in src/Internal/SetupDecryptionHandler.cs [346:381]
protected void DecryptObject(byte[] decryptedEnvelopeKeyKMS, GetObjectResponse getObjectResponse)
{
if (EncryptionUtils.IsEncryptionInfoInMetadata(getObjectResponse))
{
DecryptObjectUsingMetadata(getObjectResponse, decryptedEnvelopeKeyKMS);
}
else
{
GetObjectResponse instructionFileResponse = null;
try
{
var instructionFileRequest = EncryptionUtils.GetInstructionFileRequest(getObjectResponse, EncryptionUtils.EncryptionInstructionFileV2Suffix);
instructionFileResponse = GetInstructionFile(instructionFileRequest);
}
catch (AmazonS3Exception amazonS3Exception) when (amazonS3Exception.ErrorCode == EncryptionUtils.NoSuchKey)
{
Logger.InfoFormat($"New instruction file with suffix {EncryptionUtils.EncryptionInstructionFileV2Suffix} doesn't exist. " +
$"Try to get old instruction file with suffix {EncryptionUtils.EncryptionInstructionFileSuffix}. {amazonS3Exception.Message}");
try
{
var instructionFileRequest = EncryptionUtils.GetInstructionFileRequest(getObjectResponse, EncryptionUtils.EncryptionInstructionFileSuffix);
instructionFileResponse = GetInstructionFile(instructionFileRequest);
}
catch (AmazonServiceException ace)
{
throw new AmazonServiceException($"Unable to decrypt data for object {getObjectResponse.Key} in bucket {getObjectResponse.BucketName}", ace);
}
}
catch (AmazonServiceException ace)
{
throw new AmazonServiceException($"Unable to decrypt data for object {getObjectResponse.Key} in bucket {getObjectResponse.BucketName}", ace);
}
DecryptObjectUsingInstructionFile(getObjectResponse, instructionFileResponse);
}
}