m

Lucas McDonald · Lucas McDonald · commit faf99ee6bcb3 · 2025-04-28T16:03:33.000-07:00
diff --git a/src/main/java/software/amazon/encryption/s3/internal/CipherSubscriber.java b/src/main/java/software/amazon/encryption/s3/internal/CipherSubscriber.java
@@ -42,15 +42,11 @@ public void onSubscribe(Subscription s) {
 
     @Override
     public void onNext(ByteBuffer byteBuffer) {
-        System.out.println("[CipherSubscriber] onNext called with buffer size: " + byteBuffer.remaining());
         int amountToReadFromByteBuffer = getAmountToReadFromByteBuffer(byteBuffer);
-        System.out.println("[CipherSubscriber] Amount to read from buffer: " + amountToReadFromByteBuffer);
 
         if (amountToReadFromByteBuffer > 0) {
             byte[] buf = BinaryUtils.copyBytesFrom(byteBuffer, amountToReadFromByteBuffer);
-            System.out.println("[CipherSubscriber] Copied " + buf.length + " bytes from input buffer");
             outputBuffer = cipher.update(buf, 0, amountToReadFromByteBuffer);
-            System.out.println("[CipherSubscriber] Cipher update produced " + (outputBuffer != null ? outputBuffer.length : 0) + " bytes");
 
             if (outputBuffer == null || outputBuffer.length == 0) {
                 // The underlying data is too short to fill in the block cipher.
@@ -59,29 +55,30 @@ public void onNext(ByteBuffer byteBuffer) {
                 // null OR length == 0.
                 if (contentRead.get() == contentLength) {
                     // All content has been read, so complete to get the final bytes
-                    System.out.println("[CipherSubscriber] All content read, calling onComplete");
                     this.onComplete();
                 }
                 // Otherwise, wait for more bytes. To avoid blocking,
                 // send an empty buffer to the wrapped subscriber.
-                System.out.println("[CipherSubscriber] Sending empty buffer to wrapped subscriber");
                 wrappedSubscriber.onNext(ByteBuffer.allocate(0));
             } else {
-                Long amount = isLastPart ? contentLength - (cipher.getBlockSize()) : contentLength - (cipher.getBlockSize());
-                System.out.println("[CipherSubscriber] Amount: " + amount);
-                System.out.println("[CipherSubscriber] Content read: " + contentRead.get());
-                System.out.println("content.get() - amount: " + (contentRead.get() - amount));
+                // cipher.update will only return a block of data if it has been provided a full block of data.
+                // If it has been provided a partial block of data, it will not return partial data.
+                // If the CipherSubscriber is done sending data, but the total amount of data is not a multiple of the block size,
+                // the amount of content returned by the cipher will be less than the contentLength by at most the block size.
+                // Calling `doFinal` will return the remaining bytes along with the tag.
+                Long amount = contentLength - cipher.getBlockSize();
                 if (contentRead.get() < amount) {
-                    System.out.println("[CipherSubscriber] Sending output buffer of size " + outputBuffer.length + " to wrapped subscriber");
+                    // If the amount of data read so far is less than the amount of data that should have been read,
+                    // send the data downstream, expecting that downstream will request more data.
                     wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
                 } else {
-                    System.out.println("[CipherSubscriber] Content read threshold reached, calling onComplete");
+                    // If the amount of data read so far is at least the amount of data that should have been read,
+                    // complete the stream, as downstream will not request any more data.
                     this.onComplete();
                 }
             }
         } else {
             // Do nothing
-            System.out.println("[CipherSubscriber] No data to process, forwarding buffer directly");
             wrappedSubscriber.onNext(byteBuffer);
         }
     }
@@ -90,79 +87,70 @@ private int getAmountToReadFromByteBuffer(ByteBuffer byteBuffer) {
         // If content length is null, we should include everything in the cipher because the stream is essentially
         // unbounded.
         if (contentLength == null) {
-            System.out.println("[CipherSubscriber] Content length is null, reading entire buffer: " + byteBuffer.remaining());
             return byteBuffer.remaining();
         }
 
         long amountReadSoFar = contentRead.getAndAdd(byteBuffer.remaining());
         long amountRemaining = Math.max(0, contentLength - amountReadSoFar);
-        System.out.println("[CipherSubscriber] Amount read so far: " + amountReadSoFar + ", remaining: " + amountRemaining);
 
         if (amountRemaining > byteBuffer.remaining()) {
-            System.out.println("[CipherSubscriber] Reading entire buffer: " + byteBuffer.remaining());
             return byteBuffer.remaining();
         } else {
-            System.out.println("[CipherSubscriber] Reading partial buffer: " + amountRemaining);
             return Math.toIntExact(amountRemaining);
         }
     }
 
     @Override
     public void onError(Throwable t) {
-        System.out.println("[CipherSubscriber] Error occurred: " + t.getMessage());
         wrappedSubscriber.onError(t);
     }
 
     @Override
     public void onComplete() {
-        System.out.println("[CipherSubscriber] onComplete called");
         if (onCompleteCalled) {
-            System.out.println("[CipherSubscriber] onComplete already called, returning");
             return;
         }
         onCompleteCalled = true;
         if (!isLastPart) {
             // If this isn't the last part, skip doFinal, we aren't done
-            System.out.println("[CipherSubscriber] Not last part, skipping doFinal");
             wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
             wrappedSubscriber.onComplete();
             return;
         }
-        try {
-            System.out.println("[CipherSubscriber] Calling cipher.doFinal()");
-            byte[] finalBytes = cipher.doFinal();
-            System.out.println("[CipherSubscriber] doFinal produced " + (finalBytes != null ? finalBytes.length : 0) + " bytes");
-
-            byte[] combinedBytes;
-            if (outputBuffer != null && outputBuffer.length > 0 && finalBytes != null && finalBytes.length > 0) {
-                System.out.println("[CipherSubscriber] Combining outputBuffer (" + outputBuffer.length + " bytes) with finalBytes (" + finalBytes.length + " bytes)");
-                combinedBytes = new byte[outputBuffer.length + finalBytes.length];
-                System.arraycopy(outputBuffer, 0, combinedBytes, 0, outputBuffer.length);
-                System.arraycopy(finalBytes, 0, combinedBytes, outputBuffer.length, finalBytes.length);
-            } else if (outputBuffer != null && outputBuffer.length > 0) {
-                System.out.println("[CipherSubscriber] Using only outputBuffer (" + outputBuffer.length + " bytes)");
-                combinedBytes = outputBuffer;
-            } else if (finalBytes != null && finalBytes.length > 0) {
-                System.out.println("[CipherSubscriber] Using only finalBytes (" + finalBytes.length + " bytes)");
-                combinedBytes = finalBytes;
-            } else {
-                System.out.println("[CipherSubscriber] No bytes to send");
-                combinedBytes = new byte[0];
-            }
 
-            if (combinedBytes.length > 0) {
-                System.out.println("[CipherSubscriber] Sending combined bytes to wrapped subscriber of length " + combinedBytes.length);
-                wrappedSubscriber.onNext(ByteBuffer.wrap(combinedBytes));
-            }
-            wrappedSubscriber.onComplete();
+        byte[] finalBytes = null;
+        try {
+            finalBytes = cipher.doFinal();
         } catch (final GeneralSecurityException exception) {
-            // Forward error, else the wrapped subscriber waits indefinitely
-            System.out.println("[CipherSubscriber] Security exception during doFinal: " + exception.getMessage());
+            // Even if doFinal fails, downstream still expects to receive the bytes that were in outputBuffer
             wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
+            // Forward error, else the wrapped subscriber waits indefinitely
             wrappedSubscriber.onError(exception);
+            // Even though doFinal failed, downstream still expects to receive onComplete signal
             wrappedSubscriber.onComplete();
             throw new S3EncryptionClientSecurityException(exception.getMessage(), exception);
         }
+
+        // Combine the bytes from outputBuffer and finalBytes into one onNext call.
+        // Downstream has requested `1` in its request method, so this class can only call onNext once.
+        // This onNext call must contain both the bytes from outputBuffer and the tag.
+        byte[] combinedBytes;
+        if (outputBuffer != null && outputBuffer.length > 0 && finalBytes != null && finalBytes.length > 0) {
+            combinedBytes = new byte[outputBuffer.length + finalBytes.length];
+            System.arraycopy(outputBuffer, 0, combinedBytes, 0, outputBuffer.length);
+            System.arraycopy(finalBytes, 0, combinedBytes, outputBuffer.length, finalBytes.length);
+        } else if (outputBuffer != null && outputBuffer.length > 0) {
+            combinedBytes = outputBuffer;
+        } else if (finalBytes != null && finalBytes.length > 0) {
+            combinedBytes = finalBytes;
+        } else {
+            combinedBytes = new byte[0];
+        }
+
+        if (combinedBytes.length > 0) {
+            wrappedSubscriber.onNext(ByteBuffer.wrap(combinedBytes));
+        }
+        wrappedSubscriber.onComplete();
     }
 
 }
