Merge branch 'main' of github.com:aws/amazon-s3-encryption-client-java into inst-file-put

Author: kessplas

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [3.3.3](https://github.com/aws/aws-s3-encryption-client-java/compare/v3.3.2...v3.3.3) (2025-05-05)
+
+### Fixes
+
+* fix CipherSubscriber to only call onNext once per request ([#456](https://github.com/aws/aws-s3-encryption-client-java/issues/456)) ([646b735](https://github.com/aws/aws-s3-encryption-client-java/commit/646b735b052ced18a5c01f9d369ac6a81c8e2ce1))
+
+## [3.3.2](https://github.com/aws/aws-s3-encryption-client-java/compare/v3.3.1...v3.3.2) (2025-04-16)
+
+### Fixes
+
+* add builders to S3EncryptionClientException class ([#450](https://github.com/aws/aws-s3-encryption-client-java/issues/450)) ([647c809](https://github.com/aws/aws-s3-encryption-client-java/commit/647c809a0e0cc44abdd0c9bd192a3c78d29fdc71))
+* allow CipherSubscriber to determine if the part is last part ([#453](https://github.com/aws/aws-s3-encryption-client-java/issues/453)) ([12355a1](https://github.com/aws/aws-s3-encryption-client-java/commit/12355a11e29e81ebc3c903aaa7caee5a271a0ea8))
+
 ## [3.3.1](https://github.com/aws/aws-s3-encryption-client-java/compare/v3.3.0...v3.3.1) (2025-01-24)
 
 ### Fixes

pom.xml

@@ -6,7 +6,7 @@
 
   <groupId>software.amazon.encryption.s3</groupId>
   <artifactId>amazon-s3-encryption-client-java</artifactId>
-  <version>3.3.1</version>
+  <version>3.3.3</version>
   <packaging>jar</packaging>
 
   <name>Amazon S3 Encryption Client</name>

src/main/java/software/amazon/encryption/s3/internal/CipherSubscriber.java

@@ -11,22 +11,26 @@
 import javax.crypto.Cipher;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicLong;
 
 public class CipherSubscriber implements Subscriber<ByteBuffer> {
     private final AtomicLong contentRead = new AtomicLong(0);
     private final Subscriber<? super ByteBuffer> wrappedSubscriber;
-    private Cipher cipher;
+    private final Cipher cipher;
     private final Long contentLength;
-    private boolean isLastPart;
+    private final boolean isLastPart;
+    private final int tagLength;
+    private final AtomicBoolean finalBytesCalled = new AtomicBoolean(false);
 
     private byte[] outputBuffer;
 
     CipherSubscriber(Subscriber<? super ByteBuffer> wrappedSubscriber, Long contentLength, CryptographicMaterials materials, byte[] iv, boolean isLastPart) {
         this.wrappedSubscriber = wrappedSubscriber;
         this.contentLength = contentLength;
-        cipher = materials.getCipher(iv);
+        this.cipher = materials.getCipher(iv);
         this.isLastPart = isLastPart;
+        this.tagLength = materials.algorithmSuite().cipherTagLengthBytes();
     }
 
     CipherSubscriber(Subscriber<? super ByteBuffer> wrappedSubscriber, Long contentLength, CryptographicMaterials materials, byte[] iv) {
@@ -46,20 +50,48 @@ public void onNext(ByteBuffer byteBuffer) {
         if (amountToReadFromByteBuffer > 0) {
             byte[] buf = BinaryUtils.copyBytesFrom(byteBuffer, amountToReadFromByteBuffer);
             outputBuffer = cipher.update(buf, 0, amountToReadFromByteBuffer);
+
             if (outputBuffer == null || outputBuffer.length == 0) {
                 // The underlying data is too short to fill in the block cipher.
                 // Note that while the JCE Javadoc specifies that the outputBuffer is null in this case,
                 // in practice SunJCE and ACCP return an empty buffer instead, hence checks for
                 // null OR length == 0.
-                if (contentRead.get() == contentLength) {
+                if (contentRead.get() + tagLength >= contentLength) {
                     // All content has been read, so complete to get the final bytes
-                    this.onComplete();
+                    finalBytes();
+                    return;
                 }
                 // Otherwise, wait for more bytes. To avoid blocking,
                 // send an empty buffer to the wrapped subscriber.
                 wrappedSubscriber.onNext(ByteBuffer.allocate(0));
             } else {
-                wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
+                /*
+                 Check if stream has read all expected content.
+                 Once all content has been read, call `finalBytes`.
+
+                 This determines that all content has been read by checking if
+                 the amount of data read so far plus the tag length is at least the content length.
+                 Once this is true, downstream will never call `request` again
+                 (beyond the current request that is being responded to in this onNext invocation.)
+                 As a result, this class can only call `wrappedSubscriber.onNext` one more time.
+                 (Reactive streams require that downstream sends a `request(n)`
+                 to indicate it is ready for more data, and upstream responds to that request by calling `onNext`.
+                 The `n` in request is the maximum number of `onNext` calls that downstream
+                 will allow upstream to make, and seems to always be 1 for the AsyncBodySubscriber.)
+                 Since this class can only call `wrappedSubscriber.onNext` once,
+                 it must send all remaining data in the next onNext call,
+                 including the result of cipher.doFinal(), if applicable.
+                 Calling `wrappedSubscriber.onNext` more than once for `request(1)`
+                 violates the Reactive Streams specification and can cause exceptions downstream.
+                */
+                if (contentRead.get() + tagLength >= contentLength) {
+                    // All content has been read; complete the stream.
+                    finalBytes();
+                } else {
+                    // Needs to read more data, so send the data downstream,
+                    // expecting that downstream will continue to request more data.
+                    wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
+                }
             }
         } else {
             // Do nothing
@@ -91,21 +123,63 @@ public void onError(Throwable t) {
 
     @Override
     public void onComplete() {
+        // In rare cases, e.g. when the last part of a low-level MPU has 0 length,
+        // onComplete will be called before onNext is called once.
+        if (contentRead.get() + tagLength <= contentLength) {
+            finalBytes();
+        }
+        wrappedSubscriber.onComplete();
+    }
+
+    /**
+     * Finalize encryption, including calculating the auth tag for AES-GCM.
+     * As such this method MUST only be called once, which is enforced using
+     * `finalBytesCalled`.
+     */
+    private void finalBytes() {
+        if (!finalBytesCalled.compareAndSet(false, true)) {
+            // already called, don't repeat
+            return;
+        }
+
+        // If this isn't the last part, skip doFinal and just send outputBuffer downstream.
+        // doFinal requires that all parts have been processed to compute the tag,
+        // so the tag will only be computed when the last part is processed.
         if (!isLastPart) {
-            // If this isn't the last part, skip doFinal, we aren't done
-            wrappedSubscriber.onComplete();
+            wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
             return;
         }
+
+        // If this is the last part, compute doFinal and include its result in the value sent downstream.
+        // The result of doFinal MUST be included with the bytes that were in outputBuffer in the final onNext call.
+        byte[] finalBytes;
         try {
-            outputBuffer = cipher.doFinal();
-            // Send the final bytes to the wrapped subscriber
-            wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
+            finalBytes = cipher.doFinal();
         } catch (final GeneralSecurityException exception) {
+            // Even if doFinal fails, downstream still expects to receive the bytes that were in outputBuffer
+            wrappedSubscriber.onNext(ByteBuffer.wrap(outputBuffer));
             // Forward error, else the wrapped subscriber waits indefinitely
             wrappedSubscriber.onError(exception);
             throw new S3EncryptionClientSecurityException(exception.getMessage(), exception);
         }
-        wrappedSubscriber.onComplete();
+
+        // Combine the bytes from outputBuffer and finalBytes into one onNext call.
+        // Downstream has requested one item in its request method, so this class can only call onNext once.
+        // This single onNext call must contain both the bytes from outputBuffer and the tag.
+        byte[] combinedBytes;
+        if (outputBuffer != null && outputBuffer.length > 0 && finalBytes != null && finalBytes.length > 0) {
+            combinedBytes = new byte[outputBuffer.length + finalBytes.length];
+            System.arraycopy(outputBuffer, 0, combinedBytes, 0, outputBuffer.length);
+            System.arraycopy(finalBytes, 0, combinedBytes, outputBuffer.length, finalBytes.length);
+        } else if (outputBuffer != null && outputBuffer.length > 0) {
+            combinedBytes = outputBuffer;
+        } else if (finalBytes != null && finalBytes.length > 0) {
+            combinedBytes = finalBytes;
+        } else {
+            combinedBytes = new byte[0];
+        }
+
+        wrappedSubscriber.onNext(ByteBuffer.wrap(combinedBytes));
     }
 
 }

src/main/java/software/amazon/encryption/s3/internal/ConvertSDKRequests.java

@@ -0,0 +1,144 @@
+package software.amazon.encryption.s3.internal;
+
+import software.amazon.awssdk.services.s3.model.ChecksumType;
+import software.amazon.awssdk.services.s3.model.CreateMultipartUploadRequest;
+import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import java.time.Instant;
+import java.util.Map;
+
+public class ConvertSDKRequests {
+
+  public static CreateMultipartUploadRequest convert(PutObjectRequest request) {
+
+    final CreateMultipartUploadRequest.Builder output = CreateMultipartUploadRequest.builder();
+    request
+      .toBuilder()
+      .sdkFields()
+      .forEach(f -> {
+        final Object value = f.getValueOrDefault(request);
+        if (value != null) {
+          switch (f.memberName()) {
+            case "ACL":
+              output.acl((String) value);
+              break;
+            case "Bucket":
+              output.bucket((String) value);
+              break;
+            case "BucketKeyEnabled":
+              output.bucketKeyEnabled((Boolean) value);
+              break;
+            case "CacheControl":
+              output.cacheControl((String) value);
+              break;
+            case "ChecksumAlgorithm":
+              output.checksumAlgorithm((String) value);
+              break;
+            case "ChecksumType":
+              output.checksumType((ChecksumType) value);
+            case "ContentDisposition":
+              assert value instanceof String;
+              output.contentDisposition((String) value);
+              break;
+            case "ContentEncoding":
+              output.contentEncoding((String) value);
+              break;
+            case "ContentLanguage":
+              output.contentLanguage((String) value);
+              break;
+            case "ContentType":
+              output.contentType((String) value);
+              break;
+            case "ExpectedBucketOwner":
+              output.expectedBucketOwner((String) value);
+              break;
+            case "Expires":
+              output.expires((Instant) value);
+              break;
+            case "GrantFullControl":
+              output.grantFullControl((String) value);
+              break;
+            case "GrantRead":
+              output.grantRead((String) value);
+              break;
+            case "GrantReadACP":
+              output.grantReadACP((String) value);
+              break;
+            case "GrantWriteACP":
+              output.grantWriteACP((String) value);
+              break;
+            case "Key":
+              output.key((String) value);
+              break;
+            case "Metadata":
+              // The PutObjectRequest.builder().metadata(value)
+              // only takes Map<String, String> therefore it should not be possible
+              // to get here with anything other than a Map<String, String>
+              // This may be overkill, but this map should be small
+              // so the performance hit to verify this is worth the correctness.
+              if (!isStringStringMap(value)) {
+                throw new IllegalArgumentException("Metadata must be a Map<String, String>");
+              }
+              @SuppressWarnings("unchecked")
+              Map<String, String> metadata = (Map<String, String>) value;
+              output.metadata(metadata);
+              break;
+            case "ObjectLockLegalHoldStatus":
+              output.objectLockLegalHoldStatus((String) value);
+              break;
+            case "ObjectLockMode":
+              output.objectLockMode((String) value);
+              break;
+            case "ObjectLockRetainUntilDate":
+              output.objectLockRetainUntilDate((Instant) value);
+              break;
+            case "RequestPayer":
+              output.requestPayer((String) value);
+              break;
+            case "ServerSideEncryption":
+              output.serverSideEncryption((String) value);
+              break;
+            case "SSECustomerAlgorithm":
+              output.sseCustomerAlgorithm((String) value);
+              break;
+            case "SSECustomerKey":
+              output.sseCustomerKey((String) value);
+              break;
+            case "SSEKMSEncryptionContext":
+              output.ssekmsEncryptionContext((String) value);
+              break;
+            case "SSEKMSKeyId":
+              output.ssekmsKeyId((String) value);
+              break;
+            case "StorageClass":
+              output.storageClass((String) value);
+              break;
+            case "Tagging":
+              output.tagging((String) value);
+              break;
+            case "WebsiteRedirectLocation":
+              output.websiteRedirectLocation((String) value);
+              break;
+            default:
+              // Rather than silently dropping the value,
+              // we loudly signal that we don't know how to handle this field.
+              throw new IllegalArgumentException("Unknown PutObjectRequest field " + f.locationName() + ".");
+          }
+        }
+      });
+    return output
+      // OverrideConfiguration is not as SDKField but still needs to be supported
+      .overrideConfiguration(request.overrideConfiguration().orElse(null))
+      .build();
+  }
+
+  private static boolean isStringStringMap(Object value) {
+    if (!(value instanceof Map)) {
+      return false;
+    }
+    Map<?, ?> map = (Map<?, ?>) value;
+    return map.entrySet().stream()
+      .allMatch(entry -> entry != null
+        && ((Map.Entry<?, ?>) entry).getKey() instanceof String
+        && ((Map.Entry<?, ?>) entry).getValue() instanceof String);
+  }
+}

src/main/java/software/amazon/encryption/s3/internal/UploadObjectObserver.java

@@ -7,7 +7,6 @@
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.model.CompleteMultipartUploadResponse;
 import software.amazon.awssdk.services.s3.model.CompletedPart;
-import software.amazon.awssdk.services.s3.model.CreateMultipartUploadRequest;
 import software.amazon.awssdk.services.s3.model.CreateMultipartUploadResponse;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
 import software.amazon.awssdk.services.s3.model.SdkPartType;
@@ -42,20 +41,10 @@ public UploadObjectObserver init(PutObjectRequest req,
         this.es = es;
         return this;
     }
-
-    protected CreateMultipartUploadRequest newCreateMultipartUploadRequest(
-            PutObjectRequest request) {
-        return CreateMultipartUploadRequest.builder()
-                .bucket(request.bucket())
-                .key(request.key())
-                .metadata(request.metadata())
-                .overrideConfiguration(request.overrideConfiguration().orElse(null))
-                .build();
-    }
-
+    
     public String onUploadCreation(PutObjectRequest req) {
         CreateMultipartUploadResponse res =
-                s3EncryptionClient.createMultipartUpload(newCreateMultipartUploadRequest(req));
+                s3EncryptionClient.createMultipartUpload(ConvertSDKRequests.convert(req));
         return this.uploadId = res.uploadId();
     }
 

src/test/java/software/amazon/encryption/s3/S3AsyncEncryptionClientTest.java

@@ -729,6 +729,8 @@ public void copyObjectTransparentlyAsync() {
      * Test which artificially limits the size of buffers using {@link TinyBufferAsyncRequestBody}.
      * This tests edge cases where network conditions result in buffers with length shorter than
      * the cipher's block size.
+     * Note that TinyAsyncRequestBody is not fully spec-compliant, and will cause IllegalStateExceptions
+     * to be logged when debug logging is enabled.
      * @throws IOException
      */
     @Test