3ClientForInstructionFile { if (s3ClientForInstructionFile == null) { - s3ClientForInstructionFile = new AmazonS3Client(this.Config.DefaultAWSCredentials, S3CryptoConfig); + s3ClientForInstructionFile = new AmazonS3Client(ExplicitAWSCredentials ?? Config.DefaultAWSCredentials, S3CryptoConfig); } return s3ClientForInstructionFile; } diff --git a/test/UnitTests/AmazonS3EncryptionClientTests.cs b/test/UnitTests/AmazonS3EncryptionClientTests.cs index 5095475..400b71c 100644 --- a/test/UnitTests/AmazonS3EncryptionClientTests.cs +++ b/test/UnitTests/AmazonS3EncryptionClientTests.cs @@ -3,6 +3,7 @@ using Amazon.Extensions.S3.Encryption.Primitives; using Amazon.KeyManagementService; using Amazon.Runtime; +using Amazon.S3; using Xunit; namespace Amazon.Extensions.S3.Encryption.UnitTests @@ -82,9 +83,16 @@ public void S3EncryptionClient_AllWrappedClientsInheritBaseConfiguration() //= type=test //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped SDK clients including the KMS client. Assert.Equal(config.RegionEndpoint, client.S3ClientForInstructionFile.Config.RegionEndpoint); - Assert.Equal(credentials, client.S3ClientForInstructionFile.Config.DefaultAWSCredentials); Assert.Equal(config.RegionEndpoint, client.KMSClient.Config.RegionEndpoint); - Assert.Equal(credentials, client.Config.DefaultAWSCredentials); + + // Use reflection to get the actual credentials from the s3 and kms clients since ExplicitAWSCredentials is not exposed + var s3ClientCredentials = typeof(AmazonS3Client).GetProperty("ExplicitAWSCredentials", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)? + .GetValue(client.S3ClientForInstructionFile); + Assert.Equal(credentials, s3ClientCredentials); + + var kmsClientCredentials = typeof(AmazonKeyManagementServiceClient).GetProperty("ExplicitAWSCredentials", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)? + .GetValue(client.KMSClient); + Assert.Equal(credentials, kmsClientCredentials); } } } \ No newline at end of file diff --git a/test/UnitTests/AmazonS3EncryptionClientV2Tests.cs b/test/UnitTests/AmazonS3EncryptionClientV2Tests.cs index bc06424..8502634 100644 --- a/test/UnitTests/AmazonS3EncryptionClientV2Tests.cs +++ b/test/UnitTests/AmazonS3EncryptionClientV2Tests.cs @@ -3,6 +3,7 @@ using Amazon.Extensions.S3.Encryption.Primitives; using Amazon.KeyManagementService; using Amazon.Runtime; +using Amazon.S3; using Xunit; namespace Amazon.Extensions.S3.Encryption.UnitTests @@ -80,9 +81,16 @@ public void S3EncryptionClient_AllWrappedClientsInheritBaseConfiguration() //= type=test //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped SDK clients including the KMS client. Assert.Equal(config.RegionEndpoint, client.S3ClientForInstructionFile.Config.RegionEndpoint); - Assert.Equal(credentials, client.S3ClientForInstructionFile.Config.DefaultAWSCredentials); Assert.Equal(config.RegionEndpoint, client.KMSClient.Config.RegionEndpoint); - Assert.Equal(credentials, client.Config.DefaultAWSCredentials); + + // Use reflection to get the actual credentials from the s3 and kms clients since ExplicitAWSCredentials is not exposed + var s3ClientCredentials = typeof(AmazonS3Client).GetProperty("ExplicitAWSCredentials", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)? + .GetValue(client.S3ClientForInstructionFile); + Assert.Equal(credentials, s3ClientCredentials); + + var kmsClientCredentials = typeof(AmazonKeyManagementServiceClient).GetProperty("ExplicitAWSCredentials", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)? + .GetValue(client.KMSClient); + Assert.Equal(credentials, kmsClientCredentials); } } } \ No newline at end of file