aws · ajewellamz · Nov 12, 2025 · Nov 12, 2025 · Nov 12, 2025
diff --git a/all-examples/cpp/README.md b/all-examples/cpp/README.md
@@ -2,6 +2,9 @@
 
 Minimal C++ use of S3 Encryption
 
+Source code changes best viewed here :
+[https://github.com/awslabs/aws-sdk-cpp-staging/pull/958]
+
 ## Build
 
 ```bash

diff --git a/all-examples/cpp/main.cpp b/all-examples/cpp/main.cpp
@@ -140,6 +140,80 @@ static int test_v2(const char *bucket, const char *object, const char *kms_key_i
   return 0;
 }
 
+
+static int test_v1(const char *bucket, const char *object, const char *kms_key_id, const char *region)
+{
+  Aws::Client::ClientConfiguration s3ClientConfig;
+  s3ClientConfig.region = region;
+
+  auto materials = std::make_shared<KMSWithContextEncryptionMaterials>(kms_key_id, s3ClientConfig);
+  CryptoConfiguration config;
+
+  auto client = std::make_shared<S3EncryptionClient>(materials, config, s3ClientConfig);
+
+  Aws::S3::Model::PutObjectRequest put_request;
+  put_request.SetBucket(bucket);
+  put_request.SetKey(object);
+
+  auto data = std::string("This is the sample content.");
+
+  auto stream = std::make_shared<std::stringstream>(data);
+  put_request.SetBody(stream);
+
+  auto put_outcome = client->PutObject(put_request);
+  if (put_outcome.IsSuccess())
+  {
+    fprintf(stderr, "PutObject V1 Successful.\n");
+  }
+  else
+  {
+    fprintf(stderr, "PutObject V1 Failed : %s\n", put_outcome.GetError().GetMessage().c_str());
+    return 1;
+  }
+
+  Aws::S3::Model::GetObjectRequest get_request;
+  get_request.SetBucket(bucket);
+  get_request.SetKey(object);
+  auto get_outcome = client->GetObject(get_request);
+  if (get_outcome.IsSuccess())
+  {
+    fprintf(stderr, "GetObject V1 Successful.\n");
+    Aws::StringStream response_stream;
+    response_stream << get_outcome.GetResult().GetBody().rdbuf();
+    if (response_stream.str() != data)
+    {
+      fprintf(stderr, "GetObject V1 returned the wrong data.\n");
+      return 1;
+    }
+  }
+  else
+  {
+    fprintf(stderr, "GetObject V1 Failed : %s\n", put_outcome.GetError().GetMessage().c_str());
+    return 1;
+  }
+
+  CryptoConfigurationV3 config_v3(materials);
+  auto v3_client_no_legacy = std::make_shared<S3EncryptionClientV3>(config_v3, s3ClientConfig);
+
+  config_v3.SetCommitmentPolicy(CommitmentPolicy::REQUIRE_ENCRYPT_ALLOW_DECRYPT);
+  config_v3.AllowLegacy();
+  auto v3_client_legacy = std::make_shared<S3EncryptionClientV3>(config_v3, s3ClientConfig);
+
+  get_outcome = v3_client_no_legacy->GetObject(get_request);
+  if (get_outcome.IsSuccess())
+    fprintf(stderr, "Badness. V3 with no legacy should have failed.\n");
+  else
+    fprintf(stderr, "V3 with no legacy successfully failed to read legacy object.\n");
+
+  get_outcome = v3_client_legacy->GetObject(get_request);
+  if (get_outcome.IsSuccess())
+    fprintf(stderr, "V3 with legacy support successfully read legacy object.\n");
+  else
+    fprintf(stderr, "Badness. V3 with legacy should have succeeded.\n");
+
+  return 0;
+}
+
 int main(int argc, char **argv)
 {
   if (argc != 6)
@@ -154,28 +228,20 @@ int main(int argc, char **argv)
   auto kms_key_id = argv[4];
   auto region = argv[5];
 
-  bool is_v3;
+  Aws::SDKOptions options;
+  Aws::InitAPI(options);
+
   if (strcasecmp(version_str, "v3") == 0)
-  {
-    is_v3 = true;
-  }
+    test_v3(bucket, object, kms_key_id, region);
   else if (strcasecmp(version_str, "v2") == 0)
-  {
-    is_v3 = false;
-  }
+    test_v2(bucket, object, kms_key_id, region);
+  else if (strcasecmp(version_str, "v1") == 0)
+    test_v1(bucket, object, kms_key_id, region);
   else
   {
-    fprintf(stderr, "Version was <%s> must be V2 or V3\n", version_str);
+    fprintf(stderr, "Version was <%s> must be V1, V2 or V3\n", version_str);
     return 1;
   }
 
-  Aws::SDKOptions options;
-  Aws::InitAPI(options);
-
-  if (is_v3)
-    test_v3(bucket, object, kms_key_id, region);
-  else
-    test_v2(bucket, object, kms_key_id, region);
-
   Aws::ShutdownAPI(options);
 }