From c25c5bbc00c7366406fa6b3af5e8230558ac804f Mon Sep 17 00:00:00 2001
From: Christian Becker <christian@dabecka.de>
Date: Wed, 22 Jan 2025 23:43:08 +0100
Subject: [PATCH 1/2] feat(S3): add SSE-C support in S3 External Storage

Just need to add the parameter and fix two calls. All other logic is already implemented and implicitly called through the S3ConnectionTrait

fixes #33283

Signed-off-by: Christian Becker <christian@dabecka.de>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 apps/files_external/lib/Lib/Backend/AmazonS3.php | 3 +++
 apps/files_external/lib/Lib/Storage/AmazonS3.php | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/files_external/lib/Lib/Backend/AmazonS3.php b/apps/files_external/lib/Lib/Backend/AmazonS3.php
index e345ed53f70..f71ca40cdfc 100644
--- a/apps/files_external/lib/Lib/Backend/AmazonS3.php
+++ b/apps/files_external/lib/Lib/Backend/AmazonS3.php
@@ -41,6 +41,9 @@ class AmazonS3 extends Backend {
 				(new DefinitionParameter('useMultipartCopy', $l->t('Enable multipart copy')))
 					->setType(DefinitionParameter::VALUE_BOOLEAN)
 					->setDefaultValue(true),
+				(new DefinitionParameter('sse_c_key', $l->t('SSE-C encryption key')))
+					->setType(DefinitionParameter::VALUE_PASSWORD)
+					->setFlag(DefinitionParameter::FLAG_OPTIONAL),
 			])
 			->addAuthScheme(AccessKey::SCHEME_AMAZONS3_ACCESSKEY)
 			->addAuthScheme(AuthMechanism::SCHEME_NULL)
diff --git a/apps/files_external/lib/Lib/Storage/AmazonS3.php b/apps/files_external/lib/Lib/Storage/AmazonS3.php
index 03a365fd559..1a866e8c22b 100644
--- a/apps/files_external/lib/Lib/Storage/AmazonS3.php
+++ b/apps/files_external/lib/Lib/Storage/AmazonS3.php
@@ -113,7 +113,7 @@ class AmazonS3 extends Common {
 				$this->objectCache[$key] = $this->getConnection()->headObject([
 					'Bucket' => $this->bucket,
 					'Key' => $key
-				])->toArray();
+				] + $this->getSSECParameters())->toArray();
 			} catch (S3Exception $e) {
 				if ($e->getStatusCode() >= 500) {
 					throw $e;
@@ -207,7 +207,7 @@ class AmazonS3 extends Common {
 				'Key' => $path . '/',
 				'Body' => '',
 				'ContentType' => FileInfo::MIMETYPE_FOLDER
-			]);
+			] + $this->getSSECParameters());
 			$this->testTimeout();
 		} catch (S3Exception $e) {
 			$this->logger->error($e->getMessage(), [
@@ -507,7 +507,7 @@ class AmazonS3 extends Common {
 				'Body' => '',
 				'ContentType' => $mimeType,
 				'MetadataDirective' => 'REPLACE',
-			]);
+			] + $this->getSSECParameters());
 			$this->testTimeout();
 		} catch (S3Exception $e) {
 			$this->logger->error($e->getMessage(), [

From f1c025dfd32b795e33369339570d07e550402037 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Tue, 28 Jan 2025 22:57:38 +0100
Subject: [PATCH 2/2] fix(s3): treat empty sse_c_key as not set

Co-authored-by: Christian Becker <christian@dabecka.de>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 lib/private/Files/ObjectStore/S3ConnectionTrait.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index cce8752c360..65fc61ffa77 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -213,7 +213,7 @@ trait S3ConnectionTrait {
 	}
 
 	protected function getSSECKey(): ?string {
-		if (isset($this->params['sse_c_key'])) {
+		if (isset($this->params['sse_c_key']) && !empty($this->params['sse_c_key'])) {
 			return $this->params['sse_c_key'];
 		}