aws · kuhe · Jan 22, 2024 · Jan 11, 2024 · Jan 16, 2024 · Jan 18, 2024
@@ -1,11 +1,13 @@
 import { ChecksumConstructor } from "@smithy/types";
+import * as crypto from "crypto";
 
 import { ssecMiddleware } from "./";
 
 describe("ssecMiddleware", () => {
   const next = jest.fn();
   const decoder = jest.fn().mockResolvedValue(new Uint8Array(0));
-  const encoder = jest.fn().mockReturnValue("base64");
+  const encoder1 = jest.fn();
+  const encoder2 = jest.fn();
   const mockHashUpdate = jest.fn();
   const mockHashReset = jest.fn();
   const mockHashDigest = jest.fn().mockReturnValue(new Uint8Array(0));
@@ -17,13 +19,53 @@ describe("ssecMiddleware", () => {
   beforeEach(() => {
     next.mockClear();
     decoder.mockClear();
-    encoder.mockClear();
+    encoder1.mockClear();
+    encoder2.mockClear();
     mockHashUpdate.mockClear();
     mockHashDigest.mockClear();
     mockHashReset.mockClear();
   });
 
   it("should base64 encode input keys and set respective MD5 inputs", async () => {
+    encoder1.mockReturnValue("/+JF8FMG8UVMWSaNz0s6Wg==");
+    const key = "TestKey123";
+    const binaryRepresentationOfKey = Buffer.from(key);
+    const base64Key = binaryRepresentationOfKey.toString("base64");
+    const md5Hash = crypto.createHash("md5").update(binaryRepresentationOfKey).digest();
+    const base64Md5Hash = Buffer.from(md5Hash).toString("base64");
+
+    const args = {
+      input: {
+        SSECustomerKey: base64Key,
+        CopySourceSSECustomerKey: base64Key,
+      },
+    };
+
+    const handler = ssecMiddleware({
+      base64Encoder: encoder1,
+      utf8Decoder: decoder,
+      md5: MockHash,
+    })(next, {} as any);
+
+    await handler(args);
+
+    expect(next.mock.calls.length).toBe(1);
+    expect(next).toHaveBeenCalledWith({
+      input: {
+        SSECustomerKey: base64Key,
+        SSECustomerKeyMD5: base64Md5Hash,
+        CopySourceSSECustomerKey: base64Key,
+        CopySourceSSECustomerKeyMD5: base64Md5Hash,
+      },
+    });
+    expect(decoder.mock.calls.length).toBe(0);
+    expect(encoder1.mock.calls.length).toBe(2);
+    expect(mockHashUpdate.mock.calls.length).toBe(2);
+    expect(mockHashDigest.mock.calls.length).toBe(2);
+    encoder1.mockClear();
+  });
+  it("should base64 encode input keys and set respective MD5 inputs", async () => {
+    encoder2.mockReturnValue("base64");
     const args = {
       input: {
         SSECustomerKey: "foo",
@@ -32,7 +74,7 @@ describe("ssecMiddleware", () => {
     };
 
     const handler = ssecMiddleware({
-      base64Encoder: encoder,
+      base64Encoder: encoder2,
       utf8Decoder: decoder,
       md5: MockHash,
     })(next, {} as any);
@@ -49,8 +91,9 @@ describe("ssecMiddleware", () => {
       },
     });
     expect(decoder.mock.calls.length).toBe(2);
-    expect(encoder.mock.calls.length).toBe(4);
+    expect(encoder2.mock.calls.length).toBe(4);
     expect(mockHashUpdate.mock.calls.length).toBe(2);
     expect(mockHashDigest.mock.calls.length).toBe(2);
+    encoder2.mockClear();
   });
 });
@@ -21,7 +21,7 @@ interface PreviouslyResolved {
 export function ssecMiddleware(options: PreviouslyResolved): InitializeMiddleware<any, any> {
   return <Output extends MetadataBearer>(next: InitializeHandler<any, Output>): InitializeHandler<any, Output> =>
     async (args: InitializeHandlerArguments<any>): Promise<InitializeHandlerOutput<Output>> => {
-      let input = { ...args.input };
+      const input = { ...args.input };
       const properties = [
         {
           target: "SSECustomerKey",
@@ -36,19 +36,25 @@ export function ssecMiddleware(options: PreviouslyResolved): InitializeMiddlewar
       for (const prop of properties) {
         const value: SourceData | undefined = (input as any)[prop.target];
         if (value) {
-          const valueView: Uint8Array = ArrayBuffer.isView(value)
-            ? new Uint8Array(value.buffer, value.byteOffset, value.byteLength)
-            : typeof value === "string"
-            ? options.utf8Decoder(value)
-            : new Uint8Array(value);
-          const encoded = options.base64Encoder(valueView);
+          let valueForHash: Uint8Array;
+          if (typeof value === "string") {
+            const isBase64Encoded = /^(?:[A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(value);
+            if (isBase64Encoded) {
+              valueForHash = base64ToUint8Array(value);
+            } else {
+              valueForHash = options.utf8Decoder(value);
+              input[prop.target] = options.base64Encoder(valueForHash);
+            }
+          } else {
+            valueForHash = ArrayBuffer.isView(value)
+              ? new Uint8Array(value.buffer, value.byteOffset, value.byteLength)
+              : new Uint8Array(value);
+            input[prop.target] = options.base64Encoder(valueForHash);
+          }
+
           const hash = new options.md5();
-          hash.update(valueView);
-          input = {
-            ...(input as any),
-            [prop.target]: encoded,
-            [prop.hash]: options.base64Encoder(await hash.digest()),
-          };
+          hash.update(valueForHash);
+          input[prop.hash] = options.base64Encoder(await hash.digest());
         }
       }
 
@@ -59,6 +65,21 @@ export function ssecMiddleware(options: PreviouslyResolved): InitializeMiddlewar
     };
 }
 
+function base64ToUint8Array(base64String: string) {
+  if (typeof Buffer !== "undefined") {
+    const buffer = Buffer.from(base64String, "base64");
+    return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength);
+  } else {
+    const binaryString = atob(base64String);
+    const len = binaryString.length;
+    const bytes = new Uint8Array(len);
+    for (let i = 0; i < len; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes;
+  }
+}
+
 export const ssecMiddlewareOptions: InitializeHandlerOptions = {
   name: "ssecMiddleware",
   step: "initialize",