如何解决如何使用AmazonS3EncryptionClientV2客户端加密从AWS S3存储桶下载对象?
我们在代码中使用AmazonS3EncryptionClient与使用客户端加密的S3存储桶进行交互。但是,在今天更新nuget软件包时,我注意到AmazonS3EncryptionClient已被标记为过时。如果我们想继续进行更新,则看起来我们需要使用AmazonS3EncryptionClientV2。尝试从AmazonS3EncryptionClient迁移到AmazonS3EncryptionClientV2时遇到此问题。
在我们的旧代码中,我们使用的是AmazonS3EncryptionClient构造函数,该构造函数将RegionEnpoint作为参数。参见下图。看起来采用RegionEnpoint的构造函数已在AmazonS3EncryptionClientV2中删除。
正在从S3存储桶运行GetObject的旧代码。
S3BucketConfiguration _s3BucketConfiguration = provider
.GetService<IOptionsSnapshot<S3BucketConfiguration>>()
.Value;
var credential = new BasicAWSCredentials(
_s3BucketConfiguration.AccessKey,_s3BucketConfiguration.SecurityKey);
RegionEndpoint bucketRegion =
RegionEndpoint.GetBySystemName(_s3BucketConfiguration.Region);
EncryptionMaterials encryptionMaterials = new EncryptionMaterials(_s3BucketConfiguration.KMSKeyId);
var client = new AmazonS3EncryptionClient(credential,bucketRegion,encryptionMaterials);
GetObjectResponse response = await _client.GetObjectAsync(new GetObjectRequest
{
BucketName = _s3BucketConfig.BucketName,Key = filePath
});
我无法在AmazonS3EncryptionClientV2中传递RegionEnpoint。
到目前为止,我的代码。
S3BucketConfiguration _s3BucketConfiguration = provider
.GetService<IOptionsSnapshot<S3BucketConfiguration>>()
.Value;
var credential = new BasicAWSCredentials(
_s3BucketConfiguration.AccessKey,_s3BucketConfiguration.SecurityKey);
RegionEndpoint bucketRegion =
RegionEndpoint.GetBySystemName(_s3BucketConfiguration.Region);
var encryptionMaterials = new EncryptionMaterialsV2(
_s3BucketConfiguration.KMSKeyId,KmsType.KmsContext,new Dictionary<string,string>()
);
var config = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy);
//If I add this line it will instantiate AmazonS3EncryptionClientV2 but,the GetObject call fails.
//If I do not add this line,it will give me same error while instiantiating AmazonS3EncryptionClientV2
//config.RegionEndpoint = bucketRegion;
vr client = new AmazonS3EncryptionClientV2(credential,config,encryptionMaterials);
GetObjectResponse response = client.GetObjectAsync(new GetObjectRequest
{
BucketName = _s3BucketConfig.BucketName,Key = filePath,}).GetAwaiter().GetResult();
例外
No RegionEndpoint or ServiceURL configured
解决方法
我可以通过V1成功加密,并通过V {2}客户端解密,同时传递RegionEndpoint
。
var configuration = new AmazonS3CryptoConfiguration()
{
RegionEndpoint = RegionEndpoint.USWest2
};
var material = new EncryptionMaterials(KmsKeyId);
var client = new AmazonS3EncryptionClient(configuration,material);
var putObjectResponse = await client.PutObjectAsync(new PutObjectRequest()
{
ContentBody = ContentBody,BucketName = Bucket,Key = Key
});
if (putObjectResponse.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
var configurationV2 = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2AndLegacy)
{
RegionEndpoint = RegionEndpoint.USWest2
};
var materialV2 = new EncryptionMaterialsV2(KmsKeyId,KmsType.KmsContext,new Dictionary<string,string>());
var clientV2 = new AmazonS3EncryptionClientV2(configurationV2,materialV2);
var getObjectResponse = await clientV2.GetObjectAsync(new GetObjectRequest()
{
BucketName = Bucket,Key = Key
});
using (var reader = new StreamReader(getObjectResponse.ResponseStream))
{
Console.WriteLine(reader.ReadToEnd());
}
}
您能确定在加密和解密过程中使用相同的RegionEndpoint
吗?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。