From 712221402d86e778f802dccd4ed9a1791311b68c Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Wed, 1 Oct 2025 09:20:49 -0700 Subject: [PATCH 1/7] m --- .gitmodules | 8 ++++++++ spec | 1 + test-server/go-v3-transition-server/local-go-s3ec | 1 + 3 files changed, 10 insertions(+) create mode 160000 spec create mode 160000 test-server/go-v3-transition-server/local-go-s3ec diff --git a/.gitmodules b/.gitmodules index ce2abc73..eac4d486 100644 --- a/.gitmodules +++ b/.gitmodules @@ -12,3 +12,11 @@ path = test-server/php-v3-server/local-php-sdk url = git@github.com:aws/private-aws-sdk-php-staging.git branch = s3ec/improved +[submodule "test-server/go-v3-transition-server/local-go-s3ec"] + path = test-server/go-v3-transition-server/local-go-s3ec + url = git@github.com:aws/private-amazon-s3-encryption-client-go-staging.git + branch = v3-transition-unreviewed +[submodule "spec"] + path = spec + url = git@github.com:awslabs/private-aws-encryption-sdk-specification-staging.git + branch = fire-egg-staging diff --git a/spec b/spec new file mode 160000 index 00000000..e82ef6b9 --- /dev/null +++ b/spec @@ -0,0 +1 @@ +Subproject commit e82ef6b9c29a550f89b76cd790381743b8c07ad5 diff --git a/test-server/go-v3-transition-server/local-go-s3ec b/test-server/go-v3-transition-server/local-go-s3ec new file mode 160000 index 00000000..9dc5a1c0 --- /dev/null +++ b/test-server/go-v3-transition-server/local-go-s3ec @@ -0,0 +1 @@ +Subproject commit 9dc5a1c03a506627433ae570f205cdc15a9c6909 From 0cdf3cd0349addb24da74b244f6be36044ecb4d3 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Wed, 1 Oct 2025 09:23:30 -0700 Subject: [PATCH 2/7] m --- .gitmodules | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.gitmodules b/.gitmodules index fe2ea334..611ec917 100644 --- a/.gitmodules +++ b/.gitmodules @@ -12,6 +12,12 @@ path = test-server/php-v3-server/local-php-sdk url = git@github.com:aws/private-aws-sdk-php-staging.git branch = s3ec/improved +[submodule "test-server/go-v3-transition-server/local-go-s3ec"] + path = test-server/go-v3-transition-server/local-go-s3ec + url = git@github.com:aws/private-amazon-s3-encryption-client-go-staging.git + branch = v3-transition-unreviewed +[submodule "spec"] + path = spec [submodule "test-server/java-v3-transition-server/s3ec-staging"] path = test-server/java-v3-transition-server/s3ec-staging url = git@github.com:aws/private-amazon-s3-encryption-client-java-staging.git @@ -24,7 +30,3 @@ path = test-server/specification url = git@github.com:awslabs/private-aws-encryption-sdk-specification-staging.git branch = fire-egg-staging -[submodule "test-server/go-v3-transition-server/local-go-s3ec"] - path = test-server/go-v3-transition-server/local-go-s3ec - url = git@github.com:aws/private-amazon-s3-encryption-client-go-staging.git - branch = v3-transition-unreviewed \ No newline at end of file From 92b027660235c480444c31d1c5feeb3d227ecdcd Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 13 Oct 2025 10:53:18 -0700 Subject: [PATCH 3/7] m --- test-server/go-v4-server/go.mod | 3 ++- test-server/go-v4-server/go.sum | 3 ++- test-server/go-v4-server/local-go-s3ec | 2 +- test-server/go-v4-server/main.go | 19 ++++++++++++++++++- .../amazon/encryption/s3/TestUtils.java | 2 +- 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/test-server/go-v4-server/go.mod b/test-server/go-v4-server/go.mod index 4ab1895c..7e64715d 100644 --- a/test-server/go-v4-server/go.mod +++ b/test-server/go-v4-server/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-s3-encryption-client-python/test-server/go-server -go 1.21 +go 1.24.0 require ( github.com/aws/amazon-s3-encryption-client-go/v4 v4.0.0 @@ -28,6 +28,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect github.com/aws/smithy-go v1.19.0 // indirect + golang.org/x/crypto v0.42.0 // indirect ) // S3EC Go V4 is not released to pkg.go.dev as of writing. diff --git a/test-server/go-v4-server/go.sum b/test-server/go-v4-server/go.sum index 1bb969a3..4fbf8bbe 100644 --- a/test-server/go-v4-server/go.sum +++ b/test-server/go-v4-server/go.sum @@ -1,4 +1,3 @@ - github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 h1:OCs21ST2LrepDfD3lwlQiOqIGp6JiEUqG84GzTDoyJs= @@ -43,3 +42,5 @@ github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= +golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= diff --git a/test-server/go-v4-server/local-go-s3ec b/test-server/go-v4-server/local-go-s3ec index 782722b5..08c4ae8d 160000 --- a/test-server/go-v4-server/local-go-s3ec +++ b/test-server/go-v4-server/local-go-s3ec @@ -1 +1 @@ -Subproject commit 782722b57f4537b1a72223566330551b180adee6 +Subproject commit 08c4ae8dc0e385f39bc4f0259342e7cc0ac5414d diff --git a/test-server/go-v4-server/main.go b/test-server/go-v4-server/main.go index 75871d5f..fcf89e17 100644 --- a/test-server/go-v4-server/main.go +++ b/test-server/go-v4-server/main.go @@ -11,6 +11,7 @@ import ( "github.com/aws/amazon-s3-encryption-client-go/v4/client" "github.com/aws/amazon-s3-encryption-client-go/v4/materials" + "github.com/aws/amazon-s3-encryption-client-go/v4/commitment" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/kms" @@ -42,6 +43,7 @@ type S3ECConfig struct { EnableLegacyWrappingAlgorithms bool `json:"enableLegacyWrappingAlgorithms"` SetBufferSize int64 `json:"setBufferSize"` KeyMaterial KeyMaterial `json:"keyMaterial"` + CommitmentPolicy string `json:"commitmentPolicy"` } // KeyMaterial represents the key material for encryption @@ -147,6 +149,19 @@ func (s *Server) createClient(w http.ResponseWriter, r *http.Request) { return } + var commitmentPolicy commitment.CommitmentPolicy + switch input.Config.CommitmentPolicy { + case "REQUIRE_ENCRYPT_REQUIRE_DECRYPT": + commitmentPolicy = commitment.REQUIRE_ENCRYPT_REQUIRE_DECRYPT + case "REQUIRE_ENCRYPT_ALLOW_DECRYPT": + commitmentPolicy = commitment.REQUIRE_ENCRYPT_ALLOW_DECRYPT + case "FORBID_ENCRYPT_ALLOW_DECRYPT": + commitmentPolicy = commitment.FORBID_ENCRYPT_ALLOW_DECRYPT + default: + s.createGenericServerError(w, fmt.Sprintf("Invalid commitment policy: %s", input.Config.CommitmentPolicy), http.StatusBadRequest) + return + } + // Create KMS keyring kmsClient := kms.NewFromConfig(cfg) keyring := materials.NewKmsKeyring(kmsClient, input.Config.KeyMaterial.KMSKeyID, func(options *materials.KeyringOptions) { @@ -162,7 +177,9 @@ func (s *Server) createClient(w http.ResponseWriter, r *http.Request) { // Create S3 encryption client var s3EncryptionClient *client.S3EncryptionClientV4 s3PlaintextClient := s3.NewFromConfig(cfg) - s3EncryptionClient, err = client.New(s3PlaintextClient, cmm) + s3EncryptionClient, err = client.New(s3PlaintextClient, cmm, func(clientOptions *client.EncryptionClientOptions) { + clientOptions.CommitmentPolicy = commitmentPolicy + }) if err != nil { s.createS3EncryptionClientError(w, fmt.Sprintf("Failed to create S3EC: %v", err), http.StatusInternalServerError) diff --git a/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java b/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java index ddb41fd1..78cf2beb 100644 --- a/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java +++ b/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java @@ -104,7 +104,7 @@ public class TestUtils { Set.of( // JAVA_V4, // PYTHON_V3, - // GO_V4, + GO_V4, // NET_V3, // CPP_V3, // PHP_V3, From 0216071b665554c2800333cf174d31156ce5c848 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 13 Oct 2025 10:57:59 -0700 Subject: [PATCH 4/7] m --- spec | 1 - test-server/go-v3-transition-server/local-go-s3ec | 1 - test-server/java-v3-transition-server/s3ec-staging | 2 +- test-server/java-v4-server/s3ec-staging | 2 +- 4 files changed, 2 insertions(+), 4 deletions(-) delete mode 160000 spec delete mode 160000 test-server/go-v3-transition-server/local-go-s3ec diff --git a/spec b/spec deleted file mode 160000 index e82ef6b9..00000000 --- a/spec +++ /dev/null @@ -1 +0,0 @@ -Subproject commit e82ef6b9c29a550f89b76cd790381743b8c07ad5 diff --git a/test-server/go-v3-transition-server/local-go-s3ec b/test-server/go-v3-transition-server/local-go-s3ec deleted file mode 160000 index ad88488c..00000000 --- a/test-server/go-v3-transition-server/local-go-s3ec +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ad88488c889031c0212e2a5aa2dbcd9290afd8be diff --git a/test-server/java-v3-transition-server/s3ec-staging b/test-server/java-v3-transition-server/s3ec-staging index ab41a578..d20064ea 160000 --- a/test-server/java-v3-transition-server/s3ec-staging +++ b/test-server/java-v3-transition-server/s3ec-staging @@ -1 +1 @@ -Subproject commit ab41a57882f674768c4f528a9069cf69aeb9a53f +Subproject commit d20064ea735016288b362bfbf9b0d7cd12115feb diff --git a/test-server/java-v4-server/s3ec-staging b/test-server/java-v4-server/s3ec-staging index ab41a578..a48d2b8d 160000 --- a/test-server/java-v4-server/s3ec-staging +++ b/test-server/java-v4-server/s3ec-staging @@ -1 +1 @@ -Subproject commit ab41a57882f674768c4f528a9069cf69aeb9a53f +Subproject commit a48d2b8d951246fef0363dd3ef2bd82c4bf04988 From e7c912fcc78b051e0bb7d1f4f1bc5844229a2cb1 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 13 Oct 2025 12:17:39 -0700 Subject: [PATCH 5/7] disable net ig --- .../src/it/java/software/amazon/encryption/s3/TestUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java b/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java index 78cf2beb..a46c7fb8 100644 --- a/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java +++ b/test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java @@ -119,7 +119,7 @@ public class TestUtils { servers.put(PYTHON_V3, new LanguageServerTarget(PYTHON_V3, "8081")); servers.put(GO_V3_CURRENT, new LanguageServerTarget(GO_V3_CURRENT, "8082")); servers.put(NET_V2_CURRENT, new LanguageServerTarget(NET_V2_CURRENT, "8083")); - servers.put(NET_V3, new LanguageServerTarget(NET_V3, "8084")); + // servers.put(NET_V3, new LanguageServerTarget(NET_V3, "8084")); servers.put(CPP_V2_CURRENT, new LanguageServerTarget(CPP_V2_CURRENT, "8085")); servers.put(RUBY_V2_CURRENT, new LanguageServerTarget(RUBY_V2_CURRENT, "8086")); servers.put(PHP_V2_CURRENT, new LanguageServerTarget(PHP_V2_CURRENT, "8087")); From c33f815c68dec980ca56ab3615f80d2c4f834632 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 13 Oct 2025 13:02:47 -0700 Subject: [PATCH 6/7] m --- test-server/go-v4-server/local-go-s3ec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-server/go-v4-server/local-go-s3ec b/test-server/go-v4-server/local-go-s3ec index 08c4ae8d..6dda0edf 160000 --- a/test-server/go-v4-server/local-go-s3ec +++ b/test-server/go-v4-server/local-go-s3ec @@ -1 +1 @@ -Subproject commit 08c4ae8dc0e385f39bc4f0259342e7cc0ac5414d +Subproject commit 6dda0edfa6c8ae0ea6e52874974861573c9dc3bd From eb4c56a8004b7f78794948edd14f38dccc883a8a Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 13 Oct 2025 14:43:03 -0700 Subject: [PATCH 7/7] m --- test-server/go-v4-server/local-go-s3ec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-server/go-v4-server/local-go-s3ec b/test-server/go-v4-server/local-go-s3ec index 6dda0edf..1e87cc03 160000 --- a/test-server/go-v4-server/local-go-s3ec +++ b/test-server/go-v4-server/local-go-s3ec @@ -1 +1 @@ -Subproject commit 6dda0edfa6c8ae0ea6e52874974861573c9dc3bd +Subproject commit 1e87cc0316b662cf5e0b26a88dbd705449065ca6