diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index cecb6989..c4ae10bb 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -26,21 +26,21 @@ jobs: ref: fire-egg-dev path: all-examples/cpp/aws-sdk-cpp/ - - name: Checkout .NET V2 code + - name: Checkout .NET V3 code uses: actions/checkout@v5 with: token: ${{ secrets.PAT_FOR_DOTNET }} repository: aws/private-amazon-s3-encryption-client-dotnet-staging - ref: v3sdk-development - path: test-server/net-v2-v3-server/s3ec-net-v2/ + ref: rishav/key-commitment + path: all-examples/net/v3/s3ec-v3-local - - name: Checkout .NET V3 code + - name: Checkout .NET V4 code uses: actions/checkout@v5 with: token: ${{ secrets.PAT_FOR_DOTNET }} repository: aws/private-amazon-s3-encryption-client-dotnet-staging - ref: s3ec-v3 - path: test-server/net-v2-v3-server/s3ec-net-v3 + ref: s3ec-v4-WIP + path: all-examples/net/v4/s3ec-v4-local - name: Set up Python uses: actions/setup-python@v5 diff --git a/.gitmodules b/.gitmodules index 2d5c9a95..415ac204 100644 --- a/.gitmodules +++ b/.gitmodules @@ -56,3 +56,11 @@ path = test-server/net-v3-transition-server/s3ec-v3-transition-branch url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git branch = rishav/key-commitment +[submodule "all-examples/net/v4/s3ec-v4-local"] + path = all-examples/net/v4/s3ec-v4-local + url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git + branch = s3ec-v4-WIP +[submodule "all-examples/net/v3/s3ec-v3-local"] + path = all-examples/net/v3/s3ec-v3-local + url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git + branch = rishav/key-commitment diff --git a/all-examples/README.md b/all-examples/README.md index 59bc2d6c..8472de78 100644 --- a/all-examples/README.md +++ b/all-examples/README.md @@ -9,7 +9,7 @@ Each language has subdirectories for different major versions of the S3 Encrypti - `cpp/` - C++ examples - `v2/` - S3EC C++ v2 example (transitional) - `v3/` - S3EC C++ v3 example (improved) -- `dotnet/` - .NET examples +- `net/` - .NET examples - `v3/` - S3EC .NET v3 example (transitional) - `v4/` - S3EC .NET v4 example (improved) - `go/` - Go examples diff --git a/all-examples/net/.gitignore b/all-examples/net/.gitignore new file mode 100644 index 00000000..c6a52ab1 --- /dev/null +++ b/all-examples/net/.gitignore @@ -0,0 +1,19 @@ +# Build results +bin/ +obj/ + +# User-specific files +*.user +*.suo +*.userosscache +*.sln.docstates + +# Visual Studio +.vs/ + +# Rider +.idea/ + +# NuGet packages +packages/ +*.nupkg diff --git a/all-examples/net/v3/Makefile b/all-examples/net/v3/Makefile new file mode 100644 index 00000000..c375acc7 --- /dev/null +++ b/all-examples/net/v3/Makefile @@ -0,0 +1,66 @@ +# Makefile for S3 Encryption Client .NET v3 Example + +# Default target +.PHONY: all install clean run help + +# Default arguments for running the example +# Override these when calling make run +BUCKET_NAME ?= avp-21638 +OBJECT_KEY ?= s3ec-dotnet-v3 +KMS_KEY_ID ?= arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 +AWS_REGION ?= us-east-2 + +all: install + +# Install dependencies using .NET modules +install: + @echo "[NET V3] Installing .NET dependencies..." + dotnet restore + @echo "[NET V3] Dependencies installed successfully!" + +# Clean .NET artifacts +clean: + @echo "[NET V3] Cleaning .NET artifacts..." + dotnet clean + @echo "[NET V3] Clean completed!" + +# Run the example with default arguments +run: install + @echo "[NET V3] Running S3 Encryption Client v3 .NET example..." + @echo "[NET V3] Bucket: $(BUCKET_NAME)" + @echo "[NET V3] Object Key: $(OBJECT_KEY)" + @echo "[NET V3] KMS Key ID: $(KMS_KEY_ID)" + @echo "[NET V3] Region: $(AWS_REGION)" + @echo "" + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Run with custom arguments +# Usage: make run-custom BUCKET_NAME=my-bucket OBJECT_KEY=my-key KMS_KEY_ID=my-kms-key AWS_REGION=my-region +run-custom: install + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Show help +help: + @echo "S3 Encryption Client .NET v3 Example Makefile" + @echo "" + @echo "Available targets:" + @echo " install - Install .NET dependencies using .NET modules" + @echo " run - Install dependencies and run the example with default parameters" + @echo " run-custom - Install dependencies and run with custom parameters" + @echo " clean - Remove .NET artifacts" + @echo " help - Show this help message" + @echo "" + @echo "Default parameters:" + @echo " BUCKET_NAME = $(BUCKET_NAME)" + @echo " OBJECT_KEY = $(OBJECT_KEY)" + @echo " KMS_KEY_ID = $(KMS_KEY_ID)" + @echo " AWS_REGION = $(AWS_REGION)" + @echo "" + @echo "To run with custom parameters:" + @echo " make run BUCKET_NAME=your-bucket OBJECT_KEY=your-key KMS_KEY_ID=your-kms-key AWS_REGION=your-region" + @echo "" + @echo "Prerequisites:" + @echo " - Supported .NET framework installed on the system. See https://www.nuget.org/packages/Amazon.Extensions.S3.Encryption for supported one." + @echo " - AWS credentials configured (AWS CLI, environment variables, or IAM role)" + @echo " - Valid S3 bucket and KMS key with appropriate permissions" + @echo " - S3 Encryption Client v3 .NET SDK (included in s3ec-v3-local)" \ No newline at end of file diff --git a/all-examples/net/v3/Program.cs b/all-examples/net/v3/Program.cs new file mode 100644 index 00000000..6c1336f6 --- /dev/null +++ b/all-examples/net/v3/Program.cs @@ -0,0 +1,76 @@ +using Amazon; +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +namespace S3EncryptionClientV3Example +{ + class Program + { + static async Task Main(string[] args) + { + if (args.Length != 4) + { + Console.WriteLine("[NET V3] Usage: dotnet run "); + Environment.Exit(1); + } + + var (bucketName, objectKey, kmsKeyId, region) = (args[0], args[1], args[2], args[3]); + var testData = "Hello, World! This is a test message for S3 encryption client v3 in .NET."; + + Console.WriteLine("=== S3 Encryption Client v3 Example (.NET) ==="); + + try + { + var s3Client = CreateS3ECWithKms(kmsKeyId, region); + + await s3Client.PutObjectAsync(new PutObjectRequest + { + BucketName = bucketName, + Key = objectKey, + ContentBody = testData + }); + + var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); + using var reader = new StreamReader(getResponse.ResponseStream); + var decryptedData = await reader.ReadToEndAsync(); + + if (decryptedData != testData) + { + Console.WriteLine("[NET V3] ERROR: Roundtrip failed - data mismatch"); + Environment.Exit(1); + } + + Console.WriteLine("[NET V3] SUCCESS: Roundtrip encryption/decryption completed successfully!"); + } + catch (Exception ex) + { + Console.WriteLine($"[NET V3] Error: {ex.Message}"); + Environment.Exit(1); + } + } + + private static AmazonS3Client CreateS3ECWithKms(string kmsKeyId, string region) + { + var encryptionContextPerClient = new Dictionary + { + ["purpose"] = "example", + ["version"] = "v3", + ["language"] = "dotnet" + }; + + var encryptionMaterial = new EncryptionMaterialsV2(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); + var configuration = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2, CommitmentPolicy.ForbidEncryptAllowDecrypt, ContentEncryptionAlgorithm.AesGcm) + { + RegionEndpoint = RegionEndpoint.GetBySystemName(region) + }; + return new AmazonS3EncryptionClientV2(configuration, encryptionMaterial); + } + } +} diff --git a/all-examples/net/v3/s3ec-v3-local b/all-examples/net/v3/s3ec-v3-local new file mode 160000 index 00000000..ca1149d9 --- /dev/null +++ b/all-examples/net/v3/s3ec-v3-local @@ -0,0 +1 @@ +Subproject commit ca1149d9b423591c09d35caa649b3f6846e511a6 diff --git a/all-examples/net/v3/v3.csproj b/all-examples/net/v3/v3.csproj new file mode 100644 index 00000000..cfb74fad --- /dev/null +++ b/all-examples/net/v3/v3.csproj @@ -0,0 +1,19 @@ + + + + Exe + net8.0 + enable + enable + false + + + + + + + + + + + diff --git a/all-examples/net/v4/Makefile b/all-examples/net/v4/Makefile new file mode 100644 index 00000000..f45fbdfd --- /dev/null +++ b/all-examples/net/v4/Makefile @@ -0,0 +1,66 @@ +# Makefile for S3 Encryption Client .NET v4 Example + +# Default target +.PHONY: all install clean run help + +# Default arguments for running the example +# Override these when calling make run +BUCKET_NAME ?= avp-21638 +OBJECT_KEY ?= s3ec-dotnet-v4 +KMS_KEY_ID ?= arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 +AWS_REGION ?= us-east-2 + +all: install + +# Install dependencies using .NET modules +install: + @echo "[NET V4] Installing .NET dependencies..." + dotnet restore + @echo "[NET V4] Dependencies installed successfully!" + +# Clean .NET artifacts +clean: + @echo "[NET V4] Cleaning .NET artifacts..." + dotnet clean + @echo "[NET V4] Clean completed!" + +# Run the example with default arguments +run: install + @echo "[NET V4] Running S3 Encryption Client v4 .NET example..." + @echo "[NET V4] Bucket: $(BUCKET_NAME)" + @echo "[NET V4] Object Key: $(OBJECT_KEY)" + @echo "[NET V4] KMS Key ID: $(KMS_KEY_ID)" + @echo "[NET V4] Region: $(AWS_REGION)" + @echo "" + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Run with custom arguments +# Usage: make run-custom BUCKET_NAME=my-bucket OBJECT_KEY=my-key KMS_KEY_ID=my-kms-key AWS_REGION=my-region +run-custom: install + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Show help +help: + @echo "S3 Encryption Client .NET v4 Example Makefile" + @echo "" + @echo "Available targets:" + @echo " install - Install .NET dependencies using .NET modules" + @echo " run - Install dependencies and run the example with default parameters" + @echo " run-custom - Install dependencies and run with custom parameters" + @echo " clean - Remove .NET artifacts" + @echo " help - Show this help message" + @echo "" + @echo "Default parameters:" + @echo " BUCKET_NAME = $(BUCKET_NAME)" + @echo " OBJECT_KEY = $(OBJECT_KEY)" + @echo " KMS_KEY_ID = $(KMS_KEY_ID)" + @echo " AWS_REGION = $(AWS_REGION)" + @echo "" + @echo "To run with custom parameters:" + @echo " make run BUCKET_NAME=your-bucket OBJECT_KEY=your-key KMS_KEY_ID=your-kms-key AWS_REGION=your-region" + @echo "" + @echo "Prerequisites:" + @echo " - Supported .NET framework installed on the system. See https://www.nuget.org/packages/Amazon.Extensions.S3.Encryption for supported one." + @echo " - AWS credentials configured (AWS CLI, environment variables, or IAM role)" + @echo " - Valid S3 bucket and KMS key with appropriate permissions" + @echo " - S3 Encryption Client v4 .NET SDK (included in s3ec-v4-local)" \ No newline at end of file diff --git a/all-examples/net/v4/Program.cs b/all-examples/net/v4/Program.cs new file mode 100644 index 00000000..a8c799a6 --- /dev/null +++ b/all-examples/net/v4/Program.cs @@ -0,0 +1,76 @@ +using Amazon; +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +namespace S3EncryptionClientV4Example +{ + class Program + { + static async Task Main(string[] args) + { + if (args.Length != 4) + { + Console.WriteLine("[NET V4] Usage: dotnet run "); + Environment.Exit(1); + } + + var (bucketName, objectKey, kmsKeyId, region) = (args[0], args[1], args[2], args[3]); + var testData = "Hello, World! This is a test message for S3 encryption client v4 in .NET."; + + Console.WriteLine("=== S3 Encryption Client v4 Example (.NET) ==="); + + try + { + var s3Client = CreateS3ECWithKms(kmsKeyId, region); + + await s3Client.PutObjectAsync(new PutObjectRequest + { + BucketName = bucketName, + Key = objectKey, + ContentBody = testData + }); + + var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); + using var reader = new StreamReader(getResponse.ResponseStream); + var decryptedData = await reader.ReadToEndAsync(); + + if (decryptedData != testData) + { + Console.WriteLine("[NET V4] ERROR: Roundtrip failed - data mismatch"); + Environment.Exit(1); + } + + Console.WriteLine("[NET V4] SUCCESS: Roundtrip encryption/decryption completed successfully!"); + } + catch (Exception ex) + { + Console.WriteLine($"[NET V4] Error: {ex.Message}"); + Environment.Exit(1); + } + } + + private static AmazonS3Client CreateS3ECWithKms(string kmsKeyId, string region) + { + var encryptionContextPerClient = new Dictionary + { + ["purpose"] = "example", + ["version"] = "v4", + ["language"] = "dotnet" + }; + + var encryptionMaterial = new EncryptionMaterialsV4(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); + var configuration = new AmazonS3CryptoConfigurationV4(SecurityProfile.V4, CommitmentPolicy.RequireEncryptRequireDecrypt, ContentEncryptionAlgorithm.AesGcmWithCommitment) + { + RegionEndpoint = RegionEndpoint.GetBySystemName(region) + }; + return new AmazonS3EncryptionClientV4(configuration, encryptionMaterial); + } + } +} diff --git a/all-examples/net/v4/s3ec-v4-local b/all-examples/net/v4/s3ec-v4-local new file mode 160000 index 00000000..691d22a5 --- /dev/null +++ b/all-examples/net/v4/s3ec-v4-local @@ -0,0 +1 @@ +Subproject commit 691d22a504184fd71f2dae7fd354bd669b58cc07 diff --git a/all-examples/net/v4/v4.csproj b/all-examples/net/v4/v4.csproj new file mode 100644 index 00000000..6d223a92 --- /dev/null +++ b/all-examples/net/v4/v4.csproj @@ -0,0 +1,19 @@ + + + + Exe + net8.0 + enable + enable + false + + + + + + + + + + +