Add check for legacy content encryption.

smswz · smswz · commit 3c3f648ea3dd · 2022-08-18T10:27:08.000-05:00
diff --git a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
@@ -30,11 +30,12 @@ public class S3EncryptionClient implements S3Client {
 
     private final S3Client _wrappedClient;
     private final CryptographicMaterialsManager _cryptoMaterialsManager;
+    private final boolean _enableLegacyModes;
 
     private S3EncryptionClient(Builder builder) {
         _wrappedClient = builder._wrappedClient;
         _cryptoMaterialsManager = builder._cryptoMaterialsManager;
-        // TODO: store _enableLegacyModes and pass onto pipeline
+        _enableLegacyModes = builder._enableLegacyModes;
     }
 
     public static Builder builder() {
@@ -66,6 +67,7 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
         GetEncryptedObjectPipeline pipeline = GetEncryptedObjectPipeline.builder()
                 .s3Client(_wrappedClient)
                 .cryptoMaterialsManager(_cryptoMaterialsManager)
+                .enableLegacyModes(_enableLegacyModes)
                 .build();
 
         return pipeline.getObject(getObjectRequest, responseTransformer);
diff --git a/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java b/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
@@ -22,14 +22,16 @@
 
 public class GetEncryptedObjectPipeline {
 
-    final private S3Client _s3Client;
-    final private CryptographicMaterialsManager _cryptoMaterialsManager;
+    private final S3Client _s3Client;
+    private final CryptographicMaterialsManager _cryptoMaterialsManager;
+    private final boolean _enableLegacyModes;
 
     public static Builder builder() { return new Builder(); }
 
     private GetEncryptedObjectPipeline(Builder builder) {
         this._s3Client = builder._s3Client;
         this._cryptoMaterialsManager = builder._cryptoMaterialsManager;
+        this._enableLegacyModes = builder._enableLegacyModes;
     }
 
     public <T> T getObject(GetObjectRequest getObjectRequest,
@@ -47,6 +49,10 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
         ContentMetadata contentMetadata = ContentMetadataStrategy.decode(_s3Client, getObjectRequest, getObjectResponse);
 
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
+        if (!_enableLegacyModes && algorithmSuite.isLegacy()) {
+            throw new S3EncryptionClientException("Enable legacy modes to use legacy content encryption: " + algorithmSuite.cipherName());
+        }
+
         List<EncryptedDataKey> encryptedDataKeys = Collections.singletonList(contentMetadata.encryptedDataKey());
 
         DecryptMaterialsRequest materialsRequest = DecryptMaterialsRequest.builder()
@@ -80,6 +86,7 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
     public static class Builder {
         private S3Client _s3Client;
         private CryptographicMaterialsManager _cryptoMaterialsManager;
+        private boolean _enableLegacyModes;
 
         private Builder() {}
 
@@ -93,6 +100,11 @@ public Builder cryptoMaterialsManager(CryptographicMaterialsManager cryptoMateri
             return this;
         }
 
+        public Builder enableLegacyModes(boolean enableLegacyModes) {
+            this._enableLegacyModes = enableLegacyModes;
+            return this;
+        }
+
         public GetEncryptedObjectPipeline build() {
             return new GetEncryptedObjectPipeline(this);
         }
