refactor cmd/crypto code for SSE handling and parsing (#11045)

This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid.
2025-11-09 05:34:56 -05:00 · 2020-12-22 18:19:32 +01:00
parent 35fafb837b
commit 8cdf2106b0
21 changed files with 861 additions and 646 deletions
--- a/cmd/bucket-lifecycle.go
+++ b/cmd/bucket-lifecycle.go
@@ -28,7 +28,6 @@ import (

 	miniogo "github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/tags"
-	"github.com/minio/minio/cmd/crypto"
 	xhttp "github.com/minio/minio/cmd/http"
 	"github.com/minio/minio/cmd/logger"
 	sse "github.com/minio/minio/pkg/bucket/encryption"
@@ -547,7 +546,7 @@ func (r *RestoreObjectRequest) validate(ctx context.Context, objAPI ObjectLayer)
 		if r.OutputLocation.S3.Prefix == "" {
 			return fmt.Errorf("Prefix is a required parameter in OutputLocation")
 		}
-		if r.OutputLocation.S3.Encryption.EncryptionType != crypto.SSEAlgorithmAES256 {
+		if r.OutputLocation.S3.Encryption.EncryptionType != xhttp.AmzEncryptionAES {
 			return NotImplemented{}
 		}
 	}
@@ -573,7 +572,7 @@ func putRestoreOpts(bucket, object string, rreq *RestoreObjectRequest, objInfo O
 		}
 		meta[xhttp.AmzObjectTagging] = rreq.OutputLocation.S3.Tagging.String()
 		if rreq.OutputLocation.S3.Encryption.EncryptionType != "" {
-			meta[crypto.SSEHeader] = crypto.SSEAlgorithmAES256
+			meta[xhttp.AmzServerSideEncryption] = xhttp.AmzEncryptionAES
 		}
 		return ObjectOptions{
 			Versioned:        globalBucketVersioningSys.Enabled(bucket),