18 kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
19 "github.com/aliyun/aliyun-oss-go-sdk/oss"
23 func Test(t *testing.T) {
27 type OssCryptoBucketSuite struct {
30 var _ = Suite(&OssCryptoBucketSuite{})
33 matDesc = make(map[string]string)
35 rsaPublicKey string = `-----BEGIN PUBLIC KEY-----
36 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCokfiAVXXf5ImFzKDw+XO/UByW
37 6mse2QsIgz3ZwBtMNu59fR5zttSx+8fB7vR4CN3bTztrP9A6bjoN0FFnhlQ3vNJC
38 5MFO1PByrE/MNd5AAfSVba93I6sx8NSk5MzUCA4NJzAUqYOEWGtGBcom6kEF6MmR
39 1EKib1Id8hpooY5xaQIDAQAB
40 -----END PUBLIC KEY-----`
42 rsaPrivateKey string = `-----BEGIN PRIVATE KEY-----
43 MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAKiR+IBVdd/kiYXM
44 oPD5c79QHJbqax7ZCwiDPdnAG0w27n19HnO21LH7x8Hu9HgI3dtPO2s/0DpuOg3Q
45 UWeGVDe80kLkwU7U8HKsT8w13kAB9JVtr3cjqzHw1KTkzNQIDg0nMBSpg4RYa0YF
46 yibqQQXoyZHUQqJvUh3yGmihjnFpAgMBAAECgYA49RmCQ14QyKevDfVTdvYlLmx6
47 kbqgMbYIqk+7w611kxoCTMR9VMmJWgmk/Zic9mIAOEVbd7RkCdqT0E+xKzJJFpI2
48 ZHjrlwb21uqlcUqH1Gn+wI+jgmrafrnKih0kGucavr/GFi81rXixDrGON9KBE0FJ
49 cPVdc0XiQAvCBnIIAQJBANXu3htPH0VsSznfqcDE+w8zpoAJdo6S/p30tcjsDQnx
50 l/jYV4FXpErSrtAbmI013VYkdJcghNSLNUXppfk2e8UCQQDJt5c07BS9i2SDEXiz
51 byzqCfXVzkdnDj9ry9mba1dcr9B9NCslVelXDGZKvQUBqNYCVxg398aRfWlYDTjU
52 IoVVAkAbTyjPN6R4SkC4HJMg5oReBmvkwFCAFsemBk0GXwuzD0IlJAjXnAZ+/rIO
53 ItewfwXIL1Mqz53lO/gK+q6TR585AkB304KUIoWzjyF3JqLP3IQOxzns92u9EV6l
54 V2P+CkbMPXiZV6sls6I4XppJXX2i3bu7iidN3/dqJ9izQK94fMU9AkBZvgsIPCot
55 y1/POIbv9LtnviDKrmpkXgVQSU4BmTPvXwTJm8APC7P/horSh3SVf1zgmnsyjm9D
57 -----END PRIVATE KEY-----`
59 rsaPublicKeyPks1 string = `-----BEGIN RSA PUBLIC KEY-----
60 MIGJAoGBAKiR+IBVdd/kiYXMoPD5c79QHJbqax7ZCwiDPdnAG0w27n19HnO21LH7
61 x8Hu9HgI3dtPO2s/0DpuOg3QUWeGVDe80kLkwU7U8HKsT8w13kAB9JVtr3cjqzHw
62 1KTkzNQIDg0nMBSpg4RYa0YFyibqQQXoyZHUQqJvUh3yGmihjnFpAgMBAAE=
63 -----END RSA PUBLIC KEY-----`
65 rsaPrivateKeyPks1 string = `-----BEGIN RSA PRIVATE KEY-----
66 MIICWwIBAAKBgQCokfiAVXXf5ImFzKDw+XO/UByW6mse2QsIgz3ZwBtMNu59fR5z
67 ttSx+8fB7vR4CN3bTztrP9A6bjoN0FFnhlQ3vNJC5MFO1PByrE/MNd5AAfSVba93
68 I6sx8NSk5MzUCA4NJzAUqYOEWGtGBcom6kEF6MmR1EKib1Id8hpooY5xaQIDAQAB
69 AoGAOPUZgkNeEMinrw31U3b2JS5sepG6oDG2CKpPu8OtdZMaAkzEfVTJiVoJpP2Y
70 nPZiADhFW3e0ZAnak9BPsSsySRaSNmR465cG9tbqpXFKh9Rp/sCPo4Jq2n65yood
71 JBrnGr6/xhYvNa14sQ6xjjfSgRNBSXD1XXNF4kALwgZyCAECQQDV7t4bTx9FbEs5
72 36nAxPsPM6aACXaOkv6d9LXI7A0J8Zf42FeBV6RK0q7QG5iNNd1WJHSXIITUizVF
73 6aX5NnvFAkEAybeXNOwUvYtkgxF4s28s6gn11c5HZw4/a8vZm2tXXK/QfTQrJVXp
74 VwxmSr0FAajWAlcYN/fGkX1pWA041CKFVQJAG08ozzekeEpAuByTIOaEXgZr5MBQ
75 gBbHpgZNBl8Lsw9CJSQI15wGfv6yDiLXsH8FyC9TKs+d5Tv4Cvquk0efOQJAd9OC
76 lCKFs48hdyaiz9yEDsc57PdrvRFepVdj/gpGzD14mVerJbOiOF6aSV19ot27u4on
77 Td/3aifYs0CveHzFPQJAWb4LCDwqLctfzziG7/S7Z74gyq5qZF4FUElOAZkz718E
78 yZvADwuz/4aK0od0lX9c4Jp7Mo5vQ4TvdoBnPuGoyw==
79 -----END RSA PRIVATE KEY-----`
84 endpoint = os.Getenv("OSS_TEST_ENDPOINT")
85 accessID = os.Getenv("OSS_TEST_ACCESS_KEY_ID")
86 accessKey = os.Getenv("OSS_TEST_ACCESS_KEY_SECRET")
87 kmsID = os.Getenv("OSS_TEST_KMS_ID")
88 kmsRegion = os.Getenv("OSS_TEST_KMS_REGION")
89 kmsAccessID = accessID
90 kmsAccessKey = accessKey
91 bucketNamePrefix = "go-sdk-test-bucket-"
92 objectNamePrefix = "go-sdk-test-object-"
96 logPath = "go_sdk_test_" + time.Now().Format("20060102_150405") + ".log"
97 testLogFile, _ = os.OpenFile(logPath, os.O_RDWR|os.O_CREATE, 0664)
98 testLogger = log.New(testLogFile, "", log.Ldate|log.Ltime|log.Lshortfile)
99 letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
100 timeoutInOperation = 3 * time.Second
103 func RandStr(n int) string {
105 randMarker := rand.New(rand.NewSource(time.Now().UnixNano()))
107 b[i] = letters[randMarker.Intn(len(letters))]
112 func RandLowStr(n int) string {
113 return strings.ToLower(RandStr(n))
116 func GetFileMD5(filePath string) (string, error) {
117 fd, err := os.Open(filePath)
124 _, err = io.Copy(md5, fd)
126 return "", fmt.Errorf("buff copy error")
128 md5Str := hex.EncodeToString(md5.Sum(nil))
132 func GetStringMd5(s string) string {
135 md5Str := hex.EncodeToString(md5.Sum(nil))
139 func ForceDeleteBucket(client *oss.Client, bucketName string, c *C) {
140 bucket, err := client.Bucket(bucketName)
144 marker := oss.Marker("")
146 lor, err := bucket.ListObjects(marker)
148 for _, object := range lor.Objects {
149 err = bucket.DeleteObject(object.Key)
152 marker = oss.Marker(lor.NextMarker)
153 if !lor.IsTruncated {
158 // Delete Object Versions and DeleteMarks
159 keyMarker := oss.KeyMarker("")
160 versionIdMarker := oss.VersionIdMarker("")
161 options := []oss.Option{keyMarker, versionIdMarker}
163 lor, err := bucket.ListObjectVersions(options...)
168 for _, object := range lor.ObjectDeleteMarkers {
169 err = bucket.DeleteObject(object.Key, oss.VersionId(object.VersionId))
173 for _, object := range lor.ObjectVersions {
174 err = bucket.DeleteObject(object.Key, oss.VersionId(object.VersionId))
178 keyMarker = oss.KeyMarker(lor.NextKeyMarker)
179 versionIdMarker := oss.VersionIdMarker(lor.NextVersionIdMarker)
180 options = []oss.Option{keyMarker, versionIdMarker}
182 if !lor.IsTruncated {
188 keyMarker = oss.KeyMarker("")
189 uploadIDMarker := oss.UploadIDMarker("")
191 lmur, err := bucket.ListMultipartUploads(keyMarker, uploadIDMarker)
193 for _, upload := range lmur.Uploads {
194 var imur = oss.InitiateMultipartUploadResult{Bucket: bucketName,
195 Key: upload.Key, UploadID: upload.UploadID}
196 err = bucket.AbortMultipartUpload(imur)
199 keyMarker = oss.KeyMarker(lmur.NextKeyMarker)
200 uploadIDMarker = oss.UploadIDMarker(lmur.NextUploadIDMarker)
201 if !lmur.IsTruncated {
206 // delete live channel
209 result, err := bucket.ListLiveChannel(oss.Marker(strMarker))
212 for _, channel := range result.LiveChannel {
213 err := bucket.DeleteLiveChannel(channel.Name)
217 if result.IsTruncated {
218 strMarker = result.NextMarker
225 err = client.DeleteBucket(bucketName)
229 func ReadBody(body io.ReadCloser) (string, error) {
230 data, err := ioutil.ReadAll(body)
235 return string(data), nil
238 // SetUpSuite runs once when the suite starts running
239 func (s *OssCryptoBucketSuite) SetUpSuite(c *C) {
242 // TearDownSuite runs before each test or benchmark starts running
243 func (s *OssCryptoBucketSuite) TearDownSuite(c *C) {
246 // SetUpTest runs after each test or benchmark runs
247 func (s *OssCryptoBucketSuite) SetUpTest(c *C) {
250 // TearDownTest runs once after all tests or benchmarks have finished running
251 func (s *OssCryptoBucketSuite) TearDownTest(c *C) {
255 func (s *OssCryptoBucketSuite) TestPutObjectNormalPks8(c *C) {
256 // create a bucket with default proprety
257 client, err := oss.New(endpoint, accessID, accessKey)
260 bucketName := bucketNamePrefix + RandLowStr(6)
261 err = client.CreateBucket(bucketName)
265 testMatDesc := make(map[string]string)
266 testMatDesc["desc"] = "test rsa key"
267 masterRsaCipher, _ := CreateMasterRsa(testMatDesc, rsaPublicKey, rsaPrivateKey)
268 contentProvider := CreateAesCtrCipher(masterRsaCipher)
269 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
271 objectName := objectNamePrefix + RandStr(8)
272 objectValue := RandStr(1023)
275 var respHeader http.Header
276 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
280 body, err := bucket.GetObject(objectName)
282 text, err := ReadBody(body)
283 c.Assert(text, Equals, objectValue)
285 // non-crypto bucket download
286 normalBucket, err := client.Bucket(bucketName)
288 body, err = normalBucket.GetObject(objectName)
290 encryptText, err := ReadBody(body)
291 c.Assert(encryptText != objectValue, Equals, true)
294 acl, err := bucket.GetObjectACL(objectName)
296 c.Assert(acl.ACL, Equals, "default")
298 err = bucket.DeleteObject(objectName)
302 options := []oss.Option{
303 oss.ObjectACL(oss.ACLPublicRead),
304 oss.Meta("myprop", "mypropval"),
306 err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
310 body, err = bucket.GetObject(objectName)
312 text, err = ReadBody(body)
314 c.Assert(text, Equals, objectValue)
316 acl, err = bucket.GetObjectACL(objectName)
318 c.Assert(acl.ACL, Equals, string(oss.ACLPublicRead))
320 meta, err := bucket.GetObjectDetailedMeta(objectName)
322 c.Assert(meta.Get("X-Oss-Meta-Myprop"), Equals, "mypropval")
324 ForceDeleteBucket(client, bucketName, c)
327 func (s *OssCryptoBucketSuite) TestPutObjectNormalPks1(c *C) {
328 // create a bucket with default proprety
329 client, err := oss.New(endpoint, accessID, accessKey)
332 bucketName := bucketNamePrefix + RandLowStr(6)
333 err = client.CreateBucket(bucketName)
337 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
338 contentProvider := CreateAesCtrCipher(masterRsaCipher)
339 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
341 objectName := objectNamePrefix + RandStr(8)
342 objectValue := RandStr(1023)
345 var respHeader http.Header
346 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
350 body, err := bucket.GetObject(objectName)
352 text, err := ReadBody(body)
353 c.Assert(text, Equals, objectValue)
355 // non-crypto bucket download
356 normalBucket, err := client.Bucket(bucketName)
358 body, err = normalBucket.GetObject(objectName)
360 encryptText, err := ReadBody(body)
361 c.Assert(encryptText != objectValue, Equals, true)
364 acl, err := bucket.GetObjectACL(objectName)
366 c.Assert(acl.ACL, Equals, "default")
368 err = bucket.DeleteObject(objectName)
372 options := []oss.Option{
373 oss.ObjectACL(oss.ACLPublicRead),
374 oss.Meta("myprop", "mypropval"),
376 err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
380 body, err = bucket.GetObject(objectName)
382 text, err = ReadBody(body)
384 c.Assert(text, Equals, objectValue)
386 acl, err = bucket.GetObjectACL(objectName)
388 c.Assert(acl.ACL, Equals, string(oss.ACLPublicRead))
390 meta, err := bucket.GetObjectDetailedMeta(objectName)
392 c.Assert(meta.Get("X-Oss-Meta-Myprop"), Equals, "mypropval")
394 ForceDeleteBucket(client, bucketName, c)
397 func (s *OssCryptoBucketSuite) TestPutObjectEmptyPks1(c *C) {
398 // create a bucket with default proprety
399 client, err := oss.New(endpoint, accessID, accessKey)
402 bucketName := bucketNamePrefix + RandLowStr(6)
403 err = client.CreateBucket(bucketName)
407 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
408 contentProvider := CreateAesCtrCipher(masterRsaCipher)
409 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
411 objectName := objectNamePrefix + RandStr(8)
415 var respHeader http.Header
416 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
420 body, err := bucket.GetObject(objectName)
422 text, err := ReadBody(body)
423 c.Assert(text, Equals, objectValue)
425 // non-crypto bucket download
426 normalBucket, err := client.Bucket(bucketName)
428 body, err = normalBucket.GetObject(objectName)
430 encryptText, err := ReadBody(body)
431 c.Assert(encryptText == objectValue, Equals, true)
432 ForceDeleteBucket(client, bucketName, c)
435 func (s *OssCryptoBucketSuite) TestPutObjectSmallSizePks1(c *C) {
436 // create a bucket with default proprety
437 client, err := oss.New(endpoint, accessID, accessKey)
440 bucketName := bucketNamePrefix + RandLowStr(6)
441 err = client.CreateBucket(bucketName)
445 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
446 contentProvider := CreateAesCtrCipher(masterRsaCipher)
447 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
449 objectName := objectNamePrefix + RandStr(8)
452 var respHeader http.Header
453 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
457 body, err := bucket.GetObject(objectName)
459 text, err := ReadBody(body)
460 c.Assert(text, Equals, objectValue)
462 // non-crypto bucket download
463 normalBucket, err := client.Bucket(bucketName)
465 body, err = normalBucket.GetObject(objectName)
467 encryptText, err := ReadBody(body)
468 c.Assert(encryptText != objectValue, Equals, true)
469 ForceDeleteBucket(client, bucketName, c)
472 func (s *OssCryptoBucketSuite) TestPutObjectEmptyFilePks1(c *C) {
473 // create a bucket with default proprety
474 client, err := oss.New(endpoint, accessID, accessKey)
477 bucketName := bucketNamePrefix + RandLowStr(6)
478 err = client.CreateBucket(bucketName)
482 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKeyPks1, rsaPrivateKeyPks1)
483 contentProvider := CreateAesCtrCipher(masterRsaCipher)
484 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
486 fileName := "oss-go-sdk-test-file-" + RandStr(5)
487 fo, err := os.Create(fileName)
489 _, err = fo.Write([]byte(""))
493 objectName := objectNamePrefix + RandStr(8)
496 err = bucket.PutObjectFromFile(objectName, "/root1/abc.txt")
497 c.Assert(err, NotNil)
499 err = bucket.PutObjectFromFile(objectName, fileName)
502 downFileName := fileName + "-down"
505 err = bucket.GetObjectToFile(objectName, downFileName)
508 b1, err := ioutil.ReadFile(fileName)
509 b2, err := ioutil.ReadFile(downFileName)
510 c.Assert(len(b1), Equals, 0)
511 c.Assert(string(b1), Equals, string(b2))
513 os.Remove(downFileName)
516 ForceDeleteBucket(client, bucketName, c)
519 func (s *OssCryptoBucketSuite) TestKmsPutObjectNormal(c *C) {
520 // create a bucket with default proprety
521 client, err := oss.New(endpoint, accessID, accessKey)
524 bucketName := bucketNamePrefix + RandLowStr(6)
525 err = client.CreateBucket(bucketName)
528 kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
532 masterKmsCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
533 contentProvider := CreateAesCtrCipher(masterKmsCipher)
534 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
536 objectName := objectNamePrefix + RandStr(8)
537 objectValue := RandStr(1023)
540 var respHeader http.Header
541 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
545 body, err := bucket.GetObject(objectName)
547 text, err := ReadBody(body)
548 c.Assert(text, Equals, objectValue)
550 // non-crypto bucket download
551 normalBucket, err := client.Bucket(bucketName)
553 body, err = normalBucket.GetObject(objectName)
555 encryptText, err := ReadBody(body)
556 c.Assert(encryptText != objectValue, Equals, true)
559 acl, err := bucket.GetObjectACL(objectName)
561 c.Assert(acl.ACL, Equals, "default")
563 err = bucket.DeleteObject(objectName)
567 options := []oss.Option{
568 oss.ObjectACL(oss.ACLPublicRead),
569 oss.Meta("myprop", "mypropval"),
571 err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
575 body, err = bucket.GetObject(objectName)
577 text, err = ReadBody(body)
579 c.Assert(text, Equals, objectValue)
581 acl, err = bucket.GetObjectACL(objectName)
583 c.Assert(acl.ACL, Equals, string(oss.ACLPublicRead))
585 meta, err := bucket.GetObjectDetailedMeta(objectName)
587 c.Assert(meta.Get("X-Oss-Meta-Myprop"), Equals, "mypropval")
589 // put object error,bucket not exist
590 bucket.BucketName = bucket.BucketName + "-not-exist"
591 err = bucket.PutObject(objectName, strings.NewReader(objectValue), options...)
592 c.Assert(err, NotNil)
594 ForceDeleteBucket(client, bucketName, c)
597 type MockKmsManager struct {
600 func (mg *MockKmsManager) GetMasterKey(matDesc map[string]string) ([]string, error) {
601 if len(matDesc) == 0 {
602 return nil, fmt.Errorf("not found")
605 keyList := []string{kmsID}
609 func (s *OssCryptoBucketSuite) TestRsaBucketDecrptObjectWithKmsSuccess(c *C) {
610 // create a bucket with default proprety
611 client, err := oss.New(endpoint, accessID, accessKey)
614 bucketName := bucketNamePrefix + RandLowStr(6)
615 err = client.CreateBucket(bucketName)
618 kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
621 // crypto bucket with kms
622 testMatDesc := make(map[string]string)
623 testMatDesc["desc"] = "test kms wrap"
624 masterKmsCipher, _ := CreateMasterAliKms(testMatDesc, kmsID, kmsClient)
625 contentProvider := CreateAesCtrCipher(masterKmsCipher)
626 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
628 objectName := objectNamePrefix + RandStr(8)
629 objectValue := RandStr(1023)
632 var respHeader http.Header
633 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
636 // crypto bucket with rsa
637 var masterManager MockKmsManager
638 var options []CryptoBucketOption
639 options = append(options, SetAliKmsClient(kmsClient))
640 options = append(options, SetMasterCipherManager(&masterManager))
642 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
643 rsaProvider := CreateAesCtrCipher(masterRsaCipher)
644 rsaBucket, err := GetCryptoBucket(client, bucketName, rsaProvider, options...)
647 body, err := rsaBucket.GetObject(objectName)
649 text, err := ReadBody(body)
650 c.Assert(text, Equals, objectValue)
652 // non-crypto bucket download
653 normalBucket, err := client.Bucket(bucketName)
655 body, err = normalBucket.GetObject(objectName)
657 encryptText, err := ReadBody(body)
658 c.Assert(encryptText != objectValue, Equals, true)
659 ForceDeleteBucket(client, bucketName, c)
662 func (s *OssCryptoBucketSuite) TestRsaBucketDecrptObjectWithKmsError(c *C) {
663 // create a bucket with default proprety
664 client, err := oss.New(endpoint, accessID, accessKey)
667 bucketName := bucketNamePrefix + RandLowStr(6)
668 err = client.CreateBucket(bucketName)
671 kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
674 // crypto bucket with kms
675 testMatDesc := make(map[string]string)
676 testMatDesc["desc"] = "test kms wrap"
677 masterKmsCipher, _ := CreateMasterAliKms(testMatDesc, kmsID, kmsClient)
678 contentProvider := CreateAesCtrCipher(masterKmsCipher)
679 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
681 objectName := objectNamePrefix + RandStr(8)
682 objectValue := RandStr(1023)
685 var respHeader http.Header
686 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
689 // crypto bucket with rsa
690 var masterManager MockKmsManager
691 var options []CryptoBucketOption
694 //options = append(options, SetAliKmsClient(kmsClient))
696 options = append(options, SetMasterCipherManager(&masterManager))
698 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
699 rsaProvider := CreateAesCtrCipher(masterRsaCipher)
700 rsaBucket, err := GetCryptoBucket(client, bucketName, rsaProvider, options...)
703 _, err = rsaBucket.GetObject(objectName)
704 c.Assert(err, NotNil)
705 ForceDeleteBucket(client, bucketName, c)
708 func (s *OssCryptoBucketSuite) TestRangeGetObject(c *C) {
709 // create a bucket with default proprety
710 client, err := oss.New(endpoint, accessID, accessKey)
713 bucketName := bucketNamePrefix + RandLowStr(6)
714 err = client.CreateBucket(bucketName)
718 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
719 contentProvider := CreateAesCtrCipher(masterRsaCipher)
720 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
722 objectName := objectNamePrefix + RandStr(8)
723 contentLen := 1024 * 1024
724 content := RandStr(contentLen)
725 err = bucket.PutObject(objectName, strings.NewReader(content))
729 for i := 0; i < 20; i++ {
730 math_rand.Seed(time.Now().UnixNano())
731 rangeStart := rand.Intn(contentLen)
732 rangeEnd := rangeStart + rand.Intn(contentLen-rangeStart)
733 if rangeEnd == rangeStart || rangeStart >= contentLen-1 {
737 body, err := bucket.GetObject(objectName, oss.Range(int64(rangeStart), int64(rangeEnd)))
739 downText, err := ReadBody(body)
740 c.Assert(len(downText) > 0, Equals, true)
741 downMd5 := GetStringMd5(downText)
743 srcText := content[rangeStart : rangeEnd+1]
744 srcMd5 := GetStringMd5(srcText)
746 c.Assert(len(downText), Equals, len(srcText))
747 c.Assert(downMd5, Equals, srcMd5)
749 ForceDeleteBucket(client, bucketName, c)
752 func (s *OssCryptoBucketSuite) TestGetNormalObject(c *C) {
753 // create a bucket with default proprety
754 client, err := oss.New(endpoint, accessID, accessKey)
757 bucketName := bucketNamePrefix + RandLowStr(6)
758 err = client.CreateBucket(bucketName)
762 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
763 contentProvider := CreateAesCtrCipher(masterRsaCipher)
764 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
767 normalBucket, _ := client.Bucket(bucketName)
769 objectName := objectNamePrefix + RandStr(8)
770 objectValue := RandStr(1023)
773 err = normalBucket.PutObject(objectName, strings.NewReader(objectValue))
777 body, err := bucket.GetObject(objectName)
779 text, err := ReadBody(body)
780 c.Assert(text, Equals, objectValue)
783 err = bucket.DeleteObject(objectName)
787 body, err = bucket.GetObject(objectName)
788 c.Assert(err, NotNil)
790 ForceDeleteBucket(client, bucketName, c)
793 func (s *OssCryptoBucketSuite) TestGetCryptoBucketNotSupport(c *C) {
794 // create a bucket with default proprety
795 client, err := oss.New(endpoint, accessID, accessKey)
798 bucketName := bucketNamePrefix + RandLowStr(6)
801 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
802 contentProvider := CreateAesCtrCipher(masterRsaCipher)
803 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
805 objectName := objectNamePrefix + RandStr(8)
806 objectValue := RandStr(1023)
809 _, err = bucket.AppendObject(objectName, strings.NewReader(objectValue), 0)
810 c.Assert(err, NotNil)
813 var request oss.AppendObjectRequest
814 var options []oss.Option
815 _, err = bucket.DoAppendObject(&request, options)
816 c.Assert(err, NotNil)
819 err = bucket.PutObjectWithURL("oss://bucket/object", strings.NewReader(objectValue))
820 c.Assert(err, NotNil)
822 // PutObjectFromFileWithURL
823 err = bucket.PutObjectFromFileWithURL("oss://bucket/object", "file.txt")
824 c.Assert(err, NotNil)
826 // DoPutObjectWithURL
827 _, err = bucket.DoPutObjectWithURL("oss://bucket/object", strings.NewReader(objectValue), options)
828 c.Assert(err, NotNil)
831 _, err = bucket.GetObjectWithURL("oss://bucket/object")
832 c.Assert(err, NotNil)
834 // GetObjectToFileWithURL
835 err = bucket.GetObjectToFileWithURL("oss://bucket/object", "file.txt")
836 c.Assert(err, NotNil)
838 // DoGetObjectWithURL
839 _, err = bucket.DoGetObjectWithURL("oss://bucket/object", options)
840 c.Assert(err, NotNil)
843 _, err = bucket.ProcessObject("oss://bucket/object", "")
844 c.Assert(err, NotNil)
847 err = bucket.DownloadFile(objectName, "file.txt", 1024)
848 c.Assert(err, NotNil)
851 err = bucket.CopyFile("src-bucket", "src-object", "dest-object", 1024)
852 c.Assert(err, NotNil)
855 err = bucket.UploadFile(objectName, "file.txt", 1024)
856 c.Assert(err, NotNil)
859 type MockRsaManager struct {
862 func (mg *MockRsaManager) GetMasterKey(matDesc map[string]string) ([]string, error) {
863 if len(matDesc) == 0 {
864 return nil, fmt.Errorf("not found")
867 keyList := []string{rsaPublicKey, rsaPrivateKey}
871 func (s *OssCryptoBucketSuite) TestGetMasterKey(c *C) {
872 // create a bucket with default proprety
873 client, err := oss.New(endpoint, accessID, accessKey)
876 bucketName := bucketNamePrefix + RandLowStr(6)
877 err = client.CreateBucket(bucketName)
881 testMatDesc := make(map[string]string)
882 testMatDesc["desc"] = "test rsa key"
883 masterRsaCipher, _ := CreateMasterRsa(testMatDesc, rsaPublicKey, rsaPrivateKey)
884 contentProvider := CreateAesCtrCipher(masterRsaCipher)
885 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
887 objectName := objectNamePrefix + RandStr(8)
889 fileName := "../../sample/BingWallpaper-2015-11-07.jpg"
890 srcMD5, err := GetFileMD5(fileName)
893 err = bucket.PutObjectFromFile(objectName, fileName)
896 // other crypto bucket
897 var rsaManager MockRsaManager
898 masterRsaCipherOther, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
899 contentProviderOther := CreateAesCtrCipher(masterRsaCipherOther)
900 bucketOther, err := GetCryptoBucket(client, bucketName, contentProviderOther, SetMasterCipherManager(&rsaManager))
903 downfileName := "test-go-sdk-file-" + RandLowStr(5) + ".jpg"
904 err = bucketOther.GetObjectToFile(objectName, downfileName)
906 downFileMD5, err := GetFileMD5(downfileName)
908 c.Assert(downFileMD5, Equals, srcMD5)
910 // GetObjectToFile error
911 err = bucketOther.GetObjectToFile(objectName, "/root1/"+downfileName)
912 c.Assert(err, NotNil)
914 os.Remove(downfileName)
915 ForceDeleteBucket(client, bucketName, c)
918 type MockReader struct {
922 func (r *MockReader) Read(b []byte) (int, error) {
923 return r.Reader.Read(b)
926 func (s *OssCryptoBucketSuite) TestPutObjectUnkownReaderLen(c *C) {
927 // create a bucket with default proprety
928 client, err := oss.New(endpoint, accessID, accessKey)
931 bucketName := bucketNamePrefix + RandLowStr(6)
932 err = client.CreateBucket(bucketName)
936 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
937 contentProvider := CreateAesCtrCipher(masterRsaCipher)
938 bucket, err := GetCryptoBucket(client, bucketName, contentProvider)
940 objectName := objectNamePrefix + RandStr(8)
941 objectValue := RandStr(1023)
943 srcMD5 := GetStringMd5(objectValue)
944 options := []oss.Option{oss.ContentMD5(srcMD5), oss.ContentLength(1023)}
947 mockReader := &MockReader{strings.NewReader(objectValue)}
948 err = bucket.PutObject(objectName, mockReader, options...)
952 body, err := bucket.GetObject(objectName)
954 text, err := ReadBody(body)
955 c.Assert(text, Equals, objectValue)
957 ForceDeleteBucket(client, bucketName, c)
960 func (s *OssCryptoBucketSuite) TestGetDecryptCipher(c *C) {
961 // create a bucket with default proprety
962 client, err := oss.New(endpoint, accessID, accessKey)
965 bucketName := bucketNamePrefix + RandLowStr(6)
966 err = client.CreateBucket(bucketName)
970 var rsaManager MockRsaManager
971 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
972 contentProvider := CreateAesCtrCipher(masterRsaCipher)
973 bucket, err := GetCryptoBucket(client, bucketName, contentProvider, SetMasterCipherManager(&rsaManager))
975 objectName := objectNamePrefix + RandStr(8)
976 objectValue := RandStr(1023)
979 var respHeader http.Header
980 err = bucket.PutObject(objectName, strings.NewReader(objectValue), oss.GetResponseHeader(&respHeader))
983 // first,we must head object
984 metaInfo, err := bucket.GetObjectDetailedMeta(objectName)
987 envelope, _ := getEnvelopeFromHeader(metaInfo)
989 // test for getEnvelopeFromHeader
990 metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionKey, string([]byte{200, 200, 200}))
991 _, err = getEnvelopeFromHeader(metaInfo)
992 c.Assert(err, NotNil)
993 metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionKey, envelope.CipherKey)
995 metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionStart, string([]byte{200, 200, 200}))
996 _, err = getEnvelopeFromHeader(metaInfo)
997 c.Assert(err, NotNil)
998 metaInfo.Set(oss.HTTPHeaderOssMetaPrefix+OssClientSideEncryptionKey, envelope.IV)
1000 // test for getDecryptCipher
1001 CEKAlg := envelope.CEKAlg
1002 envelope.CEKAlg = ""
1003 _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
1004 c.Assert(err, NotNil)
1005 envelope.CEKAlg = CEKAlg
1008 bucket.MasterCipherManager = &MockRsaManager{}
1009 _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
1010 c.Assert(err, NotNil)
1012 // MasterCipherManager is nil
1013 bucket.MasterCipherManager = nil
1014 _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
1015 c.Assert(err, NotNil)
1017 WrapAlg := envelope.WrapAlg
1018 envelope.WrapAlg = "test"
1019 _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
1020 c.Assert(err, NotNil)
1021 envelope.WrapAlg = WrapAlg
1023 envelope.WrapAlg = KmsAliCryptoWrap
1024 _, err = bucket.ExtraCipherBuilder.GetDecryptCipher(envelope, bucket.MasterCipherManager)
1025 c.Assert(err, NotNil)
1026 ForceDeleteBucket(client, bucketName, c)
1029 func (s *OssCryptoBucketSuite) TestGetObjectEncryptedByCppRsa(c *C) {
1030 // create a bucket with default proprety
1031 client, err := oss.New(endpoint, accessID, accessKey)
1032 c.Assert(err, IsNil)
1034 bucketName := bucketNamePrefix + RandLowStr(6)
1035 err = client.CreateBucket(bucketName)
1036 c.Assert(err, IsNil)
1038 // put object encrypted by cpp
1039 bucket, err := client.Bucket(bucketName)
1040 c.Assert(err, IsNil)
1042 objectName := objectNamePrefix + RandStr(8)
1043 srcJpgFile := "../../sample/test-client-encryption-src.jpg"
1044 fileEncryptedByCpp := "../../sample/test-client-encryption-crypto-cpp-rsa.jpg"
1046 opts := []oss.Option{}
1047 opts = append(opts, oss.Meta(OssClientSideEncryptionKey, "nyXOp7delQ/MQLjKQMhHLaT0w7u2yQoDLkSnK8MFg/MwYdh4na4/LS8LLbLcM18m8I/ObWUHU775I50sJCpdv+f4e0jLeVRRiDFWe+uo7Puc9j4xHj8YB3QlcIOFQiTxHIB6q+C+RA6lGwqqYVa+n3aV5uWhygyv1MWmESurppg="))
1048 opts = append(opts, oss.Meta(OssClientSideEncryptionStart, "De/S3T8wFjx7QPxAAFl7h7TeI2EsZlfCwox4WhLGng5DK2vNXxULmulMUUpYkdc9umqmDilgSy5Z3Foafw+v4JJThfw68T/9G2gxZLrQTbAlvFPFfPM9Ehk6cY4+8WpY32uN8w5vrHyoSZGr343NxCUGIp6fQ9sSuOLMoJg7hNw="))
1049 opts = append(opts, oss.Meta(OssClientSideEncryptionWrapAlg, "RSA/NONE/PKCS1Padding"))
1050 opts = append(opts, oss.Meta(OssClientSideEncryptionCekAlg, "AES/CTR/NoPadding"))
1051 err = bucket.PutObjectFromFile(objectName, fileEncryptedByCpp, opts...)
1052 c.Assert(err, IsNil)
1054 // download with crypto bucket
1055 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
1056 contentProvider := CreateAesCtrCipher(masterRsaCipher)
1057 cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
1059 downFileName := "oss-go-sdk-test-file-" + RandStr(5)
1060 err = cryptoBucket.GetObjectToFile(objectName, downFileName)
1061 c.Assert(err, IsNil)
1063 downMd5, _ := GetFileMD5(downFileName)
1064 srcJpgMd5, _ := GetFileMD5(srcJpgFile)
1065 c.Assert(downMd5, Equals, srcJpgMd5)
1066 os.Remove(downFileName)
1068 ForceDeleteBucket(client, bucketName, c)
1071 func (s *OssCryptoBucketSuite) TestGetObjectEncryptedByPythonRsa(c *C) {
1072 // create a bucket with default proprety
1073 client, err := oss.New(endpoint, accessID, accessKey)
1074 c.Assert(err, IsNil)
1076 bucketName := bucketNamePrefix + RandLowStr(6)
1077 err = client.CreateBucket(bucketName)
1078 c.Assert(err, IsNil)
1080 // put object encrypted by python
1081 bucket, err := client.Bucket(bucketName)
1082 c.Assert(err, IsNil)
1084 objectName := objectNamePrefix + RandStr(8)
1085 srcJpgFile := "../../sample/test-client-encryption-src.jpg"
1086 fileEncryptedByCpp := "../../sample/test-client-encryption-crypto-python-rsa.jpg"
1088 opts := []oss.Option{}
1089 opts = append(opts, oss.Meta(OssClientSideEncryptionKey, "ZNQM4g+JykUfOBMkfL8kbvChD3R23UH53sRyTg42h9H2ph8ZJJlo2tSP5Oi3nR5gJAwA/OTrruNq02M2Zt4N7zVWdbFArKbY/CkHpihVYOqsSU4Z8RmrNBm4QfC5om2WElRHNt8hlqhnvzhdorGDB5OoMQ8KvQqXDC53aM5OY64="))
1090 opts = append(opts, oss.Meta(OssClientSideEncryptionStart, "mZ6kts6kaMm++0akhQQZl+tj8gPWznZ+giHciCQTIzriwBzZZO4d85YZeBStuUPshdnO3QHK63/NH9QFL6pwpLiXI9UZxkGygkp82oB4jaF4HKoQ4ujd670pXLxpljBLnp0sCxiCIaf5Fzp4jgNCurXycY10/5DN7yPPtdw7dkk="))
1091 opts = append(opts, oss.Meta(OssClientSideEncryptionWrapAlg, "RSA/NONE/PKCS1Padding"))
1092 opts = append(opts, oss.Meta(OssClientSideEncryptionCekAlg, "AES/CTR/NoPadding"))
1093 err = bucket.PutObjectFromFile(objectName, fileEncryptedByCpp, opts...)
1094 c.Assert(err, IsNil)
1096 // download with crypto bucket
1097 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
1098 contentProvider := CreateAesCtrCipher(masterRsaCipher)
1099 cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
1101 downFileName := "oss-go-sdk-test-file-" + RandStr(5)
1102 err = cryptoBucket.GetObjectToFile(objectName, downFileName)
1103 c.Assert(err, IsNil)
1105 downMd5, _ := GetFileMD5(downFileName)
1106 srcJpgMd5, _ := GetFileMD5(srcJpgFile)
1107 c.Assert(downMd5, Equals, srcJpgMd5)
1108 os.Remove(downFileName)
1110 ForceDeleteBucket(client, bucketName, c)
1113 func (s *OssCryptoBucketSuite) TestRepeatedPutObjectFromFile(c *C) {
1114 // create a bucket with default proprety
1115 client, err := oss.New(endpoint, accessID, accessKey)
1116 c.Assert(err, IsNil)
1118 bucketName := bucketNamePrefix + RandLowStr(6)
1119 err = client.CreateBucket(bucketName)
1120 c.Assert(err, IsNil)
1122 objectName := objectNamePrefix + RandStr(8)
1123 srcJpgFile := "../../sample/test-client-encryption-src.jpg"
1125 // put object from file
1126 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
1127 contentProvider := CreateAesCtrCipher(masterRsaCipher)
1128 cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
1130 err = cryptoBucket.PutObjectFromFile(objectName, srcJpgFile)
1131 c.Assert(err, IsNil)
1133 downFileName := "oss-go-sdk-test-file-" + RandStr(5)
1134 err = cryptoBucket.GetObjectToFile(objectName, downFileName)
1135 c.Assert(err, IsNil)
1137 srcJpgMd5, _ := GetFileMD5(srcJpgFile)
1138 downMd5, _ := GetFileMD5(downFileName)
1139 c.Assert(len(srcJpgMd5) > 0, Equals, true)
1140 c.Assert(len(downMd5) > 0, Equals, true)
1141 c.Assert(downMd5, Equals, srcJpgMd5)
1142 os.Remove(downFileName)
1144 err = cryptoBucket.PutObjectFromFile(objectName+"-other", srcJpgFile)
1145 c.Assert(err, IsNil)
1146 err = cryptoBucket.GetObjectToFile(objectName, downFileName)
1147 c.Assert(err, IsNil)
1148 downMd5, _ = GetFileMD5(downFileName)
1149 c.Assert(downMd5, Equals, srcJpgMd5)
1151 os.Remove(downFileName)
1152 ForceDeleteBucket(client, bucketName, c)
1155 func (s *OssCryptoBucketSuite) TestPutObjectEncryptionUserAgent(c *C) {
1156 logName := "." + string(os.PathSeparator) + "test-go-sdk.log" + RandStr(5)
1157 f, err := os.OpenFile(logName, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0660)
1158 c.Assert(err, IsNil)
1160 // create a bucket with default proprety
1161 client, err := oss.New(endpoint, accessID, accessKey)
1162 c.Assert(err, IsNil)
1163 client.Config.LogLevel = oss.Debug
1164 client.Config.Logger = log.New(f, "", log.LstdFlags)
1166 bucketName := bucketNamePrefix + RandLowStr(6)
1167 err = client.CreateBucket(bucketName)
1168 c.Assert(err, IsNil)
1170 objectName := objectNamePrefix + RandStr(8)
1171 srcJpgFile := "../../sample/test-client-encryption-src.jpg"
1173 // put object from file
1174 masterRsaCipher, _ := CreateMasterRsa(matDesc, rsaPublicKey, rsaPrivateKey)
1175 contentProvider := CreateAesCtrCipher(masterRsaCipher)
1176 cryptoBucket, err := GetCryptoBucket(client, bucketName, contentProvider)
1178 err = cryptoBucket.PutObjectFromFile(objectName, srcJpgFile)
1179 c.Assert(err, IsNil)
1181 // read log file,get http info
1182 contents, err := ioutil.ReadFile(logName)
1183 c.Assert(err, IsNil)
1185 httpContent := string(contents)
1186 c.Assert(strings.Contains(httpContent, EncryptionUaSuffix), Equals, true)
1190 ForceDeleteBucket(client, bucketName, c)
1193 func (s *OssCryptoBucketSuite) TestPutObjectNormalUserAgent(c *C) {
1194 logName := "." + string(os.PathSeparator) + "test-go-sdk.log" + RandStr(5)
1195 f, err := os.OpenFile(logName, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0660)
1196 c.Assert(err, IsNil)
1198 // create a bucket with default proprety
1199 client, err := oss.New(endpoint, accessID, accessKey)
1200 c.Assert(err, IsNil)
1201 client.Config.LogLevel = oss.Debug
1202 client.Config.Logger = log.New(f, "", log.LstdFlags)
1204 bucketName := bucketNamePrefix + RandLowStr(6)
1205 err = client.CreateBucket(bucketName)
1206 c.Assert(err, IsNil)
1208 objectName := objectNamePrefix + RandStr(8)
1209 srcJpgFile := "../../sample/test-client-encryption-src.jpg"
1211 bucket, err := client.Bucket(bucketName)
1213 err = bucket.PutObjectFromFile(objectName, srcJpgFile)
1214 c.Assert(err, IsNil)
1216 // read log file,get http info
1217 contents, err := ioutil.ReadFile(logName)
1218 c.Assert(err, IsNil)
1220 httpContent := string(contents)
1221 c.Assert(strings.Contains(httpContent, EncryptionUaSuffix), Equals, false)
1225 ForceDeleteBucket(client, bucketName, c)