aboutsummaryrefslogtreecommitdiff
path: root/test/s3/sse/simple_sse_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'test/s3/sse/simple_sse_test.go')
-rw-r--r--test/s3/sse/simple_sse_test.go115
1 files changed, 115 insertions, 0 deletions
diff --git a/test/s3/sse/simple_sse_test.go b/test/s3/sse/simple_sse_test.go
new file mode 100644
index 000000000..665837f82
--- /dev/null
+++ b/test/s3/sse/simple_sse_test.go
@@ -0,0 +1,115 @@
+package sse_test
+
+import (
+ "bytes"
+ "context"
+ "crypto/md5"
+ "crypto/rand"
+ "encoding/base64"
+ "fmt"
+ "io"
+ "testing"
+ "time"
+
+ "github.com/aws/aws-sdk-go-v2/aws"
+ "github.com/aws/aws-sdk-go-v2/config"
+ "github.com/aws/aws-sdk-go-v2/credentials"
+ "github.com/aws/aws-sdk-go-v2/service/s3"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+// TestSimpleSSECIntegration tests basic SSE-C with a fixed bucket name
+func TestSimpleSSECIntegration(t *testing.T) {
+ ctx := context.Background()
+
+ // Create S3 client
+ customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+ return aws.Endpoint{
+ URL: "http://127.0.0.1:8333",
+ HostnameImmutable: true,
+ }, nil
+ })
+
+ awsCfg, err := config.LoadDefaultConfig(ctx,
+ config.WithRegion("us-east-1"),
+ config.WithEndpointResolverWithOptions(customResolver),
+ config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
+ "some_access_key1",
+ "some_secret_key1",
+ "",
+ )),
+ )
+ require.NoError(t, err)
+
+ client := s3.NewFromConfig(awsCfg, func(o *s3.Options) {
+ o.UsePathStyle = true
+ })
+
+ bucketName := "test-debug-bucket"
+ objectKey := fmt.Sprintf("test-object-prefixed-%d", time.Now().UnixNano())
+
+ // Generate SSE-C key
+ key := make([]byte, 32)
+ rand.Read(key)
+ keyB64 := base64.StdEncoding.EncodeToString(key)
+ keyMD5Hash := md5.Sum(key)
+ keyMD5 := base64.StdEncoding.EncodeToString(keyMD5Hash[:])
+
+ testData := []byte("Hello, simple SSE-C integration test!")
+
+ // Ensure bucket exists
+ _, err = client.CreateBucket(ctx, &s3.CreateBucketInput{
+ Bucket: aws.String(bucketName),
+ })
+ if err != nil {
+ t.Logf("Bucket creation result: %v (might be OK if exists)", err)
+ }
+
+ // Wait a moment for bucket to be ready
+ time.Sleep(1 * time.Second)
+
+ t.Run("PUT with SSE-C", func(t *testing.T) {
+ _, err := client.PutObject(ctx, &s3.PutObjectInput{
+ Bucket: aws.String(bucketName),
+ Key: aws.String(objectKey),
+ Body: bytes.NewReader(testData),
+ SSECustomerAlgorithm: aws.String("AES256"),
+ SSECustomerKey: aws.String(keyB64),
+ SSECustomerKeyMD5: aws.String(keyMD5),
+ })
+ require.NoError(t, err, "Failed to upload SSE-C object")
+ t.Log("✅ SSE-C PUT succeeded!")
+ })
+
+ t.Run("GET with SSE-C", func(t *testing.T) {
+ resp, err := client.GetObject(ctx, &s3.GetObjectInput{
+ Bucket: aws.String(bucketName),
+ Key: aws.String(objectKey),
+ SSECustomerAlgorithm: aws.String("AES256"),
+ SSECustomerKey: aws.String(keyB64),
+ SSECustomerKeyMD5: aws.String(keyMD5),
+ })
+ require.NoError(t, err, "Failed to retrieve SSE-C object")
+ defer resp.Body.Close()
+
+ retrievedData, err := io.ReadAll(resp.Body)
+ require.NoError(t, err, "Failed to read retrieved data")
+ assert.Equal(t, testData, retrievedData, "Retrieved data doesn't match original")
+
+ // Verify SSE-C headers
+ assert.Equal(t, "AES256", aws.ToString(resp.SSECustomerAlgorithm))
+ assert.Equal(t, keyMD5, aws.ToString(resp.SSECustomerKeyMD5))
+
+ t.Log("✅ SSE-C GET succeeded and data matches!")
+ })
+
+ t.Run("GET without key should fail", func(t *testing.T) {
+ _, err := client.GetObject(ctx, &s3.GetObjectInput{
+ Bucket: aws.String(bucketName),
+ Key: aws.String(objectKey),
+ })
+ assert.Error(t, err, "Should fail to retrieve SSE-C object without key")
+ t.Log("✅ GET without key correctly failed")
+ })
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:38:56 +0000