Merge branch 'main' into aniravk/ReEncrypt-feature

akareddy04 · web-flow · commit 3ed8ddec97ce · 2025-07-21T12:10:58.000-07:00
diff --git a/cfn/release.yml b/cfn/release.yml
@@ -189,6 +189,7 @@ Resources:
                 "arn:aws:secretsmanager:us-west-2:${AWS::AccountId}:secret:Maven-GPG-Keys-CI-Credentials-eBrSNB",
                 "arn:aws:secretsmanager:us-west-2:${AWS::AccountId}:secret:Github/aws-crypto-tools-ci-bot-AGUB3U",
                 "arn:aws:secretsmanager:us-west-2:${AWS::AccountId}:secret:Sonatype-User-Token-zK61bM",
+                "arn:aws:secretsmanager:us-west-2:${AWS::AccountId}:secret:Sonatype-Central-Portal-XrYUs2",
                 "arn:aws:secretsmanager:us-west-2:${AWS::AccountId}:secret:Maven-GPG-Keys-Release-haLIjZ",
                 "arn:aws:secretsmanager:us-west-2:${AWS::AccountId}:secret:Maven-GPG-Keys-Release-Credentials-WgJanS"
               ],
diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml
@@ -10,8 +10,8 @@ env:
   secrets-manager:
     GPG_KEY: Maven-GPG-Keys-Release-Credentials:Keyname
     GPG_PASS: Maven-GPG-Keys-Release-Credentials:Passphrase
-    SONA_USERNAME: Sonatype-User-Token:username
-    SONA_PASSWORD: Sonatype-User-Token:password
+    SONA_USERNAME: Sonatype-Central-Portal:Username
+    SONA_PASSWORD: Sonatype-Central-Portal:Password
 
 phases:
   install:
diff --git a/codebuild/release/settings.xml b/codebuild/release/settings.xml
@@ -13,7 +13,7 @@ SPDX-License-Identifier: Apache-2.0
       <password>${codeartifact.token}</password>
     </server>
     <server>
-      <id>sonatype-nexus-staging</id>
+      <id>central</id>
       <username>${sonatype.username}</username>
       <password>${sonatype.password}</password>
     </server>
diff --git a/pom.xml b/pom.xml
@@ -33,7 +33,7 @@
   </developers>
 
   <scm>
-    <url>https://github.com/aws/amazon-s3-encryption-client.git</url>
+    <url>https://github.com/aws/amazon-s3-encryption-client-java.git</url>
   </scm>
 
   <properties>
@@ -308,8 +308,8 @@
 
       <distributionManagement>
         <snapshotRepository>
-          <id>sonatype-nexus-staging</id>
-          <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+          <id>central</id>
+          <url>https://ossrh-staging-api.central.sonatype.com/content/repositories/snapshots</url>
         </snapshotRepository>
       </distributionManagement>
 
@@ -336,13 +336,13 @@
             </executions>
           </plugin>
           <plugin>
-            <groupId>org.sonatype.plugins</groupId>
-            <artifactId>nexus-staging-maven-plugin</artifactId>
-            <version>1.6.13</version>
+            <groupId>org.sonatype.central</groupId>
+            <artifactId>central-publishing-maven-plugin</artifactId>
+            <version>0.7.0</version>
             <extensions>true</extensions>
             <configuration>
-              <serverId>sonatype-nexus-staging</serverId>
-                <nexusUrl>https://aws.oss.sonatype.org</nexusUrl>
+              <publishingServerId>central</publishingServerId>
+              <autoPublish>true</autoPublish>
             </configuration>
            </plugin>
         </plugins>
diff --git a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
@@ -3,6 +3,7 @@
 package software.amazon.encryption.s3;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import org.apache.commons.logging.LogFactory;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
 import software.amazon.awssdk.awscore.exception.AwsServiceException;
@@ -71,6 +72,7 @@
 import software.amazon.encryption.s3.materials.PartialRsaKeyPair;
 import software.amazon.encryption.s3.materials.RawKeyring;
 import software.amazon.encryption.s3.materials.RsaKeyring;
+import software.amazon.encryption.s3.materials.S3Keyring;
 
 import javax.crypto.SecretKey;
 import java.io.IOException;
@@ -1186,6 +1188,12 @@ public S3EncryptionClient build() {
             if (!onlyOneNonNull(_cryptoMaterialsManager, _keyring, _aesKey, _rsaKeyPair, _kmsKeyId)) {
                 throw new S3EncryptionClientException("Exactly one must be set of: crypto materials manager, keyring, AES key, RSA key pair, KMS key id");
             }
+            if (_enableLegacyWrappingAlgorithms && _keyring !=null) {
+                S3Keyring keyring = (S3Keyring) _keyring;
+                if (!keyring.areLegacyWrappingAlgorithmsEnabled()) {
+                    LogFactory.getLog(getClass()).warn("enableLegacyWrappingAlgorithms is set on the client, but is not set on the keyring provided. In order to enable legacy wrapping algorithms, set enableLegacyWrappingAlgorithms to true in the keyring's builder.");
+                }
+            }
 
             if (_bufferSize >= 0) {
                 if (_enableDelayedAuthenticationMode) {
diff --git a/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java b/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
@@ -30,6 +30,11 @@ protected S3Keyring(Builder<?, ?> builder) {
         _dataKeyGenerator = builder._dataKeyGenerator;
     }
 
+    /**
+     * @return true if legacy wrapping algorithms are enabled, false otherwise
+     */
+    public boolean areLegacyWrappingAlgorithmsEnabled() { return _enableLegacyWrappingAlgorithms;}
+
     /**
      * Generates a data key using the provided EncryptionMaterials and the configured DataKeyGenerator.
      * <p>
diff --git a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java
@@ -42,6 +42,7 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+
 import static software.amazon.encryption.s3.S3EncryptionClient.withAdditionalConfiguration;
 import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.BUCKET;
 import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.KMS_KEY_ID;
@@ -965,4 +966,5 @@ public void nullMaterialDescriptionV3() {
         v3Client.close();
 
     }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@`
`42`	`42`
`43`	`43`	`import static org.junit.jupiter.api.Assertions.assertEquals;`
`44`	`44`	`import static org.junit.jupiter.api.Assertions.assertThrows;`
	`45`	`+`
`45`	`46`	`import static software.amazon.encryption.s3.S3EncryptionClient.withAdditionalConfiguration;`
`46`	`47`	`import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.BUCKET;`
`47`	`48`	`import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.KMS_KEY_ID;`
`@@ -965,4 +966,5 @@ public void nullMaterialDescriptionV3() {`
`965`	`966`	`v3Client.close();`
`966`	`967`
`967`	`968`	`}`
	`969`	`+`
`968`	`970`	`}`