Signed-off-by: Kent Delante <kent@delante.me>
Amazon's hosted S3 service allows repeating delimiters in keys
(e.g. 'path/to//file.txt' or 'path/to///file.txt') and we get
repeating directories in the filecache as a result (based on the
previous examples we get 'path/to/to/file.txt' or
'path/to/to/to/file.txt'). This ignores it and its contents for S3 external storage.
Add support for Server-Side Encryption with AWS Key Management Service
(SSE-KMS) for S3 object storage. This allows Nextcloud to encrypt data
at rest in S3 using AWS-managed keys.
Key features:
- New config options: sse_kms_enabled and sse_kms_key_id
- Backward compatible with existing SSE-C (customer-provided keys)
- SSE-C takes precedence when both SSE-C and SSE-KMS are configured
Implementation details:
- Added getServerSideEncryptionParameters() method to centralize
encryption parameter logic for both SSE-C and SSE-KMS
- Updated multipart uploads to use unified encryption parameters
- Added comprehensive PHPUnit tests for SSE-KMS scenarios
- Tested with AWS bucket and KMS keys in us-east-1 region
Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
getContentLength() and getLastModified() are dead code. Originally added in PR #11518 and made defunct in PR #29220.
Signed-off-by: Josh <josh.t.richards@gmail.com>
Some S3-compatible object storage hosts don't like the ETag being included in
the request and return a MalformedXML response. In the AWS API documentation,
only the object key is required so just pass that in.
Signed-off-by: Kent Delante <kent.delante@proton.me>
DeleteObjects currently fails when the request includes all the
information returned by ListObjects. Send only the necessary
information in the request. Note: 'Size' and 'DateModified' is now
only supported by directory buckets.
Signed-off-by: Kent Delante <kent.delante@proton.me>
Just need to add the parameter and fix two calls. All other logic is already implemented and implicitly called through the S3ConnectionTrait
fixes#33283
Signed-off-by: Christian Becker <christian@dabecka.de>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
This was removed a long time ago in the library that we use, but never
detected since this was inside a try catch block...
Remove the call for now and we should investigate newer api in the
future.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
This is an helpful helper that should be used in more place than just
server and this is already the case with groupfodlers, deck, user_oidc
and more using it, so let's make it public
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
In case the S3 implementation does not implement versioning, set it to
false. Versioning was introduced in Nexcloud in commit
09ffac5e6d
This is needed for compatibility with the Storj gateway.
Signed-off-by: Erik van Velzen <erik@evanv.nl>
