java : 使用 vfs s3 插件在 Amazon S3 中使用服务器端加密

Question

为了在 S3 中复制文件，我使用的是 vfs-s3-2.2.1.jar 我在 com.intridea.io.vfs.provider.s3 包下找到了 S3FileObject 类。 我在其中使用public void copyFrom(final FileObject file, final FileSelector selector) 方法复制文件。 在这种方法中，我发现了以下代码：

try {
    if (srcFile.getType().hasChildren()) {
        destFile.createFolder();
        // do server side copy if both source and dest are in S3 and using same credentials
    } else if (srcFile instanceof S3FileObject) {
        S3FileObject s3SrcFile = (S3FileObject)srcFile;
        String srcBucketName = s3SrcFile.getBucket().getName();
        String srcFileName = s3SrcFile.getS3Key();
        String destBucketName = destFile.getBucket().getName();
        String destFileName = destFile.getS3Key();
        CopyObjectRequest copy = new CopyObjectRequest(
                srcBucketName, srcFileName, destBucketName, destFileName);
        if (srcFile.getType() == FileType.FILE && getServerSideEncryption()) {
            ObjectMetadata meta = s3SrcFile.getObjectMetadata();
            meta.setSSEAlgorithm(AES_256_SERVER_SIDE_ENCRYPTION);
            copy.setNewObjectMetadata(meta);
        }
        getService().copyObject(copy);
    } else if (srcFile.getType().hasContent() && srcFile.getURL().getProtocol().equals("file")) {
        // do direct upload from file to avoid overhead of making a copy of the file
        try {
            File localFile = new File(srcFile.getURL().toURI());
            destFile.upload(localFile);
        } catch (URISyntaxException e) {
            // couldn't convert URL to URI, but should still be able to do the slower way
            super.copyFrom(file, selector);
        }
    } else {
        super.copyFrom(file, selector);
    }
} catch (IOException e) {
    throw new FileSystemException("vfs.provider/copy-file.error", new Object[]{srcFile, destFile}, e);
} catch (AmazonClientException e) {
    throw new FileSystemException("vfs.provider/copy-file.error", new Object[]{srcFile, destFile}, e);
} finally {
    destFile.close();
}

In official reference it uses these method

withSourceSSECustomerKey(sseKey)
withDestinationSSECustomerKey(newSseKey);

在vfs-s3-2.2.1.jar的copyFrom方法中S3FileObject 我找不到任何方法来设置 SSECustomerKey 我怎样才能达到同样的效果。 感谢您浏览此处。

Answer 1

我没有测试，但我快速查看了 lib/code - 在https://github.com/abashev/vfs-s3/blob/branch-2.3.x/src/main/java/com/intridea/io/vfs/provider/s3/S3FileSystemConfigBuilder.java 中有一种设置服务器端加密的方法

/**
 * use server-side encryption.
 *
 * @param opts The FileSystemOptions.
 * @param serverSideEncryption true if server-side encryption should be used.
 */
public void setServerSideEncryption(FileSystemOptions opts, boolean serverSideEncryption)
{
    setParam(opts, SERVER_SIDE_ENCRYPTION, serverSideEncryption);
}

所以在您致电 copyFrom 之前，您可以这样做

    S3FileSystemConfigBuilder.getInstance().setServerSideEncryption(
        S3FileSystemConfigBuilder.getInstance().getFileSystem().getFileSystemOptions(), 
        true);