minio · nitisht · Mar 9, 2018 · Mar 6, 2018
diff --git a/run/core/awscli/test.sh b/run/core/awscli/test.sh
@@ -53,7 +53,7 @@ function make_bucket() {
     # Make bucket
     bucket_name="awscli-mint-test-bucket-$RANDOM"
     function="${AWS} s3api create-bucket --bucket ${bucket_name}"
-
+    
     # execute the test
     out=$($function 2>&1)
     rv=$?
@@ -805,6 +805,113 @@ function test_serverside_encryption() {
     return $rv
 }
 
+# tests server side encryption headers for multipart put
+function test_serverside_encryption_multipart() {
+    #skip server side encryption tests if HTTPS disabled.
+    if [ "$ENABLE_HTTPS" != "1" ]; then
+        return 0
+    fi
+    # log start time
+    start_time=$(get_time)
+
+    function="make_bucket"
+    bucket_name=$(make_bucket)
+    rv=$?
+
+    # put object with server side encryption headers
+    if [ $rv -eq 0 ]; then
+        function="${AWS} s3api put-object --body ${MINT_DATA_DIR}/datafile-65-MB --bucket ${bucket_name} --key datafile-65-MB --sse-customer-algorithm AES256 --sse-customer-key MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ= --sse-customer-key-md5 7PpPLAK26ONlVUGOWlusfg=="
+        test_function=${function}
+        out=$($function 2>&1)
+        rv=$?
+    fi
+    # now get encrypted object from server
+    if [ $rv -eq 0 ]; then
+        etag1=$(echo "$out" | jq -r .ETag)
+        sse_customer_key1=$(echo "$out" | jq -r .SSECustomerKeyMD5)
+        sse_customer_algo1=$(echo "$out" | jq -r .SSECustomerAlgorithm)
+
+        function="${AWS} s3api get-object --bucket ${bucket_name} --key datafile-65-MB --sse-customer-algorithm AES256 --sse-customer-key MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ= --sse-customer-key-md5 7PpPLAK26ONlVUGOWlusfg== /tmp/datafile-65-MB"
+        test_function=${function}
+        out=$($function 2>&1)
+        rv=$?
+    fi
+    if [ $rv -eq 0 ]; then
+        etag2=$(echo "$out" | jq -r .ETag)
+        sse_customer_key2=$(echo "$out" | jq -r .SSECustomerKeyMD5)
+        sse_customer_algo2=$(echo "$out" | jq -r .SSECustomerAlgorithm)
+        hash2=$(md5sum /tmp/datafile-65-MB | awk '{print $1}')
+        # match etag and SSE headers
+        if [ "$etag1" != "$etag2" ]; then
+            rv=1
+            out="Etag mismatch for object encrypted with server side encryption"
+        fi
+        if [ "$sse_customer_algo1" != "$sse_customer_algo2" ]; then
+            rv=1
+            out="sse customer algorithm mismatch"
+        fi
+        if [ "$sse_customer_key1" != "$sse_customer_key2" ]; then
+            rv=1
+            out="sse customer key mismatch"
+        fi
+    fi
+
+    if [ $rv -eq 0 ]; then
+        log_success "$(get_duration "$start_time")" "${test_function}"
+    else
+        # clean up and log error
+        ${AWS} s3 rb s3://"${bucket_name}" --force > /dev/null 2>&1
+        log_failure "$(get_duration "$start_time")" "${function}" "${out}"
+    fi
+
+    return $rv
+}
+
+# tests server side encryption headers for range get calls
+function test_serverside_encryption_get_range() {
+    #skip server side encryption tests if HTTPS disabled.
+    if [ "$ENABLE_HTTPS" != "1" ]; then
+        return 0
+    fi
+    # log start time
+    start_time=$(get_time)
+
+    function="make_bucket"
+    bucket_name=$(make_bucket)
+    rv=$?
+    # put object with server side encryption headers
+    if [ $rv -eq 0 ]; then
+        function="${AWS} s3api put-object --body ${MINT_DATA_DIR}/datafile-10-kB --bucket ${bucket_name} --key datafile-10-kB --sse-customer-algorithm AES256 --sse-customer-key MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ= --sse-customer-key-md5 7PpPLAK26ONlVUGOWlusfg=="
+        test_function=${function}
+        out=$($function 2>&1)
+        rv=$?
+    fi
+    # now get encrypted object from server for range 500-999
+    if [ $rv -eq 0 ]; then
+        etag1=$(echo "$out" | jq -r .ETag)
+        sse_customer_key1=$(echo "$out" | jq -r .SSECustomerKeyMD5)
+        sse_customer_algo1=$(echo "$out" | jq -r .SSECustomerAlgorithm)
+        function="${AWS} s3api get-object --bucket ${bucket_name} --key datafile-10-kB --range bytes=500-999 --sse-customer-algorithm AES256 --sse-customer-key MzJieXRlc2xvbmdzZWNyZXRrZXltdXN0cHJvdmlkZWQ= --sse-customer-key-md5 7PpPLAK26ONlVUGOWlusfg== /tmp/datafile-10-kB"
+        test_function=${function}
+        out=$($function 2>&1)
+        rv=$?
+    fi
+    if [ $rv -eq 0 ]; then
+        cnt=$(stat -c%s /tmp/datafile-10-kB)
+        if [ "$cnt" -ne 500 ]; then
+            rv=1
+        fi
+    fi
+    if [ $rv -eq 0 ]; then
+        log_success "$(get_duration "$start_time")" "${test_function}"
+    else
+        # clean up and log error
+        ${AWS} s3 rb s3://"${bucket_name}" --force > /dev/null 2>&1
+        log_failure "$(get_duration "$start_time")" "${function}" "${out}"
+    fi
+    return $rv
+}
+
 # tests server side encryption error for get and put calls
 function test_serverside_encryption_error() {
     #skip server side encryption tests if HTTPS disabled.
@@ -893,14 +1000,15 @@ main() {
     test_copy_object && \
     test_presigned_object && \
     test_serverside_encryption && \
+    test_serverside_encryption_get_range && \
+    test_serverside_encryption_multipart
     # Success cli ops.
     test_aws_s3_cp && \
     test_aws_s3_sync && \
     # Error tests
     test_list_objects_error && \
     test_put_object_error && \
     test_serverside_encryption_error
-
     return $?
 }