@ -99,11 +99,13 @@ func (api objectAPIHandlers) SelectObjectContentHandler(w http.ResponseWriter, r
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrServerNotInitialized ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if crypto . S3KMS . IsRequested ( r . Header ) { // SSE-KMS is not supported
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
if crypto . S3 . IsRequested ( r . Header ) || crypto . S3KMS . IsRequested ( r . Header ) { // If SSE-S3 or SSE-KMS present -> AWS fails with undefined error
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrBadRequest ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabled ( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupported ( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrBadRequest ) , r . URL , guessIsBrowserReq ( r ) )
return
}
@ -308,7 +310,7 @@ func (api objectAPIHandlers) GetObjectHandler(w http.ResponseWriter, r *http.Req
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrBadRequest ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabl ed( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupport ed( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrBadRequest ) , r . URL , guessIsBrowserReq ( r ) )
return
}
@ -507,7 +509,7 @@ func (api objectAPIHandlers) HeadObjectHandler(w http.ResponseWriter, r *http.Re
writeErrorResponseHeadersOnly ( w , errorCodes . ToAPIErr ( ErrBadRequest ) )
return
}
if ! api . EncryptionEnabl ed( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupport ed( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrBadRequest ) , r . URL , guessIsBrowserReq ( r ) )
return
}
@ -781,11 +783,13 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrServerNotInitialized ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if crypto . S3KMS . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) ) // SSE-KMS is not supported
if crypto . S3KMS . IsRequested ( r . Header ) { // SSE-KMS is not supported
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabled ( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupported ( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
@ -1297,14 +1301,17 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrServerNotInitialized ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if crypto . S3KMS . IsRequested ( r . Header ) && ! api . AllowSSEKMS ( ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) ) // SSE-KMS is not supported
if crypto . S3KMS . IsRequested ( r . Header ) { // SSE-KMS is not supported
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabled ( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupported ( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
vars := mux . Vars ( r )
bucket := vars [ "bucket" ]
object , err := url . PathUnescape ( vars [ "object" ] )
@ -1429,7 +1436,7 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
// Check if bucket encryption is enabled
_ , err = globalBucketSSEConfigSys . Get ( bucket )
// This request header needs to be set prior to setting ObjectOptions
if ( globalAutoEncryption || err == nil ) && ! crypto . SSEC . IsRequested ( r . Header ) && ! crypto . S3KMS . IsRequested ( r . Header ) {
if ( globalAutoEncryption || err == nil ) && ! crypto . SSEC . IsRequested ( r . Header ) {
r . Header . Set ( crypto . SSEHeader , crypto . SSEAlgorithmAES256 )
}
@ -1604,14 +1611,17 @@ func (api objectAPIHandlers) NewMultipartUploadHandler(w http.ResponseWriter, r
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrServerNotInitialized ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if crypto . S3KMS . IsRequested ( r . Header ) && ! api . AllowSSEKMS ( ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) ) // SSE-KMS is not supported
if crypto . S3KMS . IsRequested ( r . Header ) { // SSE-KMS is not supported
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabled ( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupported ( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
vars := mux . Vars ( r )
bucket := vars [ "bucket" ]
object , err := url . PathUnescape ( vars [ "object" ] )
@ -1628,7 +1638,7 @@ func (api objectAPIHandlers) NewMultipartUploadHandler(w http.ResponseWriter, r
// Check if bucket encryption is enabled
_ , err = globalBucketSSEConfigSys . Get ( bucket )
// This request header needs to be set prior to setting ObjectOptions
if ( globalAutoEncryption || err == nil ) && ! crypto . SSEC . IsRequested ( r . Header ) && ! crypto . S3KMS . IsRequested ( r . Header ) {
if ( globalAutoEncryption || err == nil ) && ! crypto . SSEC . IsRequested ( r . Header ) {
r . Header . Set ( crypto . SSEHeader , crypto . SSEAlgorithmAES256 )
}
@ -1729,11 +1739,13 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrServerNotInitialized ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if crypto . S3KMS . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) ) // SSE-KMS is not supported
if crypto . S3KMS . IsRequested ( r . Header ) { // SSE-KMS is not supported
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabled ( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupported ( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
@ -2043,11 +2055,13 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrServerNotInitialized ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if crypto . S3KMS . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) ) // SSE-KMS is not supported
if crypto . S3KMS . IsRequested ( r . Header ) { // SSE-KMS is not supported
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}
if ! api . EncryptionEnabled ( ) && crypto . IsRequested ( r . Header ) {
if ! objectAPI . IsEncryptionSupported ( ) && crypto . IsRequested ( r . Header ) {
writeErrorResponse ( ctx , w , errorCodes . ToAPIErr ( ErrNotImplemented ) , r . URL , guessIsBrowserReq ( r ) )
return
}