Address PR comments

Author: smswz

src/main/java/software/amazon/encryption/s3/algorithms/AlgorithmSuite.java

@@ -3,7 +3,7 @@
 
 public enum AlgorithmSuite {
     ALG_AES_256_GCM_IV12_TAG16_NO_KDF(0x0078,
-            true,
+            false,
             "AES",
             256,
             "AES/GCM/NoPadding",
@@ -12,7 +12,7 @@ public enum AlgorithmSuite {
             128,
             AlgorithmConstants.GCM_MAX_CONTENT_LENGTH_BITS),
     ALG_AES_256_CBC_IV16_NO_KDF(0x0070,
-            false,
+            true,
             "AES",
             256,
             "AES/CBC/PKCS5Padding",
@@ -22,7 +22,7 @@ public enum AlgorithmSuite {
             AlgorithmConstants.CBC_MAX_CONTENT_LENGTH_BYTES);
 
     private int _id;
-    private boolean _isActive;
+    private boolean _isLegacy;
     private String _dataKeyAlgorithm;
     private int _dataKeyLengthBits;
     private String _cipherName;
@@ -32,7 +32,7 @@ public enum AlgorithmSuite {
     private long _cipherMaxContentLengthBits;
 
     AlgorithmSuite(int id,
-            boolean isActive,
+            boolean isLegacy,
             String dataKeyAlgorithm,
             int dataKeyLengthBits,
             String cipherName,
@@ -42,7 +42,7 @@ public enum AlgorithmSuite {
             long cipherMaxContentLengthBits
     ) {
         this._id = id;
-        this._isActive = isActive;
+        this._isLegacy = isLegacy;
         this._dataKeyAlgorithm = dataKeyAlgorithm;
         this._dataKeyLengthBits = dataKeyLengthBits;
         this._cipherName = cipherName;
@@ -57,7 +57,7 @@ public int id() {
     }
 
     public boolean isLegacy() {
-        return !_isActive;
+        return _isLegacy;
     }
 
     public String dataKeyAlgorithm() {

src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java

@@ -23,16 +23,12 @@ public class GetEncryptedObjectPipeline {
 
     final private S3Client _s3Client;
     final private CryptographicMaterialsManager _cryptoMaterialsManager;
-    final private ContentDecryptionStrategy _contentDecryptionStrategy;
-    final private ContentMetadataDecodingStrategy _contentMetadataDecodingStrategy;
 
     public static Builder builder() { return new Builder(); }
 
     private GetEncryptedObjectPipeline(Builder builder) {
         this._s3Client = builder._s3Client;
         this._cryptoMaterialsManager = builder._cryptoMaterialsManager;
-        this._contentDecryptionStrategy = builder._contentDecryptionStrategy;
-        this._contentMetadataDecodingStrategy = builder._contentMetadataDecodingStrategy;
     }
 
     public <T> T getObject(GetObjectRequest getObjectRequest,
@@ -47,8 +43,13 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
         }
 
         GetObjectResponse response = objectStream.response();
+
         // TODO: Need to differentiate metadata decoding strategy here
-        ContentMetadata contentMetadata = _contentMetadataDecodingStrategy.decodeMetadata(response);
+        ContentMetadataDecodingStrategy contentMetadataDecodingStrategy = S3ObjectMetadataStrategy
+                .builder()
+                .build();
+
+        ContentMetadata contentMetadata = contentMetadataDecodingStrategy.decodeMetadata(response);
 
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
         List<EncryptedDataKey> encryptedDataKeys = Collections.singletonList(contentMetadata.encryptedDataKey());
@@ -83,14 +84,6 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
     public static class Builder {
         private S3Client _s3Client;
         private CryptographicMaterialsManager _cryptoMaterialsManager;
-        private ContentDecryptionStrategy _contentDecryptionStrategy =
-                AesGcmContentStrategy
-                        .builder()
-                        .build();
-        private ContentMetadataDecodingStrategy _contentMetadataDecodingStrategy =
-                S3ObjectMetadataStrategy
-                        .builder()
-                        .build();
 
         private Builder() {}
 
@@ -104,17 +97,6 @@ public Builder cryptoMaterialsManager(CryptographicMaterialsManager cryptoMateri
             return this;
         }
 
-        // TODO: these should be determined automatically based on inputs
-        public Builder contentDecryptionStrategy(ContentDecryptionStrategy strategy) {
-            this._contentDecryptionStrategy = strategy;
-            return this;
-        }
-
-        public Builder metadataDecodingStrategy(ContentMetadataDecodingStrategy strategy) {
-            this._contentMetadataDecodingStrategy = strategy;
-            return this;
-        }
-
         public GetEncryptedObjectPipeline build() {
             return new GetEncryptedObjectPipeline(this);
         }

…/encryption/s3/internal/MetadataKey.java …on/s3/internal/MetadataKeyConstants.javasrc/main/java/software/amazon/encryption/s3/internal/MetadataKey.java renamed to src/main/java/software/amazon/encryption/s3/internal/MetadataKeyConstants.java src/main/java/software/amazon/encryption/s3/internal/MetadataKey.java renamed to src/main/java/software/amazon/encryption/s3/internal/MetadataKeyConstants.java

@@ -1,6 +1,6 @@
 package software.amazon.encryption.s3.internal;
 
-public class MetadataKey {
+public class MetadataKeyConstants {
     public static final String ENCRYPTED_DATA_KEY_V1 = "x-amz-key";
     public static final String ENCRYPTED_DATA_KEY_V2 = "x-amz-key-v2";
     // This is the name of the keyring/algorithm e.g. AES/GCM or kms+context

src/main/java/software/amazon/encryption/s3/internal/S3ObjectMetadataStrategy.java

@@ -40,11 +40,11 @@ public PutObjectRequest encodeMetadata(
             PutObjectRequest request) {
         Map<String,String> metadata = new HashMap<>(request.metadata());
         EncryptedDataKey edk = materials.encryptedDataKeys().get(0);
-        metadata.put(MetadataKey.ENCRYPTED_DATA_KEY_V2, _encoder.encodeToString(edk.ciphertext()));
-        metadata.put(MetadataKey.CONTENT_NONCE, _encoder.encodeToString(encryptedContent.nonce));
-        metadata.put(MetadataKey.CONTENT_CIPHER, materials.algorithmSuite().cipherName());
-        metadata.put(MetadataKey.CONTENT_CIPHER_TAG_LENGTH, Integer.toString(materials.algorithmSuite().cipherTagLengthBits()));
-        metadata.put(MetadataKey.ENCRYPTED_DATA_KEY_ALGORITHM, new String(edk.keyProviderInfo(), StandardCharsets.UTF_8));
+        metadata.put(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2, _encoder.encodeToString(edk.ciphertext()));
+        metadata.put(MetadataKeyConstants.CONTENT_NONCE, _encoder.encodeToString(encryptedContent.nonce));
+        metadata.put(MetadataKeyConstants.CONTENT_CIPHER, materials.algorithmSuite().cipherName());
+        metadata.put(MetadataKeyConstants.CONTENT_CIPHER_TAG_LENGTH, Integer.toString(materials.algorithmSuite().cipherTagLengthBits()));
+        metadata.put(MetadataKeyConstants.ENCRYPTED_DATA_KEY_ALGORITHM, new String(edk.keyProviderInfo(), StandardCharsets.UTF_8));
 
         try (JsonWriter jsonWriter = JsonWriter.create()) {
             jsonWriter.writeStartObject();
@@ -54,7 +54,7 @@ public PutObjectRequest encodeMetadata(
             jsonWriter.writeEndObject();
 
             String jsonEncryptionContext = new String(jsonWriter.getBytes(), StandardCharsets.UTF_8);
-            metadata.put(MetadataKey.ENCRYPTED_DATA_KEY_CONTEXT, jsonEncryptionContext);
+            metadata.put(MetadataKeyConstants.ENCRYPTED_DATA_KEY_CONTEXT, jsonEncryptionContext);
         } catch (JsonGenerationException e) {
             throw new S3EncryptionClientException("Cannot serialize encryption context to JSON.", e);
         }
@@ -67,7 +67,7 @@ public ContentMetadata decodeMetadata(GetObjectResponse response) {
         Map<String, String> metadata = response.metadata();
 
         // Get algorithm suite
-        final String contentEncryptionAlgorithm = metadata.get(MetadataKey.CONTENT_CIPHER);
+        final String contentEncryptionAlgorithm = metadata.get(MetadataKeyConstants.CONTENT_CIPHER);
         AlgorithmSuite algorithmSuite;
         if (contentEncryptionAlgorithm == null
                 || contentEncryptionAlgorithm.equals(AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF.cipherName())) {
@@ -89,24 +89,24 @@ public ContentMetadata decodeMetadata(GetObjectResponse response) {
         switch (algorithmSuite) {
             case ALG_AES_256_CBC_IV16_NO_KDF:
                 // Extract encrypted data key ciphertext
-                edkCiphertext = _decoder.decode(metadata.get(MetadataKey.ENCRYPTED_DATA_KEY_V1));
+                edkCiphertext = _decoder.decode(metadata.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V1));
 
                 // Hardcode the key provider id to match what V1 does
                 keyProviderInfo = "AES";
 
                 break;
             case ALG_AES_256_GCM_IV12_TAG16_NO_KDF:
                 // Check tag length
-                final int tagLength = Integer.parseInt(metadata.get(MetadataKey.CONTENT_CIPHER_TAG_LENGTH));
+                final int tagLength = Integer.parseInt(metadata.get(MetadataKeyConstants.CONTENT_CIPHER_TAG_LENGTH));
                 if (tagLength != algorithmSuite.cipherTagLengthBits()) {
                     throw new S3EncryptionClientException("Expected tag length (bits) of: "
                             + algorithmSuite.cipherTagLengthBits()
                             + ", got: " + tagLength);
                 }
 
                 // Extract encrypted data key ciphertext and provider id
-                edkCiphertext = _decoder.decode(metadata.get(MetadataKey.ENCRYPTED_DATA_KEY_V2));
-                keyProviderInfo = metadata.get(MetadataKey.ENCRYPTED_DATA_KEY_ALGORITHM);
+                edkCiphertext = _decoder.decode(metadata.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2));
+                keyProviderInfo = metadata.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_ALGORITHM);
 
                 break;
             default:
@@ -123,7 +123,7 @@ public ContentMetadata decodeMetadata(GetObjectResponse response) {
 
         // Get encrypted data key encryption context
         final Map<String, String> encryptionContext = new HashMap<>();
-        final String jsonEncryptionContext = metadata.get(MetadataKey.ENCRYPTED_DATA_KEY_CONTEXT);
+        final String jsonEncryptionContext = metadata.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_CONTEXT);
         try {
             JsonNodeParser parser = JsonNodeParser.create();
             JsonNode objectNode = parser.parse(jsonEncryptionContext);
@@ -136,7 +136,7 @@ public ContentMetadata decodeMetadata(GetObjectResponse response) {
         }
 
         // Get content nonce
-        byte[] nonce = _decoder.decode(metadata.get(MetadataKey.CONTENT_NONCE));
+        byte[] nonce = _decoder.decode(metadata.get(MetadataKeyConstants.CONTENT_NONCE));
 
         return ContentMetadata.builder()
                 .algorithmSuite(algorithmSuite)