aliyun · wujinhu · Apr 27, 2020 · Apr 27, 2020 · May 25, 2020
diff --git a/src/main/java/com/aliyun/oss/common/parser/RequestMarshallers.java b/src/main/java/com/aliyun/oss/common/parser/RequestMarshallers.java
@@ -937,6 +937,9 @@ public byte[] marshall(SetBucketEncryptionRequest setBucketEncryptionRequest) {
     		} else {
     			xmlBody.append("<KMSMasterKeyID></KMSMasterKeyID>");
     		}
+            if (sseByDefault.getKMSDataEncryption() != null) {
+                xmlBody.append("<KMSDataEncryption>" + sseByDefault.getKMSDataEncryption() + "</KMSDataEncryption>");
+            }
 
     		xmlBody.append("</ApplyServerSideEncryptionByDefault>");
     		xmlBody.append("</ServerSideEncryptionRule>");

diff --git a/src/main/java/com/aliyun/oss/internal/OSSHeaders.java b/src/main/java/com/aliyun/oss/internal/OSSHeaders.java
@@ -32,6 +32,7 @@ public interface OSSHeaders extends HttpHeaders {
 
     static final String OSS_SERVER_SIDE_ENCRYPTION = "x-oss-server-side-encryption";
     static final String OSS_SERVER_SIDE_ENCRYPTION_KEY_ID = "x-oss-server-side-encryption-key-id";
+    static final String OSS_SERVER_SIDE_DATA_ENCRYPTION = "x-oss-server-side-data-encryption";
 
     static final String GET_OBJECT_IF_MODIFIED_SINCE = "If-Modified-Since";
     static final String GET_OBJECT_IF_UNMODIFIED_SINCE = "If-Unmodified-Since";

diff --git a/src/main/java/com/aliyun/oss/internal/OSSMultipartOperation.java b/src/main/java/com/aliyun/oss/internal/OSSMultipartOperation.java
@@ -363,6 +363,7 @@ public UploadPartResult uploadPart(UploadPartRequest uploadPartRequest) throws O
         result.setETag(trimQuotes(response.getHeaders().get(OSSHeaders.ETAG)));
         result.setRequestId(response.getRequestId());
         result.setPartSize(uploadPartRequest.getPartSize());
+        result.setResponse(response);
         ResponseParsers.setCRC(result, response);
 
         if (getInnerClient().getClientConfiguration().isCrcCheckEnabled()) {

diff --git a/src/main/java/com/aliyun/oss/internal/ResponseParsers.java b/src/main/java/com/aliyun/oss/internal/ResponseParsers.java
@@ -771,6 +771,7 @@ public AppendObjectResult parse(ResponseMessage response) throws ResponseParseEx
                     result.setNextPosition(Long.valueOf(nextPosition));
                 }
                 result.setObjectCRC(response.getHeaders().get(OSSHeaders.OSS_HASH_CRC64_ECMA));
+                result.setResponse(response);
                 setCRC(result, response);
                 return result;
             } finally {
@@ -904,6 +905,7 @@ public CopyObjectResult parse(ResponseMessage response) throws ResponseParseExce
                 CopyObjectResult result = parseCopyObjectResult(response.getContent());
                 result.setVersionId(response.getHeaders().get(OSSHeaders.OSS_HEADER_VERSION_ID));
                 result.setRequestId(response.getRequestId());
+                result.setResponse(response);
                 return result;
             } finally {
                 safeCloseResponse(response);
@@ -999,6 +1001,7 @@ public InitiateMultipartUploadResult parse(ResponseMessage response) throws Resp
             try {
                 InitiateMultipartUploadResult result = parseInitiateMultipartUpload(response.getContent());
                 result.setRequestId(response.getRequestId());
+                result.setResponse(response);
                 return result;
             } finally {
                 safeCloseResponse(response);
@@ -1052,6 +1055,7 @@ public UploadPartCopyResult parse(ResponseMessage response) throws ResponseParse
                 result.setPartNumber(partNumber);
                 result.setETag(trimQuotes(parseUploadPartCopy(response.getContent())));
                 result.setRequestId(response.getRequestId());
+                result.setResponse(response);
                 return result;
             } finally {
                 safeCloseResponse(response);
@@ -2382,6 +2386,9 @@ public static BucketInfo parseGetBucketInfo(InputStream responseBody) throws Res
                 if (sseElem.getChild("KMSMasterKeyID") != null) {
                     applyServerSideEncryptionByDefault.setKMSMasterKeyID(sseElem.getChildText("KMSMasterKeyID"));
                 }
+                if (sseElem.getChild("KMSDataEncryption") != null) {
+                    applyServerSideEncryptionByDefault.setKMSDataEncryption(sseElem.getChildText("KMSDataEncryption"));
+                }
                 serverSideEncryptionConfiguration
                     .setApplyServerSideEncryptionByDefault(applyServerSideEncryptionByDefault);
 
@@ -2679,6 +2686,7 @@ public static ServerSideEncryptionConfiguration parseGetBucketEncryption(InputSt
             Element sseElem = root.getChild("ApplyServerSideEncryptionByDefault");
             sseByDefault.setSSEAlgorithm(sseElem.getChildText("SSEAlgorithm"));
             sseByDefault.setKMSMasterKeyID(sseElem.getChildText("KMSMasterKeyID"));
+            sseByDefault.setKMSDataEncryption(sseElem.getChildText("KMSDataEncryption"));
             configuration.setApplyServerSideEncryptionByDefault(sseByDefault);
 
             return configuration;

diff --git a/src/main/java/com/aliyun/oss/model/DataEncryptionAlgorithm.java b/src/main/java/com/aliyun/oss/model/DataEncryptionAlgorithm.java
@@ -0,0 +1,33 @@
+package com.aliyun.oss.model;
+
+/**
+ * Server-side Data Encryption Algorithm.
+ */
+public enum DataEncryptionAlgorithm {
+    SM4("SM4");
+
+    private final String algorithm;
+
+    public String getAlgorithm() {
+        return algorithm;
+    }
+
+    private DataEncryptionAlgorithm(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    @Override
+    public String toString() {
+        return algorithm;
+    }
+
+    public static DataEncryptionAlgorithm fromString(String algorithm) {
+        if (algorithm == null)
+            return null;
+        for (DataEncryptionAlgorithm e: values()) {
+            if (e.getAlgorithm().equals(algorithm))
+                return e;
+        }
+        throw new IllegalArgumentException("Unsupported data encryption algorithm " + algorithm);
+    }
+}
diff --git a/src/main/java/com/aliyun/oss/model/ObjectMetadata.java b/src/main/java/com/aliyun/oss/model/ObjectMetadata.java
@@ -310,6 +310,25 @@ public void setServerSideEncryptionKeyId(String serverSideEncryptionKeyId) {
         metadata.put(OSSHeaders.OSS_SERVER_SIDE_ENCRYPTION_KEY_ID, serverSideEncryptionKeyId);
     }
 
+    /**
+     * Sets the object's server side data encryption.
+     *
+     * @param serverSideDataEncryption
+     *            The server side data encryption.
+     */
+    public void setServerSideDataEncryption(String serverSideDataEncryption) {
+        metadata.put(OSSHeaders.OSS_SERVER_SIDE_DATA_ENCRYPTION, serverSideDataEncryption);
+    }
+
+    /**
+     * Gets the object's server side data encryption.
+     *
+     * @return The server side data encryption. Null means no data encryption.
+     */
+    public String getServerSideDataEncryption() {
+        return (String) metadata.get(OSSHeaders.OSS_SERVER_SIDE_DATA_ENCRYPTION);
+    }
+
     /**
      * Gets the object's storage type, which only supports "normal" and
      * "appendable" for now.

diff --git a/src/main/java/com/aliyun/oss/model/SSEAlgorithm.java b/src/main/java/com/aliyun/oss/model/SSEAlgorithm.java
@@ -25,6 +25,7 @@
 public enum SSEAlgorithm {
     AES256("AES256"),
     KMS("KMS"),
+    SM4("SM4"),
     ;
 
     private final String algorithm;

diff --git a/src/main/java/com/aliyun/oss/model/ServerSideEncryptionByDefault.java b/src/main/java/com/aliyun/oss/model/ServerSideEncryptionByDefault.java
@@ -27,7 +27,7 @@ public class ServerSideEncryptionByDefault {
 
     private String sseAlgorithm;
     private String kmsMasterKeyID;
-
+    private String kmsDataEncryption;
     /**
      * Creates a default instance.
      * 
@@ -126,5 +126,31 @@ public ServerSideEncryptionByDefault withKMSMasterKeyID(String kmsMasterKeyID) {
         setKMSMasterKeyID(kmsMasterKeyID);
         return this;
     }
-
+
+    /**
+     * @return This parameter is allowed if SSEAlgorithm is kms.
+     */
+    public String getKMSDataEncryption() {
+        return kmsDataEncryption;
+    }
+
+    /**
+     * Sets the KMS data encryption. This parameter is allowed if SSEAlgorithm is kms.
+     *
+     * @param kmsDataEncryption KMS data encryption to use.
+     */
+    public void setKMSDataEncryption(String kmsDataEncryption) {
+        this.kmsDataEncryption = kmsDataEncryption;
+    }
+
+    /**
+     * Sets the KMS data encryption. This parameter is allowed if SSEAlgorithm is kms.
+     *
+     * @param kmsDataEncryption KMS data encryption to use.
+     * @return This object for method chaining.
+     */
+    public ServerSideEncryptionByDefault withKMSDataEncryption(String kmsDataEncryption) {
+        setKMSDataEncryption(kmsDataEncryption);
+        return this;
+    }
 }
diff --git a/src/test/java/com/aliyun/oss/integrationtests/BucketEncryptionTest.java b/src/test/java/com/aliyun/oss/integrationtests/BucketEncryptionTest.java
@@ -19,28 +19,30 @@
 
 package com.aliyun.oss.integrationtests;
 
+import com.aliyun.oss.internal.OSSHeaders;
+import com.aliyun.oss.model.*;
 import junit.framework.Assert;
 
 import org.junit.Test;
 
 import static com.aliyun.oss.integrationtests.TestUtils.waitForCacheExpiration;
 
 import com.aliyun.oss.OSSException;
-import com.aliyun.oss.model.BucketInfo;
-import com.aliyun.oss.model.SSEAlgorithm;
-import com.aliyun.oss.model.ServerSideEncryptionByDefault;
-import com.aliyun.oss.model.ServerSideEncryptionConfiguration;
-import com.aliyun.oss.model.SetBucketEncryptionRequest;
+
+import java.io.File;
+import java.util.Map;
 
 public class BucketEncryptionTest extends TestBase {
 
-    @Test
-    public void testSetBucketEncryption() {
+    private void testSetBucketEncryptionInternal(SSEAlgorithm algorithm, DataEncryptionAlgorithm dataEncryptionAlgorithm) {
 
         try {
             // set
             ServerSideEncryptionByDefault applyServerSideEncryptionByDefault =
-                    new ServerSideEncryptionByDefault(SSEAlgorithm.AES256.toString());
+                    new ServerSideEncryptionByDefault(algorithm.toString());
+            if (algorithm == SSEAlgorithm.KMS && dataEncryptionAlgorithm != null) {
+                applyServerSideEncryptionByDefault.setKMSDataEncryption(dataEncryptionAlgorithm.toString());
+            }
             ServerSideEncryptionConfiguration setConfiguration = new ServerSideEncryptionConfiguration();
             setConfiguration.setApplyServerSideEncryptionByDefault(applyServerSideEncryptionByDefault);
             SetBucketEncryptionRequest setRequest = new SetBucketEncryptionRequest(bucketName, setConfiguration);
@@ -49,23 +51,45 @@ public void testSetBucketEncryption() {
 
             // get
             ServerSideEncryptionConfiguration getConfiguration = ossClient.getBucketEncryption(bucketName);
-            Assert.assertEquals(SSEAlgorithm.AES256.toString(),
+            Assert.assertEquals(algorithm.toString(),
                     getConfiguration.getApplyServerSideEncryptionByDefault().getSSEAlgorithm());
             Assert.assertNull(getConfiguration.getApplyServerSideEncryptionByDefault().getKMSMasterKeyID());
+            Assert.assertEquals(dataEncryptionAlgorithm,
+                DataEncryptionAlgorithm.fromString(getConfiguration.getApplyServerSideEncryptionByDefault().getKMSDataEncryption()));
+            String fileName = TestUtils.genFixedLengthFile(1024);
+            String objectName = "encryption-" + TestUtils.genRandomString(10);
+            ossClient.putObject(bucketName, objectName, new File(fileName));
+
+            Map<String, String> headers = ossClient.getObject(bucketName, objectName).getResponse().getHeaders();
+            Assert.assertEquals(algorithm.toString(), headers.get(OSSHeaders.OSS_SERVER_SIDE_ENCRYPTION));
+            if (algorithm == SSEAlgorithm.KMS && dataEncryptionAlgorithm != null) {
+                Assert.assertEquals(dataEncryptionAlgorithm.toString(), headers.get(OSSHeaders.OSS_SERVER_SIDE_DATA_ENCRYPTION));
+            }
         } catch (Exception e) {
             e.printStackTrace();
             Assert.fail(e.getMessage());
         }
     }
 
     @Test
-    public void testDeleteBucketEncryption() {
+    public void testSetBucketEncryption() {
+        testSetBucketEncryptionInternal(SSEAlgorithm.AES256, null);
+        testSetBucketEncryptionInternal(SSEAlgorithm.SM4, null);
+        testSetBucketEncryptionInternal(SSEAlgorithm.KMS, null);
+        testSetBucketEncryptionInternal(SSEAlgorithm.KMS, DataEncryptionAlgorithm.SM4);
+    }
+
+    private void testDeleteBucketEncryptionInternal(SSEAlgorithm algorithm, DataEncryptionAlgorithm dataEncryptionAlgorithm) {
 
         try {
             // set
             ServerSideEncryptionByDefault applyServerSideEncryptionByDefault =
-                    new ServerSideEncryptionByDefault().withSSEAlgorithm(SSEAlgorithm.KMS);
-            applyServerSideEncryptionByDefault.setKMSMasterKeyID("test-kms-master-key-id");
+                    new ServerSideEncryptionByDefault().withSSEAlgorithm(algorithm);
+            if (algorithm == SSEAlgorithm.KMS)
+                applyServerSideEncryptionByDefault.setKMSMasterKeyID("test-kms-master-key-id");
+            if (algorithm == SSEAlgorithm.KMS && dataEncryptionAlgorithm != null) {
+                applyServerSideEncryptionByDefault.setKMSDataEncryption(dataEncryptionAlgorithm.toString());
+            }
             ServerSideEncryptionConfiguration setConfiguration = new ServerSideEncryptionConfiguration()
                     .withApplyServerSideEncryptionByDefault(applyServerSideEncryptionByDefault);
             setConfiguration.setApplyServerSideEncryptionByDefault(applyServerSideEncryptionByDefault);
@@ -76,11 +100,13 @@ public void testDeleteBucketEncryption() {
 
             // get
             ServerSideEncryptionConfiguration getConfiguration = ossClient.getBucketEncryption(bucketName);
-            Assert.assertEquals(SSEAlgorithm.KMS.toString(),
+            Assert.assertEquals(algorithm.toString(),
                     getConfiguration.getApplyServerSideEncryptionByDefault().getSSEAlgorithm());
-            Assert.assertEquals("test-kms-master-key-id",
-                    getConfiguration.getApplyServerSideEncryptionByDefault().getKMSMasterKeyID());
-
+            if (algorithm == SSEAlgorithm.KMS)
+                Assert.assertEquals("test-kms-master-key-id",
+                        getConfiguration.getApplyServerSideEncryptionByDefault().getKMSMasterKeyID());
+            Assert.assertEquals(dataEncryptionAlgorithm,
+                DataEncryptionAlgorithm.fromString(getConfiguration.getApplyServerSideEncryptionByDefault().getKMSDataEncryption()));
             // delete
             ossClient.deleteBucketEncryption(bucketName);
             waitForCacheExpiration(3);
@@ -98,12 +124,22 @@ public void testDeleteBucketEncryption() {
     }
 
     @Test
-    public void testBucketInfo() {
+    public void testDeleteBucketEncryption() {
+        testDeleteBucketEncryptionInternal(SSEAlgorithm.AES256, null);
+        testDeleteBucketEncryptionInternal(SSEAlgorithm.SM4, null);
+        testDeleteBucketEncryptionInternal(SSEAlgorithm.KMS, null);
+        testDeleteBucketEncryptionInternal(SSEAlgorithm.KMS, DataEncryptionAlgorithm.SM4);
+    }
+
+    public void testBucketInfoInternal(SSEAlgorithm algorithm, DataEncryptionAlgorithm dataEncryptionAlgorithm) {
 
         try {
             // set 1
             ServerSideEncryptionByDefault applyServerSideEncryptionByDefault =
-                    new ServerSideEncryptionByDefault(SSEAlgorithm.AES256);
+                    new ServerSideEncryptionByDefault(algorithm);
+            if (algorithm == SSEAlgorithm.KMS && dataEncryptionAlgorithm != null) {
+                applyServerSideEncryptionByDefault.setKMSDataEncryption(dataEncryptionAlgorithm.toString());
+            }
             ServerSideEncryptionConfiguration setConfiguration = new ServerSideEncryptionConfiguration();
             setConfiguration.setApplyServerSideEncryptionByDefault(applyServerSideEncryptionByDefault);
             SetBucketEncryptionRequest setRequest = new SetBucketEncryptionRequest(bucketName, setConfiguration);
@@ -112,10 +148,14 @@ public void testBucketInfo() {
 
             // get
             BucketInfo bucketInfo = ossClient.getBucketInfo(bucketName);
-            Assert.assertEquals(SSEAlgorithm.AES256.toString(), bucketInfo.getServerSideEncryptionConfiguration()
+            Assert.assertEquals(algorithm.toString(), bucketInfo.getServerSideEncryptionConfiguration()
                     .getApplyServerSideEncryptionByDefault().getSSEAlgorithm());
-            Assert.assertNull(bucketInfo.getServerSideEncryptionConfiguration()
+            if (algorithm != SSEAlgorithm.KMS)
+                Assert.assertNull(bucketInfo.getServerSideEncryptionConfiguration()
                     .getApplyServerSideEncryptionByDefault().getKMSMasterKeyID());
+            Assert.assertEquals(dataEncryptionAlgorithm,
+                    DataEncryptionAlgorithm.fromString(bucketInfo.getServerSideEncryptionConfiguration()
+                            .getApplyServerSideEncryptionByDefault().getKMSDataEncryption()));
 
             // delete
             ossClient.deleteBucketEncryption(bucketName);
@@ -151,4 +191,11 @@ public void testBucketInfo() {
         }
     }
 
+    @Test
+    public void testBucketInfo() {
+        testBucketInfoInternal(SSEAlgorithm.AES256, null);
+        testBucketInfoInternal(SSEAlgorithm.SM4, null);
+        testBucketInfoInternal(SSEAlgorithm.KMS, null);
+        testBucketInfoInternal(SSEAlgorithm.KMS, DataEncryptionAlgorithm.SM4);
+    }
 }