Merge pull request #384 from rhusar/313

Set appropriate request headers for KMS encryption (resolve #313)

pom.xml

@@ -10,7 +10,8 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <jgroups.version>5.3.13.Final</jgroups.version>
-        <aws.version>2.28.0</aws.version>
+        <!-- https://mvnrepository.com/artifact/software.amazon.awssdk/bom -->
+        <aws.version>2.28.28</aws.version>
         <nexus.server.id>jboss-releases-repository</nexus.server.id>
         <nexus.server.url>https://repository.jboss.org/nexus</nexus.server.url>
         <nexus.snapshot.server.id>jboss-snapshots-repository</nexus.snapshot.server.id>

src/main/java/org/jgroups/protocols/aws/S3_PING.java

@@ -30,9 +30,10 @@
 import software.amazon.awssdk.services.s3.model.ObjectCannedACL;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
 import software.amazon.awssdk.services.s3.model.S3Object;
+import software.amazon.awssdk.services.s3.model.ServerSideEncryption;
 
 /**
- * This implementation uses the AWS SDK in order to be more solid and to benefit from the built-in security features
+ * This implementation uses the AWS SDK to be more solid and to benefit from the built-in security features
  * like getting credentials via IAM instance profiles instead of handling this in the application.
  *
  * @author Tobias Sarnowski
@@ -67,14 +68,14 @@ public class S3_PING extends FILE_PING {
         "on each update. This is useful in multi-region deployments where each region exists in its own AWS account.")
     protected boolean acl_grant_bucket_owner_full_control = false;
 
-    @Property(description="Use kms encryption with s3 with the given kms key (optionally - enables KMS Server side encryption (SSE-KMS) using the given kms key)", exposeAsManagedAttribute=false)
+    @Property(description="KMS key to use for enabling KMS server-side encryption (SSE-KMS) for S3 (optional).", exposeAsManagedAttribute=false)
     protected String  kms_key_id;
 
     protected S3Client s3Client;
 
     static {
         short magicNumber=JGROUPS_PROTOCOL_DEFAULT_MAGIC_NUMBER;
-        if(!isNullOrEmpty(System.getProperty(MAGIC_NUMBER_SYSTEM_PROPERTY))) {
+        if(isDefined(System.getProperty(MAGIC_NUMBER_SYSTEM_PROPERTY))) {
             try {
                 magicNumber=Short.parseShort(System.getProperty(MAGIC_NUMBER_SYSTEM_PROPERTY));
             }
@@ -106,7 +107,7 @@ public void init() throws Exception {
         Region region = Region.of(region_name);
         builder.region(region);
 
-        if (!isNullOrEmpty(endpoint)) {
+        if (isDefined(endpoint)) {
             builder.endpointOverride(new URI(endpoint));
             log.info("Set Amazon S3 endpoint to %s", endpoint);
         }
@@ -228,7 +229,8 @@ protected void write(final List<PingData> list, final String clustername) {
                 putRequestBuilder.acl(ObjectCannedACL.BUCKET_OWNER_FULL_CONTROL);
             }
 
-            if (!isNullOrEmpty(kms_key_id)) {
+            if (isDefined(kms_key_id)) {
+                putRequestBuilder.serverSideEncryption(ServerSideEncryption.AWS_KMS);
                 putRequestBuilder.ssekmsKeyId(kms_key_id);
             }
 
@@ -291,7 +293,7 @@ protected void removeAll(String clustername) {
         }
     }
 
-    private static boolean isNullOrEmpty(String s) {
-        return s == null || s.trim().length() == 0;
+    private static boolean isDefined(String s) {
+        return (s != null && !s.trim().isEmpty());
     }
 }