fix sse header

3 weeks ago · 5f24aadfca
2 changed files with 9 additions and 2 deletions
--- a/weed/s3api/s3api_object_handlers.go
+++ b/weed/s3api/s3api_object_handlers.go
@ -812,7 +812,8 @@ func (s3a *S3ApiServer) streamFromVolumeServersWithSSE(w http.ResponseWriter, r
 	switch sseType {
 	case s3_constants.SSETypeC:
 		customerKey := decryptionKey.(*SSECustomerKey)
-		ivBase64 := string(entry.Extended[s3_constants.SeaweedFSSSEIVHeader])
+		// Use storage key (lowercase) not header key for reading from entry.Extended
+		ivBase64 := string(entry.Extended[s3_constants.SeaweedFSSSEIV])
 		iv, _ := base64.StdEncoding.DecodeString(ivBase64)
 		decryptedReader, err = CreateSSECDecryptedReader(encryptedReader, customerKey, iv)
 	case s3_constants.SSETypeKMS:
@ -976,7 +977,8 @@ func (s3a *S3ApiServer) createSSECDecryptedReaderFromEntry(r *http.Request, encr
 	}

 	// Get IV from entry metadata
-	ivBase64 := string(entry.Extended[s3_constants.SeaweedFSSSEIVHeader])
+	// Use storage key (lowercase) not header key for reading from entry.Extended
+	ivBase64 := string(entry.Extended[s3_constants.SeaweedFSSSEIV])
 	if ivBase64 == "" {
 		return nil, fmt.Errorf("SSE-C IV not found in metadata")
 	}
--- a/weed/s3api/s3api_object_handlers_put.go
+++ b/weed/s3api/s3api_object_handlers_put.go
@ -471,12 +471,17 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader
 	// Set SSE-KMS metadata
 	if sseKMSKey != nil {
 		entry.Extended[s3_constants.SeaweedFSSSEKMSKeyHeader] = sseKMSMetadata
+		// Set standard SSE headers for detection
+		entry.Extended[s3_constants.AmzServerSideEncryption] = []byte("aws:kms")
+		entry.Extended[s3_constants.AmzServerSideEncryptionAwsKmsKeyId] = []byte(sseKMSKey.KeyID)
 		glog.V(3).Infof("putToFiler: storing SSE-KMS metadata for object %s with keyID %s", filePath, sseKMSKey.KeyID)
 	}

 	// Set SSE-S3 metadata
 	if sseS3Key != nil && len(sseS3Metadata) > 0 {
 		entry.Extended[s3_constants.SeaweedFSSSES3Key] = sseS3Metadata
+		// Set standard SSE header for detection
+		entry.Extended[s3_constants.AmzServerSideEncryption] = []byte("AES256")
 		glog.V(3).Infof("putToFiler: storing SSE-S3 metadata for object %s with keyID %s", filePath, sseS3Key.KeyID)
 	}